From f12f00aebde9766adab7a90450b588d3a7548e13 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Sat, 14 Feb 2026 00:41:37 -0500 Subject: [PATCH 1/6] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1600) Signed-off-by: openshift-service-mesh-bot --- .devcontainer/devcontainer.json | 2 +- .github/workflows/update-deps.yaml | 2 +- Makefile.core.mk | 4 +-- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 6 ++-- .../sailoperator.io_istiorevisions.yaml | 6 ++-- .../sailoperator.io_istiorevisiontags.yaml | 2 +- bundle/manifests/sailoperator.io_istios.yaml | 6 ++-- .../manifests/sailoperator.io_ztunnels.yaml | 10 +++---- chart/crds/sailoperator.io_istiocnis.yaml | 6 ++-- .../crds/sailoperator.io_istiorevisions.yaml | 6 ++-- .../sailoperator.io_istiorevisiontags.yaml | 2 +- chart/crds/sailoperator.io_istios.yaml | 6 ++-- chart/crds/sailoperator.io_ztunnels.yaml | 10 +++---- chart/values.yaml | 10 +++---- common/.commonfiles.sha | 2 +- common/scripts/setup_env.sh | 2 +- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 6 ++-- go.sum | 12 ++++---- pkg/istioversion/versions.yaml | 18 ++++++------ ...45da0afcf59f428f90093b4b4ab51c907.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...45da0afcf59f428f90093b4b4ab51c907.tgz.etag | 1 + resources/v1.30-alpha.cdc5dca4/commit | 1 + ...45da0afcf59f428f90093b4b4ab51c907.tgz.etag | 1 + ...45da0afcf59f428f90093b4b4ab51c907.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...45da0afcf59f428f90093b4b4ab51c907.tgz.etag | 1 + ...7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag | 1 - ...7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag | 1 - resources/v1.30-alpha.ed0ec1b7/commit | 1 - ...7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag | 1 - ...7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag | 1 - ...7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag | 1 - 228 files changed, 114 insertions(+), 114 deletions(-) create mode 100644 resources/v1.30-alpha.cdc5dca4/base-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/README.md (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.cdc5dca4/cni-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag create mode 100644 resources/v1.30-alpha.cdc5dca4/commit create mode 100644 resources/v1.30-alpha.cdc5dca4/gateway-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag create mode 100644 resources/v1.30-alpha.cdc5dca4/istiod-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.ed0ec1b7 => v1.30-alpha.cdc5dca4}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.cdc5dca4/ztunnel-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag delete mode 100644 resources/v1.30-alpha.ed0ec1b7/base-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag delete mode 100644 resources/v1.30-alpha.ed0ec1b7/cni-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag delete mode 100644 resources/v1.30-alpha.ed0ec1b7/commit delete mode 100644 resources/v1.30-alpha.ed0ec1b7/gateway-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag delete mode 100644 resources/v1.30-alpha.ed0ec1b7/istiod-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag delete mode 100644 resources/v1.30-alpha.ed0ec1b7/ztunnel-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 8bed9cf0f0..e50c8795e5 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "istio build-tools", - "image": "gcr.io/istio-testing/build-tools:master-011fa76a5d2c95261e3b6d31b44e3dc1e74d43bf", + "image": "gcr.io/istio-testing/build-tools:master-2ea15c610ef8a285f0e2b9f85243c1fcbb9aeebf", "privileged": true, "remoteEnv": { "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", diff --git a/.github/workflows/update-deps.yaml b/.github/workflows/update-deps.yaml index 135332e1bc..21e0beb1a1 100644 --- a/.github/workflows/update-deps.yaml +++ b/.github/workflows/update-deps.yaml @@ -16,7 +16,7 @@ jobs: update-deps: runs-on: ubuntu-latest container: - image: gcr.io/istio-testing/build-tools:master-011fa76a5d2c95261e3b6d31b44e3dc1e74d43bf + image: gcr.io/istio-testing/build-tools:master-2ea15c610ef8a285f0e2b9f85243c1fcbb9aeebf options: --entrypoint '' steps: diff --git a/Makefile.core.mk b/Makefile.core.mk index 0a601f3cf9..6d6f99c9d9 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -117,7 +117,7 @@ KIND_IMAGE ?= ifeq ($(KIND_IMAGE),) ifeq ($(LOCAL_OS),Darwin) # If the OS is Darwin, set the image. - KIND_IMAGE := docker.io/kindest/node:v1.35.0 + KIND_IMAGE := docker.io/kindest/node:v1.35.1 endif # For other OS, KIND_IMAGE remains empty, which default to the upstream default image. endif @@ -569,7 +569,7 @@ MISSPELL ?= $(LOCALBIN)/misspell ## Tool Versions OPERATOR_SDK_VERSION ?= v1.42.0 HELM_VERSION ?= v3.20.0 -CONTROLLER_TOOLS_VERSION ?= v0.20.0 +CONTROLLER_TOOLS_VERSION ?= v0.20.1 CONTROLLER_RUNTIME_BRANCH ?= release-0.23 OPM_VERSION ?= v1.63.0 OLM_VERSION ?= v0.40.0 diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 3f00f4f10e..51a7113332 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ed0ec1b7"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.ed0ec1b7 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.cdc5dca4 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 148bae2f5d..f1c3bddb13 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ed0ec1b7"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.ed0ec1b7 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.cdc5dca4 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 97e6d47468..733308a9cd 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ed0ec1b7. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ed0ec1b7"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.ed0ec1b7 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.cdc5dca4. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.cdc5dca4 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 6f4d09e224..8cde96430f 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ed0ec1b7"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.ed0ec1b7 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.cdc5dca4 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 2f3ad63cb9..d9a81d0e86 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ed0ec1b7"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.ed0ec1b7 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.cdc5dca4 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 5b4e8965b3..62901484af 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-13T05:30:37Z" + createdAt: "2026-02-14T05:20:56Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. displayName: Istio Version path: version x-descriptors: @@ -198,7 +198,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ed0ec1b7 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -236,7 +236,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.cdc5dca4. displayName: Istio Version path: version x-descriptors: @@ -252,7 +252,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ed0ec1b7 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -287,7 +287,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. displayName: Istio Version path: version x-descriptors: @@ -306,7 +306,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ed0ec1b7 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -362,7 +362,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. displayName: Istio Version path: version x-descriptors: @@ -381,7 +381,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ed0ec1b7 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -410,7 +410,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -812,10 +812,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_ed0ec1b7.cni: gcr.io/istio-testing/install-cni:1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 - images.v1_30-alpha_ed0ec1b7.istiod: gcr.io/istio-testing/pilot:1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 - images.v1_30-alpha_ed0ec1b7.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 - images.v1_30-alpha_ed0ec1b7.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 + images.v1_30-alpha_cdc5dca4.cni: gcr.io/istio-testing/install-cni:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + images.v1_30-alpha_cdc5dca4.istiod: gcr.io/istio-testing/pilot:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + images.v1_30-alpha_cdc5dca4.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + images.v1_30-alpha_cdc5dca4.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index d5f73c920d..d541046abe 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null name: istiocnis.sailoperator.io spec: @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. enum: - v1.28-latest - v1.28.3 @@ -1518,7 +1518,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index bbf813d917..c39ad6169d 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null name: istiorevisions.sailoperator.io spec: @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.cdc5dca4. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisiontags.yaml b/bundle/manifests/sailoperator.io_istiorevisiontags.yaml index 2f89867c6b..3dab0d06dd 100644 --- a/bundle/manifests/sailoperator.io_istiorevisiontags.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisiontags.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null name: istiorevisiontags.sailoperator.io spec: diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index d5a8ae397a..4c52b3116a 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null name: istios.sailoperator.io spec: @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 4cd45aa518..c8a4189de5 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 creationTimestamp: null name: ztunnels.sailoperator.io spec: @@ -3456,7 +3456,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. enum: - v1.28-latest - v1.28.3 @@ -3496,7 +3496,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 type: string required: - namespace @@ -7018,7 +7018,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. enum: - v1.28-latest - v1.28.3 @@ -7058,7 +7058,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 4d8966857d..a1752e5307 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 name: istiocnis.sailoperator.io spec: group: sailoperator.io @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. enum: - v1.28-latest - v1.28.3 @@ -1518,7 +1518,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index de39ef0704..a6479694b5 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 name: istiorevisions.sailoperator.io spec: group: sailoperator.io @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.cdc5dca4. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisiontags.yaml b/chart/crds/sailoperator.io_istiorevisiontags.yaml index 02b3c65657..cf88d2b0dd 100644 --- a/chart/crds/sailoperator.io_istiorevisiontags.yaml +++ b/chart/crds/sailoperator.io_istiorevisiontags.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 name: istiorevisiontags.sailoperator.io spec: group: sailoperator.io diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 6e07a383dd..da1358ea04 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 name: istios.sailoperator.io spec: group: sailoperator.io @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 42732e2ebf..024db3cbbc 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 name: ztunnels.sailoperator.io spec: group: sailoperator.io @@ -3456,7 +3456,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. enum: - v1.28-latest - v1.28.3 @@ -3496,7 +3496,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 type: string required: - namespace @@ -7018,7 +7018,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. enum: - v1.28-latest - v1.28.3 @@ -7058,7 +7058,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 21989ab365..95c0b9b8c2 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -46,10 +46,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_ed0ec1b7.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 - images.v1_30-alpha_ed0ec1b7.istiod: gcr.io/istio-testing/pilot:1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 - images.v1_30-alpha_ed0ec1b7.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 - images.v1_30-alpha_ed0ec1b7.cni: gcr.io/istio-testing/install-cni:1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 + images.v1_30-alpha_cdc5dca4.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + images.v1_30-alpha_cdc5dca4.istiod: gcr.io/istio-testing/pilot:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + images.v1_30-alpha_cdc5dca4.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + images.v1_30-alpha_cdc5dca4.cni: gcr.io/istio-testing/install-cni:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 revisionHistoryLimit: 10 service: port: 8443 @@ -79,7 +79,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.ed0ec1b7 + - v1.30-alpha.cdc5dca4 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha index 2509c04163..14f1a6a6ac 100644 --- a/common/.commonfiles.sha +++ b/common/.commonfiles.sha @@ -1 +1 @@ -50d58c14d4984b40a1186e0e5f1c24729211d4e4 +752e4feaddb3c45f1c4399cc186e0e396035b626 diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh index 860962496a..15ae4fbb03 100755 --- a/common/scripts/setup_env.sh +++ b/common/scripts/setup_env.sh @@ -77,7 +77,7 @@ fi TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io} PROJECT_ID=${PROJECT_ID:-istio-testing} if [[ "${IMAGE_VERSION:-}" == "" ]]; then - IMAGE_VERSION=master-011fa76a5d2c95261e3b6d31b44e3dc1e74d43bf + IMAGE_VERSION=master-2ea15c610ef8a285f0e2b9f85243c1fcbb9aeebf fi if [[ "${IMAGE_NAME:-}" == "" ]]; then IMAGE_NAME=build-tools diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index b36c397ab3..8acc2a7298 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.ed0ec1b7] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.cdc5dca4] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ed0ec1b7. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.ed0ec1b7] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.cdc5dca4. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.cdc5dca4] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.ed0ec1b7] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.cdc5dca4] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3541,7 +3541,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.ed0ec1b7] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.cdc5dca4] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3707,7 +3707,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ed0ec1b7. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.ed0ec1b7] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.cdc5dca4] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 841b4d9996..3da35890de 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 - istio.io/client-go v1.29.0-alpha.0.0.20260210161328-2c12cf6497ed - istio.io/istio v0.0.0-20260213033436-ed0ec1b7f434 + istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00 + istio.io/istio v0.0.0-20260213171636-cdc5dca45da0 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 @@ -169,7 +169,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - istio.io/api v1.29.0-alpha.0.0.20260210161025-1d9832db7b28 // indirect + istio.io/api v1.29.0-alpha.0.0.20260213054037-4fd9ccbbaef9 // indirect k8s.io/apiserver v0.35.0 // indirect k8s.io/component-base v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index dcfe1e5b84..dd18dd2071 100644 --- a/go.sum +++ b/go.sum @@ -470,12 +470,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= -istio.io/api v1.29.0-alpha.0.0.20260210161025-1d9832db7b28 h1:XfD9JeoBiLBUAE/qUdXGHXGgp/QjD4oEMQ3wWblr2MU= -istio.io/api v1.29.0-alpha.0.0.20260210161025-1d9832db7b28/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= -istio.io/client-go v1.29.0-alpha.0.0.20260210161328-2c12cf6497ed h1:3YEZuC1anwr0xbov1qDXttUbSsKVTYmqqiNp8l2TVYA= -istio.io/client-go v1.29.0-alpha.0.0.20260210161328-2c12cf6497ed/go.mod h1:jMwrwPdbeFUycV1v3z7qzCIjgNDLCs9IIRUO+d7d5M0= -istio.io/istio v0.0.0-20260213033436-ed0ec1b7f434 h1:X7ka+7i0EiJiR0mhMGUaaOGoQLZ+ca/8sekXMhLNQCA= -istio.io/istio v0.0.0-20260213033436-ed0ec1b7f434/go.mod h1:vNZf8a+SKyS4VTvMhxE7cp3CrcWQt0oPZ/liLJ2mz1E= +istio.io/api v1.29.0-alpha.0.0.20260213054037-4fd9ccbbaef9 h1:1Y3dfM9KxRiEgvrneC7VZ5q0gpcKKYu0tCuSWOR6Km0= +istio.io/api v1.29.0-alpha.0.0.20260213054037-4fd9ccbbaef9/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= +istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00 h1:5FYNqVlcs4aB1cENWvHAIHhJFBL7P1r8y4Yh/IMh+Nk= +istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00/go.mod h1:rkaYDmIymBDBVPqlITrlc2cQq/GtaonR5DRGzUBo8iY= +istio.io/istio v0.0.0-20260213171636-cdc5dca45da0 h1:2MXcB2PGsgq+xWK/In+8PxQCmumVO/2KZ60GyUGUoms= +istio.io/istio v0.0.0-20260213171636-cdc5dca45da0/go.mod h1:vNZf8a+SKyS4VTvMhxE7cp3CrcWQt0oPZ/liLJ2mz1E= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index a23775ebba..a2d2b962e1 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -207,15 +207,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.ed0ec1b7 - - name: v1.30-alpha.ed0ec1b7 - version: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 + ref: v1.30-alpha.cdc5dca4 + - name: v1.30-alpha.cdc5dca4 + version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 repo: https://github.com/istio/istio branch: master - commit: ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 + commit: cdc5dca45da0afcf59f428f90093b4b4ab51c907 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8/helm/base-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8/helm/cni-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8/helm/gateway-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8/helm/istiod-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8/helm/ztunnel-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907/helm/base-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907/helm/cni-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907/helm/gateway-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907/helm/istiod-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907/helm/ztunnel-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz diff --git a/resources/v1.30-alpha.cdc5dca4/base-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag b/resources/v1.30-alpha.cdc5dca4/base-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag new file mode 100644 index 0000000000..44780b610e --- /dev/null +++ b/resources/v1.30-alpha.cdc5dca4/base-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag @@ -0,0 +1 @@ +69e970dd5d584c482fa3aaf93e7e48b3 diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/Chart.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/Chart.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/Chart.yaml index 96efc0de4e..5a25e20c42 100644 --- a/resources/v1.30-alpha.ed0ec1b7/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.cdc5dca4/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/README.md b/resources/v1.30-alpha.cdc5dca4/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/README.md rename to resources/v1.30-alpha.cdc5dca4/charts/base/README.md diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.cdc5dca4/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.cdc5dca4/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/base/values.yaml b/resources/v1.30-alpha.cdc5dca4/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/base/values.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/base/values.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/Chart.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/Chart.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/Chart.yaml index 401793759d..71b47a45c7 100644 --- a/resources/v1.30-alpha.ed0ec1b7/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.cdc5dca4/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/README.md b/resources/v1.30-alpha.cdc5dca4/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/README.md rename to resources/v1.30-alpha.cdc5dca4/charts/cni/README.md diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/cni/values.yaml b/resources/v1.30-alpha.cdc5dca4/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.ed0ec1b7/charts/cni/values.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/cni/values.yaml index 6dd3dcfef9..9bdbf65773 100644 --- a/resources/v1.30-alpha.ed0ec1b7/charts/cni/values.yaml +++ b/resources/v1.30-alpha.cdc5dca4/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 + tag: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/Chart.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/Chart.yaml index 4c5ddde162..29750d41b6 100644 --- a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.cdc5dca4/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/README.md b/resources/v1.30-alpha.cdc5dca4/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/README.md rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/README.md diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/values.schema.json b/resources/v1.30-alpha.cdc5dca4/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/values.schema.json rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/gateway/values.yaml b/resources/v1.30-alpha.cdc5dca4/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/gateway/values.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/Chart.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/Chart.yaml index 27a5e1d4ea..7f50aef2e4 100644 --- a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.cdc5dca4/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/README.md b/resources/v1.30-alpha.cdc5dca4/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/README.md rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/README.md diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/values.yaml b/resources/v1.30-alpha.cdc5dca4/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.ed0ec1b7/charts/istiod/values.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/istiod/values.yaml index eba8a293a6..de7c3aff34 100644 --- a/resources/v1.30-alpha.ed0ec1b7/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.cdc5dca4/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 + tag: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/Chart.yaml index 079df17dcc..adb8cdded3 100644 --- a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/values.yaml b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/revisiontags/values.yaml index eba8a293a6..de7c3aff34 100644 --- a/resources/v1.30-alpha.ed0ec1b7/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 + tag: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/Chart.yaml index 14cb917c3a..149a815e65 100644 --- a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 +version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/README.md b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/README.md rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/values.yaml b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.cdc5dca4/charts/ztunnel/values.yaml index f8baed9d8a..a6ba9ea003 100644 --- a/resources/v1.30-alpha.ed0ec1b7/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 + tag: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.cdc5dca4/cni-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag b/resources/v1.30-alpha.cdc5dca4/cni-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag new file mode 100644 index 0000000000..6b05e591b1 --- /dev/null +++ b/resources/v1.30-alpha.cdc5dca4/cni-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag @@ -0,0 +1 @@ +bbb0bd1138f98b52e28c739eaeb49034 diff --git a/resources/v1.30-alpha.cdc5dca4/commit b/resources/v1.30-alpha.cdc5dca4/commit new file mode 100644 index 0000000000..539260e8f4 --- /dev/null +++ b/resources/v1.30-alpha.cdc5dca4/commit @@ -0,0 +1 @@ +cdc5dca45da0afcf59f428f90093b4b4ab51c907 diff --git a/resources/v1.30-alpha.cdc5dca4/gateway-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag b/resources/v1.30-alpha.cdc5dca4/gateway-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag new file mode 100644 index 0000000000..3d869451b1 --- /dev/null +++ b/resources/v1.30-alpha.cdc5dca4/gateway-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag @@ -0,0 +1 @@ +4992aa75d6e33799143faedae2b94427 diff --git a/resources/v1.30-alpha.cdc5dca4/istiod-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag b/resources/v1.30-alpha.cdc5dca4/istiod-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag new file mode 100644 index 0000000000..707a9cac30 --- /dev/null +++ b/resources/v1.30-alpha.cdc5dca4/istiod-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag @@ -0,0 +1 @@ +79b0042288df34b6741ae35032e41723 diff --git a/resources/v1.30-alpha.ed0ec1b7/profiles/ambient.yaml b/resources/v1.30-alpha.cdc5dca4/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/profiles/ambient.yaml rename to resources/v1.30-alpha.cdc5dca4/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/profiles/default.yaml b/resources/v1.30-alpha.cdc5dca4/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/profiles/default.yaml rename to resources/v1.30-alpha.cdc5dca4/profiles/default.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/profiles/demo.yaml b/resources/v1.30-alpha.cdc5dca4/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/profiles/demo.yaml rename to resources/v1.30-alpha.cdc5dca4/profiles/demo.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/profiles/empty.yaml b/resources/v1.30-alpha.cdc5dca4/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/profiles/empty.yaml rename to resources/v1.30-alpha.cdc5dca4/profiles/empty.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.cdc5dca4/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.cdc5dca4/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/profiles/openshift.yaml b/resources/v1.30-alpha.cdc5dca4/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/profiles/openshift.yaml rename to resources/v1.30-alpha.cdc5dca4/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/profiles/preview.yaml b/resources/v1.30-alpha.cdc5dca4/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/profiles/preview.yaml rename to resources/v1.30-alpha.cdc5dca4/profiles/preview.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/profiles/remote.yaml b/resources/v1.30-alpha.cdc5dca4/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/profiles/remote.yaml rename to resources/v1.30-alpha.cdc5dca4/profiles/remote.yaml diff --git a/resources/v1.30-alpha.ed0ec1b7/profiles/stable.yaml b/resources/v1.30-alpha.cdc5dca4/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.ed0ec1b7/profiles/stable.yaml rename to resources/v1.30-alpha.cdc5dca4/profiles/stable.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/ztunnel-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag b/resources/v1.30-alpha.cdc5dca4/ztunnel-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag new file mode 100644 index 0000000000..c9e1ca03f0 --- /dev/null +++ b/resources/v1.30-alpha.cdc5dca4/ztunnel-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag @@ -0,0 +1 @@ +b4ef8da270fd3d4442754516b0c1fcca diff --git a/resources/v1.30-alpha.ed0ec1b7/base-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag b/resources/v1.30-alpha.ed0ec1b7/base-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag deleted file mode 100644 index 466d4579d2..0000000000 --- a/resources/v1.30-alpha.ed0ec1b7/base-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -e2a4cb5ec96ae9ea6a2c3e4ed87c3f16 diff --git a/resources/v1.30-alpha.ed0ec1b7/cni-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag b/resources/v1.30-alpha.ed0ec1b7/cni-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag deleted file mode 100644 index d0cedd2b7a..0000000000 --- a/resources/v1.30-alpha.ed0ec1b7/cni-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -18deab1b0745a49dd38b2eca8db05adb diff --git a/resources/v1.30-alpha.ed0ec1b7/commit b/resources/v1.30-alpha.ed0ec1b7/commit deleted file mode 100644 index 20180a55d2..0000000000 --- a/resources/v1.30-alpha.ed0ec1b7/commit +++ /dev/null @@ -1 +0,0 @@ -ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8 diff --git a/resources/v1.30-alpha.ed0ec1b7/gateway-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag b/resources/v1.30-alpha.ed0ec1b7/gateway-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag deleted file mode 100644 index b019b148b1..0000000000 --- a/resources/v1.30-alpha.ed0ec1b7/gateway-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -b493c5a4623ffddfa19a21908aad52e9 diff --git a/resources/v1.30-alpha.ed0ec1b7/istiod-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag b/resources/v1.30-alpha.ed0ec1b7/istiod-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag deleted file mode 100644 index 90100e8230..0000000000 --- a/resources/v1.30-alpha.ed0ec1b7/istiod-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -35b832abbc7d5d4c572aea10489a0c43 diff --git a/resources/v1.30-alpha.ed0ec1b7/ztunnel-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag b/resources/v1.30-alpha.ed0ec1b7/ztunnel-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag deleted file mode 100644 index 8fb7bc902a..0000000000 --- a/resources/v1.30-alpha.ed0ec1b7/ztunnel-1.30-alpha.ed0ec1b7f434bafb88b3a6b1ae7e204e2704cab8.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -b2a714305113ffe2c6e544ff77f87eb0 From aaee37b92747a9803e65725bd323df70946c4b8a Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Sun, 15 Feb 2026 00:47:36 -0500 Subject: [PATCH 2/6] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1603) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...0187022e11b9f6f5cc6445e498814dafe.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...0187022e11b9f6f5cc6445e498814dafe.tgz.etag | 1 + resources/v1.30-alpha.0f695af0/commit | 1 + ...0187022e11b9f6f5cc6445e498814dafe.tgz.etag | 1 + ...0187022e11b9f6f5cc6445e498814dafe.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...0187022e11b9f6f5cc6445e498814dafe.tgz.etag | 1 + ...45da0afcf59f428f90093b4b4ab51c907.tgz.etag | 1 - ...45da0afcf59f428f90093b4b4ab51c907.tgz.etag | 1 - resources/v1.30-alpha.cdc5dca4/commit | 1 - ...45da0afcf59f428f90093b4b4ab51c907.tgz.etag | 1 - ...45da0afcf59f428f90093b4b4ab51c907.tgz.etag | 1 - ...45da0afcf59f428f90093b4b4ab51c907.tgz.etag | 1 - 221 files changed, 92 insertions(+), 92 deletions(-) create mode 100644 resources/v1.30-alpha.0f695af0/base-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/README.md (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.0f695af0/cni-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag create mode 100644 resources/v1.30-alpha.0f695af0/commit create mode 100644 resources/v1.30-alpha.0f695af0/gateway-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag create mode 100644 resources/v1.30-alpha.0f695af0/istiod-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.cdc5dca4 => v1.30-alpha.0f695af0}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.0f695af0/ztunnel-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag delete mode 100644 resources/v1.30-alpha.cdc5dca4/base-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag delete mode 100644 resources/v1.30-alpha.cdc5dca4/cni-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag delete mode 100644 resources/v1.30-alpha.cdc5dca4/commit delete mode 100644 resources/v1.30-alpha.cdc5dca4/gateway-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag delete mode 100644 resources/v1.30-alpha.cdc5dca4/istiod-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag delete mode 100644 resources/v1.30-alpha.cdc5dca4/ztunnel-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 51a7113332..37877f3aff 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.cdc5dca4 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.0f695af0 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index f1c3bddb13..cc945d8dcb 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.cdc5dca4 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.0f695af0 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 733308a9cd..41a9cc0d45 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.cdc5dca4. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.cdc5dca4 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0f695af0. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.0f695af0 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 8cde96430f..9ad921011f 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.cdc5dca4 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.0f695af0 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index d9a81d0e86..c28e2ac7b8 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.cdc5dca4 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.0f695af0 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 62901484af..d18c9bf5bf 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-14T05:20:56Z" + createdAt: "2026-02-15T05:28:38Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. displayName: Istio Version path: version x-descriptors: @@ -198,7 +198,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -236,7 +236,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.cdc5dca4. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0f695af0. displayName: Istio Version path: version x-descriptors: @@ -252,7 +252,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -287,7 +287,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. displayName: Istio Version path: version x-descriptors: @@ -306,7 +306,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -362,7 +362,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. displayName: Istio Version path: version x-descriptors: @@ -381,7 +381,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.cdc5dca4 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -410,7 +410,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -812,10 +812,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_cdc5dca4.cni: gcr.io/istio-testing/install-cni:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 - images.v1_30-alpha_cdc5dca4.istiod: gcr.io/istio-testing/pilot:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 - images.v1_30-alpha_cdc5dca4.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 - images.v1_30-alpha_cdc5dca4.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + images.v1_30-alpha_0f695af0.cni: gcr.io/istio-testing/install-cni:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + images.v1_30-alpha_0f695af0.istiod: gcr.io/istio-testing/pilot:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + images.v1_30-alpha_0f695af0.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + images.v1_30-alpha_0f695af0.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index d541046abe..9c5032571b 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. enum: - v1.28-latest - v1.28.3 @@ -1518,7 +1518,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index c39ad6169d..6ed51f7f2a 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.cdc5dca4. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0f695af0. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 4c52b3116a..6543ed560e 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index c8a4189de5..e04e6167ae 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3456,7 +3456,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. enum: - v1.28-latest - v1.28.3 @@ -3496,7 +3496,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 type: string required: - namespace @@ -7018,7 +7018,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. enum: - v1.28-latest - v1.28.3 @@ -7058,7 +7058,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index a1752e5307..ee10642bfe 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. enum: - v1.28-latest - v1.28.3 @@ -1518,7 +1518,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index a6479694b5..e717c479f1 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.cdc5dca4. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0f695af0. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index da1358ea04..24940d59c7 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 024db3cbbc..b3d86fbad5 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3456,7 +3456,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. enum: - v1.28-latest - v1.28.3 @@ -3496,7 +3496,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 type: string required: - namespace @@ -7018,7 +7018,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. enum: - v1.28-latest - v1.28.3 @@ -7058,7 +7058,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 95c0b9b8c2..ea9c76afdd 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -46,10 +46,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_cdc5dca4.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 - images.v1_30-alpha_cdc5dca4.istiod: gcr.io/istio-testing/pilot:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 - images.v1_30-alpha_cdc5dca4.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 - images.v1_30-alpha_cdc5dca4.cni: gcr.io/istio-testing/install-cni:1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + images.v1_30-alpha_0f695af0.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + images.v1_30-alpha_0f695af0.istiod: gcr.io/istio-testing/pilot:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + images.v1_30-alpha_0f695af0.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + images.v1_30-alpha_0f695af0.cni: gcr.io/istio-testing/install-cni:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe revisionHistoryLimit: 10 service: port: 8443 @@ -79,7 +79,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.cdc5dca4 + - v1.30-alpha.0f695af0 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 8acc2a7298..dde5d672bc 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.cdc5dca4] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.0f695af0] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.cdc5dca4. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.cdc5dca4] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0f695af0. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.0f695af0] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.cdc5dca4] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.0f695af0] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3541,7 +3541,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.cdc5dca4] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.0f695af0] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3707,7 +3707,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.cdc5dca4. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.cdc5dca4] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.0f695af0] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 3da35890de..0efae7e8c2 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00 - istio.io/istio v0.0.0-20260213171636-cdc5dca45da0 + istio.io/istio v0.0.0-20260215035538-0f695af01870 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index dd18dd2071..083668965a 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260213054037-4fd9ccbbaef9 h1:1Y3dfM9KxRiEgvrneC istio.io/api v1.29.0-alpha.0.0.20260213054037-4fd9ccbbaef9/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00 h1:5FYNqVlcs4aB1cENWvHAIHhJFBL7P1r8y4Yh/IMh+Nk= istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00/go.mod h1:rkaYDmIymBDBVPqlITrlc2cQq/GtaonR5DRGzUBo8iY= -istio.io/istio v0.0.0-20260213171636-cdc5dca45da0 h1:2MXcB2PGsgq+xWK/In+8PxQCmumVO/2KZ60GyUGUoms= -istio.io/istio v0.0.0-20260213171636-cdc5dca45da0/go.mod h1:vNZf8a+SKyS4VTvMhxE7cp3CrcWQt0oPZ/liLJ2mz1E= +istio.io/istio v0.0.0-20260215035538-0f695af01870 h1:WsQLm5GDLxarNoxKyWkbKlnxuZIhqDC6HPufsYgsBJQ= +istio.io/istio v0.0.0-20260215035538-0f695af01870/go.mod h1:vNZf8a+SKyS4VTvMhxE7cp3CrcWQt0oPZ/liLJ2mz1E= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index a2d2b962e1..db7b9dbb20 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -207,15 +207,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.cdc5dca4 - - name: v1.30-alpha.cdc5dca4 - version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + ref: v1.30-alpha.0f695af0 + - name: v1.30-alpha.0f695af0 + version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe repo: https://github.com/istio/istio branch: master - commit: cdc5dca45da0afcf59f428f90093b4b4ab51c907 + commit: 0f695af0187022e11b9f6f5cc6445e498814dafe charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907/helm/base-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907/helm/cni-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907/helm/gateway-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907/helm/istiod-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907/helm/ztunnel-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe/helm/base-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe/helm/cni-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe/helm/gateway-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe/helm/istiod-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe/helm/ztunnel-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz diff --git a/resources/v1.30-alpha.0f695af0/base-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag b/resources/v1.30-alpha.0f695af0/base-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag new file mode 100644 index 0000000000..62fb77c49b --- /dev/null +++ b/resources/v1.30-alpha.0f695af0/base-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag @@ -0,0 +1 @@ +5d3a12b8a2c9f23ee5f8337aa2a999f1 diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/Chart.yaml b/resources/v1.30-alpha.0f695af0/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.cdc5dca4/charts/base/Chart.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/Chart.yaml index 5a25e20c42..2819f3661c 100644 --- a/resources/v1.30-alpha.cdc5dca4/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.0f695af0/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/README.md b/resources/v1.30-alpha.0f695af0/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/README.md rename to resources/v1.30-alpha.0f695af0/charts/base/README.md diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.0f695af0/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.0f695af0/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.0f695af0/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.0f695af0/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.0f695af0/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.0f695af0/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.0f695af0/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/base/values.yaml b/resources/v1.30-alpha.0f695af0/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/base/values.yaml rename to resources/v1.30-alpha.0f695af0/charts/base/values.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/Chart.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/Chart.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/Chart.yaml index 71b47a45c7..1923a8a92a 100644 --- a/resources/v1.30-alpha.cdc5dca4/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.0f695af0/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/README.md b/resources/v1.30-alpha.0f695af0/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/README.md rename to resources/v1.30-alpha.0f695af0/charts/cni/README.md diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.0f695af0/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.0f695af0/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/cni/values.yaml b/resources/v1.30-alpha.0f695af0/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.cdc5dca4/charts/cni/values.yaml rename to resources/v1.30-alpha.0f695af0/charts/cni/values.yaml index 9bdbf65773..2500d0f913 100644 --- a/resources/v1.30-alpha.cdc5dca4/charts/cni/values.yaml +++ b/resources/v1.30-alpha.0f695af0/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + tag: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/Chart.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/Chart.yaml index 29750d41b6..eca785e7f1 100644 --- a/resources/v1.30-alpha.cdc5dca4/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.0f695af0/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/README.md b/resources/v1.30-alpha.0f695af0/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/README.md rename to resources/v1.30-alpha.0f695af0/charts/gateway/README.md diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.0f695af0/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.0f695af0/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.0f695af0/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.0f695af0/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/values.schema.json b/resources/v1.30-alpha.0f695af0/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/values.schema.json rename to resources/v1.30-alpha.0f695af0/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.cdc5dca4/charts/gateway/values.yaml b/resources/v1.30-alpha.0f695af0/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/gateway/values.yaml rename to resources/v1.30-alpha.0f695af0/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/Chart.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/Chart.yaml index 7f50aef2e4..45131ce254 100644 --- a/resources/v1.30-alpha.cdc5dca4/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.0f695af0/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/README.md b/resources/v1.30-alpha.0f695af0/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/README.md rename to resources/v1.30-alpha.0f695af0/charts/istiod/README.md diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/istiod/values.yaml b/resources/v1.30-alpha.0f695af0/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.cdc5dca4/charts/istiod/values.yaml rename to resources/v1.30-alpha.0f695af0/charts/istiod/values.yaml index de7c3aff34..ee04b1bf1a 100644 --- a/resources/v1.30-alpha.cdc5dca4/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.0f695af0/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + tag: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/Chart.yaml index adb8cdded3..aceb401602 100644 --- a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.0f695af0/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/values.yaml b/resources/v1.30-alpha.0f695af0/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.cdc5dca4/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.0f695af0/charts/revisiontags/values.yaml index de7c3aff34..ee04b1bf1a 100644 --- a/resources/v1.30-alpha.cdc5dca4/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.0f695af0/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + tag: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/Chart.yaml index 149a815e65..e1b297bc31 100644 --- a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.0f695af0/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 +version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/README.md b/resources/v1.30-alpha.0f695af0/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/README.md rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/values.yaml b/resources/v1.30-alpha.0f695af0/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.cdc5dca4/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.0f695af0/charts/ztunnel/values.yaml index a6ba9ea003..8a4077b60d 100644 --- a/resources/v1.30-alpha.cdc5dca4/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.0f695af0/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907 + tag: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.0f695af0/cni-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag b/resources/v1.30-alpha.0f695af0/cni-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag new file mode 100644 index 0000000000..79ca1ddebb --- /dev/null +++ b/resources/v1.30-alpha.0f695af0/cni-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag @@ -0,0 +1 @@ +23654863f6aec96624f28e2f9175d7d9 diff --git a/resources/v1.30-alpha.0f695af0/commit b/resources/v1.30-alpha.0f695af0/commit new file mode 100644 index 0000000000..358efe7926 --- /dev/null +++ b/resources/v1.30-alpha.0f695af0/commit @@ -0,0 +1 @@ +0f695af0187022e11b9f6f5cc6445e498814dafe diff --git a/resources/v1.30-alpha.0f695af0/gateway-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag b/resources/v1.30-alpha.0f695af0/gateway-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag new file mode 100644 index 0000000000..5f938dd1a1 --- /dev/null +++ b/resources/v1.30-alpha.0f695af0/gateway-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag @@ -0,0 +1 @@ +fcd620977157da24db36cdf5d2ec39e3 diff --git a/resources/v1.30-alpha.0f695af0/istiod-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag b/resources/v1.30-alpha.0f695af0/istiod-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag new file mode 100644 index 0000000000..ed3371dfa0 --- /dev/null +++ b/resources/v1.30-alpha.0f695af0/istiod-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag @@ -0,0 +1 @@ +cc81ac5b936906c6c44b2cb9242f48f8 diff --git a/resources/v1.30-alpha.cdc5dca4/profiles/ambient.yaml b/resources/v1.30-alpha.0f695af0/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/profiles/ambient.yaml rename to resources/v1.30-alpha.0f695af0/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/profiles/default.yaml b/resources/v1.30-alpha.0f695af0/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/profiles/default.yaml rename to resources/v1.30-alpha.0f695af0/profiles/default.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/profiles/demo.yaml b/resources/v1.30-alpha.0f695af0/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/profiles/demo.yaml rename to resources/v1.30-alpha.0f695af0/profiles/demo.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/profiles/empty.yaml b/resources/v1.30-alpha.0f695af0/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/profiles/empty.yaml rename to resources/v1.30-alpha.0f695af0/profiles/empty.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.0f695af0/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.0f695af0/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/profiles/openshift.yaml b/resources/v1.30-alpha.0f695af0/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/profiles/openshift.yaml rename to resources/v1.30-alpha.0f695af0/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/profiles/preview.yaml b/resources/v1.30-alpha.0f695af0/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/profiles/preview.yaml rename to resources/v1.30-alpha.0f695af0/profiles/preview.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/profiles/remote.yaml b/resources/v1.30-alpha.0f695af0/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/profiles/remote.yaml rename to resources/v1.30-alpha.0f695af0/profiles/remote.yaml diff --git a/resources/v1.30-alpha.cdc5dca4/profiles/stable.yaml b/resources/v1.30-alpha.0f695af0/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.cdc5dca4/profiles/stable.yaml rename to resources/v1.30-alpha.0f695af0/profiles/stable.yaml diff --git a/resources/v1.30-alpha.0f695af0/ztunnel-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag b/resources/v1.30-alpha.0f695af0/ztunnel-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag new file mode 100644 index 0000000000..6fe6b488e8 --- /dev/null +++ b/resources/v1.30-alpha.0f695af0/ztunnel-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag @@ -0,0 +1 @@ +b140b1093532262fdf31227148abbb6b diff --git a/resources/v1.30-alpha.cdc5dca4/base-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag b/resources/v1.30-alpha.cdc5dca4/base-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag deleted file mode 100644 index 44780b610e..0000000000 --- a/resources/v1.30-alpha.cdc5dca4/base-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -69e970dd5d584c482fa3aaf93e7e48b3 diff --git a/resources/v1.30-alpha.cdc5dca4/cni-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag b/resources/v1.30-alpha.cdc5dca4/cni-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag deleted file mode 100644 index 6b05e591b1..0000000000 --- a/resources/v1.30-alpha.cdc5dca4/cni-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -bbb0bd1138f98b52e28c739eaeb49034 diff --git a/resources/v1.30-alpha.cdc5dca4/commit b/resources/v1.30-alpha.cdc5dca4/commit deleted file mode 100644 index 539260e8f4..0000000000 --- a/resources/v1.30-alpha.cdc5dca4/commit +++ /dev/null @@ -1 +0,0 @@ -cdc5dca45da0afcf59f428f90093b4b4ab51c907 diff --git a/resources/v1.30-alpha.cdc5dca4/gateway-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag b/resources/v1.30-alpha.cdc5dca4/gateway-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag deleted file mode 100644 index 3d869451b1..0000000000 --- a/resources/v1.30-alpha.cdc5dca4/gateway-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -4992aa75d6e33799143faedae2b94427 diff --git a/resources/v1.30-alpha.cdc5dca4/istiod-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag b/resources/v1.30-alpha.cdc5dca4/istiod-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag deleted file mode 100644 index 707a9cac30..0000000000 --- a/resources/v1.30-alpha.cdc5dca4/istiod-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -79b0042288df34b6741ae35032e41723 diff --git a/resources/v1.30-alpha.cdc5dca4/ztunnel-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag b/resources/v1.30-alpha.cdc5dca4/ztunnel-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag deleted file mode 100644 index c9e1ca03f0..0000000000 --- a/resources/v1.30-alpha.cdc5dca4/ztunnel-1.30-alpha.cdc5dca45da0afcf59f428f90093b4b4ab51c907.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -b4ef8da270fd3d4442754516b0c1fcca From a16797fae43b5a801b2a524407c0a8b718783493 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Mon, 16 Feb 2026 00:51:38 -0500 Subject: [PATCH 3/6] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1604) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...0187022e11b9f6f5cc6445e498814dafe.tgz.etag | 1 - ...0187022e11b9f6f5cc6445e498814dafe.tgz.etag | 1 - resources/v1.30-alpha.0f695af0/commit | 1 - ...0187022e11b9f6f5cc6445e498814dafe.tgz.etag | 1 - ...0187022e11b9f6f5cc6445e498814dafe.tgz.etag | 1 - ...0187022e11b9f6f5cc6445e498814dafe.tgz.etag | 1 - ...cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag | 1 + resources/v1.30-alpha.bcdd144c/commit | 1 + ...cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag | 1 + ...cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag | 1 + 221 files changed, 92 insertions(+), 92 deletions(-) delete mode 100644 resources/v1.30-alpha.0f695af0/base-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag delete mode 100644 resources/v1.30-alpha.0f695af0/cni-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag delete mode 100644 resources/v1.30-alpha.0f695af0/commit delete mode 100644 resources/v1.30-alpha.0f695af0/gateway-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag delete mode 100644 resources/v1.30-alpha.0f695af0/istiod-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag delete mode 100644 resources/v1.30-alpha.0f695af0/ztunnel-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag create mode 100644 resources/v1.30-alpha.bcdd144c/base-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/README.md (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.bcdd144c/cni-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag create mode 100644 resources/v1.30-alpha.bcdd144c/commit create mode 100644 resources/v1.30-alpha.bcdd144c/gateway-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag create mode 100644 resources/v1.30-alpha.bcdd144c/istiod-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.0f695af0 => v1.30-alpha.bcdd144c}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.bcdd144c/ztunnel-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 37877f3aff..1737b18fde 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.0f695af0 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.bcdd144c // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index cc945d8dcb..a90b2af1a6 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.0f695af0 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.bcdd144c // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 41a9cc0d45..50566bdef8 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0f695af0. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.0f695af0 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.bcdd144c. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.bcdd144c Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 9ad921011f..6e5131dff5 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.0f695af0 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.bcdd144c // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index c28e2ac7b8..b0253ab6f7 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.0f695af0 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.bcdd144c // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index d18c9bf5bf..8f74452925 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-15T05:28:38Z" + createdAt: "2026-02-16T05:32:57Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. displayName: Istio Version path: version x-descriptors: @@ -198,7 +198,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -236,7 +236,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0f695af0. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.bcdd144c. displayName: Istio Version path: version x-descriptors: @@ -252,7 +252,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -287,7 +287,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. displayName: Istio Version path: version x-descriptors: @@ -306,7 +306,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -362,7 +362,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. displayName: Istio Version path: version x-descriptors: @@ -381,7 +381,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0f695af0 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -410,7 +410,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -812,10 +812,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_0f695af0.cni: gcr.io/istio-testing/install-cni:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe - images.v1_30-alpha_0f695af0.istiod: gcr.io/istio-testing/pilot:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe - images.v1_30-alpha_0f695af0.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe - images.v1_30-alpha_0f695af0.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + images.v1_30-alpha_bcdd144c.cni: gcr.io/istio-testing/install-cni:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + images.v1_30-alpha_bcdd144c.istiod: gcr.io/istio-testing/pilot:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + images.v1_30-alpha_bcdd144c.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + images.v1_30-alpha_bcdd144c.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 9c5032571b..2c553d74e0 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. enum: - v1.28-latest - v1.28.3 @@ -1518,7 +1518,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 6ed51f7f2a..72c30875eb 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0f695af0. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.bcdd144c. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 6543ed560e..dc575446cd 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index e04e6167ae..6a8a2e6d1a 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3456,7 +3456,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. enum: - v1.28-latest - v1.28.3 @@ -3496,7 +3496,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c type: string required: - namespace @@ -7018,7 +7018,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. enum: - v1.28-latest - v1.28.3 @@ -7058,7 +7058,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index ee10642bfe..d78909aacf 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. enum: - v1.28-latest - v1.28.3 @@ -1518,7 +1518,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index e717c479f1..f97b460824 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0f695af0. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.bcdd144c. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 24940d59c7..7835d342ac 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index b3d86fbad5..c3a69c95a9 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3456,7 +3456,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. enum: - v1.28-latest - v1.28.3 @@ -3496,7 +3496,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c type: string required: - namespace @@ -7018,7 +7018,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. enum: - v1.28-latest - v1.28.3 @@ -7058,7 +7058,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index ea9c76afdd..7bbdc4c986 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -46,10 +46,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_0f695af0.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe - images.v1_30-alpha_0f695af0.istiod: gcr.io/istio-testing/pilot:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe - images.v1_30-alpha_0f695af0.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe - images.v1_30-alpha_0f695af0.cni: gcr.io/istio-testing/install-cni:1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + images.v1_30-alpha_bcdd144c.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + images.v1_30-alpha_bcdd144c.istiod: gcr.io/istio-testing/pilot:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + images.v1_30-alpha_bcdd144c.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + images.v1_30-alpha_bcdd144c.cni: gcr.io/istio-testing/install-cni:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 revisionHistoryLimit: 10 service: port: 8443 @@ -79,7 +79,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.0f695af0 + - v1.30-alpha.bcdd144c [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index dde5d672bc..5f072f4f60 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.0f695af0] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.bcdd144c] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0f695af0. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.0f695af0] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.bcdd144c. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.bcdd144c] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.0f695af0] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.bcdd144c] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3541,7 +3541,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.0f695af0] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.bcdd144c] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3707,7 +3707,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0f695af0. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.0f695af0] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.bcdd144c] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 0efae7e8c2..4d201da460 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00 - istio.io/istio v0.0.0-20260215035538-0f695af01870 + istio.io/istio v0.0.0-20260216005539-bcdd144cfe5b k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index 083668965a..d909a11597 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260213054037-4fd9ccbbaef9 h1:1Y3dfM9KxRiEgvrneC istio.io/api v1.29.0-alpha.0.0.20260213054037-4fd9ccbbaef9/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00 h1:5FYNqVlcs4aB1cENWvHAIHhJFBL7P1r8y4Yh/IMh+Nk= istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00/go.mod h1:rkaYDmIymBDBVPqlITrlc2cQq/GtaonR5DRGzUBo8iY= -istio.io/istio v0.0.0-20260215035538-0f695af01870 h1:WsQLm5GDLxarNoxKyWkbKlnxuZIhqDC6HPufsYgsBJQ= -istio.io/istio v0.0.0-20260215035538-0f695af01870/go.mod h1:vNZf8a+SKyS4VTvMhxE7cp3CrcWQt0oPZ/liLJ2mz1E= +istio.io/istio v0.0.0-20260216005539-bcdd144cfe5b h1:w9uTJaWd4wADJ7G1HT+lEBsgJCxFervv2wW5vxT5Yr0= +istio.io/istio v0.0.0-20260216005539-bcdd144cfe5b/go.mod h1:vNZf8a+SKyS4VTvMhxE7cp3CrcWQt0oPZ/liLJ2mz1E= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index db7b9dbb20..3f9c437517 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -207,15 +207,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.0f695af0 - - name: v1.30-alpha.0f695af0 - version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + ref: v1.30-alpha.bcdd144c + - name: v1.30-alpha.bcdd144c + version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 repo: https://github.com/istio/istio branch: master - commit: 0f695af0187022e11b9f6f5cc6445e498814dafe + commit: bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe/helm/base-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe/helm/cni-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe/helm/gateway-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe/helm/istiod-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe/helm/ztunnel-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6/helm/base-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6/helm/cni-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6/helm/gateway-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6/helm/istiod-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6/helm/ztunnel-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz diff --git a/resources/v1.30-alpha.0f695af0/base-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag b/resources/v1.30-alpha.0f695af0/base-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag deleted file mode 100644 index 62fb77c49b..0000000000 --- a/resources/v1.30-alpha.0f695af0/base-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -5d3a12b8a2c9f23ee5f8337aa2a999f1 diff --git a/resources/v1.30-alpha.0f695af0/cni-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag b/resources/v1.30-alpha.0f695af0/cni-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag deleted file mode 100644 index 79ca1ddebb..0000000000 --- a/resources/v1.30-alpha.0f695af0/cni-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -23654863f6aec96624f28e2f9175d7d9 diff --git a/resources/v1.30-alpha.0f695af0/commit b/resources/v1.30-alpha.0f695af0/commit deleted file mode 100644 index 358efe7926..0000000000 --- a/resources/v1.30-alpha.0f695af0/commit +++ /dev/null @@ -1 +0,0 @@ -0f695af0187022e11b9f6f5cc6445e498814dafe diff --git a/resources/v1.30-alpha.0f695af0/gateway-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag b/resources/v1.30-alpha.0f695af0/gateway-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag deleted file mode 100644 index 5f938dd1a1..0000000000 --- a/resources/v1.30-alpha.0f695af0/gateway-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -fcd620977157da24db36cdf5d2ec39e3 diff --git a/resources/v1.30-alpha.0f695af0/istiod-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag b/resources/v1.30-alpha.0f695af0/istiod-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag deleted file mode 100644 index ed3371dfa0..0000000000 --- a/resources/v1.30-alpha.0f695af0/istiod-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -cc81ac5b936906c6c44b2cb9242f48f8 diff --git a/resources/v1.30-alpha.0f695af0/ztunnel-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag b/resources/v1.30-alpha.0f695af0/ztunnel-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag deleted file mode 100644 index 6fe6b488e8..0000000000 --- a/resources/v1.30-alpha.0f695af0/ztunnel-1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -b140b1093532262fdf31227148abbb6b diff --git a/resources/v1.30-alpha.bcdd144c/base-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag b/resources/v1.30-alpha.bcdd144c/base-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag new file mode 100644 index 0000000000..122a1b3546 --- /dev/null +++ b/resources/v1.30-alpha.bcdd144c/base-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag @@ -0,0 +1 @@ +03a6f6445d4a304107b1a84fb48c37f9 diff --git a/resources/v1.30-alpha.0f695af0/charts/base/Chart.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.0f695af0/charts/base/Chart.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/Chart.yaml index 2819f3661c..3906f710f4 100644 --- a/resources/v1.30-alpha.0f695af0/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.bcdd144c/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 diff --git a/resources/v1.30-alpha.0f695af0/charts/base/README.md b/resources/v1.30-alpha.bcdd144c/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/README.md rename to resources/v1.30-alpha.bcdd144c/charts/base/README.md diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.bcdd144c/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.bcdd144c/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.0f695af0/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/base/values.yaml b/resources/v1.30-alpha.bcdd144c/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/base/values.yaml rename to resources/v1.30-alpha.bcdd144c/charts/base/values.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/Chart.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.0f695af0/charts/cni/Chart.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/Chart.yaml index 1923a8a92a..ffa1978e97 100644 --- a/resources/v1.30-alpha.0f695af0/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.bcdd144c/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/README.md b/resources/v1.30-alpha.bcdd144c/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/README.md rename to resources/v1.30-alpha.bcdd144c/charts/cni/README.md diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/cni/values.yaml b/resources/v1.30-alpha.bcdd144c/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.0f695af0/charts/cni/values.yaml rename to resources/v1.30-alpha.bcdd144c/charts/cni/values.yaml index 2500d0f913..28e3fd017b 100644 --- a/resources/v1.30-alpha.0f695af0/charts/cni/values.yaml +++ b/resources/v1.30-alpha.bcdd144c/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + tag: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/Chart.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.0f695af0/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/Chart.yaml index eca785e7f1..c62b306bc2 100644 --- a/resources/v1.30-alpha.0f695af0/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.bcdd144c/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/README.md b/resources/v1.30-alpha.bcdd144c/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/README.md rename to resources/v1.30-alpha.bcdd144c/charts/gateway/README.md diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.bcdd144c/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.bcdd144c/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/values.schema.json b/resources/v1.30-alpha.bcdd144c/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/values.schema.json rename to resources/v1.30-alpha.bcdd144c/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.0f695af0/charts/gateway/values.yaml b/resources/v1.30-alpha.bcdd144c/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/gateway/values.yaml rename to resources/v1.30-alpha.bcdd144c/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/Chart.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.0f695af0/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/Chart.yaml index 45131ce254..69721020a7 100644 --- a/resources/v1.30-alpha.0f695af0/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.bcdd144c/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/README.md b/resources/v1.30-alpha.bcdd144c/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/README.md rename to resources/v1.30-alpha.bcdd144c/charts/istiod/README.md diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/istiod/values.yaml b/resources/v1.30-alpha.bcdd144c/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.0f695af0/charts/istiod/values.yaml rename to resources/v1.30-alpha.bcdd144c/charts/istiod/values.yaml index ee04b1bf1a..c5854e9885 100644 --- a/resources/v1.30-alpha.0f695af0/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.bcdd144c/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + tag: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/Chart.yaml index aceb401602..a680ea746d 100644 --- a/resources/v1.30-alpha.0f695af0/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/revisiontags/values.yaml b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.0f695af0/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.bcdd144c/charts/revisiontags/values.yaml index ee04b1bf1a..c5854e9885 100644 --- a/resources/v1.30-alpha.0f695af0/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.bcdd144c/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + tag: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/Chart.yaml index e1b297bc31..2589922c87 100644 --- a/resources/v1.30-alpha.0f695af0/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe +version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/README.md b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/README.md rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.0f695af0/charts/ztunnel/values.yaml b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.0f695af0/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.bcdd144c/charts/ztunnel/values.yaml index 8a4077b60d..d50ce19751 100644 --- a/resources/v1.30-alpha.0f695af0/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.bcdd144c/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.0f695af0187022e11b9f6f5cc6445e498814dafe + tag: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.bcdd144c/cni-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag b/resources/v1.30-alpha.bcdd144c/cni-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag new file mode 100644 index 0000000000..d1d4e9fbe7 --- /dev/null +++ b/resources/v1.30-alpha.bcdd144c/cni-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag @@ -0,0 +1 @@ +3aeeb82bfd223cdb7fadaedc8b9b2e08 diff --git a/resources/v1.30-alpha.bcdd144c/commit b/resources/v1.30-alpha.bcdd144c/commit new file mode 100644 index 0000000000..ada1d8b865 --- /dev/null +++ b/resources/v1.30-alpha.bcdd144c/commit @@ -0,0 +1 @@ +bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 diff --git a/resources/v1.30-alpha.bcdd144c/gateway-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag b/resources/v1.30-alpha.bcdd144c/gateway-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag new file mode 100644 index 0000000000..81d40d0960 --- /dev/null +++ b/resources/v1.30-alpha.bcdd144c/gateway-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag @@ -0,0 +1 @@ +e1b4f0ead0824ebbf6c48f16947463c7 diff --git a/resources/v1.30-alpha.bcdd144c/istiod-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag b/resources/v1.30-alpha.bcdd144c/istiod-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag new file mode 100644 index 0000000000..242cc74514 --- /dev/null +++ b/resources/v1.30-alpha.bcdd144c/istiod-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag @@ -0,0 +1 @@ +413652d0ad14edcb7cf1eee51b285274 diff --git a/resources/v1.30-alpha.0f695af0/profiles/ambient.yaml b/resources/v1.30-alpha.bcdd144c/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/profiles/ambient.yaml rename to resources/v1.30-alpha.bcdd144c/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.0f695af0/profiles/default.yaml b/resources/v1.30-alpha.bcdd144c/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/profiles/default.yaml rename to resources/v1.30-alpha.bcdd144c/profiles/default.yaml diff --git a/resources/v1.30-alpha.0f695af0/profiles/demo.yaml b/resources/v1.30-alpha.bcdd144c/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/profiles/demo.yaml rename to resources/v1.30-alpha.bcdd144c/profiles/demo.yaml diff --git a/resources/v1.30-alpha.0f695af0/profiles/empty.yaml b/resources/v1.30-alpha.bcdd144c/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/profiles/empty.yaml rename to resources/v1.30-alpha.bcdd144c/profiles/empty.yaml diff --git a/resources/v1.30-alpha.0f695af0/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.bcdd144c/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.bcdd144c/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.0f695af0/profiles/openshift.yaml b/resources/v1.30-alpha.bcdd144c/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/profiles/openshift.yaml rename to resources/v1.30-alpha.bcdd144c/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.0f695af0/profiles/preview.yaml b/resources/v1.30-alpha.bcdd144c/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/profiles/preview.yaml rename to resources/v1.30-alpha.bcdd144c/profiles/preview.yaml diff --git a/resources/v1.30-alpha.0f695af0/profiles/remote.yaml b/resources/v1.30-alpha.bcdd144c/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/profiles/remote.yaml rename to resources/v1.30-alpha.bcdd144c/profiles/remote.yaml diff --git a/resources/v1.30-alpha.0f695af0/profiles/stable.yaml b/resources/v1.30-alpha.bcdd144c/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.0f695af0/profiles/stable.yaml rename to resources/v1.30-alpha.bcdd144c/profiles/stable.yaml diff --git a/resources/v1.30-alpha.bcdd144c/ztunnel-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag b/resources/v1.30-alpha.bcdd144c/ztunnel-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag new file mode 100644 index 0000000000..4c8306edcf --- /dev/null +++ b/resources/v1.30-alpha.bcdd144c/ztunnel-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag @@ -0,0 +1 @@ +37a0d0995cb48b33c5177cfacf5e6e1a From 0aae5768f420ea5ac1249f940c36b8ba2ce137e2 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Tue, 17 Feb 2026 00:49:19 -0500 Subject: [PATCH 4/6] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1605) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 10 +- api/v1/istiocni_types.go | 10 +- api/v1/istiorevision_types.go | 6 +- api/v1/ztunnel_types.go | 10 +- api/v1alpha1/ztunnel_types.go | 10 +- .../sailoperator.clusterserviceversion.yaml | 52 +- .../manifests/sailoperator.io_istiocnis.yaml | 10 +- .../sailoperator.io_istiorevisions.yaml | 6 +- bundle/manifests/sailoperator.io_istios.yaml | 10 +- .../manifests/sailoperator.io_ztunnels.yaml | 20 +- chart/crds/sailoperator.io_istiocnis.yaml | 10 +- .../crds/sailoperator.io_istiorevisions.yaml | 6 +- chart/crds/sailoperator.io_istios.yaml | 10 +- chart/crds/sailoperator.io_ztunnels.yaml | 20 +- chart/samples/ambient/istio-sample.yaml | 2 +- chart/samples/ambient/istiocni-sample.yaml | 2 +- .../samples/ambient/istioztunnel-sample.yaml | 2 +- chart/samples/istio-sample-gw-api.yaml | 2 +- chart/samples/istio-sample-revisionbased.yaml | 2 +- chart/samples/istio-sample.yaml | 2 +- chart/samples/istiocni-sample.yaml | 2 +- chart/samples/ztunnel-sample.yaml | 2 +- chart/values.yaml | 20 +- docs/api-reference/sailoperator.io.md | 18 +- go.mod | 6 +- go.sum | 12 +- pkg/istioversion/versions.yaml | 42 +- resources/v1.27.7/base-1.27.7.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 53 ++ ...vision-validatingwebhookconfiguration.yaml | 56 ++ .../base/templates/reader-serviceaccount.yaml | 20 + .../charts/base/templates/zzz_profile.yaml | 0 resources/v1.27.7/charts/base/values.yaml | 37 ++ .../charts/cni/Chart.yaml | 4 +- resources/v1.27.7/charts/cni/README.md | 65 ++ .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 81 +++ .../cni/templates/clusterrolebinding.yaml | 63 ++ .../charts/cni/templates/configmap-cni.yaml | 41 ++ .../charts/cni/templates/daemonset.yaml | 248 ++++++++ .../network-attachment-definition.yaml | 11 + .../charts/cni/templates/resourcequota.yaml | 19 + .../charts/cni/templates/serviceaccount.yaml | 18 + .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 resources/v1.27.7/charts/cni/values.yaml | 178 ++++++ .../charts/gateway/Chart.yaml | 4 +- resources/v1.27.7/charts/gateway/README.md | 170 +++++ .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../templates/poddisruptionbudget.yaml | 18 + .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 72 +++ .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../v1.27.7/charts/gateway/values.schema.json | 359 +++++++++++ resources/v1.27.7/charts/gateway/values.yaml | 194 ++++++ .../charts/istiod/Chart.yaml | 4 +- resources/v1.27.7/charts/istiod/README.md | 73 +++ .../files/gateway-injection-template.yaml | 274 ++++++++ .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 541 ++++++++++++++++ .../charts/istiod/files/kube-gateway.yaml | 401 ++++++++++++ .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../v1.27.7/charts/istiod/files/waypoint.yaml | 396 ++++++++++++ .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 43 ++ .../charts/istiod/templates/clusterrole.yaml | 213 +++++++ .../istiod/templates/clusterrolebinding.yaml | 40 ++ .../istiod/templates/configmap-jwks.yaml | 18 + .../istiod/templates/configmap-values.yaml | 19 + .../charts/istiod/templates/configmap.yaml | 111 ++++ .../charts/istiod/templates/deployment.yaml | 312 ++++++++++ .../templates/gateway-class-configmap.yaml | 20 + .../templates/istiod-injector-configmap.yaml | 81 +++ .../istiod/templates/mutatingwebhook.yaml | 164 +++++ .../istiod/templates/poddisruptionbudget.yaml | 36 ++ .../istiod/templates/reader-clusterrole.yaml | 62 ++ .../templates/reader-clusterrolebinding.yaml | 17 + .../templates/remote-istiod-endpoints.yaml | 30 + .../templates/remote-istiod-service.yaml | 41 ++ .../istiod/templates/revision-tags.yaml | 149 +++++ .../v1.27.7/charts/istiod/templates/role.yaml | 35 ++ .../charts/istiod/templates/rolebinding.yaml | 21 + .../charts/istiod/templates/service.yaml | 57 ++ .../istiod/templates/serviceaccount.yaml | 24 + .../templates/validatingadmissionpolicy.yaml | 63 ++ .../validatingwebhookconfiguration.yaml | 68 ++ .../istiod/templates/zzy_descope_legacy.yaml | 3 + .../charts/istiod/templates/zzz_profile.yaml | 0 resources/v1.27.7/charts/istiod/values.yaml | 569 +++++++++++++++++ .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../revisiontags/templates/revision-tags.yaml | 149 +++++ .../revisiontags/templates/zzz_profile.yaml | 0 .../v1.27.7/charts/revisiontags/values.yaml | 569 +++++++++++++++++ .../charts/ztunnel/Chart.yaml | 4 +- resources/v1.27.7/charts/ztunnel/README.md | 50 ++ .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 210 +++++++ .../charts/ztunnel/templates/rbac.yaml | 72 +++ .../ztunnel/templates/resourcequota.yaml | 20 + .../charts/ztunnel/templates/zzz_profile.yaml | 0 resources/v1.27.7/charts/ztunnel/values.yaml | 128 ++++ resources/v1.27.7/cni-1.27.7.tgz.etag | 1 + resources/v1.27.7/commit | 1 + resources/v1.27.7/gateway-1.27.7.tgz.etag | 1 + resources/v1.27.7/istiod-1.27.7.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 resources/v1.27.7/ztunnel-1.27.7.tgz.etag | 1 + resources/v1.28.4/base-1.28.4.tgz.etag | 1 + resources/v1.28.4/charts/base/Chart.yaml | 10 + resources/v1.28.4/charts/base/README.md | 35 ++ .../charts/base/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../charts/base/files/profile-demo.yaml | 94 +++ .../base/files/profile-platform-gke.yaml | 10 + .../base/files/profile-platform-k3d.yaml | 7 + .../base/files/profile-platform-k3s.yaml | 7 + .../base/files/profile-platform-microk8s.yaml | 7 + .../base/files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/base/files/profile-preview.yaml | 13 + .../charts/base/files/profile-remote.yaml | 13 + .../charts/base/files/profile-stable.yaml | 8 + .../v1.28.4/charts/base/templates/NOTES.txt | 5 + ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 75 +++ .../charts/base/values.yaml | 0 resources/v1.28.4/charts/cni/Chart.yaml | 11 + .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../charts/cni/files/profile-demo.yaml | 94 +++ .../cni/files/profile-platform-gke.yaml | 10 + .../cni/files/profile-platform-k3d.yaml | 7 + .../cni/files/profile-platform-k3s.yaml | 7 + .../cni/files/profile-platform-microk8s.yaml | 7 + .../cni/files/profile-platform-minikube.yaml | 6 + .../cni/files/profile-platform-openshift.yaml | 19 + .../charts/cni/files/profile-preview.yaml | 13 + .../charts/cni/files/profile-remote.yaml | 13 + .../charts/cni/files/profile-stable.yaml | 8 + .../v1.28.4/charts/cni/templates/NOTES.txt | 5 + .../v1.28.4/charts/cni/templates/_helpers.tpl | 8 + .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 252 ++++++++ .../network-attachment-definition.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 3 + .../charts/cni/templates/zzz_profile.yaml | 75 +++ resources/v1.28.4/charts/cni/values.yaml | 194 ++++++ resources/v1.28.4/charts/gateway/Chart.yaml | 12 + .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../charts/gateway/files/profile-demo.yaml | 94 +++ .../gateway/files/profile-platform-gke.yaml | 10 + .../gateway/files/profile-platform-k3d.yaml | 7 + .../gateway/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/gateway/files/profile-preview.yaml | 13 + .../charts/gateway/files/profile-remote.yaml | 13 + .../charts/gateway/files/profile-stable.yaml | 8 + .../charts/gateway/templates/NOTES.txt | 9 + .../charts/gateway/templates/_helpers.tpl | 40 ++ .../charts/gateway/templates/deployment.yaml | 145 +++++ .../v1.28.4/charts/gateway/templates/hpa.yaml | 40 ++ .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 37 ++ .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 15 + .../charts/gateway/templates/zzz_profile.yaml | 75 +++ .../v1.28.4/charts/gateway/values.schema.json | 359 +++++++++++ .../charts/gateway/values.yaml | 0 resources/v1.28.4/charts/istiod/Chart.yaml | 12 + .../charts/istiod/README.md | 0 .../files/gateway-injection-template.yaml | 274 ++++++++ .../charts/istiod/files/grpc-agent.yaml | 318 ++++++++++ .../charts/istiod/files/grpc-simple.yaml | 65 ++ .../istiod/files/injection-template.yaml | 549 +++++++++++++++++ .../charts/istiod/files/kube-gateway.yaml | 407 ++++++++++++ .../charts/istiod/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../charts/istiod/files/profile-demo.yaml | 94 +++ .../istiod/files/profile-platform-gke.yaml | 10 + .../istiod/files/profile-platform-k3d.yaml | 7 + .../istiod/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/istiod/files/profile-preview.yaml | 13 + .../charts/istiod/files/profile-remote.yaml | 13 + .../charts/istiod/files/profile-stable.yaml | 8 + .../v1.28.4/charts/istiod/files/waypoint.yaml | 405 ++++++++++++ .../v1.28.4/charts/istiod/templates/NOTES.txt | 82 +++ .../charts/istiod/templates/_helpers.tpl | 23 + .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 314 ++++++++++ .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 83 +++ .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 65 ++ .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 75 +++ resources/v1.28.4/charts/istiod/values.yaml | 583 ++++++++++++++++++ .../v1.28.4/charts/revisiontags/Chart.yaml | 8 + .../revisiontags/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../revisiontags/files/profile-demo.yaml | 94 +++ .../files/profile-platform-gke.yaml | 10 + .../files/profile-platform-k3d.yaml | 7 + .../files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../revisiontags/files/profile-preview.yaml | 13 + .../revisiontags/files/profile-remote.yaml | 13 + .../revisiontags/files/profile-stable.yaml | 8 + .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 75 +++ .../v1.28.4/charts/revisiontags/values.yaml | 583 ++++++++++++++++++ resources/v1.28.4/charts/ztunnel/Chart.yaml | 11 + .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../charts/ztunnel/files/profile-demo.yaml | 94 +++ .../ztunnel/files/profile-platform-gke.yaml | 10 + .../ztunnel/files/profile-platform-k3d.yaml | 7 + .../ztunnel/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/ztunnel/files/profile-preview.yaml | 13 + .../charts/ztunnel/files/profile-remote.yaml | 13 + .../charts/ztunnel/files/profile-stable.yaml | 8 + .../charts/ztunnel/templates/NOTES.txt | 5 + .../charts/ztunnel/templates/_helpers.tpl | 1 + .../charts/ztunnel/templates/daemonset.yaml | 212 +++++++ .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 75 +++ resources/v1.28.4/charts/ztunnel/values.yaml | 136 ++++ resources/v1.28.4/cni-1.28.4.tgz.etag | 1 + resources/v1.28.4/commit | 1 + resources/v1.28.4/gateway-1.28.4.tgz.etag | 1 + resources/v1.28.4/istiod-1.28.4.tgz.etag | 1 + resources/v1.28.4/profiles/ambient.yaml | 5 + resources/v1.28.4/profiles/default.yaml | 12 + resources/v1.28.4/profiles/demo.yaml | 5 + resources/v1.28.4/profiles/empty.yaml | 5 + .../v1.28.4/profiles/openshift-ambient.yaml | 7 + resources/v1.28.4/profiles/openshift.yaml | 6 + resources/v1.28.4/profiles/preview.yaml | 8 + resources/v1.28.4/profiles/remote.yaml | 7 + resources/v1.28.4/profiles/stable.yaml | 5 + resources/v1.28.4/ztunnel-1.28.4.tgz.etag | 1 + ...43536da97f4c7f0259d7a313aa17b69b3.tgz.etag | 1 + .../charts/base/Chart.yaml | 10 + .../charts/base/README.md | 35 ++ .../charts/base/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 94 +++ .../base/files/profile-platform-gke.yaml | 10 + .../base/files/profile-platform-k3d.yaml | 7 + .../base/files/profile-platform-k3s.yaml | 7 + .../base/files/profile-platform-microk8s.yaml | 7 + .../base/files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/base/files/profile-preview.yaml | 13 + .../charts/base/files/profile-remote.yaml | 13 + .../charts/base/files/profile-stable.yaml | 8 + .../charts/base/templates/NOTES.txt | 5 + ...ultrevision-validatingadmissionpolicy.yaml | 55 ++ ...vision-validatingwebhookconfiguration.yaml | 58 ++ .../base/templates/reader-serviceaccount.yaml | 22 + .../charts/base/templates/zzz_profile.yaml | 75 +++ .../charts/base/values.yaml | 45 ++ .../charts/cni/Chart.yaml | 11 + .../v1.30-alpha.b38ad9e4/charts/cni/README.md | 65 ++ .../charts/cni/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 94 +++ .../cni/files/profile-platform-gke.yaml | 10 + .../cni/files/profile-platform-k3d.yaml | 7 + .../cni/files/profile-platform-k3s.yaml | 7 + .../cni/files/profile-platform-microk8s.yaml | 7 + .../cni/files/profile-platform-minikube.yaml | 6 + .../cni/files/profile-platform-openshift.yaml | 19 + .../charts/cni/files/profile-preview.yaml | 13 + .../charts/cni/files/profile-remote.yaml | 13 + .../charts/cni/files/profile-stable.yaml | 8 + .../charts/cni/templates/NOTES.txt | 5 + .../charts/cni/templates/_helpers.tpl | 8 + .../charts/cni/templates/clusterrole.yaml | 84 +++ .../cni/templates/clusterrolebinding.yaml | 66 ++ .../charts/cni/templates/configmap-cni.yaml | 44 ++ .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 13 + .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 21 + .../charts/cni/templates/serviceaccount.yaml | 20 + .../cni/templates/zzy_descope_legacy.yaml | 3 + .../charts/cni/templates/zzz_profile.yaml | 75 +++ .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 12 + .../charts/gateway/README.md | 170 +++++ .../charts/gateway/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 94 +++ .../gateway/files/profile-platform-gke.yaml | 10 + .../gateway/files/profile-platform-k3d.yaml | 7 + .../gateway/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/gateway/files/profile-preview.yaml | 13 + .../charts/gateway/files/profile-remote.yaml | 13 + .../charts/gateway/files/profile-stable.yaml | 8 + .../charts/gateway/templates/NOTES.txt | 9 + .../charts/gateway/templates/_helpers.tpl | 40 ++ .../charts/gateway/templates/deployment.yaml | 145 +++++ .../charts/gateway/templates/hpa.yaml | 40 ++ .../gateway/templates/networkpolicy.yaml | 47 ++ .../templates/poddisruptionbudget.yaml | 21 + .../charts/gateway/templates/role.yaml | 37 ++ .../charts/gateway/templates/service.yaml | 78 +++ .../gateway/templates/serviceaccount.yaml | 15 + .../charts/gateway/templates/zzz_profile.yaml | 75 +++ .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 204 ++++++ .../charts/istiod/Chart.yaml | 12 + .../charts/istiod/README.md | 73 +++ .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 318 ++++++++++ .../charts/istiod/files/grpc-simple.yaml | 65 ++ .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 94 +++ .../istiod/files/profile-platform-gke.yaml | 10 + .../istiod/files/profile-platform-k3d.yaml | 7 + .../istiod/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/istiod/files/profile-preview.yaml | 13 + .../charts/istiod/files/profile-remote.yaml | 13 + .../charts/istiod/files/profile-stable.yaml | 8 + .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 82 +++ .../charts/istiod/templates/_helpers.tpl | 23 + .../charts/istiod/templates/autoscale.yaml | 45 ++ .../charts/istiod/templates/clusterrole.yaml | 216 +++++++ .../istiod/templates/clusterrolebinding.yaml | 43 ++ .../istiod/templates/configmap-jwks.yaml | 20 + .../istiod/templates/configmap-values.yaml | 21 + .../charts/istiod/templates/configmap.yaml | 113 ++++ .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 22 + .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 167 +++++ .../istiod/templates/networkpolicy.yaml | 47 ++ .../istiod/templates/poddisruptionbudget.yaml | 41 ++ .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 20 + .../remote-istiod-endpointslices.yaml | 42 ++ .../templates/remote-istiod-service.yaml | 43 ++ .../istiod/templates/revision-tags-mwc.yaml | 154 +++++ .../istiod/templates/revision-tags-svc.yaml | 57 ++ .../charts/istiod/templates/role.yaml | 37 ++ .../charts/istiod/templates/rolebinding.yaml | 23 + .../charts/istiod/templates/service.yaml | 59 ++ .../istiod/templates/serviceaccount.yaml | 26 + .../templates/validatingadmissionpolicy.yaml | 65 ++ .../validatingwebhookconfiguration.yaml | 70 +++ .../istiod/templates/zzy_descope_legacy.yaml | 3 + .../charts/istiod/templates/zzz_profile.yaml | 75 +++ .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 8 + .../revisiontags/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 94 +++ .../files/profile-platform-gke.yaml | 10 + .../files/profile-platform-k3d.yaml | 7 + .../files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../revisiontags/files/profile-preview.yaml | 13 + .../revisiontags/files/profile-remote.yaml | 13 + .../revisiontags/files/profile-stable.yaml | 8 + .../templates/revision-tags-mwc.yaml | 154 +++++ .../templates/revision-tags-svc.yaml | 57 ++ .../revisiontags/templates/zzz_profile.yaml | 75 +++ .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 11 + .../charts/ztunnel/README.md | 50 ++ .../charts/ztunnel/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 94 +++ .../ztunnel/files/profile-platform-gke.yaml | 10 + .../ztunnel/files/profile-platform-k3d.yaml | 7 + .../ztunnel/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/ztunnel/files/profile-preview.yaml | 13 + .../charts/ztunnel/files/profile-remote.yaml | 13 + .../charts/ztunnel/files/profile-stable.yaml | 8 + .../charts/ztunnel/templates/NOTES.txt | 5 + .../charts/ztunnel/templates/_helpers.tpl | 1 + .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 51 ++ .../ztunnel/templates/resourcequota.yaml | 22 + .../ztunnel/templates/serviceaccount.yaml | 24 + .../charts/ztunnel/templates/zzz_profile.yaml | 75 +++ .../charts/ztunnel/values.yaml | 2 +- ...43536da97f4c7f0259d7a313aa17b69b3.tgz.etag | 1 + resources/v1.30-alpha.b38ad9e4/commit | 1 + ...43536da97f4c7f0259d7a313aa17b69b3.tgz.etag | 1 + ...43536da97f4c7f0259d7a313aa17b69b3.tgz.etag | 1 + .../profiles/ambient.yaml | 5 + .../profiles/default.yaml | 12 + .../v1.30-alpha.b38ad9e4/profiles/demo.yaml | 5 + .../v1.30-alpha.b38ad9e4/profiles/empty.yaml | 5 + .../profiles/openshift-ambient.yaml | 7 + .../profiles/openshift.yaml | 6 + .../profiles/preview.yaml | 8 + .../v1.30-alpha.b38ad9e4/profiles/remote.yaml | 7 + .../v1.30-alpha.b38ad9e4/profiles/stable.yaml | 5 + ...43536da97f4c7f0259d7a313aa17b69b3.tgz.etag | 1 + ...cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag | 1 - ...cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag | 1 - resources/v1.30-alpha.bcdd144c/commit | 1 - ...cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag | 1 - ...cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag | 1 - ...cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag | 1 - 598 files changed, 19919 insertions(+), 139 deletions(-) create mode 100644 resources/v1.27.7/base-1.27.7.tgz.etag rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/README.md (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.7/charts/base/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.7/charts/base/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.7/charts/base/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/templates/NOTES.txt (100%) create mode 100644 resources/v1.27.7/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml create mode 100644 resources/v1.27.7/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml create mode 100644 resources/v1.27.7/charts/base/templates/reader-serviceaccount.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/base/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.7/charts/base/values.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/Chart.yaml (62%) create mode 100644 resources/v1.27.7/charts/cni/README.md rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/templates/_helpers.tpl (100%) create mode 100644 resources/v1.27.7/charts/cni/templates/clusterrole.yaml create mode 100644 resources/v1.27.7/charts/cni/templates/clusterrolebinding.yaml create mode 100644 resources/v1.27.7/charts/cni/templates/configmap-cni.yaml create mode 100644 resources/v1.27.7/charts/cni/templates/daemonset.yaml create mode 100644 resources/v1.27.7/charts/cni/templates/network-attachment-definition.yaml create mode 100644 resources/v1.27.7/charts/cni/templates/resourcequota.yaml create mode 100644 resources/v1.27.7/charts/cni/templates/serviceaccount.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/cni/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.7/charts/cni/values.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/Chart.yaml (64%) create mode 100644 resources/v1.27.7/charts/gateway/README.md rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/templates/hpa.yaml (100%) create mode 100644 resources/v1.27.7/charts/gateway/templates/poddisruptionbudget.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/templates/role.yaml (100%) create mode 100644 resources/v1.27.7/charts/gateway/templates/service.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/gateway/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.7/charts/gateway/values.schema.json create mode 100644 resources/v1.27.7/charts/gateway/values.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/Chart.yaml (63%) create mode 100644 resources/v1.27.7/charts/istiod/README.md create mode 100644 resources/v1.27.7/charts/istiod/files/gateway-injection-template.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/grpc-simple.yaml (100%) create mode 100644 resources/v1.27.7/charts/istiod/files/injection-template.yaml create mode 100644 resources/v1.27.7/charts/istiod/files/kube-gateway.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/files/profile-stable.yaml (100%) create mode 100644 resources/v1.27.7/charts/istiod/files/waypoint.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/templates/_helpers.tpl (100%) create mode 100644 resources/v1.27.7/charts/istiod/templates/autoscale.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/clusterrole.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/clusterrolebinding.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/configmap-jwks.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/configmap-values.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/configmap.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/deployment.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/gateway-class-configmap.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/istiod-injector-configmap.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/mutatingwebhook.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/poddisruptionbudget.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/reader-clusterrole.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/reader-clusterrolebinding.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/remote-istiod-endpoints.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/remote-istiod-service.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/revision-tags.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/role.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/rolebinding.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/service.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/serviceaccount.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/validatingadmissionpolicy.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/validatingwebhookconfiguration.yaml create mode 100644 resources/v1.27.7/charts/istiod/templates/zzy_descope_legacy.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/istiod/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.7/charts/istiod/values.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/files/profile-stable.yaml (100%) create mode 100644 resources/v1.27.7/charts/revisiontags/templates/revision-tags.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/revisiontags/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.7/charts/revisiontags/values.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/Chart.yaml (63%) create mode 100644 resources/v1.27.7/charts/ztunnel/README.md rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/templates/_helpers.tpl (100%) create mode 100644 resources/v1.27.7/charts/ztunnel/templates/daemonset.yaml create mode 100644 resources/v1.27.7/charts/ztunnel/templates/rbac.yaml create mode 100644 resources/v1.27.7/charts/ztunnel/templates/resourcequota.yaml rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/charts/ztunnel/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.7/charts/ztunnel/values.yaml create mode 100644 resources/v1.27.7/cni-1.27.7.tgz.etag create mode 100644 resources/v1.27.7/commit create mode 100644 resources/v1.27.7/gateway-1.27.7.tgz.etag create mode 100644 resources/v1.27.7/istiod-1.27.7.tgz.etag rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.27.7}/profiles/stable.yaml (100%) create mode 100644 resources/v1.27.7/ztunnel-1.27.7.tgz.etag create mode 100644 resources/v1.28.4/base-1.28.4.tgz.etag create mode 100644 resources/v1.28.4/charts/base/Chart.yaml create mode 100644 resources/v1.28.4/charts/base/README.md create mode 100644 resources/v1.28.4/charts/base/files/profile-ambient.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-compatibility-version-1.27.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-demo.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-platform-gke.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-platform-k3d.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-platform-k3s.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-platform-minikube.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-platform-openshift.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-preview.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-remote.yaml create mode 100644 resources/v1.28.4/charts/base/files/profile-stable.yaml create mode 100644 resources/v1.28.4/charts/base/templates/NOTES.txt rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/base/templates/reader-serviceaccount.yaml (100%) create mode 100644 resources/v1.28.4/charts/base/templates/zzz_profile.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/base/values.yaml (100%) create mode 100644 resources/v1.28.4/charts/cni/Chart.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/cni/README.md (100%) create mode 100644 resources/v1.28.4/charts/cni/files/profile-ambient.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.27.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-demo.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-platform-gke.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-platform-k3d.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-platform-k3s.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-platform-minikube.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-platform-openshift.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-preview.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-remote.yaml create mode 100644 resources/v1.28.4/charts/cni/files/profile-stable.yaml create mode 100644 resources/v1.28.4/charts/cni/templates/NOTES.txt create mode 100644 resources/v1.28.4/charts/cni/templates/_helpers.tpl rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/cni/templates/configmap-cni.yaml (100%) create mode 100644 resources/v1.28.4/charts/cni/templates/daemonset.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/cni/templates/serviceaccount.yaml (100%) create mode 100644 resources/v1.28.4/charts/cni/templates/zzy_descope_legacy.yaml create mode 100644 resources/v1.28.4/charts/cni/templates/zzz_profile.yaml create mode 100644 resources/v1.28.4/charts/cni/values.yaml create mode 100644 resources/v1.28.4/charts/gateway/Chart.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/gateway/README.md (100%) create mode 100644 resources/v1.28.4/charts/gateway/files/profile-ambient.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.27.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-demo.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-platform-gke.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-platform-k3d.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-platform-k3s.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-platform-minikube.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-platform-openshift.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-preview.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-remote.yaml create mode 100644 resources/v1.28.4/charts/gateway/files/profile-stable.yaml create mode 100644 resources/v1.28.4/charts/gateway/templates/NOTES.txt create mode 100644 resources/v1.28.4/charts/gateway/templates/_helpers.tpl create mode 100644 resources/v1.28.4/charts/gateway/templates/deployment.yaml create mode 100644 resources/v1.28.4/charts/gateway/templates/hpa.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/gateway/templates/poddisruptionbudget.yaml (100%) create mode 100644 resources/v1.28.4/charts/gateway/templates/role.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/gateway/templates/service.yaml (100%) create mode 100644 resources/v1.28.4/charts/gateway/templates/serviceaccount.yaml create mode 100644 resources/v1.28.4/charts/gateway/templates/zzz_profile.yaml create mode 100644 resources/v1.28.4/charts/gateway/values.schema.json rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/gateway/values.yaml (100%) create mode 100644 resources/v1.28.4/charts/istiod/Chart.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/README.md (100%) create mode 100644 resources/v1.28.4/charts/istiod/files/gateway-injection-template.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/grpc-agent.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/grpc-simple.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/injection-template.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/kube-gateway.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-ambient.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.27.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-demo.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-platform-gke.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-platform-k3d.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-platform-k3s.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-platform-minikube.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-platform-openshift.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-preview.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-remote.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/profile-stable.yaml create mode 100644 resources/v1.28.4/charts/istiod/files/waypoint.yaml create mode 100644 resources/v1.28.4/charts/istiod/templates/NOTES.txt create mode 100644 resources/v1.28.4/charts/istiod/templates/_helpers.tpl rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/configmap.yaml (100%) create mode 100644 resources/v1.28.4/charts/istiod/templates/deployment.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/gateway-class-configmap.yaml (100%) create mode 100644 resources/v1.28.4/charts/istiod/templates/istiod-injector-configmap.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/poddisruptionbudget.yaml (100%) create mode 100644 resources/v1.28.4/charts/istiod/templates/reader-clusterrole.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) create mode 100644 resources/v1.28.4/charts/istiod/templates/zzz_profile.yaml create mode 100644 resources/v1.28.4/charts/istiod/values.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/Chart.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-ambient.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-platform-gke.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-platform-k3d.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-platform-k3s.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-platform-minikube.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-platform-openshift.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-remote.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/files/profile-stable.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) create mode 100644 resources/v1.28.4/charts/revisiontags/templates/zzz_profile.yaml create mode 100644 resources/v1.28.4/charts/revisiontags/values.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/Chart.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/ztunnel/README.md (100%) create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-ambient.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-demo.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-platform-gke.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-platform-k3d.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-platform-k3s.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-platform-minikube.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-platform-openshift.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-preview.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-remote.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/files/profile-stable.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/templates/NOTES.txt create mode 100644 resources/v1.28.4/charts/ztunnel/templates/_helpers.tpl create mode 100644 resources/v1.28.4/charts/ztunnel/templates/daemonset.yaml rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.28.4}/charts/ztunnel/templates/serviceaccount.yaml (100%) create mode 100644 resources/v1.28.4/charts/ztunnel/templates/zzz_profile.yaml create mode 100644 resources/v1.28.4/charts/ztunnel/values.yaml create mode 100644 resources/v1.28.4/cni-1.28.4.tgz.etag create mode 100644 resources/v1.28.4/commit create mode 100644 resources/v1.28.4/gateway-1.28.4.tgz.etag create mode 100644 resources/v1.28.4/istiod-1.28.4.tgz.etag create mode 100644 resources/v1.28.4/profiles/ambient.yaml create mode 100644 resources/v1.28.4/profiles/default.yaml create mode 100644 resources/v1.28.4/profiles/demo.yaml create mode 100644 resources/v1.28.4/profiles/empty.yaml create mode 100644 resources/v1.28.4/profiles/openshift-ambient.yaml create mode 100644 resources/v1.28.4/profiles/openshift.yaml create mode 100644 resources/v1.28.4/profiles/preview.yaml create mode 100644 resources/v1.28.4/profiles/remote.yaml create mode 100644 resources/v1.28.4/profiles/stable.yaml create mode 100644 resources/v1.28.4/ztunnel-1.28.4.tgz.etag create mode 100644 resources/v1.30-alpha.b38ad9e4/base-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/Chart.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/README.md create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-ambient.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/templates/reader-serviceaccount.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/templates/zzz_profile.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/base/values.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/Chart.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/README.md create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-ambient.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/_helpers.tpl create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrole.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrolebinding.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/configmap-cni.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/cni/templates/daemonset.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/network-attachment-definition.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/cni/templates/networkpolicy.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/resourcequota.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/serviceaccount.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzy_descope_legacy.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzz_profile.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/cni/values.yaml (99%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/Chart.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/README.md create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-ambient.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/_helpers.tpl create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/deployment.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/hpa.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/networkpolicy.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/poddisruptionbudget.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/role.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/service.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/serviceaccount.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/zzz_profile.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/gateway/values.schema.json (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/gateway/values.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/Chart.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/README.md rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/files/gateway-injection-template.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-agent.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-simple.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/files/kube-gateway.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-ambient.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-stable.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/files/waypoint.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/_helpers.tpl create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/autoscale.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrole.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrolebinding.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-jwks.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-values.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/templates/deployment.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/gateway-class-configmap.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/mutatingwebhook.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/networkpolicy.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/poddisruptionbudget.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/templates/reader-clusterrole.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/reader-clusterrolebinding.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-endpointslices.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-service.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-mwc.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-svc.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/role.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/rolebinding.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/service.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/serviceaccount.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingadmissionpolicy.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingwebhookconfiguration.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzy_descope_legacy.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzz_profile.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/istiod/values.yaml (99%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/Chart.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-ambient.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-mwc.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-svc.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/zzz_profile.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/revisiontags/values.yaml (99%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/Chart.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/README.md create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-ambient.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/_helpers.tpl rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/ztunnel/templates/networkpolicy.yaml (100%) create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/rbac.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/resourcequota.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/serviceaccount.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/zzz_profile.yaml rename resources/{v1.30-alpha.bcdd144c => v1.30-alpha.b38ad9e4}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.b38ad9e4/cni-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag create mode 100644 resources/v1.30-alpha.b38ad9e4/commit create mode 100644 resources/v1.30-alpha.b38ad9e4/gateway-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag create mode 100644 resources/v1.30-alpha.b38ad9e4/istiod-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag create mode 100644 resources/v1.30-alpha.b38ad9e4/profiles/ambient.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/profiles/default.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/profiles/demo.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/profiles/empty.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/profiles/openshift-ambient.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/profiles/openshift.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/profiles/preview.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/profiles/remote.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/profiles/stable.yaml create mode 100644 resources/v1.30-alpha.b38ad9e4/ztunnel-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag delete mode 100644 resources/v1.30-alpha.bcdd144c/base-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag delete mode 100644 resources/v1.30-alpha.bcdd144c/cni-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag delete mode 100644 resources/v1.30-alpha.bcdd144c/commit delete mode 100644 resources/v1.30-alpha.bcdd144c/gateway-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag delete mode 100644 resources/v1.30-alpha.bcdd144c/istiod-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag delete mode 100644 resources/v1.30-alpha.bcdd144c/ztunnel-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 1737b18fde..f2c9237a7a 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,10 +37,10 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.bcdd144c - // +kubebuilder:default=v1.28.3 + // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.b38ad9e4 + // +kubebuilder:default=v1.28.4 Version string `json:"version"` // Defines the update strategy to use when the version in the Istio CR is updated. @@ -282,7 +282,7 @@ type Istio struct { // +optional metav1.ObjectMeta `json:"metadata"` - // +kubebuilder:default={version: "v1.28.3", namespace: "istio-system", updateStrategy: {type:"InPlace"}} + // +kubebuilder:default={version: "v1.28.4", namespace: "istio-system", updateStrategy: {type:"InPlace"}} // +optional Spec IstioSpec `json:"spec"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index a90b2af1a6..1b08179272 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,10 +28,10 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.bcdd144c - // +kubebuilder:default=v1.28.3 + // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.b38ad9e4 + // +kubebuilder:default=v1.28.4 Version string `json:"version"` // +sail:profile @@ -181,7 +181,7 @@ type IstioCNI struct { // +optional metav1.ObjectMeta `json:"metadata"` - // +kubebuilder:default={version: "v1.28.3", namespace: "istio-cni"} + // +kubebuilder:default={version: "v1.28.4", namespace: "istio-cni"} // +optional Spec IstioCNISpec `json:"spec"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 50566bdef8..f1fde9e3aa 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.bcdd144c. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.bcdd144c + // Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.b38ad9e4. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4"} + // +kubebuilder:validation:Enum=v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.b38ad9e4 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 6e5131dff5..a0fc7f8753 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,10 +28,10 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.bcdd144c - // +kubebuilder:default=v1.28.3 + // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.b38ad9e4 + // +kubebuilder:default=v1.28.4 Version string `json:"version"` // Namespace to which the Istio ztunnel component should be installed. @@ -172,7 +172,7 @@ type ZTunnel struct { // +optional metav1.ObjectMeta `json:"metadata"` - // +kubebuilder:default={version: "v1.28.3", namespace: "ztunnel"} + // +kubebuilder:default={version: "v1.28.4", namespace: "ztunnel"} // +optional Spec ZTunnelSpec `json:"spec"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index b0253ab6f7..c6e64ea759 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,10 +29,10 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.bcdd144c - // +kubebuilder:default=v1.28.3 + // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.b38ad9e4 + // +kubebuilder:default=v1.28.4 Version string `json:"version"` // +sail:profile @@ -184,7 +184,7 @@ type ZTunnel struct { // +optional metav1.ObjectMeta `json:"metadata"` - // +kubebuilder:default={version: "v1.28.3", namespace: "ztunnel", profile: "ambient"} + // +kubebuilder:default={version: "v1.28.4", namespace: "ztunnel", profile: "ambient"} // +optional Spec ZTunnelSpec `json:"spec"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 8f74452925..f46d91d2ec 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -16,7 +16,7 @@ metadata: "inactiveRevisionDeletionGracePeriodSeconds": 30, "type": "InPlace" }, - "version": "v1.28.3" + "version": "v1.28.4" } }, { @@ -27,7 +27,7 @@ metadata: }, "spec": { "namespace": "istio-cni", - "version": "v1.28.3" + "version": "v1.28.4" } }, { @@ -38,14 +38,14 @@ metadata: }, "spec": { "namespace": "ztunnel", - "version": "v1.28.3" + "version": "v1.28.4" } } ] capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-16T05:32:57Z" + createdAt: "2026-02-17T05:30:35Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,17 +179,19 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General - urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.28.4 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.3 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 - urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.27.7 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.6 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.5 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.4 @@ -198,7 +200,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -236,15 +238,17 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.bcdd144c. + Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.b38ad9e4. displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General + - urn:alm:descriptor:com.tectonic.ui:select:v1.28.4 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.3 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 + - urn:alm:descriptor:com.tectonic.ui:select:v1.27.7 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.6 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.5 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.4 @@ -252,7 +256,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -287,17 +291,19 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General - urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.28.4 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.3 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 - urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.27.7 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.6 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.5 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.4 @@ -306,7 +312,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -362,17 +368,19 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General - urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.28.4 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.3 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 - urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.27.7 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.6 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.5 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.4 @@ -381,7 +389,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bcdd144c + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -397,11 +405,13 @@ spec: This version of the operator supports the following Istio versions: - v1.28-latest + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -410,7 +420,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -796,6 +806,10 @@ spec: images.v1_27_6.istiod: gcr.io/istio-release/pilot:1.27.6 images.v1_27_6.proxy: gcr.io/istio-release/proxyv2:1.27.6 images.v1_27_6.ztunnel: gcr.io/istio-release/ztunnel:1.27.6 + images.v1_27_7.cni: gcr.io/istio-release/install-cni:1.27.7 + images.v1_27_7.istiod: gcr.io/istio-release/pilot:1.27.7 + images.v1_27_7.proxy: gcr.io/istio-release/proxyv2:1.27.7 + images.v1_27_7.ztunnel: gcr.io/istio-release/ztunnel:1.27.7 images.v1_28_0.cni: gcr.io/istio-release/install-cni:1.28.0 images.v1_28_0.istiod: gcr.io/istio-release/pilot:1.28.0 images.v1_28_0.proxy: gcr.io/istio-release/proxyv2:1.28.0 @@ -812,10 +826,14 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_bcdd144c.cni: gcr.io/istio-testing/install-cni:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 - images.v1_30-alpha_bcdd144c.istiod: gcr.io/istio-testing/pilot:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 - images.v1_30-alpha_bcdd144c.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 - images.v1_30-alpha_bcdd144c.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + images.v1_28_4.cni: gcr.io/istio-release/install-cni:1.28.4 + images.v1_28_4.istiod: gcr.io/istio-release/pilot:1.28.4 + images.v1_28_4.proxy: gcr.io/istio-release/proxyv2:1.28.4 + images.v1_28_4.ztunnel: gcr.io/istio-release/ztunnel:1.28.4 + images.v1_30-alpha_b38ad9e4.cni: gcr.io/istio-testing/install-cni:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + images.v1_30-alpha_b38ad9e4.istiod: gcr.io/istio-testing/pilot:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + images.v1_30-alpha_b38ad9e4.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + images.v1_30-alpha_b38ad9e4.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 2c553d74e0..6bbb12e97e 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -66,7 +66,7 @@ spec: spec: default: namespace: istio-cni - version: v1.28.3 + version: v1.28.4 description: IstioCNISpec defines the desired state of IstioCNI properties: namespace: @@ -1463,17 +1463,19 @@ spec: type: object type: object version: - default: v1.28.3 + default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. enum: - v1.28-latest + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -1518,7 +1520,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 72c30875eb..542dba443f 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10121,12 +10121,14 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.bcdd144c. + Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.b38ad9e4. enum: + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -10165,7 +10167,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index dc575446cd..1362fefb31 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -88,7 +88,7 @@ spec: namespace: istio-system updateStrategy: type: InPlace - version: v1.28.3 + version: v1.28.4 description: IstioSpec defines the desired state of Istio properties: namespace: @@ -10192,17 +10192,19 @@ spec: type: object type: object version: - default: v1.28.3 + default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. enum: - v1.28-latest + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -10247,7 +10249,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 6a8a2e6d1a..232e3347f8 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -62,7 +62,7 @@ spec: spec: default: namespace: ztunnel - version: v1.28.3 + version: v1.28.4 description: ZTunnelSpec defines the desired state of ZTunnel properties: namespace: @@ -3453,17 +3453,19 @@ spec: type: object type: object version: - default: v1.28.3 + default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. enum: - v1.28-latest + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -3496,7 +3498,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 type: string required: - namespace @@ -3606,7 +3608,7 @@ spec: default: namespace: ztunnel profile: ambient - version: v1.28.3 + version: v1.28.4 description: ZTunnelSpec defines the desired state of ZTunnel properties: namespace: @@ -7015,17 +7017,19 @@ spec: type: object type: object version: - default: v1.28.3 + default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. enum: - v1.28-latest + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -7058,7 +7062,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index d78909aacf..edec393287 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -66,7 +66,7 @@ spec: spec: default: namespace: istio-cni - version: v1.28.3 + version: v1.28.4 description: IstioCNISpec defines the desired state of IstioCNI properties: namespace: @@ -1463,17 +1463,19 @@ spec: type: object type: object version: - default: v1.28.3 + default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. enum: - v1.28-latest + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -1518,7 +1520,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index f97b460824..1c8c4aa313 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10121,12 +10121,14 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.bcdd144c. + Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.b38ad9e4. enum: + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -10165,7 +10167,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 7835d342ac..81c2361dd1 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -88,7 +88,7 @@ spec: namespace: istio-system updateStrategy: type: InPlace - version: v1.28.3 + version: v1.28.4 description: IstioSpec defines the desired state of Istio properties: namespace: @@ -10192,17 +10192,19 @@ spec: type: object type: object version: - default: v1.28.3 + default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. enum: - v1.28-latest + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -10247,7 +10249,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index c3a69c95a9..1782f26a34 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -62,7 +62,7 @@ spec: spec: default: namespace: ztunnel - version: v1.28.3 + version: v1.28.4 description: ZTunnelSpec defines the desired state of ZTunnel properties: namespace: @@ -3453,17 +3453,19 @@ spec: type: object type: object version: - default: v1.28.3 + default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. enum: - v1.28-latest + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -3496,7 +3498,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 type: string required: - namespace @@ -3606,7 +3608,7 @@ spec: default: namespace: ztunnel profile: ambient - version: v1.28.3 + version: v1.28.4 description: ZTunnelSpec defines the desired state of ZTunnel properties: namespace: @@ -7015,17 +7017,19 @@ spec: type: object type: object version: - default: v1.28.3 + default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. enum: - v1.28-latest + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -7058,7 +7062,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 type: string required: - namespace diff --git a/chart/samples/ambient/istio-sample.yaml b/chart/samples/ambient/istio-sample.yaml index e70d9e2335..18e66a650e 100644 --- a/chart/samples/ambient/istio-sample.yaml +++ b/chart/samples/ambient/istio-sample.yaml @@ -3,7 +3,7 @@ kind: Istio metadata: name: default spec: - version: v1.28.3 + version: v1.28.4 namespace: istio-system profile: ambient updateStrategy: diff --git a/chart/samples/ambient/istiocni-sample.yaml b/chart/samples/ambient/istiocni-sample.yaml index caa6715c16..8322bac249 100644 --- a/chart/samples/ambient/istiocni-sample.yaml +++ b/chart/samples/ambient/istiocni-sample.yaml @@ -3,6 +3,6 @@ kind: IstioCNI metadata: name: default spec: - version: v1.28.3 + version: v1.28.4 profile: ambient namespace: istio-cni diff --git a/chart/samples/ambient/istioztunnel-sample.yaml b/chart/samples/ambient/istioztunnel-sample.yaml index d38de555b4..8c84c83ee9 100644 --- a/chart/samples/ambient/istioztunnel-sample.yaml +++ b/chart/samples/ambient/istioztunnel-sample.yaml @@ -3,5 +3,5 @@ kind: ZTunnel metadata: name: default spec: - version: v1.28.3 + version: v1.28.4 namespace: ztunnel diff --git a/chart/samples/istio-sample-gw-api.yaml b/chart/samples/istio-sample-gw-api.yaml index acab70f246..cc76d97866 100644 --- a/chart/samples/istio-sample-gw-api.yaml +++ b/chart/samples/istio-sample-gw-api.yaml @@ -3,7 +3,7 @@ kind: Istio metadata: name: gateway-controller spec: - version: v1.28.3 + version: v1.28.4 namespace: gateway-controller updateStrategy: type: InPlace diff --git a/chart/samples/istio-sample-revisionbased.yaml b/chart/samples/istio-sample-revisionbased.yaml index 573f761de9..de50c1922d 100644 --- a/chart/samples/istio-sample-revisionbased.yaml +++ b/chart/samples/istio-sample-revisionbased.yaml @@ -3,7 +3,7 @@ kind: Istio metadata: name: default spec: - version: v1.28.3 + version: v1.28.4 namespace: istio-system updateStrategy: type: RevisionBased diff --git a/chart/samples/istio-sample.yaml b/chart/samples/istio-sample.yaml index 54791b8761..2c35f1106d 100644 --- a/chart/samples/istio-sample.yaml +++ b/chart/samples/istio-sample.yaml @@ -3,7 +3,7 @@ kind: Istio metadata: name: default spec: - version: v1.28.3 + version: v1.28.4 namespace: istio-system updateStrategy: type: InPlace diff --git a/chart/samples/istiocni-sample.yaml b/chart/samples/istiocni-sample.yaml index 81ffb6b5df..f94e8b2368 100644 --- a/chart/samples/istiocni-sample.yaml +++ b/chart/samples/istiocni-sample.yaml @@ -3,5 +3,5 @@ kind: IstioCNI metadata: name: default spec: - version: v1.28.3 + version: v1.28.4 namespace: istio-cni diff --git a/chart/samples/ztunnel-sample.yaml b/chart/samples/ztunnel-sample.yaml index d38de555b4..8c84c83ee9 100644 --- a/chart/samples/ztunnel-sample.yaml +++ b/chart/samples/ztunnel-sample.yaml @@ -3,5 +3,5 @@ kind: ZTunnel metadata: name: default spec: - version: v1.28.3 + version: v1.28.4 namespace: ztunnel diff --git a/chart/values.yaml b/chart/values.yaml index 7bbdc4c986..a23f265c6e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -2,6 +2,10 @@ name: sailoperator deployment: name: sail-operator annotations: + images.v1_28_4.ztunnel: gcr.io/istio-release/ztunnel:1.28.4 + images.v1_28_4.istiod: gcr.io/istio-release/pilot:1.28.4 + images.v1_28_4.proxy: gcr.io/istio-release/proxyv2:1.28.4 + images.v1_28_4.cni: gcr.io/istio-release/install-cni:1.28.4 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 @@ -18,6 +22,10 @@ deployment: images.v1_28_0.istiod: gcr.io/istio-release/pilot:1.28.0 images.v1_28_0.proxy: gcr.io/istio-release/proxyv2:1.28.0 images.v1_28_0.cni: gcr.io/istio-release/install-cni:1.28.0 + images.v1_27_7.ztunnel: gcr.io/istio-release/ztunnel:1.27.7 + images.v1_27_7.istiod: gcr.io/istio-release/pilot:1.27.7 + images.v1_27_7.proxy: gcr.io/istio-release/proxyv2:1.27.7 + images.v1_27_7.cni: gcr.io/istio-release/install-cni:1.27.7 images.v1_27_6.ztunnel: gcr.io/istio-release/ztunnel:1.27.6 images.v1_27_6.istiod: gcr.io/istio-release/pilot:1.27.6 images.v1_27_6.proxy: gcr.io/istio-release/proxyv2:1.27.6 @@ -46,10 +54,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_bcdd144c.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 - images.v1_30-alpha_bcdd144c.istiod: gcr.io/istio-testing/pilot:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 - images.v1_30-alpha_bcdd144c.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 - images.v1_30-alpha_bcdd144c.cni: gcr.io/istio-testing/install-cni:1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + images.v1_30-alpha_b38ad9e4.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + images.v1_30-alpha_b38ad9e4.istiod: gcr.io/istio-testing/pilot:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + images.v1_30-alpha_b38ad9e4.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + images.v1_30-alpha_b38ad9e4.cni: gcr.io/istio-testing/install-cni:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 revisionHistoryLimit: 10 service: port: 8443 @@ -66,11 +74,13 @@ csv: This version of the operator supports the following Istio versions: - v1.28-latest + - v1.28.4 - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.7 - v1.27.6 - v1.27.5 - v1.27.4 @@ -79,7 +89,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.bcdd144c + - v1.30-alpha.b38ad9e4 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 5f072f4f60..ce9d03533e 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -560,7 +560,7 @@ _Appears in:_ | `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | | | `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `spec` _[IstioSpec](#istiospec)_ | | \{ namespace:istio-system updateStrategy:map[type:InPlace] version:v1.28.3 \} | | +| `spec` _[IstioSpec](#istiospec)_ | | \{ namespace:istio-system updateStrategy:map[type:InPlace] version:v1.28.4 \} | | | `status` _[IstioStatus](#istiostatus)_ | | | | @@ -582,7 +582,7 @@ _Appears in:_ | `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | | | `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `spec` _[IstioCNISpec](#istiocnispec)_ | | \{ namespace:istio-cni version:v1.28.3 \} | | +| `spec` _[IstioCNISpec](#istiocnispec)_ | | \{ namespace:istio-cni version:v1.28.4 \} | | | `status` _[IstioCNIStatus](#istiocnistatus)_ | | | | @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.bcdd144c] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.b38ad9e4] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.bcdd144c. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.bcdd144c] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.b38ad9e4. | | Enum: [v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.b38ad9e4] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.bcdd144c] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.b38ad9e4] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3375,7 +3375,7 @@ _Appears in:_ | `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | | | `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `spec` _[ZTunnelSpec](#ztunnelspec)_ | | \{ namespace:ztunnel version:v1.28.3 \} | | +| `spec` _[ZTunnelSpec](#ztunnelspec)_ | | \{ namespace:ztunnel version:v1.28.4 \} | | | `status` _[ZTunnelStatus](#ztunnelstatus)_ | | | | @@ -3541,7 +3541,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.bcdd144c] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.b38ad9e4] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3611,7 +3611,7 @@ _Appears in:_ | `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | | | `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `spec` _[ZTunnelSpec](#ztunnelspec)_ | | \{ namespace:ztunnel profile:ambient version:v1.28.3 \} | | +| `spec` _[ZTunnelSpec](#ztunnelspec)_ | | \{ namespace:ztunnel profile:ambient version:v1.28.4 \} | | | `status` _[ZTunnelStatus](#ztunnelstatus)_ | | | | @@ -3707,7 +3707,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.bcdd144c. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.bcdd144c] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.b38ad9e4] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 4d201da460..4423a94ed8 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 - istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00 - istio.io/istio v0.0.0-20260216005539-bcdd144cfe5b + istio.io/client-go v1.29.0-alpha.0.0.20260216182019-0f9c823fa50f + istio.io/istio v0.0.0-20260216202619-b38ad9e43536 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 @@ -169,7 +169,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - istio.io/api v1.29.0-alpha.0.0.20260213054037-4fd9ccbbaef9 // indirect + istio.io/api v1.29.0-alpha.0.0.20260216181618-30c114faeea7 // indirect k8s.io/apiserver v0.35.0 // indirect k8s.io/component-base v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index d909a11597..9e0750fccb 100644 --- a/go.sum +++ b/go.sum @@ -470,12 +470,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= -istio.io/api v1.29.0-alpha.0.0.20260213054037-4fd9ccbbaef9 h1:1Y3dfM9KxRiEgvrneC7VZ5q0gpcKKYu0tCuSWOR6Km0= -istio.io/api v1.29.0-alpha.0.0.20260213054037-4fd9ccbbaef9/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= -istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00 h1:5FYNqVlcs4aB1cENWvHAIHhJFBL7P1r8y4Yh/IMh+Nk= -istio.io/client-go v1.29.0-alpha.0.0.20260213054535-48ac81c98d00/go.mod h1:rkaYDmIymBDBVPqlITrlc2cQq/GtaonR5DRGzUBo8iY= -istio.io/istio v0.0.0-20260216005539-bcdd144cfe5b h1:w9uTJaWd4wADJ7G1HT+lEBsgJCxFervv2wW5vxT5Yr0= -istio.io/istio v0.0.0-20260216005539-bcdd144cfe5b/go.mod h1:vNZf8a+SKyS4VTvMhxE7cp3CrcWQt0oPZ/liLJ2mz1E= +istio.io/api v1.29.0-alpha.0.0.20260216181618-30c114faeea7 h1:4Kh+JRsFNW3u+vo68FRAqAFrEgpZB1lJVQnnjpgGr+A= +istio.io/api v1.29.0-alpha.0.0.20260216181618-30c114faeea7/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= +istio.io/client-go v1.29.0-alpha.0.0.20260216182019-0f9c823fa50f h1:0IDLeNajOgmRi8iL4gSXnvzStlJC+32UuWg6TMsXhUU= +istio.io/client-go v1.29.0-alpha.0.0.20260216182019-0f9c823fa50f/go.mod h1:R821SYceqLPFP8LpUU1dr9pe5pmFv1HKnKbPJlR3acU= +istio.io/istio v0.0.0-20260216202619-b38ad9e43536 h1:a0FTgs7yFASvKWBZHEDo2A8dHi4N265xoOUCe+SY7xA= +istio.io/istio v0.0.0-20260216202619-b38ad9e43536/go.mod h1:ZVaiDgw5BXZ/HaVhGrTJ8aCQzBYUipYn40Tr4hQy9Jc= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 3f9c437517..166fd3d085 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -16,7 +16,17 @@ # to avoid breaking API guarantees. versions: - name: v1.28-latest - ref: v1.28.3 + ref: v1.28.4 + - name: v1.28.4 + version: 1.28.4 + repo: https://github.com/istio/istio + commit: 1.28.4 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.28.4.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.28.4.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.28.4.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.28.4.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.28.4.tgz - name: v1.28.3 version: 1.28.3 repo: https://github.com/istio/istio @@ -58,7 +68,17 @@ versions: - https://istio-release.storage.googleapis.com/charts/cni-1.28.0.tgz - https://istio-release.storage.googleapis.com/charts/ztunnel-1.28.0.tgz - name: v1.27-latest - ref: v1.27.6 + ref: v1.27.7 + - name: v1.27.7 + version: 1.27.7 + repo: https://github.com/istio/istio + commit: 1.27.7 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.27.7.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.27.7.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.27.7.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.27.7.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.27.7.tgz - name: v1.27.6 version: 1.27.6 repo: https://github.com/istio/istio @@ -207,15 +227,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.bcdd144c - - name: v1.30-alpha.bcdd144c - version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + ref: v1.30-alpha.b38ad9e4 + - name: v1.30-alpha.b38ad9e4 + version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 repo: https://github.com/istio/istio branch: master - commit: bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + commit: b38ad9e43536da97f4c7f0259d7a313aa17b69b3 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6/helm/base-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6/helm/cni-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6/helm/gateway-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6/helm/istiod-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6/helm/ztunnel-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3/helm/base-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3/helm/cni-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3/helm/gateway-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3/helm/istiod-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3/helm/ztunnel-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz diff --git a/resources/v1.27.7/base-1.27.7.tgz.etag b/resources/v1.27.7/base-1.27.7.tgz.etag new file mode 100644 index 0000000000..12ec874cc9 --- /dev/null +++ b/resources/v1.27.7/base-1.27.7.tgz.etag @@ -0,0 +1 @@ +fbcab022dd3ca04fc5d1d345c7599180 diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/Chart.yaml b/resources/v1.27.7/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.bcdd144c/charts/base/Chart.yaml rename to resources/v1.27.7/charts/base/Chart.yaml index 3906f710f4..7efa8302c1 100644 --- a/resources/v1.30-alpha.bcdd144c/charts/base/Chart.yaml +++ b/resources/v1.27.7/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +appVersion: 1.27.7 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +version: 1.27.7 diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/README.md b/resources/v1.27.7/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/README.md rename to resources/v1.27.7/charts/base/README.md diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-ambient.yaml b/resources/v1.27.7/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-ambient.yaml rename to resources/v1.27.7/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.27.7/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.7/charts/base/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 0000000000..4f3dbef7ea --- /dev/null +++ b/resources/v1.27.7/charts/base/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.7/charts/base/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..b2f45948c2 --- /dev/null +++ b/resources/v1.27.7/charts/base/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.7/charts/base/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..af10697326 --- /dev/null +++ b/resources/v1.27.7/charts/base/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-demo.yaml b/resources/v1.27.7/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-demo.yaml rename to resources/v1.27.7/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-gke.yaml b/resources/v1.27.7/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-gke.yaml rename to resources/v1.27.7/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-k3d.yaml b/resources/v1.27.7/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.27.7/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-k3s.yaml b/resources/v1.27.7/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.27.7/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.27.7/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.27.7/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-minikube.yaml b/resources/v1.27.7/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.27.7/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-openshift.yaml b/resources/v1.27.7/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.27.7/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-preview.yaml b/resources/v1.27.7/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-preview.yaml rename to resources/v1.27.7/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-remote.yaml b/resources/v1.27.7/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-remote.yaml rename to resources/v1.27.7/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-stable.yaml b/resources/v1.27.7/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-stable.yaml rename to resources/v1.27.7/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/templates/NOTES.txt b/resources/v1.27.7/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/templates/NOTES.txt rename to resources/v1.27.7/charts/base/templates/NOTES.txt diff --git a/resources/v1.27.7/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.27.7/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml new file mode 100644 index 0000000000..2616b09c9a --- /dev/null +++ b/resources/v1.27.7/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml @@ -0,0 +1,53 @@ +{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-default-policy.istio.io" + labels: + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.defaultRevision }} + app.kubernetes.io/name: "istiod" + {{ include "istio.labels" . | nindent 4 }} +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isProxyConfig + expression: "object.kind == 'ProxyConfig'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: "!variables.isProxyConfig" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-default-policy-binding.istio.io" +spec: + policyName: "stable-channel-default-policy.istio.io" + validationActions: [Deny] +{{- end }} diff --git a/resources/v1.27.7/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.27.7/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml new file mode 100644 index 0000000000..8cb76fd773 --- /dev/null +++ b/resources/v1.27.7/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml @@ -0,0 +1,56 @@ +{{- if not (eq .Values.defaultRevision "") }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: istiod-default-validator + labels: + app: istiod + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.defaultRevision | quote }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +webhooks: + - name: validation.istio.io + clientConfig: + {{- if .Values.base.validationURL }} + url: {{ .Values.base.validationURL }} + {{- else }} + service: + {{- if (eq .Values.defaultRevision "default") }} + name: istiod + {{- else }} + name: istiod-{{ .Values.defaultRevision }} + {{- end }} + namespace: {{ .Values.global.istioNamespace }} + path: "/validate" + {{- end }} + {{- if .Values.base.validationCABundle }} + caBundle: "{{ .Values.base.validationCABundle }}" + {{- end }} + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: + - "*" + resources: + - "*" + + {{- if .Values.base.validationCABundle }} + # Disable webhook controller in Pilot to stop patching it + failurePolicy: Fail + {{- else }} + # Fail open until the validation webhook is ready. The webhook controller + # will update this to `Fail` and patch in the `caBundle` when the webhook + # endpoint is ready. + failurePolicy: Ignore + {{- end }} + sideEffects: None + admissionReviewVersions: ["v1"] +{{- end }} diff --git a/resources/v1.27.7/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.27.7/charts/base/templates/reader-serviceaccount.yaml new file mode 100644 index 0000000000..ba829a6bfe --- /dev/null +++ b/resources/v1.27.7/charts/base/templates/reader-serviceaccount.yaml @@ -0,0 +1,20 @@ +# This singleton service account aggregates reader permissions for the revisions in a given cluster +# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, +# as otherwise compromising the token for this SA would give you access to *every* installed revision. +# Should be used for remote secret creation. +apiVersion: v1 +kind: ServiceAccount + {{- if .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: istio-reader-service-account + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/templates/zzz_profile.yaml b/resources/v1.27.7/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/templates/zzz_profile.yaml rename to resources/v1.27.7/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.27.7/charts/base/values.yaml b/resources/v1.27.7/charts/base/values.yaml new file mode 100644 index 0000000000..d18296f00a --- /dev/null +++ b/resources/v1.27.7/charts/base/values.yaml @@ -0,0 +1,37 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + global: + + # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + + # Used to locate istiod. + istioNamespace: istio-system + base: + # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. + # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. + # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. + excludedCRDs: [] + # Helm (as of V3) does not support upgrading CRDs, because it is not universally + # safe for them to support this. + # Istio as a project enforces certain backwards-compat guarantees that allow us + # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs + # as standard K8S resources in Helm, and disable Helm's CRD management. See also: + # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts + enableCRDTemplates: true + + # Validation webhook configuration url + # For example: https://$remotePilotAddress:15017/validate + validationURL: "" + # Validation webhook caBundle value. Useful when running pilot with a well known cert + validationCABundle: "" + + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + defaultRevision: "default" + experimental: + stableValidationPolicy: false diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/Chart.yaml b/resources/v1.27.7/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.bcdd144c/charts/cni/Chart.yaml rename to resources/v1.27.7/charts/cni/Chart.yaml index ffa1978e97..6bbb973431 100644 --- a/resources/v1.30-alpha.bcdd144c/charts/cni/Chart.yaml +++ b/resources/v1.27.7/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +appVersion: 1.27.7 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +version: 1.27.7 diff --git a/resources/v1.27.7/charts/cni/README.md b/resources/v1.27.7/charts/cni/README.md new file mode 100644 index 0000000000..a8b78d5bde --- /dev/null +++ b/resources/v1.27.7/charts/cni/README.md @@ -0,0 +1,65 @@ +# Istio CNI Helm Chart + +This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) +for more information. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-cni`: + +```console +helm install istio-cni istio/cni -n kube-system +``` + +Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) +`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow +'system-node-critical' outside of kube-system. + +## Configuration + +To view support configuration options and documentation, run: + +```console +helm show values istio/istio-cni +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### Ambient + +To enable ambient, you can use the ambient profile: `--set profile=ambient`. + +#### Calico + +For Calico, you must also modify the settings to allow source spoofing: + +- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` +- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) + +### GKE notes + +On GKE, 'kube-system' is required. + +If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` +it is auto-detected. diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-ambient.yaml b/resources/v1.27.7/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-ambient.yaml rename to resources/v1.27.7/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 0000000000..4f3dbef7ea --- /dev/null +++ b/resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..b2f45948c2 --- /dev/null +++ b/resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..af10697326 --- /dev/null +++ b/resources/v1.27.7/charts/cni/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-demo.yaml b/resources/v1.27.7/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-demo.yaml rename to resources/v1.27.7/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-gke.yaml b/resources/v1.27.7/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.27.7/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.27.7/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.27.7/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.27.7/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.27.7/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.27.7/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.27.7/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.27.7/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.27.7/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.27.7/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.27.7/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-preview.yaml b/resources/v1.27.7/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-preview.yaml rename to resources/v1.27.7/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-remote.yaml b/resources/v1.27.7/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-remote.yaml rename to resources/v1.27.7/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-stable.yaml b/resources/v1.27.7/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-stable.yaml rename to resources/v1.27.7/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/NOTES.txt b/resources/v1.27.7/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/NOTES.txt rename to resources/v1.27.7/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/_helpers.tpl b/resources/v1.27.7/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/_helpers.tpl rename to resources/v1.27.7/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.27.7/charts/cni/templates/clusterrole.yaml b/resources/v1.27.7/charts/cni/templates/clusterrole.yaml new file mode 100644 index 0000000000..1779e0bb1d --- /dev/null +++ b/resources/v1.27.7/charts/cni/templates/clusterrole.yaml @@ -0,0 +1,81 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +- apiGroups: [""] + resources: ["pods","nodes","namespaces"] + verbs: ["get", "list", "watch"] +{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{{- end }} +--- +{{- if .Values.repair.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-repair-role + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["watch", "get", "list"] +{{- if .Values.repair.repairPods }} +{{- /* No privileges needed*/}} +{{- else if .Values.repair.deletePods }} + - apiGroups: [""] + resources: ["pods"] + verbs: ["delete"] +{{- else if .Values.repair.labelPods }} + - apiGroups: [""] + {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} + resources: ["pods/status"] + verbs: ["patch", "update"] +{{- end }} +{{- end }} +--- +{{- if .Values.ambient.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-ambient + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} + resources: ["pods/status"] + verbs: ["patch", "update"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + resourceNames: ["{{ template "name" . }}-node"] + verbs: ["get"] +{{- end }} diff --git a/resources/v1.27.7/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.27.7/charts/cni/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..42fedab1fc --- /dev/null +++ b/resources/v1.27.7/charts/cni/templates/clusterrolebinding.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace }} +--- +{{- if .Values.repair.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-repair-rolebinding + labels: + k8s-app: {{ template "name" . }}-repair + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace}} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-repair-role +{{- end }} +--- +{{- if .Values.ambient.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-ambient + labels: + k8s-app: {{ template "name" . }}-repair + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace}} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-ambient +{{- end }} diff --git a/resources/v1.27.7/charts/cni/templates/configmap-cni.yaml b/resources/v1.27.7/charts/cni/templates/configmap-cni.yaml new file mode 100644 index 0000000000..6f6ef329a2 --- /dev/null +++ b/resources/v1.27.7/charts/cni/templates/configmap-cni.yaml @@ -0,0 +1,41 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "name" . }}-config + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +data: + CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} + AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} + AMBIENT_ENABLEMENT_SELECTOR: {{ .Values.ambient.enablementSelectors | toYaml | quote }} + AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} + AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} + AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} + {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values + CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. + {{- end }} + ISTIO_OWNED_CNI_CONFIG: {{ .Values.istioOwnedCNIConfig | quote }} + {{- if .Values.istioOwnedCNIConfig }} + ISTIO_OWNED_CNI_CONF_FILENAME: {{ .Values.istioOwnedCNIConfigFileName | quote }} + {{- end }} + CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} + EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" + REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} + REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} + REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} + REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} + REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} + REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} + REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} + NATIVE_NFTABLES: {{ .Values.global.nativeNftables | quote }} + {{- with .Values.env }} + {{- range $key, $val := . }} + {{ $key }}: "{{ $val }}" + {{- end }} + {{- end }} diff --git a/resources/v1.27.7/charts/cni/templates/daemonset.yaml b/resources/v1.27.7/charts/cni/templates/daemonset.yaml new file mode 100644 index 0000000000..896de3d038 --- /dev/null +++ b/resources/v1.27.7/charts/cni/templates/daemonset.yaml @@ -0,0 +1,248 @@ +# This manifest installs the Istio install-cni container, as well +# as the Istio CNI plugin and config on +# each master and worker node in a Kubernetes cluster. +# +# $detectedBinDir exists to support a GKE-specific platform override, +# and is deprecated in favor of using the explicit `gke` platform profile. +{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary + "/home/kubernetes/bin" + "/opt/cni/bin" +}} +{{- if .Values.cniBinDir }} +{{ $detectedBinDir = .Values.cniBinDir }} +{{- end }} +kind: DaemonSet +apiVersion: apps/v1 +metadata: + # Note that this is templated but evaluates to a fixed name + # which the CNI plugin may fall back onto in some failsafe scenarios. + # if this name is changed, CNI plugin logic that checks for this name + # format should also be updated. + name: {{ template "name" . }}-node + namespace: {{ .Release.Namespace }} + labels: + k8s-app: {{ template "name" . }}-node + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + k8s-app: {{ template "name" . }}-node + {{- with .Values.updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + template: + metadata: + labels: + k8s-app: {{ template "name" . }}-node + sidecar.istio.io/inject: "false" + istio.io/dataplane-mode: none + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 8 }} + annotations: + sidecar.istio.io/inject: "false" + # Add Prometheus Scrape annotations + prometheus.io/scrape: 'true' + prometheus.io/port: "15014" + prometheus.io/path: '/metrics' + # Add AppArmor annotation + # This is required to avoid conflicts with AppArmor profiles which block certain + # privileged pod capabilities. + # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the + # securityContext which is otherwise preferred. + container.apparmor.security.beta.kubernetes.io/install-cni: unconfined + # Custom annotations + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet +{{- end }} + nodeSelector: + kubernetes.io/os: linux + # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + priorityClassName: system-node-critical + serviceAccountName: {{ template "name" . }} + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 5 + containers: + # This container installs the Istio CNI binaries + # and CNI network config file on each node. + - name: install-cni +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" +{{- end }} +{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} +{{- end }} + ports: + - containerPort: 15014 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8000 + securityContext: + privileged: false + runAsGroup: 0 + runAsUser: 0 + runAsNonRoot: false + # Both ambient and sidecar repair mode require elevated node privileges to function. + # But we don't need _everything_ in `privileged`, so explicitly set it to false and + # add capabilities based on feature. + capabilities: + drop: + - ALL + add: + # CAP_NET_ADMIN is required to allow ipset and route table access + - NET_ADMIN + # CAP_NET_RAW is required to allow iptables mutation of the `nat` table + - NET_RAW + # CAP_SYS_PTRACE is required for repair and ambient mode to describe + # the pod's network namespace. + - SYS_PTRACE + # CAP_SYS_ADMIN is required for both ambient and repair, in order to open + # network namespaces in `/proc` to obtain descriptors for entering pod network + # namespaces. There does not appear to be a more granular capability for this. + - SYS_ADMIN + # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose + # the typical ability to read/write to folders owned by others. + # This can cause problems if the hostPath mounts we use, which we require write access into, + # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. + - DAC_OVERRIDE +{{- if .Values.seLinuxOptions }} +{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} + seLinuxOptions: +{{ toYaml . | trim | indent 14 }} +{{- end }} +{{- end }} +{{- if .Values.seccompProfile }} + seccompProfile: +{{ toYaml .Values.seccompProfile | trim | indent 14 }} +{{- end }} + command: ["install-cni"] + args: + {{- if or .Values.logging.level .Values.global.logging.level }} + - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} + {{- end}} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end}} + envFrom: + - configMapRef: + name: {{ template "name" . }}-config + env: + - name: REPAIR_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: REPAIR_RUN_AS_DAEMON + value: "true" + - name: REPAIR_SIDECAR_ANNOTATION + value: "sidecar.istio.io/status" + {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} + - name: ALLOW_SWITCH_TO_HOST_NS + value: "true" + {{- end }} + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: '1' + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: '1' + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + {{- if or .Values.repair.repairPods .Values.ambient.enabled }} + - mountPath: /host/proc + name: cni-host-procfs + readOnly: true + {{- end }} + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + - mountPath: /var/run/istio-cni + name: cni-socket-dir + {{- if .Values.ambient.enabled }} + - mountPath: /host/var/run/netns + mountPropagation: HostToContainer + name: cni-netns-dir + - mountPath: /var/run/ztunnel + name: cni-ztunnel-sock-dir + {{ end }} + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | trim | indent 12 }} +{{- end }} + volumes: + # Used to install CNI. + - name: cni-bin-dir + hostPath: + path: {{ $detectedBinDir }} + {{- if or .Values.repair.repairPods .Values.ambient.enabled }} + - name: cni-host-procfs + hostPath: + path: /proc + type: Directory + {{- end }} + {{- if .Values.ambient.enabled }} + - name: cni-ztunnel-sock-dir + hostPath: + path: /var/run/ztunnel + type: DirectoryOrCreate + {{- end }} + - name: cni-net-dir + hostPath: + path: {{ .Values.cniConfDir }} + # Used for UDS sockets for logging, ambient eventing + - name: cni-socket-dir + hostPath: + path: /var/run/istio-cni + - name: cni-netns-dir + hostPath: + path: {{ .Values.cniNetnsDir }} + type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, + # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. + # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.27.7/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.27.7/charts/cni/templates/network-attachment-definition.yaml new file mode 100644 index 0000000000..86a2eb7c0b --- /dev/null +++ b/resources/v1.27.7/charts/cni/templates/network-attachment-definition.yaml @@ -0,0 +1,11 @@ +{{- if eq .Values.provider "multus" }} +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: {{ template "name" . }} + namespace: default + labels: + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +{{- end }} diff --git a/resources/v1.27.7/charts/cni/templates/resourcequota.yaml b/resources/v1.27.7/charts/cni/templates/resourcequota.yaml new file mode 100644 index 0000000000..9a6d61ff91 --- /dev/null +++ b/resources/v1.27.7/charts/cni/templates/resourcequota.yaml @@ -0,0 +1,19 @@ +{{- if .Values.resourceQuotas.enabled }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ template "name" . }}-resource-quota + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +spec: + hard: + pods: {{ .Values.resourceQuotas.pods | quote }} + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical +{{- end }} diff --git a/resources/v1.27.7/charts/cni/templates/serviceaccount.yaml b/resources/v1.27.7/charts/cni/templates/serviceaccount.yaml new file mode 100644 index 0000000000..3193d7b74a --- /dev/null +++ b/resources/v1.27.7/charts/cni/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ServiceAccount +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +metadata: + name: {{ template "name" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.27.7/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.27.7/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/zzz_profile.yaml b/resources/v1.27.7/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/zzz_profile.yaml rename to resources/v1.27.7/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.27.7/charts/cni/values.yaml b/resources/v1.27.7/charts/cni/values.yaml new file mode 100644 index 0000000000..e5cb420e53 --- /dev/null +++ b/resources/v1.27.7/charts/cni/values.yaml @@ -0,0 +1,178 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + hub: "" + tag: "" + variant: "" + image: install-cni + pullPolicy: "" + + # Same as `global.logging.level`, but will override it if set + logging: + level: "" + + # Configuration file to insert istio-cni plugin configuration + # by default this will be the first file found in the cni-conf-dir + # Example + # cniConfFileName: 10-calico.conflist + + # CNI-and-platform specific path defaults. + # These may need to be set to platform-specific values, consult + # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` + cniBinDir: /opt/cni/bin + cniConfDir: /etc/cni/net.d + cniConfFileName: "" + cniNetnsDir: "/var/run/netns" + + # If Istio owned CNI config is enabled, defaults to 02-istio-cni.conflist + istioOwnedCNIConfigFileName: "" + istioOwnedCNIConfig: false + + excludeNamespaces: + - kube-system + + # Allows user to set custom affinity for the DaemonSet + affinity: {} + + # Custom annotations on pod level, if you need them + podAnnotations: {} + + # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? + # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case + chained: true + + # Custom configuration happens based on the CNI provider. + # Possible values: "default", "multus" + provider: "default" + + # Configure ambient settings + ambient: + # If enabled, ambient redirection will be enabled + enabled: false + # If ambient is enabled, this selector will be used to identify the ambient-enabled pods + enablementSelectors: + - podSelector: + matchLabels: {istio.io/dataplane-mode: ambient} + - podSelector: + matchExpressions: + - { key: istio.io/dataplane-mode, operator: NotIn, values: [none] } + namespaceSelector: + matchLabels: {istio.io/dataplane-mode: ambient} + # Set ambient config dir path: defaults to /etc/ambient-config + configDir: "" + # If enabled, and ambient is enabled, DNS redirection will be enabled + dnsCapture: true + # If enabled, and ambient is enabled, enables ipv6 support + ipv6: true + # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. + # This will eventually be enabled by default + reconcileIptablesOnStartup: false + # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on + shareHostNetworkNamespace: false + + + repair: + enabled: true + hub: "" + tag: "" + + # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. + # This defines the action the controller will take when a pod is detected as broken. + + # labelPods will label all pods with =. + # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). + # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. + labelPods: false + # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. + # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. + deletePods: false + # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. + # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. + # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. + repairPods: true + + initContainerName: "istio-validation" + + brokenPodLabelKey: "cni.istio.io/uninitialized" + brokenPodLabelValue: "true" + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. + seLinuxOptions: {} + + resources: + requests: + cpu: 100m + memory: 100Mi + + resourceQuotas: + enabled: false + pods: 5000 + + tolerations: + # Make sure istio-cni-node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + + # K8s DaemonSet update strategy. + # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # For Helm compatibility. + ownerName: "" + + global: + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + + # Default tag for Istio images. + tag: 1.27.7 + + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # change cni scope level to control logging out of istio-cni-node DaemonSet + logging: + level: info + + logAsJson: false + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Default resources allocated + defaultResources: + requests: + cpu: 100m + memory: 100Mi + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # A `key: value` mapping of environment variables to add to the pod + env: {} diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/Chart.yaml b/resources/v1.27.7/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/Chart.yaml rename to resources/v1.27.7/charts/gateway/Chart.yaml index c62b306bc2..6ea5276a10 100644 --- a/resources/v1.30-alpha.bcdd144c/charts/gateway/Chart.yaml +++ b/resources/v1.27.7/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +appVersion: 1.27.7 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +version: 1.27.7 diff --git a/resources/v1.27.7/charts/gateway/README.md b/resources/v1.27.7/charts/gateway/README.md new file mode 100644 index 0000000000..5c064d165b --- /dev/null +++ b/resources/v1.27.7/charts/gateway/README.md @@ -0,0 +1,170 @@ +# Istio Gateway Helm Chart + +This chart installs an Istio gateway deployment. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-ingressgateway`: + +```console +helm install istio-ingressgateway istio/gateway +``` + +## Uninstalling the Chart + +To uninstall/delete the `istio-ingressgateway` deployment: + +```console +helm delete istio-ingressgateway +``` + +## Configuration + +To view support configuration options and documentation, run: + +```console +helm show values istio/gateway +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### OpenShift + +When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: + +```console +helm install istio-ingressgateway istio/gateway --set profile=openshift +``` + +### `image: auto` Information + +The image used by the chart, `auto`, may be unintuitive. +This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). +This allows the same configurations and lifecycle to apply to gateways as sidecars. + +Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. +See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. + +### Examples + +#### Egress Gateway + +Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): + +```yaml +service: + # Egress gateways do not need an external LoadBalancer IP + type: ClusterIP +``` + +#### Multi-network/VM Gateway + +Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: + +```yaml +networkGateway: network-1 +``` + +### Migrating from other installation methods + +Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts +following the guidance below. +If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. + +WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. + +#### Legacy Gateway Helm charts + +Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. +These are replaced by this chart. +While not required, it is recommended all new users use this chart, and existing users migrate when possible. + +This chart has the following benefits and differences: +* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). +* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. +* Published to official Istio Helm repository. +* Single chart for all gateways (Ingress, Egress, East West). + +#### General concerns + +For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. + +If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: + +```yaml +app: istio-gateway +istio: gateway # the release name with leading istio- prefix stripped +``` + +If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels +`foo=bar,istio=ingressgateway`: + +```yaml +name: my-custom-gateway # Override the name to match existing resources +labels: + app: "" # Unset default app selector label + istio: ingressgateway # override default istio selector label + foo: bar # Add the existing custom selector label +``` + +#### Migrating an existing Helm release + +An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous +installation was done like: + +```console +helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system +``` + +It could be upgraded with + +```console +helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway +``` + +Note the name and labels are overridden to match the names of the existing installation. + +Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. +If you have AuthorizationPolicies that reference port these ports, you should update them during this process, +or customize the ports to match the old defaults. +See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. + +#### Other migrations + +If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. + +The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: + +```console +KINDS=(service deployment) +RELEASE=istio-ingressgateway +NAMESPACE=istio-system +for KIND in "${KINDS[@]}"; do + kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE + kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE + kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm +done +``` + +You may ignore errors about resources not being found. diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-ambient.yaml b/resources/v1.27.7/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-ambient.yaml rename to resources/v1.27.7/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 0000000000..4f3dbef7ea --- /dev/null +++ b/resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..b2f45948c2 --- /dev/null +++ b/resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..af10697326 --- /dev/null +++ b/resources/v1.27.7/charts/gateway/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-demo.yaml b/resources/v1.27.7/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-demo.yaml rename to resources/v1.27.7/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.27.7/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.27.7/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.27.7/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.27.7/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.27.7/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.27.7/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.27.7/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.27.7/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.27.7/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.27.7/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.27.7/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.27.7/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-preview.yaml b/resources/v1.27.7/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-preview.yaml rename to resources/v1.27.7/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-remote.yaml b/resources/v1.27.7/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-remote.yaml rename to resources/v1.27.7/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-stable.yaml b/resources/v1.27.7/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-stable.yaml rename to resources/v1.27.7/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/NOTES.txt b/resources/v1.27.7/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/templates/NOTES.txt rename to resources/v1.27.7/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/_helpers.tpl b/resources/v1.27.7/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/templates/_helpers.tpl rename to resources/v1.27.7/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/deployment.yaml b/resources/v1.27.7/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/templates/deployment.yaml rename to resources/v1.27.7/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/hpa.yaml b/resources/v1.27.7/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/templates/hpa.yaml rename to resources/v1.27.7/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.27.7/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.27.7/charts/gateway/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000000..b0155cdf05 --- /dev/null +++ b/resources/v1.27.7/charts/gateway/templates/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} +spec: + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + {{- with .Values.podDisruptionBudget }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/role.yaml b/resources/v1.27.7/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/templates/role.yaml rename to resources/v1.27.7/charts/gateway/templates/role.yaml diff --git a/resources/v1.27.7/charts/gateway/templates/service.yaml b/resources/v1.27.7/charts/gateway/templates/service.yaml new file mode 100644 index 0000000000..e8e2cdb588 --- /dev/null +++ b/resources/v1.27.7/charts/gateway/templates/service.yaml @@ -0,0 +1,72 @@ +{{- if not (eq .Values.service.type "None") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.networkGateway }} + topology.istio.io/network: "{{.}}" + {{- end }} + annotations: + {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} +spec: +{{- with .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ . }}" +{{- end }} +{{- if eq .Values.service.type "LoadBalancer" }} + {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} + allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} + {{- end }} + {{- if hasKey .Values.service "loadBalancerClass" }} + loadBalancerClass: {{ .Values.service.loadBalancerClass }} + {{- end }} +{{- end }} +{{- if .Values.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} +{{- end }} +{{- if .Values.service.ipFamilies }} + ipFamilies: +{{- range .Values.service.ipFamilies }} + - {{ . }} +{{- end }} +{{- end }} +{{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: "{{ . }}" +{{- end }} + type: {{ .Values.service.type }} + ports: +{{- if .Values.networkGateway }} + - name: status-port + port: 15021 + targetPort: 15021 + - name: tls + port: 15443 + targetPort: 15443 + - name: tls-istiod + port: 15012 + targetPort: 15012 + - name: tls-webhook + port: 15017 + targetPort: 15017 +{{- else }} +{{ .Values.service.ports | toYaml | indent 4 }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: {{- range .Values.service.externalIPs }} + - {{.}} + {{- end }} +{{- end }} + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + {{- with .Values.service.selectorLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/serviceaccount.yaml b/resources/v1.27.7/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.27.7/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/zzz_profile.yaml b/resources/v1.27.7/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.27.7/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.27.7/charts/gateway/values.schema.json b/resources/v1.27.7/charts/gateway/values.schema.json new file mode 100644 index 0000000000..c28db45139 --- /dev/null +++ b/resources/v1.27.7/charts/gateway/values.schema.json @@ -0,0 +1,359 @@ +{ + "$schema": "http://json-schema.org/schema#", + "$defs": { + "values": { + "type": "object", + "additionalProperties": false, + "properties": { + "_internal_defaults_do_not_set": { + "type": "object" + }, + "global": { + "type": "object" + }, + "affinity": { + "type": "object" + }, + "securityContext": { + "type": [ + "object", + "null" + ] + }, + "containerSecurityContext": { + "type": [ + "object", + "null" + ] + }, + "kind": { + "type": "string", + "enum": [ + "Deployment", + "DaemonSet" + ] + }, + "annotations": { + "additionalProperties": { + "type": [ + "string", + "integer" + ] + }, + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "env": { + "type": "object" + }, + "envVarFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { "type": "string" }, + "valueFrom": { "type": "object" } + } + } + }, + "strategy": { + "type": "object" + }, + "minReadySeconds": { + "type": [ "null", "integer" ] + }, + "readinessProbe": { + "type": [ "null", "object" ] + }, + "labels": { + "type": "object" + }, + "name": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object", + "properties": { + "inject.istio.io/templates": { + "type": "string" + }, + "prometheus.io/path": { + "type": "string" + }, + "prometheus.io/port": { + "type": "string" + }, + "prometheus.io/scrape": { + "type": "string" + } + } + }, + "replicaCount": { + "type": [ + "integer", + "null" + ] + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": ["string", "null"] + }, + "memory": { + "type": ["string", "null"] + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": ["string", "null"] + }, + "memory": { + "type": ["string", "null"] + } + } + } + } + }, + "revision": { + "type": "string" + }, + "defaultRevision": { + "type": "string" + }, + "compatibilityVersion": { + "type": "string" + }, + "profile": { + "type": "string" + }, + "platform": { + "type": "string" + }, + "pilot": { + "type": "object" + }, + "runAsRoot": { + "type": "boolean" + }, + "unprivilegedPort": { + "type": [ + "string", + "boolean" + ], + "enum": [ + true, + false, + "auto" + ] + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "selectorLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "externalTrafficPolicy": { + "type": "string" + }, + "loadBalancerIP": { + "type": "string" + }, + "loadBalancerSourceRanges": { + "type": "array" + }, + "ipFamilies": { + "items": { + "type": "string", + "enum": [ + "IPv4", + "IPv6" + ] + } + }, + "ipFamilyPolicy": { + "type": "string", + "enum": [ + "", + "SingleStack", + "PreferDualStack", + "RequireDualStack" + ] + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + } + }, + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + }, + "create": { + "type": "boolean" + } + } + }, + "rbac": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "networkGateway": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string", + "enum": [ + "", + "Always", + "IfNotPresent", + "Never" + ] + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "minAvailable": { + "type": [ + "integer", + "string" + ] + }, + "maxUnavailable": { + "type": [ + "integer", + "string" + ] + }, + "unhealthyPodEvictionPolicy": { + "type": "string", + "enum": [ + "", + "IfHealthyBudget", + "AlwaysAllow" + ] + } + } + }, + "terminationGracePeriodSeconds": { + "type": "number" + }, + "volumes": { + "type": "array", + "items": { + "type": "object" + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object" + } + }, + "initContainers": { + "type": "array", + "items": { "type": "object" } + }, + "additionalContainers": { + "type": "array", + "items": { "type": "object" } + }, + "priorityClassName": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object" + }, + "preStop": { + "type": "object" + } + } + } + } + } + }, + "defaults": { + "$ref": "#/$defs/values" + }, + "$ref": "#/$defs/values" +} diff --git a/resources/v1.27.7/charts/gateway/values.yaml b/resources/v1.27.7/charts/gateway/values.yaml new file mode 100644 index 0000000000..c5ac32ad2b --- /dev/null +++ b/resources/v1.27.7/charts/gateway/values.yaml @@ -0,0 +1,194 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + # Name allows overriding the release name. Generally this should not be set + name: "" + # revision declares which revision this gateway is a part of + revision: "" + + # Controls the spec.replicas setting for the Gateway deployment if set. + # Otherwise defaults to Kubernetes Deployment default (1). + replicaCount: + + kind: Deployment + + rbac: + # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed + # when using http://gateway-api.org/. + enabled: true + + serviceAccount: + # If set, a service account will be created. Otherwise, the default is used + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set, the release name is used + name: "" + + podAnnotations: + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + prometheus.io/path: "/stats/prometheus" + inject.istio.io/templates: "gateway" + sidecar.istio.io/inject: "true" + + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + containerSecurityContext: {} + + service: + # Type of service. Set to "None" to disable the service entirely + type: LoadBalancer + # Additional labels to add to the service selector + selectorLabels: {} + ports: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + annotations: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + externalTrafficPolicy: "" + externalIPs: [] + ipFamilyPolicy: "" + ipFamilies: [] + ## Whether to automatically allocate NodePorts (only for LoadBalancers). + # allocateLoadBalancerNodePorts: false + ## Set LoadBalancer class (only for LoadBalancers). + # loadBalancerClass: "" + + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: {} + autoscaleBehavior: {} + + # Pod environment variables + env: {} + + # Use envVarFrom to define full environment variable entries with complex sources, + # such as valueFrom.secretKeyRef, valueFrom.configMapKeyRef. Each item must include a `name` and `valueFrom`. + # + # Example: + # envVarFrom: + # - name: EXAMPLE_SECRET + # valueFrom: + # secretKeyRef: + # name: example-name + # key: example-key + envVarFrom: [] + + # Deployment Update strategy + strategy: {} + + # Sets the Deployment minReadySeconds value + minReadySeconds: + + # Optionally configure a custom readinessProbe. By default the control plane + # automatically injects the readinessProbe. If you wish to override that + # behavior, you may define your own readinessProbe here. + readinessProbe: {} + + # Labels to apply to all resources + labels: + # By default, don't enroll gateways into the ambient dataplane + "istio.io/dataplane-mode": none + + # Annotations to apply to all resources + annotations: {} + + nodeSelector: {} + + tolerations: [] + + topologySpreadConstraints: [] + + affinity: {} + + # If specified, the gateway will act as a network gateway for the given network. + networkGateway: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent + imagePullPolicy: "" + + imagePullSecrets: [] + + # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. + # + # By default, the `podDisruptionBudget` is disabled (set to `{}`), + # which means that no PodDisruptionBudget resource will be created. + # + # To enable the PodDisruptionBudget, configure it by specifying the + # `minAvailable` or `maxUnavailable`. For example, to set the + # minimum number of available replicas to 1, you can update this value as follows: + # + # podDisruptionBudget: + # minAvailable: 1 + # + # Or, to allow a maximum of 1 unavailable replica, you can set: + # + # podDisruptionBudget: + # maxUnavailable: 1 + # + # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. + # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: + # + # podDisruptionBudget: + # minAvailable: 1 + # unhealthyPodEvictionPolicy: AlwaysAllow + # + # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: + # + # podDisruptionBudget: {} + # + podDisruptionBudget: {} + + # Sets the per-pod terminationGracePeriodSeconds setting. + terminationGracePeriodSeconds: 30 + + # A list of `Volumes` added into the Gateway Pods. See + # https://kubernetes.io/docs/concepts/storage/volumes/. + volumes: [] + + # A list of `VolumeMounts` added into the Gateway Pods. See + # https://kubernetes.io/docs/concepts/storage/volumes/. + volumeMounts: [] + + # Inject initContainers into the Gateway Pods. + initContainers: [] + + # Inject additional containers into the Gateway Pods. + additionalContainers: [] + + # Configure this to a higher priority class in order to make sure your Istio gateway pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + # Configure the lifecycle hooks for the gateway. See + # https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/. + lifecycle: {} diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/Chart.yaml b/resources/v1.27.7/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/Chart.yaml rename to resources/v1.27.7/charts/istiod/Chart.yaml index 69721020a7..5c3fa1a78a 100644 --- a/resources/v1.30-alpha.bcdd144c/charts/istiod/Chart.yaml +++ b/resources/v1.27.7/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +appVersion: 1.27.7 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +version: 1.27.7 diff --git a/resources/v1.27.7/charts/istiod/README.md b/resources/v1.27.7/charts/istiod/README.md new file mode 100644 index 0000000000..ddbfbc8fec --- /dev/null +++ b/resources/v1.27.7/charts/istiod/README.md @@ -0,0 +1,73 @@ +# Istiod Helm Chart + +This chart installs an Istiod deployment. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). + +To install the chart with the release name `istiod`: + +```console +kubectl create namespace istio-system +helm install istiod istio/istiod --namespace istio-system +``` + +## Uninstalling the Chart + +To uninstall/delete the `istiod` deployment: + +```console +helm delete istiod --namespace istio-system +``` + +## Configuration + +To view support configuration options and documentation, run: + +```console +helm show values istio/istiod +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### Examples + +#### Configuring mesh configuration settings + +Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: + +```yaml +meshConfig: + accessLogFile: /dev/stdout +``` + +#### Revisions + +Control plane revisions allow deploying multiple versions of the control plane in the same cluster. +This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) + +```yaml +revision: my-revision-name +``` diff --git a/resources/v1.27.7/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.27.7/charts/istiod/files/gateway-injection-template.yaml new file mode 100644 index 0000000000..bc15ee3c31 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/files/gateway-injection-template.yaml @@ -0,0 +1,274 @@ +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: + istio.io/rev: {{ .Revision | default "default" | quote }} + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" + {{- end }} + {{- end }} +spec: + securityContext: + {{- if .Values.gateways.securityContext }} + {{- toYaml .Values.gateways.securityContext | nindent 4 }} + {{- else }} + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- end }} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- end }} + securityContext: + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + env: + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- if .CompliancePolicy }} + - name: COMPLIANCE_POLICY + value: "{{ .CompliancePolicy }}" + {{- end }} + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + volumes: + - emptyDir: + name: workload-socket + - emptyDir: {} + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else}} + - emptyDir: {} + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/grpc-agent.yaml b/resources/v1.27.7/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/grpc-agent.yaml rename to resources/v1.27.7/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/grpc-simple.yaml b/resources/v1.27.7/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/grpc-simple.yaml rename to resources/v1.27.7/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.27.7/charts/istiod/files/injection-template.yaml b/resources/v1.27.7/charts/istiod/files/injection-template.yaml new file mode 100644 index 0000000000..468e9ac4ac --- /dev/null +++ b/resources/v1.27.7/charts/istiod/files/injection-template.yaml @@ -0,0 +1,541 @@ +{{- define "resources" }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` | quote }} + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` | quote }} + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} +{{- end }} +{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} +{{ $capNetBindService := (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) }} +{{ $nativeSidecar := ne (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar` | default (printf "%t" .NativeSidecars)) "false" }} +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} + {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} + networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} + {{- end }} + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: { + istio.io/rev: {{ .Revision | default "default" | quote }}, + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{- end }} + {{- end }} +{{- if .Values.pilot.cni.enabled }} + {{- if eq .Values.pilot.cni.provider "multus" }} + k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', + {{- end }} + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} + traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", + {{- end }} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", + {{- end }} + {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} + {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} + {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} +{{- end }} + } +spec: + {{- $holdProxy := and + (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) + (not $nativeSidecar) }} + {{- $noInitContainer := and + (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) + (not $nativeSidecar) }} + {{ if $noInitContainer }} + initContainers: [] + {{ else -}} + initContainers: + {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} + {{ if .Values.pilot.cni.enabled -}} + - name: istio-validation + {{ else -}} + - name: istio-init + {{ end -}} + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + args: + - istio-iptables + - "-p" + - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} + - "-z" + - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} + - "-u" + - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} + - "-m" + - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + - "-i" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + - "-x" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + - "-b" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" + - "-d" + {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} + - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{- else }} + - "15090,15021" + {{- end }} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} + - "-q" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" + {{ end -}} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} + - "-o" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" + {{ else if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} + - "-c" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" + {{ end -}} + - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" + {{ if .Values.global.logAsJson -}} + - "--log_as_json" + {{ end -}} + {{ if .Values.pilot.cni.enabled -}} + - "--run-validation" + - "--skip-rule-apply" + {{ else if .Values.global.proxy_init.forceApplyIptables -}} + - "--force-apply" + {{ end -}} + {{ if .Values.global.nativeNftables -}} + - "--native-nftables" + {{ end -}} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{- if .ProxyConfig.ProxyMetadata }} + env: + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + resources: + {{ template "resources" . }} + securityContext: + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + privileged: {{ .Values.global.proxy.privileged }} + capabilities: + {{- if not .Values.pilot.cni.enabled }} + add: + - NET_ADMIN + - NET_RAW + {{- end }} + drop: + - ALL + {{- if not .Values.pilot.cni.enabled }} + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + {{- else }} + readOnlyRootFilesystem: true + runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} + runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} + runAsNonRoot: true + {{- end }} + {{ end -}} + {{ end -}} + {{ if not $nativeSidecar }} + containers: + {{ end }} + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{ if $nativeSidecar }}restartPolicy: Always{{end}} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.outlierLogPath }} + - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} + {{- end}} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- else if $holdProxy }} + lifecycle: + postStart: + exec: + command: + - pilot-agent + - wait + {{- else if $nativeSidecar }} + {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} + lifecycle: + preStop: + exec: + command: + - pilot-agent + - request + - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} + - POST + - drain + {{- end }} + env: + {{- if eq .InboundTrafficPolicyMode "localhost" }} + - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION + value: "true" + {{- end }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- if .CompliancePolicy }} + - name: COMPLIANCE_POLICY + value: "{{ .CompliancePolicy }}" + {{- end }} + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ . }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + {{ if .Values.global.proxy.startupProbe.enabled }} + startupProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: 0 + periodSeconds: 1 + timeoutSeconds: 3 + failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} + {{ end }} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + {{ end -}} + securityContext: + {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} + allowPrivilegeEscalation: true + capabilities: + add: + - NET_ADMIN + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: {{ .ProxyGID | default "1337" }} + runAsNonRoot: false + runAsUser: 0 + {{- else }} + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + capabilities: + {{ if or $tproxy $capNetBindService -}} + add: + {{ if $tproxy -}} + - NET_ADMIN + {{- end }} + {{ if $capNetBindService -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} + drop: + - ALL + privileged: {{ .Values.global.proxy.privileged }} + readOnlyRootFilesystem: true + {{ if or $tproxy $capNetBindService -}} + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 1337 + {{- else -}} + runAsNonRoot: true + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + {{- end }} + {{- end }} + resources: + {{ template "resources" . }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/run/secrets/istio/crl + name: istio-ca-crl + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} + - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} + name: lightstep-certs + readOnly: true + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 6 }} + {{ end }} + {{- end }} + volumes: + - emptyDir: + name: workload-socket + - emptyDir: + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else }} + - emptyDir: + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + - name: istio-ca-crl + configMap: + name: istio-ca-crl + optional: true + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{ end }} + {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} + - name: lightstep-certs + secret: + optional: true + secretName: lightstep.cacert + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.27.7/charts/istiod/files/kube-gateway.yaml b/resources/v1.27.7/charts/istiod/files/kube-gateway.yaml new file mode 100644 index 0000000000..616fb42c71 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/files/kube-gateway.yaml @@ -0,0 +1,401 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{.ServiceAccount | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + {{- if ge .KubeVersion 128 }} + # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" + {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.istio.io/managed" "istio.io-gateway-controller" + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + "{{.GatewayNameLabel}}": {{.Name}} + template: + metadata: + annotations: + {{- toJsonMap + (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") + (strdict "istio.io/rev" (.Revision | default "default")) + (strdict + "prometheus.io/path" "/stats/prometheus" + "prometheus.io/port" "15020" + "prometheus.io/scrape" "true" + ) | nindent 8 }} + labels: + {{- toJsonMap + (strdict + "sidecar.istio.io/inject" "false" + "service.istio.io/canonical-name" .DeploymentName + "service.istio.io/canonical-revision" "latest" + ) + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.istio.io/managed" "istio.io-gateway-controller" + ) | nindent 8 }} + spec: + securityContext: + {{- if .Values.gateways.securityContext }} + {{- toYaml .Values.gateways.securityContext | nindent 8 }} + {{- else }} + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- if .Values.gateways.seccompProfile }} + seccompProfile: + {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} + {{- end }} + {{- end }} + serviceAccountName: {{.ServiceAccount | quote}} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{- if .Values.global.proxy.resources }} + resources: + {{- toYaml .Values.global.proxy.resources | nindent 10 }} + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + securityContext: + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + runAsNonRoot: true + ports: + - containerPort: 15020 + name: metrics + protocol: TCP + - containerPort: 15021 + name: status-port + protocol: TCP + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} + - --proxyComponentLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} + - --log_output_level + - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} + {{- end }} + env: + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: "[]" + - name: ISTIO_META_APP_CONTAINERS + value: "" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ .ProxyConfig.InterceptionMode.String }}" + {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} + - name: ISTIO_META_NETWORK + value: {{.|quote}} + {{- end }} + - name: ISTIO_META_WORKLOAD_NAME + value: {{.DeploymentName|quote}} + - name: ISTIO_META_OWNER + value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- with (index .InfrastructureLabels "topology.istio.io/network") }} + - name: ISTIO_META_REQUESTED_NETWORK_VIEW + value: {{.|quote}} + {{- end }} + startupProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 4 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + - name: istio-podinfo + mountPath: /etc/istio/pod + volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: {} + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else}} + - emptyDir: {} + name: workload-certs + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: {{.UID}} +spec: + ipFamilyPolicy: PreferDualStack + ports: + {{- range $key, $val := .Ports }} + - name: {{ $val.Name | quote }} + port: {{ $val.Port }} + protocol: TCP + appProtocol: {{ $val.AppProtocol }} + {{- end }} + selector: + "{{.GatewayNameLabel}}": {{.Name}} + {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} + loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} + {{- end }} + type: {{ .ServiceType | quote }} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{.DeploymentName | quote}} + maxReplicas: 1 +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + gateway.networking.k8s.io/gateway-name: {{.Name|quote}} + diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-ambient.yaml b/resources/v1.27.7/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-ambient.yaml rename to resources/v1.27.7/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 0000000000..4f3dbef7ea --- /dev/null +++ b/resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..b2f45948c2 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..af10697326 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-demo.yaml b/resources/v1.27.7/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-demo.yaml rename to resources/v1.27.7/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.27.7/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.27.7/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.27.7/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.27.7/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.27.7/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.27.7/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.27.7/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.27.7/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.27.7/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.27.7/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.27.7/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.27.7/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-preview.yaml b/resources/v1.27.7/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-preview.yaml rename to resources/v1.27.7/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-remote.yaml b/resources/v1.27.7/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-remote.yaml rename to resources/v1.27.7/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-stable.yaml b/resources/v1.27.7/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-stable.yaml rename to resources/v1.27.7/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.27.7/charts/istiod/files/waypoint.yaml b/resources/v1.27.7/charts/istiod/files/waypoint.yaml new file mode 100644 index 0000000000..3e6a2f5dc1 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/files/waypoint.yaml @@ -0,0 +1,396 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{.ServiceAccount | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + {{- if ge .KubeVersion 128 }} + # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" + {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.istio.io/managed" .ControllerLabel + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" +spec: + selector: + matchLabels: + "{{.GatewayNameLabel}}": "{{.Name}}" + template: + metadata: + annotations: + {{- toJsonMap + (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") + (strdict "istio.io/rev" (.Revision | default "default")) + (strdict + "prometheus.io/path" "/stats/prometheus" + "prometheus.io/port" "15020" + "prometheus.io/scrape" "true" + ) | nindent 8 }} + labels: + {{- toJsonMap + (strdict + "sidecar.istio.io/inject" "false" + "istio.io/dataplane-mode" "none" + "service.istio.io/canonical-name" .DeploymentName + "service.istio.io/canonical-revision" "latest" + ) + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.istio.io/managed" .ControllerLabel + ) | nindent 8}} + spec: + {{- if .Values.global.waypoint.affinity }} + affinity: + {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.nodeSelector }} + nodeSelector: + {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.tolerations }} + tolerations: + {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: 2 + serviceAccountName: {{.ServiceAccount | quote}} + containers: + - name: istio-proxy + ports: + - containerPort: 15020 + name: metrics + protocol: TCP + - containerPort: 15021 + name: status-port + protocol: TCP + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + args: + - proxy + - waypoint + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --serviceCluster + - {{.ServiceAccount}}.$(POD_NAMESPACE) + - --proxyLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} + - --proxyComponentLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} + - --log_output_level + - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.outlierLogPath }} + - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} + {{- end}} + env: + - name: ISTIO_META_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + {{- if .ProxyConfig.ProxyMetadata }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} + {{- if $network }} + - name: ISTIO_META_NETWORK + value: "{{ $network }}" + {{- end }} + - name: ISTIO_META_INTERCEPTION_MODE + value: REDIRECT + - name: ISTIO_META_WORKLOAD_NAME + value: {{.DeploymentName}} + - name: ISTIO_META_OWNER + value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- if .Values.global.waypoint.resources }} + resources: + {{- toYaml .Values.global.waypoint.resources | nindent 10 }} + {{- end }} + startupProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 4 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + privileged: false + {{- if not (eq .Values.global.platform "openshift") }} + runAsGroup: 1337 + runAsUser: 1337 + {{- end }} + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +{{- if .Values.gateways.seccompProfile }} + seccompProfile: +{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} +{{- end }} + volumeMounts: + - mountPath: /var/run/secrets/workload-spiffe-uds + name: workload-socket + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/lib/istio/data + name: istio-data + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /etc/istio/pod + name: istio-podinfo + volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: + medium: Memory + name: istio-envoy + - emptyDir: + medium: Memory + name: go-proxy-envoy + - emptyDir: {} + name: istio-data + - emptyDir: {} + name: go-proxy-data + - downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + - fieldRef: + fieldPath: metadata.annotations + path: annotations + name: istio-podinfo + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + {{ toJsonMap + (strdict "networking.istio.io/traffic-distribution" "PreferClose") + (omit .InfrastructureAnnotations + "kubectl.kubernetes.io/last-applied-configuration" + "gateway.istio.io/name-override" + "gateway.istio.io/service-account" + "gateway.istio.io/controller-version" + ) | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" +spec: + ipFamilyPolicy: PreferDualStack + ports: + {{- range $key, $val := .Ports }} + - name: {{ $val.Name | quote }} + port: {{ $val.Port }} + protocol: TCP + appProtocol: {{ $val.AppProtocol }} + {{- end }} + selector: + "{{.GatewayNameLabel}}": "{{.Name}}" + {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} + loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} + {{- end }} + type: {{ .ServiceType | quote }} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{.DeploymentName | quote}} + maxReplicas: 1 +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + gateway.networking.k8s.io/gateway-name: {{.Name|quote}} + diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/NOTES.txt b/resources/v1.27.7/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/NOTES.txt rename to resources/v1.27.7/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/_helpers.tpl b/resources/v1.27.7/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/_helpers.tpl rename to resources/v1.27.7/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.27.7/charts/istiod/templates/autoscale.yaml b/resources/v1.27.7/charts/istiod/templates/autoscale.yaml new file mode 100644 index 0000000000..9b952ba857 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/autoscale.yaml @@ -0,0 +1,43 @@ +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + maxReplicas: {{ .Values.autoscaleMax }} + minReplicas: {{ .Values.autoscaleMin }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.cpu.targetAverageUtilization }} + {{- if .Values.memory.targetAverageUtilization }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.memory.targetAverageUtilization }} + {{- end }} + {{- if .Values.autoscaleBehavior }} + behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/clusterrole.yaml b/resources/v1.27.7/charts/istiod/templates/clusterrole.yaml new file mode 100644 index 0000000000..d9c86f43fa --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/clusterrole.yaml @@ -0,0 +1,213 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: + # sidecar injection controller + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update", "patch"] + + # configuration validation webhook controller + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] + + # istio configuration + # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) + # please proceed with caution + - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] + verbs: ["get", "watch", "list"] + resources: ["*"] +{{- if .Values.global.istiod.enableAnalysis }} + - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] + verbs: ["update", "patch"] + resources: + - authorizationpolicies/status + - destinationrules/status + - envoyfilters/status + - gateways/status + - peerauthentications/status + - proxyconfigs/status + - requestauthentications/status + - serviceentries/status + - sidecars/status + - telemetries/status + - virtualservices/status + - wasmplugins/status + - workloadentries/status + - workloadgroups/status +{{- end }} + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "workloadentries" ] + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "workloadentries/status", "serviceentries/status" ] + - apiGroups: ["security.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "authorizationpolicies/status" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "services/status" ] + + # auto-detect installed CRD definitions + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + + # discovery and routing + - apiGroups: [""] + resources: ["pods", "nodes", "services", "namespaces", "endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + +{{- if .Values.taint.enabled }} + - apiGroups: [""] + resources: ["nodes"] + verbs: ["patch"] +{{- end }} + + # ingress controller +{{- if .Values.global.istiod.enableAnalysis }} + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["*"] +{{- end}} + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses", "ingressclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["*"] + + # required for CA's namespace controller + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] + + # Istiod and bootstrap. +{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} +{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} + - apiGroups: ["certificates.k8s.io"] + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: ["update", "create", "get", "delete", "watch"] + - apiGroups: ["certificates.k8s.io"] + resources: + - "signers" + resourceNames: +{{- range .Values.global.certSigners }} + - {{ . | quote }} +{{- end }} + verbs: ["approve"] +{{- end}} +{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + - apiGroups: ["certificates.k8s.io"] + resources: ["clustertrustbundles"] + verbs: ["update", "create", "delete", "list", "watch", "get"] + - apiGroups: ["certificates.k8s.io"] + resources: ["signers"] + resourceNames: ["istio.io/istiod-ca"] + verbs: ["attest"] +{{- end }} + + # Used by Istiod to verify the JWT tokens + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + + # Used by Istiod to verify gateway SDS + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] + + # Use for Kubernetes Service APIs + - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] + resources: ["*"] + verbs: ["get", "watch", "list"] + - apiGroups: ["gateway.networking.x-k8s.io"] + resources: + - xbackendtrafficpolicies/status + - xlistenersets/status + verbs: ["update", "patch"] + - apiGroups: ["gateway.networking.k8s.io"] + resources: + - backendtlspolicies/status + - gatewayclasses/status + - gateways/status + - grpcroutes/status + - httproutes/status + - referencegrants/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: ["update", "patch"] + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["gatewayclasses"] + verbs: ["create", "update", "patch", "delete"] + - apiGroups: ["inference.networking.x-k8s.io"] + resources: ["inferencepools"] + verbs: ["get", "watch", "list"] + - apiGroups: ["inference.networking.x-k8s.io"] + resources: ["inferencepools/status"] + verbs: ["update", "patch"] + + # Needed for multicluster secret reading, possibly ingress certs in the future + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + + # Used for MCS serviceexport management + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceexports"] + verbs: [ "get", "watch", "list", "create", "delete"] + + # Used for MCS serviceimport management + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceimports"] + verbs: ["get", "watch", "list"] +--- +{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: ["apps"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "deployments" ] + - apiGroups: ["autoscaling"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "horizontalpodautoscalers" ] + - apiGroups: ["policy"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "poddisruptionbudgets" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "services" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "serviceaccounts"] +{{- end }} +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.27.7/charts/istiod/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..1b8fa4d079 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/clusterrolebinding.yaml @@ -0,0 +1,40 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +--- +{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: +- kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +{{- end }} +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.27.7/charts/istiod/templates/configmap-jwks.yaml new file mode 100644 index 0000000000..9d931c4065 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/configmap-jwks.yaml @@ -0,0 +1,18 @@ +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if .Values.jwksResolverExtraRootCA }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} +{{- end }} +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/configmap-values.yaml b/resources/v1.27.7/charts/istiod/templates/configmap-values.yaml new file mode 100644 index 0000000000..75e6e0bcc6 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/configmap-values.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + annotations: + kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + original-values: |- +{{ .Values._original | toPrettyJson | indent 4 }} +{{- $_ := unset $.Values "_original" }} + merged-values: |- +{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.27.7/charts/istiod/templates/configmap.yaml b/resources/v1.27.7/charts/istiod/templates/configmap.yaml new file mode 100644 index 0000000000..a8446a6fc9 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/configmap.yaml @@ -0,0 +1,111 @@ +{{- define "mesh" }} + # The trust domain corresponds to the trust root of a system. + # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain + trustDomain: "cluster.local" + + # The namespace to treat as the administrative root namespace for Istio configuration. + # When processing a leaf namespace Istio will search for declarations in that namespace first + # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace + # is processed as if it were declared in the leaf namespace. + rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} + + {{ $prom := include "default-prometheus" . | eq "true" }} + {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} + {{ $sdLogs := include "default-sd-logs" . | eq "true" }} + {{- if or $prom $sdMetrics $sdLogs }} + defaultProviders: + {{- if or $prom $sdMetrics }} + metrics: + {{ if $prom }}- prometheus{{ end }} + {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} + {{- end }} + {{- if and $sdMetrics $sdLogs }} + accessLogging: + - stackdriver + {{- end }} + {{- end }} + + defaultConfig: + {{- if .Values.global.meshID }} + meshId: "{{ .Values.global.meshID }}" + {{- end }} + {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} + image: + imageType: {{. | quote}} + {{- end }} + {{- if not (eq .Values.global.proxy.tracer "none") }} + tracing: + {{- if eq .Values.global.proxy.tracer "lightstep" }} + lightstep: + # Address of the LightStep Satellite pool + address: {{ .Values.global.tracer.lightstep.address }} + # Access Token used to communicate with the Satellite pool + accessToken: {{ .Values.global.tracer.lightstep.accessToken }} + {{- else if eq .Values.global.proxy.tracer "zipkin" }} + zipkin: + # Address of the Zipkin collector + address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} + {{- else if eq .Values.global.proxy.tracer "datadog" }} + datadog: + # Address of the Datadog Agent + address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} + {{- else if eq .Values.global.proxy.tracer "stackdriver" }} + stackdriver: + # enables trace output to stdout. + debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} + # The global default max number of attributes per span. + maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} + # The global default max number of annotation events per span. + maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} + # The global default max number of message events per span. + maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} + {{- end }} + {{- end }} + {{- if .Values.global.remotePilotAddress }} + {{- if and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod }} + # only primary `istiod` to xds and local `istiod` injection installs. + discoveryAddress: {{ printf "istiod-remote.%s.svc" .Release.Namespace }}:15012 + {{- else }} + discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 + {{- end }} + {{- else }} + discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 + {{- end }} +{{- end }} + +{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} +{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} +{{- $originalMesh := include "mesh" . | fromYaml }} +{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} + +{{- if .Values.configMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + + # Configuration file for the mesh networks to be used by the Split Horizon EDS. + meshNetworks: |- + {{- if .Values.global.meshNetworks }} + networks: +{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} + {{- else }} + networks: {} + {{- end }} + + mesh: |- +{{- if .Values.meshConfig }} +{{ $mesh | toYaml | indent 4 }} +{{- else }} +{{- include "mesh" . }} +{{- end }} +--- +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/deployment.yaml b/resources/v1.27.7/charts/istiod/templates/deployment.yaml new file mode 100644 index 0000000000..1b769c6ec7 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/deployment.yaml @@ -0,0 +1,312 @@ +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + istio: pilot + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +{{- range $key, $val := .Values.deploymentLabels }} + {{ $key }}: "{{ $val }}" +{{- end }} + {{- if .Values.deploymentAnnotations }} + annotations: +{{ toYaml .Values.deploymentAnnotations | indent 4 }} + {{- end }} +spec: +{{- if not .Values.autoscaleEnabled }} +{{- if .Values.replicaCount }} + replicas: {{ .Values.replicaCount }} +{{- end }} +{{- end }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.rollingMaxSurge }} + maxUnavailable: {{ .Values.rollingMaxUnavailable }} + selector: + matchLabels: + {{- if ne .Values.revision "" }} + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + {{- else }} + istio: pilot + {{- end }} + template: + metadata: + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + sidecar.istio.io/inject: "false" + operator.istio.io/component: "Pilot" + {{- if ne .Values.revision "" }} + istio: istiod + {{- else }} + istio: pilot + {{- end }} + {{- range $key, $val := .Values.podLabels }} + {{ $key }}: "{{ $val }}" + {{- end }} + istio.io/dataplane-mode: none + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 8 }} + annotations: + prometheus.io/port: "15014" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.affinity }} + affinity: +{{- toYaml . | nindent 8 }} +{{- end }} + tolerations: + - key: cni.istio.io/not-ready + operator: "Exists" +{{- with .Values.tolerations }} +{{- toYaml . | nindent 8 }} +{{- end }} +{{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: +{{- toYaml . | nindent 8 }} +{{- end }} + serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} +{{- if .Values.global.priorityClassName }} + priorityClassName: "{{ .Values.global.priorityClassName }}" +{{- end }} +{{- with .Values.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 8 }} +{{- end }} + containers: + - name: discovery +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" +{{- end }} +{{- if .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.global.imagePullPolicy }} +{{- end }} + args: + - "discovery" + - --monitoringAddr=:15014 +{{- if .Values.global.logging.level }} + - --log_output_level={{ .Values.global.logging.level }} +{{- end}} +{{- if .Values.global.logAsJson }} + - --log_as_json +{{- end }} + - --domain + - {{ .Values.global.proxy.clusterDomain }} +{{- if .Values.taint.namespace }} + - --cniNamespace={{ .Values.taint.namespace }} +{{- end }} + - --keepaliveMaxServerConnectionAge + - "{{ .Values.keepaliveMaxServerConnectionAge }}" +{{- if .Values.extraContainerArgs }} + {{- with .Values.extraContainerArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} +{{- end }} + ports: + - containerPort: 8080 + protocol: TCP + name: http-debug + - containerPort: 15010 + protocol: TCP + name: grpc-xds + - containerPort: 15012 + protocol: TCP + name: tls-xds + - containerPort: 15017 + protocol: TCP + name: https-webhooks + - containerPort: 15014 + protocol: TCP + name: http-monitoring + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 1 + periodSeconds: 3 + timeoutSeconds: 5 + env: + - name: REVISION + value: "{{ .Values.revision | default `default` }}" + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.serviceAccountName + - name: KUBECONFIG + value: /var/run/secrets/remote/config + # If you explicitly told us where ztunnel lives, use that. + # Otherwise, assume it lives in our namespace + # Also, check for an explicit ENV override (legacy approach) and prefer that + # if present + {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} + {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} + {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} + - name: CA_TRUSTED_NODE_ACCOUNTS + value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" + {{- end }} + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + {{- with .Values.envVarFrom }} + {{- toYaml . | nindent 10 }} + {{- end }} +{{- if .Values.traceSampling }} + - name: PILOT_TRACE_SAMPLING + value: "{{ .Values.traceSampling }}" +{{- end }} +# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then +# don't set it here to avoid duplication. +# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 +{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} + - name: EXTERNAL_ISTIOD + value: "{{ .Values.global.externalIstiod }}" +{{- end }} +{{- if .Values.global.trustBundleName }} + - name: PILOT_CA_CERT_CONFIGMAP + value: "{{ .Values.global.trustBundleName }}" +{{- end }} + - name: PILOT_ENABLE_ANALYSIS + value: "{{ .Values.global.istiod.enableAnalysis }}" + - name: CLUSTER_ID + value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: "1" + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: "1" + - name: PLATFORM + value: "{{ coalesce .Values.global.platform .Values.platform }}" + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | trim | indent 12 }} +{{- end }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +{{- if .Values.seccompProfile }} + seccompProfile: +{{ toYaml .Values.seccompProfile | trim | indent 14 }} +{{- end }} + volumeMounts: + - name: istio-token + mountPath: /var/run/secrets/tokens + readOnly: true + - name: local-certs + mountPath: /var/run/secrets/istio-dns + - name: cacerts + mountPath: /etc/cacerts + readOnly: true + - name: istio-kubeconfig + mountPath: /var/run/secrets/remote + readOnly: true + {{- if .Values.jwksResolverExtraRootCA }} + - name: extracacerts + mountPath: /cacerts + {{- end }} + - name: istio-csr-dns-cert + mountPath: /var/run/secrets/istiod/tls + readOnly: true + - name: istio-csr-ca-configmap + mountPath: /var/run/secrets/istiod/ca + readOnly: true + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + volumes: + # Technically not needed on this pod - but it helps debugging/testing SDS + # Should be removed after everything works. + - emptyDir: + medium: Memory + name: local-certs + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: {{ .Values.global.sds.token.aud }} + expirationSeconds: 43200 + path: istio-token + # Optional: user-generated root + - name: cacerts + secret: + secretName: cacerts + optional: true + - name: istio-kubeconfig + secret: + secretName: istio-kubeconfig + optional: true + # Optional: istio-csr dns pilot certs + - name: istio-csr-dns-cert + secret: + secretName: istiod-tls + optional: true + - name: istio-csr-ca-configmap + {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + optional: true + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + defaultMode: 420 + optional: true + {{- end }} + {{- if .Values.jwksResolverExtraRootCA }} + - name: extracacerts + configMap: + name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + {{- end }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + +--- +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.27.7/charts/istiod/templates/gateway-class-configmap.yaml new file mode 100644 index 0000000000..6b23d716a4 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/gateway-class-configmap.yaml @@ -0,0 +1,20 @@ +{{ range $key, $value := .Values.gatewayClasses }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} + namespace: {{ $.Release.Namespace }} + labels: + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + gateway.istio.io/defaults-for-class: {{$key|quote}} + {{- include "istio.labels" $ | nindent 4 }} +data: +{{ range $kind, $overlay := $value }} + {{$kind}}: | +{{$overlay|toYaml|trim|indent 4}} +{{ end }} +--- +{{ end }} diff --git a/resources/v1.27.7/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.27.7/charts/istiod/templates/istiod-injector-configmap.yaml new file mode 100644 index 0000000000..171aff8861 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/istiod-injector-configmap.yaml @@ -0,0 +1,81 @@ +{{- if not .Values.global.omitSidecarInjectorConfigMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: +{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} + values: |- +{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} +{{ $pilotVals := pick .Values "cni" "env" -}} +{{ $vals = set $vals "pilot" $pilotVals -}} +{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} +{{ $vals = set $vals "gateways" $gatewayVals -}} +{{ $vals | toPrettyJson | indent 4 }} + + # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching + # and istiod webhook functionality. + # + # New fields should not use Values - it is a 'primary' config object, users should be able + # to fine tune it or use it with kube-inject. + config: |- + # defaultTemplates defines the default template to use for pods that do not explicitly specify a template + {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} + defaultTemplates: +{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} + - {{ . }} +{{- end }} + {{- else }} + defaultTemplates: [sidecar] + {{- end }} + policy: {{ .Values.global.proxy.autoInject }} + alwaysInjectSelector: +{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} + neverInjectSelector: +{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} + injectedAnnotations: + {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} + "{{ $key }}": {{ $val | quote }} + {{- end }} + {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template + which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". + This should make it obvious that their installation is broken. + */}} + template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} + templates: +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} + sidecar: | +{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} + gateway: | +{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} + grpc-simple: | +{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} + grpc-agent: | +{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} + waypoint: | +{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} + kube-gateway: | +{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} +{{- end }} +{{- with .Values.sidecarInjectorWebhook.templates }} +{{ toYaml . | trim | indent 6 }} +{{- end }} + +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.27.7/charts/istiod/templates/mutatingwebhook.yaml new file mode 100644 index 0000000000..ca017194e6 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/mutatingwebhook.yaml @@ -0,0 +1,164 @@ +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- /* Core defines the common configuration used by all webhook segments */}} +{{/* Copy just what we need to avoid expensive deepCopy */}} +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + {{- if .caBundle }} + caBundle: "{{ .caBundle }}" + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} +{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} +{{- if not .Values.global.operatorManageWebhooks }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq .Release.Namespace "istio-system"}} + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} +{{- else }} + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +{{- end }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} + +{{- /* Case 1: namespace selector matches, and object doesn't disable */}} +{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + + +{{- /* Webhooks for default revision */}} +{{- if (eq .Values.revision "") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.27.7/charts/istiod/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000000..d21cd919d3 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/poddisruptionbudget.yaml @@ -0,0 +1,36 @@ +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if .Values.global.defaultPodDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + istio: pilot + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + {{- if and .Values.pdb.minAvailable (not (hasKey .Values.pdb "maxUnavailable")) }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- else if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + {{- if .Values.pdb.unhealthyPodEvictionPolicy }} + unhealthyPodEvictionPolicy: {{ .Values.pdb.unhealthyPodEvictionPolicy }} + {{- end }} + selector: + matchLabels: + app: istiod + {{- if ne .Values.revision "" }} + istio.io/rev: {{ .Values.revision | quote }} + {{- else }} + istio: pilot + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.27.7/charts/istiod/templates/reader-clusterrole.yaml new file mode 100644 index 0000000000..dbaa805035 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/reader-clusterrole.yaml @@ -0,0 +1,62 @@ +{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: + - "config.istio.io" + - "security.istio.io" + - "networking.istio.io" + - "authentication.istio.io" + - "rbac.istio.io" + - "telemetry.istio.io" + - "extensions.istio.io" + resources: ["*"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list" ] + resources: [ "workloadentries" ] + - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] + resources: ["gateways"] + verbs: ["get", "watch", "list"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceexports"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceimports"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +{{- if .Values.istiodRemote.enabled }} + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] +{{- end}} diff --git a/resources/v1.27.7/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.27.7/charts/istiod/templates/reader-clusterrolebinding.yaml new file mode 100644 index 0000000000..aea9f01f7a --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/reader-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: istio-reader-service-account + namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.27.7/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.27.7/charts/istiod/templates/remote-istiod-endpoints.yaml new file mode 100644 index 0000000000..f13b8ce9a9 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/remote-istiod-endpoints.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.global.remotePilotAddress .Values.istiodRemote.enabled }} +# if the remotePilotAddress is an IP addr +{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} +apiVersion: v1 +kind: Endpoints +metadata: + {{- if .Values.istiodRemote.enabledLocalInjectorIstiod }} + # This file is only used for remote `istiod` installs. + # only primary `istiod` to xds and local `istiod` injection installs. + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }}-remote + {{- else }} + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} + {{- end }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +subsets: +- addresses: + - ip: {{ .Values.global.remotePilotAddress }} + ports: + - port: 15012 + name: tcp-istiod + protocol: TCP + - port: 15017 + name: tcp-webhook + protocol: TCP +--- +{{- end }} +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.27.7/charts/istiod/templates/remote-istiod-service.yaml new file mode 100644 index 0000000000..0a48b9918b --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/remote-istiod-service.yaml @@ -0,0 +1,41 @@ +# This file is only used for remote +{{- if and .Values.global.remotePilotAddress .Values.istiodRemote.enabled }} +apiVersion: v1 +kind: Service +metadata: + {{- if .Values.istiodRemote.enabledLocalInjectorIstiod }} + # only primary `istiod` to xds and local `istiod` injection installs. + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }}-remote + {{- else }} + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} + {{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + app.kubernetes.io/name: "istiod" + {{ include "istio.labels" . | nindent 4 }} +spec: + ports: + - port: 15012 + name: tcp-istiod + protocol: TCP + - port: 443 + targetPort: 15017 + name: tcp-webhook + protocol: TCP + {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} + # if the remotePilotAddress is not an IP addr, we use ExternalName + type: ExternalName + externalName: {{ .Values.global.remotePilotAddress }} + {{- end }} +{{- if .Values.global.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} +{{- end }} +{{- if .Values.global.ipFamilies }} + ipFamilies: +{{- range .Values.global.ipFamilies }} + - {{ . }} +{{- end }} +{{- end }} +--- +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/revision-tags.yaml b/resources/v1.27.7/charts/istiod/templates/revision-tags.yaml new file mode 100644 index 0000000000..06764a826e --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/revision-tags.yaml @@ -0,0 +1,149 @@ +# Adapted from istio-discovery/templates/mutatingwebhook.yaml +# Removed paths for legacy and default selectors since a revision tag +# is inherently created from a specific revision +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} +{{- range $tagName := $.Values.revisionTags }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq $.Release.Namespace "istio-system"}} + name: istio-revision-tag-{{ $tagName }} +{{- else }} + name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} +{{- end }} + labels: + istio.io/tag: {{ $tagName }} + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + +{{- /* When the tag is "default" we want to create webhooks for the default revision */}} +{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} +{{- if (eq $tagName "default") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +--- +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/role.yaml b/resources/v1.27.7/charts/istiod/templates/role.yaml new file mode 100644 index 0000000000..bbcfbe4356 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/role.yaml @@ -0,0 +1,35 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: +# permissions to verify the webhook is ready and rejecting +# invalid config. We use --server-dry-run so no config is persisted. +- apiGroups: ["networking.istio.io"] + verbs: ["create"] + resources: ["gateways"] + +# For storing CA secret +- apiGroups: [""] + resources: ["secrets"] + # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config + verbs: ["create", "get", "watch", "list", "update", "delete"] + +# For status controller, so it can delete the distribution report configmap +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["delete"] + +# For gateway deployment controller +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "update", "patch", "create"] +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/rolebinding.yaml b/resources/v1.27.7/charts/istiod/templates/rolebinding.yaml new file mode 100644 index 0000000000..0c66b38a7d --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/rolebinding.yaml @@ -0,0 +1,21 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} +subjects: + - kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/service.yaml b/resources/v1.27.7/charts/istiod/templates/service.yaml new file mode 100644 index 0000000000..25bda4dfd2 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/service.yaml @@ -0,0 +1,57 @@ +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +apiVersion: v1 +kind: Service +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + {{- if .Values.serviceAnnotations }} + annotations: +{{ toYaml .Values.serviceAnnotations | indent 4 }} + {{- end }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: istiod + istio: pilot + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + ports: + - port: 15010 + name: grpc-xds # plaintext + protocol: TCP + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + protocol: TCP + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + protocol: TCP + - port: 15014 + name: http-monitoring # prometheus stats + protocol: TCP + selector: + app: istiod + {{- if ne .Values.revision "" }} + istio.io/rev: {{ .Values.revision | quote }} + {{- else }} + # Label used by the 'default' service. For versioned deployments we match with app and version. + # This avoids default deployment picking the canary + istio: pilot + {{- end }} + {{- if .Values.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} + {{- end }} + {{- if .Values.ipFamilies }} + ipFamilies: + {{- range .Values.ipFamilies }} + - {{ . }} + {{- end }} + {{- end }} + {{- if .Values.trafficDistribution }} + trafficDistribution: {{ .Values.trafficDistribution }} + {{- end }} +--- +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/serviceaccount.yaml b/resources/v1.27.7/charts/istiod/templates/serviceaccount.yaml new file mode 100644 index 0000000000..8b4a0c0faf --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/serviceaccount.yaml @@ -0,0 +1,24 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: v1 +kind: ServiceAccount + {{- if .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} + {{- if .Values.serviceAccountAnnotations }} + annotations: +{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} + {{- end }} +{{- end }} +--- diff --git a/resources/v1.27.7/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.27.7/charts/istiod/templates/validatingadmissionpolicy.yaml new file mode 100644 index 0000000000..8562a52d59 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/validatingadmissionpolicy.yaml @@ -0,0 +1,63 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{- if .Values.experimental.stableValidationPolicy }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" + labels: + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + objectSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isProxyConfig + expression: "object.kind == 'ProxyConfig'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: "!variables.isProxyConfig" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" +spec: + policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" + validationActions: [Deny] +{{- end }} +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.27.7/charts/istiod/templates/validatingwebhookconfiguration.yaml new file mode 100644 index 0000000000..b49bf7fafd --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/validatingwebhookconfiguration.yaml @@ -0,0 +1,68 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{- if .Values.global.configValidation }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +webhooks: + # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks + # are rejecting invalid configs on a per-revision basis. + - name: rev.validation.istio.io + clientConfig: + # Should change from base but cannot for API compat + {{- if .Values.base.validationURL }} + url: {{ .Values.base.validationURL }} + {{- else }} + service: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + path: "/validate" + {{- end }} + {{- if .Values.base.validationCABundle }} + caBundle: "{{ .Values.base.validationCABundle }}" + {{- end }} + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: + - "*" + resources: + - "*" + {{- if .Values.base.validationCABundle }} + # Disable webhook controller in Pilot to stop patching it + failurePolicy: Fail + {{- else }} + # Fail open until the validation webhook is ready. The webhook controller + # will update this to `Fail` and patch in the `caBundle` when the webhook + # endpoint is ready. + failurePolicy: Ignore + {{- end }} + sideEffects: None + admissionReviewVersions: ["v1"] + objectSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/resources/v1.27.7/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.27.7/charts/istiod/templates/zzy_descope_legacy.yaml new file mode 100644 index 0000000000..ae8fced298 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/templates/zzy_descope_legacy.yaml @@ -0,0 +1,3 @@ +{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. +Due to the file naming, this always happens after zzz_profile.yaml */}} +{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/zzz_profile.yaml b/resources/v1.27.7/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.27.7/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.27.7/charts/istiod/values.yaml b/resources/v1.27.7/charts/istiod/values.yaml new file mode 100644 index 0000000000..1a912db005 --- /dev/null +++ b/resources/v1.27.7/charts/istiod/values.yaml @@ -0,0 +1,569 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + autoscaleEnabled: true + autoscaleMin: 1 + autoscaleMax: 5 + autoscaleBehavior: {} + replicaCount: 1 + rollingMaxSurge: 100% + rollingMaxUnavailable: 25% + + hub: "" + tag: "" + variant: "" + + # Can be a full hub/image:tag + image: pilot + traceSampling: 1.0 + + # Resources for a small pilot install + resources: + requests: + cpu: 500m + memory: 2048Mi + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # Whether to use an existing CNI installation + cni: + enabled: false + provider: default + + # Additional container arguments + extraContainerArgs: [] + + env: {} + + envVarFrom: [] + + # Settings related to the untaint controller + # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready + # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes + taint: + # Controls whether or not the untaint controller is active + enabled: false + # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod + namespace: "" + + affinity: {} + + tolerations: [] + + cpu: + targetAverageUtilization: 80 + memory: {} + # targetAverageUtilization: 80 + + # Additional volumeMounts to the istiod container + volumeMounts: [] + + # Additional volumes to the istiod pod + volumes: [] + + # Inject initContainers into the istiod pod + initContainers: [] + + nodeSelector: {} + podAnnotations: {} + serviceAnnotations: {} + serviceAccountAnnotations: {} + sidecarInjectorWebhookAnnotations: {} + + topologySpreadConstraints: [] + + # You can use jwksResolverExtraRootCA to provide a root certificate + # in PEM format. This will then be trusted by pilot when resolving + # JWKS URIs. + jwksResolverExtraRootCA: "" + + # The following is used to limit how long a sidecar can be connected + # to a pilot. It balances out load across pilot instances at the cost of + # increasing system churn. + keepaliveMaxServerConnectionAge: 30m + + # Additional labels to apply to the deployment. + deploymentLabels: {} + + # Annotations to apply to the istiod deployment. + deploymentAnnotations: {} + + ## Mesh config settings + + # Install the mesh config map, generated from values.yaml. + # If false, pilot wil use default values (by default) or user-supplied values. + configMap: true + + # Additional labels to apply on the pod level for monitoring and logging configuration. + podLabels: {} + + # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: "" + ipFamilies: [] + + # Ambient mode only. + # Set this if you install ztunnel to a different namespace from `istiod`. + # If set, `istiod` will allow connections from trusted node proxy ztunnels + # in the provided namespace. + # If unset, `istiod` will assume the trusted node proxy ztunnel resides + # in the same namespace as itself. + trustedZtunnelNamespace: "" + # Set this if you install ztunnel with a name different from the default. + trustedZtunnelName: "" + + sidecarInjectorWebhook: + # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or + # always skip the injection on pods that match that label selector, regardless of the global policy. + # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + neverInjectSelector: [] + alwaysInjectSelector: [] + + # injectedAnnotations are additional annotations that will be added to the pod spec after injection + # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: + # + # annotations: + # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default + # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default + # + # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before + # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: + # injectedAnnotations: + # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default + # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default + injectedAnnotations: {} + + # This enables injection of sidecar in all namespaces, + # with the exception of namespaces with "istio-injection:disabled" annotation + # Only one environment should have this enabled. + enableNamespacesByDefault: false + + # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run + # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. + # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. + reinvocationPolicy: Never + + rewriteAppHTTPProbe: true + + # Templates defines a set of custom injection templates that can be used. For example, defining: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod + # being injected with the hello=world labels. + # This is intended for advanced configuration only; most users should use the built in template + templates: {} + + # Default templates specifies a set of default templates that are used in sidecar injection. + # By default, a template `sidecar` is always provided, which contains the template of default sidecar. + # To inject other additional templates, define it using the `templates` option, and add it to + # the default templates list. + # For example: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # defaultTemplates: ["sidecar", "hello"] + defaultTemplates: [] + istiodRemote: + # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, + # and istiod itself will NOT be installed in this cluster - only the support resources necessary + # to utilize a remote instance. + enabled: false + + # If `true`, indicates that this cluster/install should consume a "local istiod" installation, + # local istiod inject sidecars + enabledLocalInjectorIstiod: false + + # Sidecar injector mutating webhook configuration clientConfig.url value. + # For example: https://$remotePilotAddress:15017/inject + # The host should not refer to a service running in the cluster; use a service reference by specifying + # the clientConfig.service field instead. + injectionURL: "" + + # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. + # Override to pass env variables, for example: /inject/cluster/remote/net/network2 + injectionPath: "/inject" + + injectionCABundle: "" + telemetry: + enabled: true + v2: + # For Null VM case now. + # This also enables metadata exchange. + enabled: true + # Indicate if prometheus stats filter is enabled or not + prometheus: + enabled: true + # stackdriver filter settings. + stackdriver: + enabled: false + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # Revision tags are aliases to Istio control plane revisions + revisionTags: [] + + # For Helm compatibility. + ownerName: "" + + # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior + # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options + meshConfig: + enablePrometheusMerge: true + + experimental: + stableValidationPolicy: false + + global: + # Used to locate istiod. + istioNamespace: istio-system + # List of cert-signers to allow "approve" action in the istio cluster role + # + # certSigners: + # - clusterissuers.cert-manager.io/istio-ca + certSigners: [] + # enable pod disruption budget for the control plane, which is used to + # ensure Istio control plane components are gradually upgraded or recovered. + defaultPodDisruptionBudget: + enabled: true + # The values aren't mutable due to a current PodDisruptionBudget limitation + # minAvailable: 1 + + # A minimal set of requested resources to applied to all deployments so that + # Horizontal Pod Autoscaler will be able to function (if set). + # Each component can overwrite these default values by adding its own resources + # block in the relevant section below and setting the desired resources values. + defaultResources: + requests: + cpu: 10m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + # Default tag for Istio images. + tag: 1.27.7 + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Enabled by default in master for maximising testing. + istiod: + enableAnalysis: false + + # To output all istio components logs in json format by adding --log_as_json argument to each container argument + logAsJson: false + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + # The control plane has different scopes depending on component, but can configure default log level across all components + # If empty, default scope and level will be used as configured in code + logging: + level: "default:info" + + omitSidecarInjectorConfigMap: false + + # Configure whether Operator manages webhook configurations. The current behavior + # of Istiod is to manage its own webhook configurations. + # When this option is set as true, Istio Operator, instead of webhooks, manages the + # webhook configurations. When this option is set as false, webhooks manage their + # own webhook configurations. + operatorManageWebhooks: false + + # Custom DNS config for the pod to resolve names of services in other + # clusters. Use this to add additional search domains, and other settings. + # see + # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + # This does not apply to gateway pods as they typically need a different + # set of DNS settings than the normal application pods (e.g., in + # multicluster scenarios). + # NOTE: If using templates, follow the pattern in the commented example below. + #podDNSSearchNamespaces: + #- global + #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" + + # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and + # system-node-critical, it is better to configure this in order to make sure your Istio pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + proxy: + image: proxyv2 + + # This controls the 'policy' in the sidecar injector. + autoInject: enabled + + # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value + # cluster domain. Default value is "cluster.local". + clusterDomain: "cluster.local" + + # Per Component log level for proxy, applies to gateways and sidecars. If a component level is + # not set, then the global "logLevel" will be used. + componentLogLevel: "misc:error" + + # istio ingress capture allowlist + # examples: + # Redirect only selected ports: --includeInboundPorts="80,8080" + excludeInboundPorts: "" + includeInboundPorts: "*" + + # istio egress capture allowlist + # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly + # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" + # would only capture egress traffic on those two IP Ranges, all other outbound traffic would + # be allowed by the sidecar + includeIPRanges: "*" + excludeIPRanges: "" + includeOutboundPorts: "" + excludeOutboundPorts: "" + + # Log level for proxy, applies to gateways and sidecars. + # Expected values are: trace|debug|info|warning|error|critical|off + logLevel: warning + + # Specify the path to the outlier event log. + # Example: /dev/stdout + outlierLogPath: "" + + #If set to true, istio-proxy container will have privileged securityContext + privileged: false + + # The number of successive failed probes before indicating readiness failure. + readinessFailureThreshold: 4 + + # The initial delay for readiness probes in seconds. + readinessInitialDelaySeconds: 0 + + # The period between readiness probes. + readinessPeriodSeconds: 15 + + # Enables or disables a startup probe. + # For optimal startup times, changing this should be tied to the readiness probe values. + # + # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + # and doesn't spam the readiness endpoint too much + # + # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + startupProbe: + enabled: true + failureThreshold: 600 # 10 minutes + + # Resources for the sidecar. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + # Default port for Pilot agent health checks. A value of 0 will disable health checking. + statusPort: 15020 + + # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. + # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + tracer: "none" + + proxy_init: + # Base name for the proxy_init container, used to configure iptables. + image: proxyv2 + # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. + # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. + forceApplyIptables: false + + # configure remote pilot and istiod service and endpoint + remotePilotAddress: "" + + ############################################################################################## + # The following values are found in other charts. To effectively modify these values, make # + # make sure they are consistent across your Istio helm charts # + ############################################################################################## + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + # If not set explicitly, default to the Istio discovery address. + caAddress: "" + + # Enable control of remote clusters. + externalIstiod: false + + # Configure a remote cluster as the config cluster for an external istiod. + configCluster: false + + # configValidation enables the validation webhook for Istio configuration. + configValidation: true + + # Mesh ID means Mesh Identifier. It should be unique within the scope where + # meshes will interact with each other, but it is not required to be + # globally/universally unique. For example, if any of the following are true, + # then two meshes must have different Mesh IDs: + # - Meshes will have their telemetry aggregated in one place + # - Meshes will be federated together + # - Policy will be written referencing one mesh from the other + # + # If an administrator expects that any of these conditions may become true in + # the future, they should ensure their meshes have different Mesh IDs + # assigned. + # + # Within a multicluster mesh, each cluster must be (manually or auto) + # configured to have the same Mesh ID value. If an existing cluster 'joins' a + # multicluster mesh, it will need to be migrated to the new mesh ID. Details + # of migration TBD, and it may be a disruptive operation to change the Mesh + # ID post-install. + # + # If the mesh admin does not specify a value, Istio will use the value of the + # mesh's Trust Domain. The best practice is to select a proper Trust Domain + # value. + meshID: "" + + # Configure the mesh networks to be used by the Split Horizon EDS. + # + # The following example defines two networks with different endpoints association methods. + # For `network1` all endpoints that their IP belongs to the provided CIDR range will be + # mapped to network1. The gateway for this network example is specified by its public IP + # address and port. + # The second network, `network2`, in this example is defined differently with all endpoints + # retrieved through the specified Multi-Cluster registry being mapped to network2. The + # gateway is also defined differently with the name of the gateway service on the remote + # cluster. The public IP for the gateway will be determined from that remote service (only + # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, + # it still need to be configured manually). + # + # meshNetworks: + # network1: + # endpoints: + # - fromCidr: "192.168.0.1/24" + # gateways: + # - address: 1.1.1.1 + # port: 80 + # network2: + # endpoints: + # - fromRegistry: reg1 + # gateways: + # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local + # port: 443 + # + meshNetworks: {} + + # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. + mountMtlsCerts: false + + multiCluster: + # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection + # to properly label proxies + clusterName: "" + + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # Configure the certificate provider for control plane communication. + # Currently, two providers are supported: "kubernetes" and "istiod". + # As some platforms may not have kubernetes signing APIs, + # Istiod is the default + pilotCertProvider: istiod + + sds: + # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. + # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the + # JWT is intended for the CA. + token: + aud: istio-ca + + sts: + # The service port used by Security Token Service (STS) server to handle token exchange requests. + # Setting this port to a non-zero value enables STS server. + servicePort: 0 + + # The name of the CA for workload certificates. + # For example, when caName=GkeWorkloadCertificate, GKE workload certificates + # will be used as the certificates for workloads. + # The default value is "" and when caName="", the CA will be configured by other + # mechanisms (e.g., environmental variable CA_PROVIDER). + caName: "" + + waypoint: + # Resources for the waypoint proxy. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "2" + memory: 1Gi + + # If specified, affinity defines the scheduling constraints of waypoint pods. + affinity: {} + + # Topology Spread Constraints for the waypoint proxy. + topologySpreadConstraints: [] + + # Node labels for the waypoint proxy. + nodeSelector: {} + + # Tolerations for the waypoint proxy. + tolerations: [] + + base: + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + # Gateway Settings + gateways: + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + + # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it + seccompProfile: {} + + # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. + # For example: + # gatewayClasses: + # istio: + # service: + # spec: + # type: ClusterIP + # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. + gatewayClasses: {} + + pdb: + # -- Minimum available pods set in PodDisruptionBudget. + # Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. + # maxUnavailable: 1 + # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget. + # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ + unhealthyPodEvictionPolicy: "" diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/Chart.yaml b/resources/v1.27.7/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/Chart.yaml rename to resources/v1.27.7/charts/revisiontags/Chart.yaml index a680ea746d..299c39630a 100644 --- a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/Chart.yaml +++ b/resources/v1.27.7/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +appVersion: 1.27.7 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 0000000000..4f3dbef7ea --- /dev/null +++ b/resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..b2f45948c2 --- /dev/null +++ b/resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..af10697326 --- /dev/null +++ b/resources/v1.27.7/charts/revisiontags/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-demo.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-preview.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-remote.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-stable.yaml b/resources/v1.27.7/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.27.7/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.27.7/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.27.7/charts/revisiontags/templates/revision-tags.yaml new file mode 100644 index 0000000000..06764a826e --- /dev/null +++ b/resources/v1.27.7/charts/revisiontags/templates/revision-tags.yaml @@ -0,0 +1,149 @@ +# Adapted from istio-discovery/templates/mutatingwebhook.yaml +# Removed paths for legacy and default selectors since a revision tag +# is inherently created from a specific revision +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} +{{- range $tagName := $.Values.revisionTags }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq $.Release.Namespace "istio-system"}} + name: istio-revision-tag-{{ $tagName }} +{{- else }} + name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} +{{- end }} + labels: + istio.io/tag: {{ $tagName }} + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + +{{- /* When the tag is "default" we want to create webhooks for the default revision */}} +{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} +{{- if (eq $tagName "default") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +--- +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.27.7/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.27.7/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.27.7/charts/revisiontags/values.yaml b/resources/v1.27.7/charts/revisiontags/values.yaml new file mode 100644 index 0000000000..1a912db005 --- /dev/null +++ b/resources/v1.27.7/charts/revisiontags/values.yaml @@ -0,0 +1,569 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + autoscaleEnabled: true + autoscaleMin: 1 + autoscaleMax: 5 + autoscaleBehavior: {} + replicaCount: 1 + rollingMaxSurge: 100% + rollingMaxUnavailable: 25% + + hub: "" + tag: "" + variant: "" + + # Can be a full hub/image:tag + image: pilot + traceSampling: 1.0 + + # Resources for a small pilot install + resources: + requests: + cpu: 500m + memory: 2048Mi + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # Whether to use an existing CNI installation + cni: + enabled: false + provider: default + + # Additional container arguments + extraContainerArgs: [] + + env: {} + + envVarFrom: [] + + # Settings related to the untaint controller + # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready + # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes + taint: + # Controls whether or not the untaint controller is active + enabled: false + # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod + namespace: "" + + affinity: {} + + tolerations: [] + + cpu: + targetAverageUtilization: 80 + memory: {} + # targetAverageUtilization: 80 + + # Additional volumeMounts to the istiod container + volumeMounts: [] + + # Additional volumes to the istiod pod + volumes: [] + + # Inject initContainers into the istiod pod + initContainers: [] + + nodeSelector: {} + podAnnotations: {} + serviceAnnotations: {} + serviceAccountAnnotations: {} + sidecarInjectorWebhookAnnotations: {} + + topologySpreadConstraints: [] + + # You can use jwksResolverExtraRootCA to provide a root certificate + # in PEM format. This will then be trusted by pilot when resolving + # JWKS URIs. + jwksResolverExtraRootCA: "" + + # The following is used to limit how long a sidecar can be connected + # to a pilot. It balances out load across pilot instances at the cost of + # increasing system churn. + keepaliveMaxServerConnectionAge: 30m + + # Additional labels to apply to the deployment. + deploymentLabels: {} + + # Annotations to apply to the istiod deployment. + deploymentAnnotations: {} + + ## Mesh config settings + + # Install the mesh config map, generated from values.yaml. + # If false, pilot wil use default values (by default) or user-supplied values. + configMap: true + + # Additional labels to apply on the pod level for monitoring and logging configuration. + podLabels: {} + + # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: "" + ipFamilies: [] + + # Ambient mode only. + # Set this if you install ztunnel to a different namespace from `istiod`. + # If set, `istiod` will allow connections from trusted node proxy ztunnels + # in the provided namespace. + # If unset, `istiod` will assume the trusted node proxy ztunnel resides + # in the same namespace as itself. + trustedZtunnelNamespace: "" + # Set this if you install ztunnel with a name different from the default. + trustedZtunnelName: "" + + sidecarInjectorWebhook: + # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or + # always skip the injection on pods that match that label selector, regardless of the global policy. + # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + neverInjectSelector: [] + alwaysInjectSelector: [] + + # injectedAnnotations are additional annotations that will be added to the pod spec after injection + # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: + # + # annotations: + # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default + # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default + # + # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before + # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: + # injectedAnnotations: + # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default + # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default + injectedAnnotations: {} + + # This enables injection of sidecar in all namespaces, + # with the exception of namespaces with "istio-injection:disabled" annotation + # Only one environment should have this enabled. + enableNamespacesByDefault: false + + # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run + # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. + # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. + reinvocationPolicy: Never + + rewriteAppHTTPProbe: true + + # Templates defines a set of custom injection templates that can be used. For example, defining: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod + # being injected with the hello=world labels. + # This is intended for advanced configuration only; most users should use the built in template + templates: {} + + # Default templates specifies a set of default templates that are used in sidecar injection. + # By default, a template `sidecar` is always provided, which contains the template of default sidecar. + # To inject other additional templates, define it using the `templates` option, and add it to + # the default templates list. + # For example: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # defaultTemplates: ["sidecar", "hello"] + defaultTemplates: [] + istiodRemote: + # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, + # and istiod itself will NOT be installed in this cluster - only the support resources necessary + # to utilize a remote instance. + enabled: false + + # If `true`, indicates that this cluster/install should consume a "local istiod" installation, + # local istiod inject sidecars + enabledLocalInjectorIstiod: false + + # Sidecar injector mutating webhook configuration clientConfig.url value. + # For example: https://$remotePilotAddress:15017/inject + # The host should not refer to a service running in the cluster; use a service reference by specifying + # the clientConfig.service field instead. + injectionURL: "" + + # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. + # Override to pass env variables, for example: /inject/cluster/remote/net/network2 + injectionPath: "/inject" + + injectionCABundle: "" + telemetry: + enabled: true + v2: + # For Null VM case now. + # This also enables metadata exchange. + enabled: true + # Indicate if prometheus stats filter is enabled or not + prometheus: + enabled: true + # stackdriver filter settings. + stackdriver: + enabled: false + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # Revision tags are aliases to Istio control plane revisions + revisionTags: [] + + # For Helm compatibility. + ownerName: "" + + # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior + # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options + meshConfig: + enablePrometheusMerge: true + + experimental: + stableValidationPolicy: false + + global: + # Used to locate istiod. + istioNamespace: istio-system + # List of cert-signers to allow "approve" action in the istio cluster role + # + # certSigners: + # - clusterissuers.cert-manager.io/istio-ca + certSigners: [] + # enable pod disruption budget for the control plane, which is used to + # ensure Istio control plane components are gradually upgraded or recovered. + defaultPodDisruptionBudget: + enabled: true + # The values aren't mutable due to a current PodDisruptionBudget limitation + # minAvailable: 1 + + # A minimal set of requested resources to applied to all deployments so that + # Horizontal Pod Autoscaler will be able to function (if set). + # Each component can overwrite these default values by adding its own resources + # block in the relevant section below and setting the desired resources values. + defaultResources: + requests: + cpu: 10m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + # Default tag for Istio images. + tag: 1.27.7 + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Enabled by default in master for maximising testing. + istiod: + enableAnalysis: false + + # To output all istio components logs in json format by adding --log_as_json argument to each container argument + logAsJson: false + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + # The control plane has different scopes depending on component, but can configure default log level across all components + # If empty, default scope and level will be used as configured in code + logging: + level: "default:info" + + omitSidecarInjectorConfigMap: false + + # Configure whether Operator manages webhook configurations. The current behavior + # of Istiod is to manage its own webhook configurations. + # When this option is set as true, Istio Operator, instead of webhooks, manages the + # webhook configurations. When this option is set as false, webhooks manage their + # own webhook configurations. + operatorManageWebhooks: false + + # Custom DNS config for the pod to resolve names of services in other + # clusters. Use this to add additional search domains, and other settings. + # see + # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + # This does not apply to gateway pods as they typically need a different + # set of DNS settings than the normal application pods (e.g., in + # multicluster scenarios). + # NOTE: If using templates, follow the pattern in the commented example below. + #podDNSSearchNamespaces: + #- global + #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" + + # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and + # system-node-critical, it is better to configure this in order to make sure your Istio pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + proxy: + image: proxyv2 + + # This controls the 'policy' in the sidecar injector. + autoInject: enabled + + # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value + # cluster domain. Default value is "cluster.local". + clusterDomain: "cluster.local" + + # Per Component log level for proxy, applies to gateways and sidecars. If a component level is + # not set, then the global "logLevel" will be used. + componentLogLevel: "misc:error" + + # istio ingress capture allowlist + # examples: + # Redirect only selected ports: --includeInboundPorts="80,8080" + excludeInboundPorts: "" + includeInboundPorts: "*" + + # istio egress capture allowlist + # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly + # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" + # would only capture egress traffic on those two IP Ranges, all other outbound traffic would + # be allowed by the sidecar + includeIPRanges: "*" + excludeIPRanges: "" + includeOutboundPorts: "" + excludeOutboundPorts: "" + + # Log level for proxy, applies to gateways and sidecars. + # Expected values are: trace|debug|info|warning|error|critical|off + logLevel: warning + + # Specify the path to the outlier event log. + # Example: /dev/stdout + outlierLogPath: "" + + #If set to true, istio-proxy container will have privileged securityContext + privileged: false + + # The number of successive failed probes before indicating readiness failure. + readinessFailureThreshold: 4 + + # The initial delay for readiness probes in seconds. + readinessInitialDelaySeconds: 0 + + # The period between readiness probes. + readinessPeriodSeconds: 15 + + # Enables or disables a startup probe. + # For optimal startup times, changing this should be tied to the readiness probe values. + # + # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + # and doesn't spam the readiness endpoint too much + # + # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + startupProbe: + enabled: true + failureThreshold: 600 # 10 minutes + + # Resources for the sidecar. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + # Default port for Pilot agent health checks. A value of 0 will disable health checking. + statusPort: 15020 + + # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. + # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + tracer: "none" + + proxy_init: + # Base name for the proxy_init container, used to configure iptables. + image: proxyv2 + # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. + # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. + forceApplyIptables: false + + # configure remote pilot and istiod service and endpoint + remotePilotAddress: "" + + ############################################################################################## + # The following values are found in other charts. To effectively modify these values, make # + # make sure they are consistent across your Istio helm charts # + ############################################################################################## + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + # If not set explicitly, default to the Istio discovery address. + caAddress: "" + + # Enable control of remote clusters. + externalIstiod: false + + # Configure a remote cluster as the config cluster for an external istiod. + configCluster: false + + # configValidation enables the validation webhook for Istio configuration. + configValidation: true + + # Mesh ID means Mesh Identifier. It should be unique within the scope where + # meshes will interact with each other, but it is not required to be + # globally/universally unique. For example, if any of the following are true, + # then two meshes must have different Mesh IDs: + # - Meshes will have their telemetry aggregated in one place + # - Meshes will be federated together + # - Policy will be written referencing one mesh from the other + # + # If an administrator expects that any of these conditions may become true in + # the future, they should ensure their meshes have different Mesh IDs + # assigned. + # + # Within a multicluster mesh, each cluster must be (manually or auto) + # configured to have the same Mesh ID value. If an existing cluster 'joins' a + # multicluster mesh, it will need to be migrated to the new mesh ID. Details + # of migration TBD, and it may be a disruptive operation to change the Mesh + # ID post-install. + # + # If the mesh admin does not specify a value, Istio will use the value of the + # mesh's Trust Domain. The best practice is to select a proper Trust Domain + # value. + meshID: "" + + # Configure the mesh networks to be used by the Split Horizon EDS. + # + # The following example defines two networks with different endpoints association methods. + # For `network1` all endpoints that their IP belongs to the provided CIDR range will be + # mapped to network1. The gateway for this network example is specified by its public IP + # address and port. + # The second network, `network2`, in this example is defined differently with all endpoints + # retrieved through the specified Multi-Cluster registry being mapped to network2. The + # gateway is also defined differently with the name of the gateway service on the remote + # cluster. The public IP for the gateway will be determined from that remote service (only + # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, + # it still need to be configured manually). + # + # meshNetworks: + # network1: + # endpoints: + # - fromCidr: "192.168.0.1/24" + # gateways: + # - address: 1.1.1.1 + # port: 80 + # network2: + # endpoints: + # - fromRegistry: reg1 + # gateways: + # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local + # port: 443 + # + meshNetworks: {} + + # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. + mountMtlsCerts: false + + multiCluster: + # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection + # to properly label proxies + clusterName: "" + + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # Configure the certificate provider for control plane communication. + # Currently, two providers are supported: "kubernetes" and "istiod". + # As some platforms may not have kubernetes signing APIs, + # Istiod is the default + pilotCertProvider: istiod + + sds: + # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. + # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the + # JWT is intended for the CA. + token: + aud: istio-ca + + sts: + # The service port used by Security Token Service (STS) server to handle token exchange requests. + # Setting this port to a non-zero value enables STS server. + servicePort: 0 + + # The name of the CA for workload certificates. + # For example, when caName=GkeWorkloadCertificate, GKE workload certificates + # will be used as the certificates for workloads. + # The default value is "" and when caName="", the CA will be configured by other + # mechanisms (e.g., environmental variable CA_PROVIDER). + caName: "" + + waypoint: + # Resources for the waypoint proxy. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "2" + memory: 1Gi + + # If specified, affinity defines the scheduling constraints of waypoint pods. + affinity: {} + + # Topology Spread Constraints for the waypoint proxy. + topologySpreadConstraints: [] + + # Node labels for the waypoint proxy. + nodeSelector: {} + + # Tolerations for the waypoint proxy. + tolerations: [] + + base: + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + # Gateway Settings + gateways: + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + + # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it + seccompProfile: {} + + # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. + # For example: + # gatewayClasses: + # istio: + # service: + # spec: + # type: ClusterIP + # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. + gatewayClasses: {} + + pdb: + # -- Minimum available pods set in PodDisruptionBudget. + # Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. + # maxUnavailable: 1 + # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget. + # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ + unhealthyPodEvictionPolicy: "" diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/Chart.yaml b/resources/v1.27.7/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/Chart.yaml rename to resources/v1.27.7/charts/ztunnel/Chart.yaml index 2589922c87..ae7de2e187 100644 --- a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/Chart.yaml +++ b/resources/v1.27.7/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +appVersion: 1.27.7 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 +version: 1.27.7 diff --git a/resources/v1.27.7/charts/ztunnel/README.md b/resources/v1.27.7/charts/ztunnel/README.md new file mode 100644 index 0000000000..ffe0b94fe8 --- /dev/null +++ b/resources/v1.27.7/charts/ztunnel/README.md @@ -0,0 +1,50 @@ +# Istio Ztunnel Helm Chart + +This chart installs an Istio ztunnel. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart: + +```console +helm install ztunnel istio/ztunnel +``` + +## Uninstalling the Chart + +To uninstall/delete the chart: + +```console +helm delete ztunnel +``` + +## Configuration + +To view support configuration options and documentation, run: + +```console +helm show values istio/ztunnel +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 0000000000..4f3dbef7ea --- /dev/null +++ b/resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..b2f45948c2 --- /dev/null +++ b/resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..af10697326 --- /dev/null +++ b/resources/v1.27.7/charts/ztunnel/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-demo.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-preview.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-remote.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-stable.yaml b/resources/v1.27.7/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.27.7/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/NOTES.txt b/resources/v1.27.7/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/NOTES.txt rename to resources/v1.27.7/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/_helpers.tpl b/resources/v1.27.7/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.27.7/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.27.7/charts/ztunnel/templates/daemonset.yaml b/resources/v1.27.7/charts/ztunnel/templates/daemonset.yaml new file mode 100644 index 0000000000..7de85a2d18 --- /dev/null +++ b/resources/v1.27.7/charts/ztunnel/templates/daemonset.yaml @@ -0,0 +1,210 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +spec: + {{- with .Values.updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + app: ztunnel + template: + metadata: + labels: + sidecar.istio.io/inject: "false" + istio.io/dataplane-mode: none + app: ztunnel + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 8}} +{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} + annotations: + sidecar.istio.io/inject: "false" +{{- if .Values.revision }} + istio.io/rev: {{ .Values.revision }} +{{- end }} +{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} + spec: + nodeSelector: + kubernetes.io/os: linux +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | trim | indent 8 }} +{{- end }} + serviceAccountName: {{ include "ztunnel.release-name" . }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | trim | indent 8 }} +{{- end }} + containers: + - name: istio-proxy +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" +{{- end }} + ports: + - containerPort: 15020 + name: ztunnel-stats + protocol: TCP + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 10 }} +{{- end }} +{{- with .Values.imagePullPolicy }} + imagePullPolicy: {{ . }} +{{- end }} + securityContext: + # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true + # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 + allowPrivilegeEscalation: true + privileged: false + capabilities: + drop: + - ALL + add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html + - NET_ADMIN # Required for TPROXY and setsockopt + - SYS_ADMIN # Required for `setns` - doing things in other netns + - NET_RAW # Required for RAW/PACKET sockets, TPROXY + readOnlyRootFilesystem: true + runAsGroup: 1337 + runAsNonRoot: false + runAsUser: 0 +{{- if .Values.seLinuxOptions }} + seLinuxOptions: +{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} +{{- end }} + readinessProbe: + httpGet: + port: 15021 + path: /healthz/ready + args: + - proxy + - ztunnel + env: + - name: CA_ADDRESS + {{- if .Values.caAddress }} + value: {{ .Values.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 + {{- end }} + - name: XDS_ADDRESS + {{- if .Values.xdsAddress }} + value: {{ .Values.xdsAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 + {{- end }} + {{- if .Values.logAsJson }} + - name: LOG_FORMAT + value: json + {{- end}} + {{- if .Values.network }} + - name: NETWORK + value: {{ .Values.network | quote }} + {{- end }} + - name: RUST_LOG + value: {{ .Values.logLevel | quote }} + - name: RUST_BACKTRACE + value: "1" + - name: ISTIO_META_CLUSTER_ID + value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} + - name: INPOD_ENABLED + value: "true" + - name: TERMINATION_GRACE_PERIOD_SECONDS + value: "{{ .Values.terminationGracePeriodSeconds }}" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} + {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + - name: ZTUNNEL_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- with .Values.env }} + {{- range $key, $val := . }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /var/run/ztunnel + name: cni-ztunnel-sock-dir + - mountPath: /tmp + name: tmp + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + priorityClassName: system-node-critical + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + volumes: + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: istio-ca + - name: istiod-ca-cert + {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + - name: cni-ztunnel-sock-dir + hostPath: + path: /var/run/ztunnel + type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. + # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one + - name: tmp + emptyDir: {} + {{- with .Values.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} diff --git a/resources/v1.27.7/charts/ztunnel/templates/rbac.yaml b/resources/v1.27.7/charts/ztunnel/templates/rbac.yaml new file mode 100644 index 0000000000..0a8138c9a3 --- /dev/null +++ b/resources/v1.27.7/charts/ztunnel/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: v1 +kind: ServiceAccount + {{- with .Values.imagePullSecrets }} +imagePullSecrets: + {{- range . }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +--- +{{- if (eq (.Values.platform | default "") "openshift") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ztunnel.release-name" . }} + labels: + app: ztunnel + release: {{ include "ztunnel.release-name" . }} + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ztunnel.release-name" . }} + labels: + app: ztunnel + release: {{ include "ztunnel.release-name" . }} + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ztunnel.release-name" . }} +subjects: +- kind: ServiceAccount + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +--- diff --git a/resources/v1.27.7/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.27.7/charts/ztunnel/templates/resourcequota.yaml new file mode 100644 index 0000000000..a1c0e5496d --- /dev/null +++ b/resources/v1.27.7/charts/ztunnel/templates/resourcequota.yaml @@ -0,0 +1,20 @@ +{{- if .Values.resourceQuotas.enabled }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} +spec: + hard: + pods: {{ .Values.resourceQuotas.pods | quote }} + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.27.7/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.27.7/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.27.7/charts/ztunnel/values.yaml b/resources/v1.27.7/charts/ztunnel/values.yaml new file mode 100644 index 0000000000..80b2269949 --- /dev/null +++ b/resources/v1.27.7/charts/ztunnel/values.yaml @@ -0,0 +1,128 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + # Hub to pull from. Image will be `Hub/Image:Tag-Variant` + hub: gcr.io/istio-release + # Tag to pull from. Image will be `Hub/Image:Tag-Variant` + tag: 1.27.7 + # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. + variant: "" + + # Image name to pull from. Image will be `Hub/Image:Tag-Variant` + # If Image contains a "/", it will replace the entire `image` in the pod. + image: ztunnel + + # Same as `global.network`, but will override it if set. + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. + # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. + resourceName: "" + + # Labels to apply to all top level resources + labels: {} + # Annotations to apply to all top level resources + annotations: {} + + # Additional volumeMounts to the ztunnel container + volumeMounts: [] + + # Additional volumes to the ztunnel pod + volumes: [] + + # Tolerations for the ztunnel pod + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + + # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). + podAnnotations: + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + + # Additional labels to apply on the pod level + podLabels: {} + + # Pod resource configuration + resources: + requests: + cpu: 200m + # Ztunnel memory scales with the size of the cluster and traffic load + # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. + memory: 512Mi + + resourceQuotas: + enabled: false + pods: 5000 + + # List of secret names to add to the service account as image pull secrets + imagePullSecrets: [] + + # A `key: value` mapping of environment variables to add to the pod + env: {} + + # Override for the pod imagePullPolicy + imagePullPolicy: "" + + # Settings for multicluster + multiCluster: + # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent + # with Istiod configuration. + clusterName: "" + + # meshConfig defines runtime configuration of components. + # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other + # components. + # TODO: https://github.com/istio/istio/issues/43248 + meshConfig: + defaultConfig: + proxyMetadata: {} + + # This value defines: + # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) + # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) + # Default K8S value is 30 seconds + terminationGracePeriodSeconds: 30 + + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. + revision: "" + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + caAddress: "" + + # The customized XDS address to retrieve configuration. + # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. + # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 + xdsAddress: "" + + # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. + istioNamespace: istio-system + + # Configuration log level of ztunnel binary, default is info. + # Valid values are: trace, debug, info, warn, error + logLevel: info + + # To output all logs in json format + logAsJson: false + + # Set to `type: RuntimeDefault` to use the default profile if available. + seLinuxOptions: {} + # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead + #seLinuxOptions: + # type: spc_t + + # K8s DaemonSet update strategy. + # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 diff --git a/resources/v1.27.7/cni-1.27.7.tgz.etag b/resources/v1.27.7/cni-1.27.7.tgz.etag new file mode 100644 index 0000000000..bfa2c3ff5d --- /dev/null +++ b/resources/v1.27.7/cni-1.27.7.tgz.etag @@ -0,0 +1 @@ +a6e6e33773471e61faf7c5f5c083aa1b diff --git a/resources/v1.27.7/commit b/resources/v1.27.7/commit new file mode 100644 index 0000000000..127aeda7e5 --- /dev/null +++ b/resources/v1.27.7/commit @@ -0,0 +1 @@ +1.27.7 diff --git a/resources/v1.27.7/gateway-1.27.7.tgz.etag b/resources/v1.27.7/gateway-1.27.7.tgz.etag new file mode 100644 index 0000000000..5f86604eab --- /dev/null +++ b/resources/v1.27.7/gateway-1.27.7.tgz.etag @@ -0,0 +1 @@ +ab9ab0f23481b2448aef566140633e7d diff --git a/resources/v1.27.7/istiod-1.27.7.tgz.etag b/resources/v1.27.7/istiod-1.27.7.tgz.etag new file mode 100644 index 0000000000..26f9f656fb --- /dev/null +++ b/resources/v1.27.7/istiod-1.27.7.tgz.etag @@ -0,0 +1 @@ +6be7d3b256dd1f380a4171a8ac5acdd6 diff --git a/resources/v1.30-alpha.bcdd144c/profiles/ambient.yaml b/resources/v1.27.7/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/profiles/ambient.yaml rename to resources/v1.27.7/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.bcdd144c/profiles/default.yaml b/resources/v1.27.7/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/profiles/default.yaml rename to resources/v1.27.7/profiles/default.yaml diff --git a/resources/v1.30-alpha.bcdd144c/profiles/demo.yaml b/resources/v1.27.7/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/profiles/demo.yaml rename to resources/v1.27.7/profiles/demo.yaml diff --git a/resources/v1.30-alpha.bcdd144c/profiles/empty.yaml b/resources/v1.27.7/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/profiles/empty.yaml rename to resources/v1.27.7/profiles/empty.yaml diff --git a/resources/v1.30-alpha.bcdd144c/profiles/openshift-ambient.yaml b/resources/v1.27.7/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/profiles/openshift-ambient.yaml rename to resources/v1.27.7/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.bcdd144c/profiles/openshift.yaml b/resources/v1.27.7/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/profiles/openshift.yaml rename to resources/v1.27.7/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.bcdd144c/profiles/preview.yaml b/resources/v1.27.7/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/profiles/preview.yaml rename to resources/v1.27.7/profiles/preview.yaml diff --git a/resources/v1.30-alpha.bcdd144c/profiles/remote.yaml b/resources/v1.27.7/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/profiles/remote.yaml rename to resources/v1.27.7/profiles/remote.yaml diff --git a/resources/v1.30-alpha.bcdd144c/profiles/stable.yaml b/resources/v1.27.7/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/profiles/stable.yaml rename to resources/v1.27.7/profiles/stable.yaml diff --git a/resources/v1.27.7/ztunnel-1.27.7.tgz.etag b/resources/v1.27.7/ztunnel-1.27.7.tgz.etag new file mode 100644 index 0000000000..c3085fa294 --- /dev/null +++ b/resources/v1.27.7/ztunnel-1.27.7.tgz.etag @@ -0,0 +1 @@ +9c9b08aa66cfcf56745711a3c134f760 diff --git a/resources/v1.28.4/base-1.28.4.tgz.etag b/resources/v1.28.4/base-1.28.4.tgz.etag new file mode 100644 index 0000000000..22a24c9418 --- /dev/null +++ b/resources/v1.28.4/base-1.28.4.tgz.etag @@ -0,0 +1 @@ +6063b3c35164b02d805576aa9a764742 diff --git a/resources/v1.28.4/charts/base/Chart.yaml b/resources/v1.28.4/charts/base/Chart.yaml new file mode 100644 index 0000000000..a41d5988e9 --- /dev/null +++ b/resources/v1.28.4/charts/base/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.28.4 +description: Helm chart for deploying Istio cluster resources and CRDs +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +name: base +sources: +- https://github.com/istio/istio +version: 1.28.4 diff --git a/resources/v1.28.4/charts/base/README.md b/resources/v1.28.4/charts/base/README.md new file mode 100644 index 0000000000..ae8f6d5b0e --- /dev/null +++ b/resources/v1.28.4/charts/base/README.md @@ -0,0 +1,35 @@ +# Istio base Helm Chart + +This chart installs resources shared by all Istio revisions. This includes Istio CRDs. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-base`: + +```console +kubectl create namespace istio-system +helm install istio-base istio/base -n istio-system +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.28.4/charts/base/files/profile-ambient.yaml b/resources/v1.28.4/charts/base/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.28.4/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.4/charts/base/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..d04117bfc0 --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.4/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.4/charts/base/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..8fe80112bf --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.4/charts/base/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 0000000000..209157cccf --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/base/files/profile-demo.yaml b/resources/v1.28.4/charts/base/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.28.4/charts/base/files/profile-platform-gke.yaml b/resources/v1.28.4/charts/base/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.28.4/charts/base/files/profile-platform-k3d.yaml b/resources/v1.28.4/charts/base/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.28.4/charts/base/files/profile-platform-k3s.yaml b/resources/v1.28.4/charts/base/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.28.4/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.28.4/charts/base/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.28.4/charts/base/files/profile-platform-minikube.yaml b/resources/v1.28.4/charts/base/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.28.4/charts/base/files/profile-platform-openshift.yaml b/resources/v1.28.4/charts/base/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.28.4/charts/base/files/profile-preview.yaml b/resources/v1.28.4/charts/base/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.28.4/charts/base/files/profile-remote.yaml b/resources/v1.28.4/charts/base/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.28.4/charts/base/files/profile-stable.yaml b/resources/v1.28.4/charts/base/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.28.4/charts/base/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.28.4/charts/base/templates/NOTES.txt b/resources/v1.28.4/charts/base/templates/NOTES.txt new file mode 100644 index 0000000000..f12616f578 --- /dev/null +++ b/resources/v1.28.4/charts/base/templates/NOTES.txt @@ -0,0 +1,5 @@ +Istio base successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.28.4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.28.4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.28.4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.28.4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.28.4/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.28.4/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.28.4/charts/base/templates/zzz_profile.yaml b/resources/v1.28.4/charts/base/templates/zzz_profile.yaml new file mode 100644 index 0000000000..3d84956485 --- /dev/null +++ b/resources/v1.28.4/charts/base/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/values.yaml b/resources/v1.28.4/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/values.yaml rename to resources/v1.28.4/charts/base/values.yaml diff --git a/resources/v1.28.4/charts/cni/Chart.yaml b/resources/v1.28.4/charts/cni/Chart.yaml new file mode 100644 index 0000000000..ad69d9b6ba --- /dev/null +++ b/resources/v1.28.4/charts/cni/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +appVersion: 1.28.4 +description: Helm chart for istio-cni components +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio-cni +- istio +name: cni +sources: +- https://github.com/istio/istio +version: 1.28.4 diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/README.md b/resources/v1.28.4/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/README.md rename to resources/v1.28.4/charts/cni/README.md diff --git a/resources/v1.28.4/charts/cni/files/profile-ambient.yaml b/resources/v1.28.4/charts/cni/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..d04117bfc0 --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..8fe80112bf --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 0000000000..209157cccf --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/cni/files/profile-demo.yaml b/resources/v1.28.4/charts/cni/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.28.4/charts/cni/files/profile-platform-gke.yaml b/resources/v1.28.4/charts/cni/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.28.4/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.28.4/charts/cni/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.28.4/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.28.4/charts/cni/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.28.4/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.28.4/charts/cni/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.28.4/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.28.4/charts/cni/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.28.4/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.28.4/charts/cni/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.28.4/charts/cni/files/profile-preview.yaml b/resources/v1.28.4/charts/cni/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.28.4/charts/cni/files/profile-remote.yaml b/resources/v1.28.4/charts/cni/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.28.4/charts/cni/files/profile-stable.yaml b/resources/v1.28.4/charts/cni/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.28.4/charts/cni/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.28.4/charts/cni/templates/NOTES.txt b/resources/v1.28.4/charts/cni/templates/NOTES.txt new file mode 100644 index 0000000000..fb35525b99 --- /dev/null +++ b/resources/v1.28.4/charts/cni/templates/NOTES.txt @@ -0,0 +1,5 @@ +"{{ .Release.Name }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.28.4/charts/cni/templates/_helpers.tpl b/resources/v1.28.4/charts/cni/templates/_helpers.tpl new file mode 100644 index 0000000000..73cc17b2f6 --- /dev/null +++ b/resources/v1.28.4/charts/cni/templates/_helpers.tpl @@ -0,0 +1,8 @@ +{{- define "name" -}} + istio-cni +{{- end }} + + +{{- define "istio-tag" -}} + {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/clusterrole.yaml b/resources/v1.28.4/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/clusterrole.yaml rename to resources/v1.28.4/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.28.4/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.28.4/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/configmap-cni.yaml b/resources/v1.28.4/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/configmap-cni.yaml rename to resources/v1.28.4/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.28.4/charts/cni/templates/daemonset.yaml b/resources/v1.28.4/charts/cni/templates/daemonset.yaml new file mode 100644 index 0000000000..6d1dda2902 --- /dev/null +++ b/resources/v1.28.4/charts/cni/templates/daemonset.yaml @@ -0,0 +1,252 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# This manifest installs the Istio install-cni container, as well +# as the Istio CNI plugin and config on +# each master and worker node in a Kubernetes cluster. +# +# $detectedBinDir exists to support a GKE-specific platform override, +# and is deprecated in favor of using the explicit `gke` platform profile. +{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary + "/home/kubernetes/bin" + "/opt/cni/bin" +}} +{{- if .Values.cniBinDir }} +{{ $detectedBinDir = .Values.cniBinDir }} +{{- end }} +kind: DaemonSet +apiVersion: apps/v1 +metadata: + # Note that this is templated but evaluates to a fixed name + # which the CNI plugin may fall back onto in some failsafe scenarios. + # if this name is changed, CNI plugin logic that checks for this name + # format should also be updated. + name: {{ template "name" . }}-node + namespace: {{ .Release.Namespace }} + labels: + k8s-app: {{ template "name" . }}-node + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} + {{ with .Values.daemonSetLabels -}}{{ toYaml . | nindent 4}}{{ end }} +spec: + selector: + matchLabels: + k8s-app: {{ template "name" . }}-node + {{- with .Values.updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + template: + metadata: + labels: + k8s-app: {{ template "name" . }}-node + sidecar.istio.io/inject: "false" + istio.io/dataplane-mode: none + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 8 }} + {{ with .Values.podLabels -}}{{ toYaml . | nindent 8}}{{ end }} + annotations: + sidecar.istio.io/inject: "false" + # Add Prometheus Scrape annotations + prometheus.io/scrape: 'true' + prometheus.io/port: "15014" + prometheus.io/path: '/metrics' + # Add AppArmor annotation + # This is required to avoid conflicts with AppArmor profiles which block certain + # privileged pod capabilities. + # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the + # securityContext which is otherwise preferred. + container.apparmor.security.beta.kubernetes.io/install-cni: unconfined + # Custom annotations + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet +{{- end }} + nodeSelector: + kubernetes.io/os: linux + # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + priorityClassName: system-node-critical + serviceAccountName: {{ template "name" . }} + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 5 + containers: + # This container installs the Istio CNI binaries + # and CNI network config file on each node. + - name: install-cni +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" +{{- end }} +{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} +{{- end }} + ports: + - containerPort: 15014 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8000 + securityContext: + privileged: false + runAsGroup: 0 + runAsUser: 0 + runAsNonRoot: false + # Both ambient and sidecar repair mode require elevated node privileges to function. + # But we don't need _everything_ in `privileged`, so explicitly set it to false and + # add capabilities based on feature. + capabilities: + drop: + - ALL + add: + # CAP_NET_ADMIN is required to allow ipset and route table access + - NET_ADMIN + # CAP_NET_RAW is required to allow iptables mutation of the `nat` table + - NET_RAW + # CAP_SYS_PTRACE is required for repair and ambient mode to describe + # the pod's network namespace. + - SYS_PTRACE + # CAP_SYS_ADMIN is required for both ambient and repair, in order to open + # network namespaces in `/proc` to obtain descriptors for entering pod network + # namespaces. There does not appear to be a more granular capability for this. + - SYS_ADMIN + # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose + # the typical ability to read/write to folders owned by others. + # This can cause problems if the hostPath mounts we use, which we require write access into, + # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. + - DAC_OVERRIDE +{{- if .Values.seLinuxOptions }} +{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} + seLinuxOptions: +{{ toYaml . | trim | indent 14 }} +{{- end }} +{{- end }} +{{- if .Values.seccompProfile }} + seccompProfile: +{{ toYaml .Values.seccompProfile | trim | indent 14 }} +{{- end }} + command: ["install-cni"] + args: + {{- if or .Values.logging.level .Values.global.logging.level }} + - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} + {{- end}} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end}} + envFrom: + - configMapRef: + name: {{ template "name" . }}-config + env: + - name: REPAIR_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: REPAIR_RUN_AS_DAEMON + value: "true" + - name: REPAIR_SIDECAR_ANNOTATION + value: "sidecar.istio.io/status" + {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} + - name: ALLOW_SWITCH_TO_HOST_NS + value: "true" + {{- end }} + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: '1' + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: '1' + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + {{- if or .Values.repair.repairPods .Values.ambient.enabled }} + - mountPath: /host/proc + name: cni-host-procfs + readOnly: true + {{- end }} + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + - mountPath: /var/run/istio-cni + name: cni-socket-dir + {{- if .Values.ambient.enabled }} + - mountPath: /host/var/run/netns + mountPropagation: HostToContainer + name: cni-netns-dir + - mountPath: /var/run/ztunnel + name: cni-ztunnel-sock-dir + {{ end }} + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | trim | indent 12 }} +{{- end }} + volumes: + # Used to install CNI. + - name: cni-bin-dir + hostPath: + path: {{ $detectedBinDir }} + {{- if or .Values.repair.repairPods .Values.ambient.enabled }} + - name: cni-host-procfs + hostPath: + path: /proc + type: Directory + {{- end }} + {{- if .Values.ambient.enabled }} + - name: cni-ztunnel-sock-dir + hostPath: + path: /var/run/ztunnel + type: DirectoryOrCreate + {{- end }} + - name: cni-net-dir + hostPath: + path: {{ .Values.cniConfDir }} + # Used for UDS sockets for logging, ambient eventing + - name: cni-socket-dir + hostPath: + path: /var/run/istio-cni + - name: cni-netns-dir + hostPath: + path: {{ .Values.cniNetnsDir }} + type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, + # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. + # Once the CNI does mount this, it will get populated and we're good. +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.28.4/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.28.4/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/resourcequota.yaml b/resources/v1.28.4/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/resourcequota.yaml rename to resources/v1.28.4/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/serviceaccount.yaml b/resources/v1.28.4/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/serviceaccount.yaml rename to resources/v1.28.4/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.28.4/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.28.4/charts/cni/templates/zzy_descope_legacy.yaml new file mode 100644 index 0000000000..a9584ac29f --- /dev/null +++ b/resources/v1.28.4/charts/cni/templates/zzy_descope_legacy.yaml @@ -0,0 +1,3 @@ +{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. +Due to the file naming, this always happens after zzz_profile.yaml */}} +{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.28.4/charts/cni/templates/zzz_profile.yaml b/resources/v1.28.4/charts/cni/templates/zzz_profile.yaml new file mode 100644 index 0000000000..3d84956485 --- /dev/null +++ b/resources/v1.28.4/charts/cni/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.28.4/charts/cni/values.yaml b/resources/v1.28.4/charts/cni/values.yaml new file mode 100644 index 0000000000..eba55d71c6 --- /dev/null +++ b/resources/v1.28.4/charts/cni/values.yaml @@ -0,0 +1,194 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + hub: "" + tag: "" + variant: "" + image: install-cni + pullPolicy: "" + + # Same as `global.logging.level`, but will override it if set + logging: + level: "" + + # Configuration file to insert istio-cni plugin configuration + # by default this will be the first file found in the cni-conf-dir + # Example + # cniConfFileName: 10-calico.conflist + + # CNI-and-platform specific path defaults. + # These may need to be set to platform-specific values, consult + # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` + cniBinDir: /opt/cni/bin + cniConfDir: /etc/cni/net.d + cniConfFileName: "" + cniNetnsDir: "/var/run/netns" + + # If Istio owned CNI config is enabled, defaults to 02-istio-cni.conflist + istioOwnedCNIConfigFileName: "" + istioOwnedCNIConfig: false + + excludeNamespaces: + - kube-system + + # Allows user to set custom affinity for the DaemonSet + affinity: {} + + # Additional labels to apply on the daemonset level + daemonSetLabels: {} + + # Custom annotations on pod level, if you need them + podAnnotations: {} + + # Additional labels to apply on the pod level + podLabels: {} + + # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? + # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case + chained: true + + # Custom configuration happens based on the CNI provider. + # Possible values: "default", "multus" + provider: "default" + + # Configure ambient settings + ambient: + # If enabled, ambient redirection will be enabled + enabled: false + # If ambient is enabled, this selector will be used to identify the ambient-enabled pods + enablementSelectors: + - podSelector: + matchLabels: {istio.io/dataplane-mode: ambient} + - podSelector: + matchExpressions: + - { key: istio.io/dataplane-mode, operator: NotIn, values: [none] } + namespaceSelector: + matchLabels: {istio.io/dataplane-mode: ambient} + # Set ambient config dir path: defaults to /etc/ambient-config + configDir: "" + # If enabled, and ambient is enabled, DNS redirection will be enabled + dnsCapture: true + # If enabled, and ambient is enabled, enables ipv6 support + ipv6: true + # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. + # This will eventually be enabled by default + reconcileIptablesOnStartup: false + # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on + shareHostNetworkNamespace: false + # If enabled, the CNI agent will retry checking if a pod is ambient enabled when there are errors + enableAmbientDetectionRetry: false + + + repair: + enabled: true + hub: "" + tag: "" + + # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. + # This defines the action the controller will take when a pod is detected as broken. + + # labelPods will label all pods with =. + # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). + # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. + labelPods: false + # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. + # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. + deletePods: false + # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. + # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. + # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. + repairPods: true + + initContainerName: "istio-validation" + + brokenPodLabelKey: "cni.istio.io/uninitialized" + brokenPodLabelValue: "true" + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. + seLinuxOptions: {} + + resources: + requests: + cpu: 100m + memory: 100Mi + + resourceQuotas: + enabled: false + pods: 5000 + + tolerations: + # Make sure istio-cni-node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + + # K8s DaemonSet update strategy. + # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # For Helm compatibility. + ownerName: "" + + global: + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + + # Default tag for Istio images. + tag: 1.28.4 + + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # change cni scope level to control logging out of istio-cni-node DaemonSet + logging: + level: info + + logAsJson: false + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Default resources allocated + defaultResources: + requests: + cpu: 100m + memory: 100Mi + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # resourceScope controls what resources will be processed by helm. + # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator. + # It can be one of: + # - all: all resources are processed + # - cluster: only cluster-scoped resources are processed + # - namespace: only namespace-scoped resources are processed + resourceScope: all + + # A `key: value` mapping of environment variables to add to the pod + env: {} diff --git a/resources/v1.28.4/charts/gateway/Chart.yaml b/resources/v1.28.4/charts/gateway/Chart.yaml new file mode 100644 index 0000000000..d116d36b96 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +appVersion: 1.28.4 +description: Helm chart for deploying Istio gateways +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +- gateways +name: gateway +sources: +- https://github.com/istio/istio +type: application +version: 1.28.4 diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/README.md b/resources/v1.28.4/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/README.md rename to resources/v1.28.4/charts/gateway/README.md diff --git a/resources/v1.28.4/charts/gateway/files/profile-ambient.yaml b/resources/v1.28.4/charts/gateway/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..d04117bfc0 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..8fe80112bf --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 0000000000..209157cccf --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/gateway/files/profile-demo.yaml b/resources/v1.28.4/charts/gateway/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.28.4/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.28.4/charts/gateway/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.28.4/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.28.4/charts/gateway/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.28.4/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.28.4/charts/gateway/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.28.4/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.28.4/charts/gateway/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.28.4/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.28.4/charts/gateway/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.28.4/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.28.4/charts/gateway/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.28.4/charts/gateway/files/profile-preview.yaml b/resources/v1.28.4/charts/gateway/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.28.4/charts/gateway/files/profile-remote.yaml b/resources/v1.28.4/charts/gateway/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.28.4/charts/gateway/files/profile-stable.yaml b/resources/v1.28.4/charts/gateway/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.28.4/charts/gateway/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.28.4/charts/gateway/templates/NOTES.txt b/resources/v1.28.4/charts/gateway/templates/NOTES.txt new file mode 100644 index 0000000000..fd0142911a --- /dev/null +++ b/resources/v1.28.4/charts/gateway/templates/NOTES.txt @@ -0,0 +1,9 @@ +"{{ include "gateway.name" . }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} + +Next steps: + * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ + * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.28.4/charts/gateway/templates/_helpers.tpl b/resources/v1.28.4/charts/gateway/templates/_helpers.tpl new file mode 100644 index 0000000000..e5a0a9b3c2 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{- define "gateway.name" -}} +{{- if eq .Release.Name "RELEASE-NAME" -}} + {{- .Values.name | default "istio-ingressgateway" -}} +{{- else -}} + {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} +{{- end -}} +{{- end }} + +{{- define "gateway.labels" -}} +{{ include "gateway.selectorLabels" . }} +{{- range $key, $val := .Values.labels }} +{{- if and (ne $key "app") (ne $key "istio") }} +{{ $key | quote }}: {{ $val | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "gateway.selectorLabels" -}} +app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} +istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} +{{- end }} + +{{/* +Keep sidecar injection labels together +https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy +*/}} +{{- define "gateway.sidecarInjectionLabels" -}} +sidecar.istio.io/inject: "true" +{{- with .Values.revision }} +istio.io/rev: {{ . | quote }} +{{- end }} +{{- end }} + +{{- define "gateway.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} +{{- else }} +{{- .Values.serviceAccount.name | default "default" }} +{{- end }} +{{- end }} diff --git a/resources/v1.28.4/charts/gateway/templates/deployment.yaml b/resources/v1.28.4/charts/gateway/templates/deployment.yaml new file mode 100644 index 0000000000..1d8f93a472 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/templates/deployment.yaml @@ -0,0 +1,145 @@ +apiVersion: apps/v1 +kind: {{ .Values.kind | default "Deployment" }} +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} + replicas: {{ .Values.replicaCount }} + {{- end }} + {{- end }} + {{- with .Values.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.minReadySeconds }} + minReadySeconds: {{ . }} + {{- end }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 8}} + {{- range $key, $val := .Values.labels }} + {{- if and (ne $key "app") (ne $key "istio") }} + {{ $key | quote }}: {{ $val | quote }} + {{- end }} + {{- end }} + {{- with .Values.networkGateway }} + topology.istio.io/network: "{{.}}" + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.serviceAccountName" . }} + securityContext: + {{- if .Values.securityContext }} + {{- toYaml .Values.securityContext | nindent 8 }} + {{- else }} + # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- end }} + {{- with .Values.volumes }} + volumes: + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: istio-proxy + # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection + image: auto + {{- with .Values.imagePullPolicy }} + imagePullPolicy: {{ . }} + {{- end }} + securityContext: + {{- if .Values.containerSecurityContext }} + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- else }} + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + {{- if not (eq (.Values.platform | default "") "openshift") }} + runAsUser: 1337 + runAsGroup: 1337 + {{- end }} + runAsNonRoot: true + {{- end }} + env: + {{- with .Values.networkGateway }} + - name: ISTIO_META_REQUESTED_NETWORK_VIEW + value: "{{.}}" + {{- end }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + {{- with .Values.envVarFrom }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.additionalContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/resources/v1.28.4/charts/gateway/templates/hpa.yaml b/resources/v1.28.4/charts/gateway/templates/hpa.yaml new file mode 100644 index 0000000000..64ecb6a4cd --- /dev/null +++ b/resources/v1.28.4/charts/gateway/templates/hpa.yaml @@ -0,0 +1,40 @@ +{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: {{ .Values.kind | default "Deployment" }} + name: {{ include "gateway.name" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + type: Utilization + {{- end }} + {{- if .Values.autoscaling.autoscaleBehavior }} + behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/networkpolicy.yaml b/resources/v1.28.4/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.28.4/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.28.4/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.28.4/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.28.4/charts/gateway/templates/role.yaml b/resources/v1.28.4/charts/gateway/templates/role.yaml new file mode 100644 index 0000000000..3d16079632 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/templates/role.yaml @@ -0,0 +1,37 @@ +{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} +{{- if .Values.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "gateway.serviceAccountName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "gateway.serviceAccountName" . }} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/templates/service.yaml b/resources/v1.28.4/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/templates/service.yaml rename to resources/v1.28.4/charts/gateway/templates/service.yaml diff --git a/resources/v1.28.4/charts/gateway/templates/serviceaccount.yaml b/resources/v1.28.4/charts/gateway/templates/serviceaccount.yaml new file mode 100644 index 0000000000..c88afeadd3 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.28.4/charts/gateway/templates/zzz_profile.yaml b/resources/v1.28.4/charts/gateway/templates/zzz_profile.yaml new file mode 100644 index 0000000000..606c556697 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if true }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.28.4/charts/gateway/values.schema.json b/resources/v1.28.4/charts/gateway/values.schema.json new file mode 100644 index 0000000000..9263245a24 --- /dev/null +++ b/resources/v1.28.4/charts/gateway/values.schema.json @@ -0,0 +1,359 @@ +{ + "$schema": "http://json-schema.org/schema#", + "$defs": { + "values": { + "type": "object", + "additionalProperties": false, + "properties": { + "_internal_defaults_do_not_set": { + "type": "object" + }, + "global": { + "type": "object" + }, + "affinity": { + "type": "object" + }, + "securityContext": { + "type": [ + "object", + "null" + ] + }, + "containerSecurityContext": { + "type": [ + "object", + "null" + ] + }, + "kind": { + "type": "string", + "enum": [ + "Deployment", + "DaemonSet" + ] + }, + "annotations": { + "additionalProperties": { + "type": [ + "string", + "integer" + ] + }, + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "env": { + "type": "object" + }, + "envVarFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { "type": "string" }, + "valueFrom": { "type": "object" } + } + } + }, + "strategy": { + "type": "object" + }, + "minReadySeconds": { + "type": [ "null", "integer" ] + }, + "readinessProbe": { + "type": [ "null", "object" ] + }, + "labels": { + "type": "object" + }, + "name": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object", + "properties": { + "inject.istio.io/templates": { + "type": "string" + }, + "prometheus.io/path": { + "type": "string" + }, + "prometheus.io/port": { + "type": "string" + }, + "prometheus.io/scrape": { + "type": "string" + } + } + }, + "replicaCount": { + "type": [ + "integer", + "null" + ] + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": ["object", "null"], + "properties": { + "cpu": { + "type": ["string", "null"] + }, + "memory": { + "type": ["string", "null"] + } + } + }, + "requests": { + "type": ["object", "null"], + "properties": { + "cpu": { + "type": ["string", "null"] + }, + "memory": { + "type": ["string", "null"] + } + } + } + } + }, + "revision": { + "type": "string" + }, + "defaultRevision": { + "type": "string" + }, + "compatibilityVersion": { + "type": "string" + }, + "profile": { + "type": "string" + }, + "platform": { + "type": "string" + }, + "pilot": { + "type": "object" + }, + "runAsRoot": { + "type": "boolean" + }, + "unprivilegedPort": { + "type": [ + "string", + "boolean" + ], + "enum": [ + true, + false, + "auto" + ] + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "selectorLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "externalTrafficPolicy": { + "type": "string" + }, + "loadBalancerIP": { + "type": "string" + }, + "loadBalancerSourceRanges": { + "type": "array" + }, + "ipFamilies": { + "items": { + "type": "string", + "enum": [ + "IPv4", + "IPv6" + ] + } + }, + "ipFamilyPolicy": { + "type": "string", + "enum": [ + "", + "SingleStack", + "PreferDualStack", + "RequireDualStack" + ] + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + } + }, + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + }, + "create": { + "type": "boolean" + } + } + }, + "rbac": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "networkGateway": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string", + "enum": [ + "", + "Always", + "IfNotPresent", + "Never" + ] + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "minAvailable": { + "type": [ + "integer", + "string" + ] + }, + "maxUnavailable": { + "type": [ + "integer", + "string" + ] + }, + "unhealthyPodEvictionPolicy": { + "type": "string", + "enum": [ + "", + "IfHealthyBudget", + "AlwaysAllow" + ] + } + } + }, + "terminationGracePeriodSeconds": { + "type": "number" + }, + "volumes": { + "type": "array", + "items": { + "type": "object" + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object" + } + }, + "initContainers": { + "type": "array", + "items": { "type": "object" } + }, + "additionalContainers": { + "type": "array", + "items": { "type": "object" } + }, + "priorityClassName": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object" + }, + "preStop": { + "type": "object" + } + } + } + } + } + }, + "defaults": { + "$ref": "#/$defs/values" + }, + "$ref": "#/$defs/values" +} diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/values.yaml b/resources/v1.28.4/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/values.yaml rename to resources/v1.28.4/charts/gateway/values.yaml diff --git a/resources/v1.28.4/charts/istiod/Chart.yaml b/resources/v1.28.4/charts/istiod/Chart.yaml new file mode 100644 index 0000000000..99d88e3f9a --- /dev/null +++ b/resources/v1.28.4/charts/istiod/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +appVersion: 1.28.4 +description: Helm chart for istio control plane +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +- istiod +- istio-discovery +name: istiod +sources: +- https://github.com/istio/istio +version: 1.28.4 diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/README.md b/resources/v1.28.4/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/README.md rename to resources/v1.28.4/charts/istiod/README.md diff --git a/resources/v1.28.4/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.28.4/charts/istiod/files/gateway-injection-template.yaml new file mode 100644 index 0000000000..bc15ee3c31 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/gateway-injection-template.yaml @@ -0,0 +1,274 @@ +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: + istio.io/rev: {{ .Revision | default "default" | quote }} + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" + {{- end }} + {{- end }} +spec: + securityContext: + {{- if .Values.gateways.securityContext }} + {{- toYaml .Values.gateways.securityContext | nindent 4 }} + {{- else }} + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- end }} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- end }} + securityContext: + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + env: + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- if .CompliancePolicy }} + - name: COMPLIANCE_POLICY + value: "{{ .CompliancePolicy }}" + {{- end }} + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + volumes: + - emptyDir: + name: workload-socket + - emptyDir: {} + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else}} + - emptyDir: {} + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.28.4/charts/istiod/files/grpc-agent.yaml b/resources/v1.28.4/charts/istiod/files/grpc-agent.yaml new file mode 100644 index 0000000000..3b9240e36c --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/grpc-agent.yaml @@ -0,0 +1,318 @@ +{{- define "resources" }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` | quote }} + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` | quote }} + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} +{{- end }} +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: { + istio.io/rev: {{ .Revision | default "default" | quote }}, + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{- end }} + {{- end }} + sidecar.istio.io/rewriteAppHTTPProbers: "false", + } +spec: + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + ports: + - containerPort: 15020 + protocol: TCP + name: mesh-metrics + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + lifecycle: + postStart: + exec: + command: + - pilot-agent + - wait + - --url=http://localhost:15020/healthz/ready + env: + - name: ISTIO_META_GENERATOR + value: grpc + - name: OUTPUT_CERTS + value: /var/lib/istio/data + {{- if eq .InboundTrafficPolicyMode "localhost" }} + - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION + value: "true" + {{- end }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + # grpc uses xds:/// to resolve – no need to resolve VIP + - name: ISTIO_META_DNS_CAPTURE + value: "false" + - name: DISABLE_ENVOY + value: "true" + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15020 + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + resources: + {{ template "resources" . }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + # UDS channel between istioagent and gRPC client for XDS/SDS + - mountPath: /etc/istio/proxy + name: istio-xds + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 6 }} + {{ end }} + {{- end }} +{{- range $index, $container := .Spec.Containers }} +{{ if not (eq $container.Name "istio-proxy") }} + - name: {{ $container.Name }} + env: + - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" + value: "true" + - name: "GRPC_XDS_BOOTSTRAP" + value: "/etc/istio/proxy/grpc-bootstrap.json" + volumeMounts: + - mountPath: /var/lib/istio/data + name: istio-data + # UDS channel between istioagent and gRPC client for XDS/SDS + - mountPath: /etc/istio/proxy + name: istio-xds + {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} +{{- end }} +{{- end }} + volumes: + - emptyDir: + name: workload-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else }} + - emptyDir: + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-xds + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{ end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.28.4/charts/istiod/files/grpc-simple.yaml b/resources/v1.28.4/charts/istiod/files/grpc-simple.yaml new file mode 100644 index 0000000000..9ba0c7a46a --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/grpc-simple.yaml @@ -0,0 +1,65 @@ +metadata: + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "false" +spec: + initContainers: + - name: grpc-bootstrap-init + image: busybox:1.28 + volumeMounts: + - mountPath: /var/lib/grpc/data/ + name: grpc-io-proxyless-bootstrap + env: + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_NAMESPACE + value: | + {{ .Values.global.istioNamespace }} + command: + - sh + - "-c" + - |- + NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" + SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" + echo ' + { + "xds_servers": [ + { + "server_uri": "'${SERVER_URI}'", + "channel_creds": [{"type": "insecure"}], + "server_features" : ["xds_v3"] + } + ], + "node": { + "id": "'${NODE_ID}'", + "metadata": { + "GENERATOR": "grpc" + } + } + }' > /var/lib/grpc/data/bootstrap.json + containers: + {{- range $index, $container := .Spec.Containers }} + - name: {{ $container.Name }} + env: + - name: GRPC_XDS_BOOTSTRAP + value: /var/lib/grpc/data/bootstrap.json + - name: GRPC_GO_LOG_VERBOSITY_LEVEL + value: "99" + - name: GRPC_GO_LOG_SEVERITY_LEVEL + value: info + volumeMounts: + - mountPath: /var/lib/grpc/data/ + name: grpc-io-proxyless-bootstrap + {{- end }} + volumes: + - name: grpc-io-proxyless-bootstrap + emptyDir: {} diff --git a/resources/v1.28.4/charts/istiod/files/injection-template.yaml b/resources/v1.28.4/charts/istiod/files/injection-template.yaml new file mode 100644 index 0000000000..84463bb43b --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/injection-template.yaml @@ -0,0 +1,549 @@ +{{- define "resources" }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` | quote }} + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` | quote }} + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} +{{- end }} +{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} +{{ $capNetBindService := (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) }} +{{ $nativeSidecar := ne (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar` | default (printf "%t" .NativeSidecars)) "false" }} +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} + {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} + networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} + {{- end }} + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: { + istio.io/rev: {{ .Revision | default "default" | quote }}, + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{- end }} + {{- end }} +{{- if .Values.pilot.cni.enabled }} + {{- if eq .Values.pilot.cni.provider "multus" }} + k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', + {{- end }} + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} + traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", + {{- end }} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", + {{- end }} + {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} + {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} + {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} +{{- end }} + } +spec: + {{- $holdProxy := and + (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) + (not $nativeSidecar) }} + {{- $noInitContainer := and + (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) + (not $nativeSidecar) }} + {{ if $noInitContainer }} + initContainers: [] + {{ else -}} + initContainers: + {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} + {{ if .Values.pilot.cni.enabled -}} + - name: istio-validation + {{ else -}} + - name: istio-init + {{ end -}} + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + args: + - istio-iptables + - "-p" + - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} + - "-z" + - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} + - "-u" + - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} + - "-m" + - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + - "-i" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + - "-x" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + - "-b" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" + - "-d" + {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} + - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{- else }} + - "15090,15021" + {{- end }} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} + - "-q" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" + {{ end -}} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} + - "-o" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" + {{ else if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} + - "-c" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" + {{ end -}} + - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" + {{ if .Values.global.logAsJson -}} + - "--log_as_json" + {{ end -}} + {{ if .Values.pilot.cni.enabled -}} + - "--run-validation" + - "--skip-rule-apply" + {{ else if .Values.global.proxy_init.forceApplyIptables -}} + - "--force-apply" + {{ end -}} + {{ if .Values.global.nativeNftables -}} + - "--native-nftables" + {{ end -}} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{- if .ProxyConfig.ProxyMetadata }} + env: + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + resources: + {{ template "resources" . }} + securityContext: + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + privileged: {{ .Values.global.proxy.privileged }} + capabilities: + {{- if not .Values.pilot.cni.enabled }} + add: + - NET_ADMIN + - NET_RAW + {{- end }} + drop: + - ALL + {{- if not .Values.pilot.cni.enabled }} + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + {{- else }} + readOnlyRootFilesystem: true + runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} + runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} + runAsNonRoot: true + {{- end }} + {{- if .Values.global.proxy.seccompProfile }} + seccompProfile: + {{- toYaml .Values.global.proxy.seccompProfile | nindent 8 }} + {{- end }} + {{ end -}} + {{ end -}} + {{ if not $nativeSidecar }} + containers: + {{ end }} + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{ if $nativeSidecar }}restartPolicy: Always{{end}} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.outlierLogPath }} + - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} + {{- end}} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- else if $holdProxy }} + lifecycle: + postStart: + exec: + command: + - pilot-agent + - wait + {{- else if $nativeSidecar }} + {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} + lifecycle: + preStop: + exec: + command: + - pilot-agent + - request + - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} + - POST + - drain + {{- end }} + env: + {{- if eq .InboundTrafficPolicyMode "localhost" }} + - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION + value: "true" + {{- end }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- if .CompliancePolicy }} + - name: COMPLIANCE_POLICY + value: "{{ .CompliancePolicy }}" + {{- end }} + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ . }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + {{ if .Values.global.proxy.startupProbe.enabled }} + startupProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: 0 + periodSeconds: 1 + timeoutSeconds: 3 + failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} + {{ end }} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + {{ end -}} + securityContext: + {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} + allowPrivilegeEscalation: true + capabilities: + add: + - NET_ADMIN + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: {{ .ProxyGID | default "1337" }} + runAsNonRoot: false + runAsUser: 0 + {{- else }} + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + capabilities: + {{ if or $tproxy $capNetBindService -}} + add: + {{ if $tproxy -}} + - NET_ADMIN + {{- end }} + {{ if $capNetBindService -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} + drop: + - ALL + privileged: {{ .Values.global.proxy.privileged }} + readOnlyRootFilesystem: true + {{ if or $tproxy $capNetBindService -}} + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 1337 + {{- else -}} + runAsNonRoot: true + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + {{- end }} + {{- end }} + {{- if .Values.global.proxy.seccompProfile }} + seccompProfile: + {{- toYaml .Values.global.proxy.seccompProfile | nindent 8 }} + {{- end }} + resources: + {{ template "resources" . }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/run/secrets/istio/crl + name: istio-ca-crl + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} + - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} + name: lightstep-certs + readOnly: true + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 6 }} + {{ end }} + {{- end }} + volumes: + - emptyDir: + name: workload-socket + - emptyDir: + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else }} + - emptyDir: + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + - name: istio-ca-crl + configMap: + name: istio-ca-crl + optional: true + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{ end }} + {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} + - name: lightstep-certs + secret: + optional: true + secretName: lightstep.cacert + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.28.4/charts/istiod/files/kube-gateway.yaml b/resources/v1.28.4/charts/istiod/files/kube-gateway.yaml new file mode 100644 index 0000000000..8a34ea8a8c --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/kube-gateway.yaml @@ -0,0 +1,407 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{.ServiceAccount | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + {{- if ge .KubeVersion 128 }} + # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" + {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + "gateway.istio.io/managed" "istio.io-gateway-controller" + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + "{{.GatewayNameLabel}}": {{.Name}} + template: + metadata: + annotations: + {{- toJsonMap + (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") + (strdict "istio.io/rev" (.Revision | default "default")) + (strdict + "prometheus.io/path" "/stats/prometheus" + "prometheus.io/port" "15020" + "prometheus.io/scrape" "true" + ) | nindent 8 }} + labels: + {{- toJsonMap + (strdict + "sidecar.istio.io/inject" "false" + "service.istio.io/canonical-name" .DeploymentName + "service.istio.io/canonical-revision" "latest" + ) + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + "gateway.istio.io/managed" "istio.io-gateway-controller" + ) | nindent 8 }} + spec: + securityContext: + {{- if .Values.gateways.securityContext }} + {{- toYaml .Values.gateways.securityContext | nindent 8 }} + {{- else }} + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- if .Values.gateways.seccompProfile }} + seccompProfile: + {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} + {{- end }} + {{- end }} + serviceAccountName: {{.ServiceAccount | quote}} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{- if .Values.global.proxy.resources }} + resources: + {{- toYaml .Values.global.proxy.resources | nindent 10 }} + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + securityContext: + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + runAsNonRoot: true + ports: + - containerPort: 15020 + name: metrics + protocol: TCP + - containerPort: 15021 + name: status-port + protocol: TCP + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} + - --proxyComponentLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} + - --log_output_level + - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} + {{- end }} + env: + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: "[]" + - name: ISTIO_META_APP_CONTAINERS + value: "" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ .ProxyConfig.InterceptionMode.String }}" + {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} + - name: ISTIO_META_NETWORK + value: {{.|quote}} + {{- end }} + - name: ISTIO_META_WORKLOAD_NAME + value: {{.DeploymentName|quote}} + - name: ISTIO_META_OWNER + value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- with (index .InfrastructureLabels "topology.istio.io/network") }} + - name: ISTIO_META_REQUESTED_NETWORK_VIEW + value: {{.|quote}} + {{- end }} + startupProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 4 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + - name: istio-podinfo + mountPath: /etc/istio/pod + volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: {} + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else}} + - emptyDir: {} + name: workload-certs + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: {{.UID}} +spec: + ipFamilyPolicy: PreferDualStack + ports: + {{- range $key, $val := .Ports }} + - name: {{ $val.Name | quote }} + port: {{ $val.Port }} + protocol: TCP + appProtocol: {{ $val.AppProtocol }} + {{- end }} + selector: + "{{.GatewayNameLabel}}": {{.Name}} + {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} + loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} + {{- end }} + type: {{ .ServiceType | quote }} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{.DeploymentName | quote}} + maxReplicas: 1 +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + gateway.networking.k8s.io/gateway-name: {{.Name|quote}} + diff --git a/resources/v1.28.4/charts/istiod/files/profile-ambient.yaml b/resources/v1.28.4/charts/istiod/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..d04117bfc0 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..8fe80112bf --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 0000000000..209157cccf --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/istiod/files/profile-demo.yaml b/resources/v1.28.4/charts/istiod/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.28.4/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.28.4/charts/istiod/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.28.4/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.28.4/charts/istiod/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.28.4/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.28.4/charts/istiod/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.28.4/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.28.4/charts/istiod/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.28.4/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.28.4/charts/istiod/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.28.4/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.28.4/charts/istiod/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.28.4/charts/istiod/files/profile-preview.yaml b/resources/v1.28.4/charts/istiod/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.28.4/charts/istiod/files/profile-remote.yaml b/resources/v1.28.4/charts/istiod/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.28.4/charts/istiod/files/profile-stable.yaml b/resources/v1.28.4/charts/istiod/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.28.4/charts/istiod/files/waypoint.yaml b/resources/v1.28.4/charts/istiod/files/waypoint.yaml new file mode 100644 index 0000000000..7feed59a36 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/files/waypoint.yaml @@ -0,0 +1,405 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{.ServiceAccount | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + {{- if ge .KubeVersion 128 }} + # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" + {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + "gateway.istio.io/managed" .ControllerLabel + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" +spec: + selector: + matchLabels: + "{{.GatewayNameLabel}}": "{{.Name}}" + template: + metadata: + annotations: + {{- toJsonMap + (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") + (strdict "istio.io/rev" (.Revision | default "default")) + (strdict + "prometheus.io/path" "/stats/prometheus" + "prometheus.io/port" "15020" + "prometheus.io/scrape" "true" + ) | nindent 8 }} + labels: + {{- toJsonMap + (strdict + "sidecar.istio.io/inject" "false" + "istio.io/dataplane-mode" "none" + "service.istio.io/canonical-name" .DeploymentName + "service.istio.io/canonical-revision" "latest" + ) + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + "gateway.istio.io/managed" .ControllerLabel + ) | nindent 8}} + spec: + {{- if .Values.global.waypoint.affinity }} + affinity: + {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.nodeSelector }} + nodeSelector: + {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.tolerations }} + tolerations: + {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} + {{- end }} + serviceAccountName: {{.ServiceAccount | quote}} + containers: + - name: istio-proxy + ports: + - containerPort: 15020 + name: metrics + protocol: TCP + - containerPort: 15021 + name: status-port + protocol: TCP + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + args: + - proxy + - waypoint + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --serviceCluster + - {{.ServiceAccount}}.$(POD_NAMESPACE) + - --proxyLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} + - --proxyComponentLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} + - --log_output_level + - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.outlierLogPath }} + - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} + {{- end}} + env: + - name: ISTIO_META_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + {{- if .ProxyConfig.ProxyMetadata }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} + {{- if $network }} + - name: ISTIO_META_NETWORK + value: "{{ $network }}" + {{- if eq .ControllerLabel "istio.io-eastwest-controller" }} + - name: ISTIO_META_REQUESTED_NETWORK_VIEW + value: "{{ $network }}" + {{- end }} + {{- end }} + - name: ISTIO_META_INTERCEPTION_MODE + value: REDIRECT + - name: ISTIO_META_WORKLOAD_NAME + value: {{.DeploymentName}} + - name: ISTIO_META_OWNER + value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- if .Values.global.waypoint.resources }} + resources: + {{- toYaml .Values.global.waypoint.resources | nindent 10 }} + {{- end }} + startupProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 4 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + privileged: false + {{- if not (eq .Values.global.platform "openshift") }} + runAsGroup: 1337 + runAsUser: 1337 + {{- end }} + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +{{- if .Values.gateways.seccompProfile }} + seccompProfile: +{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} +{{- end }} + volumeMounts: + - mountPath: /var/run/secrets/workload-spiffe-uds + name: workload-socket + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/lib/istio/data + name: istio-data + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /etc/istio/pod + name: istio-podinfo + volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: + medium: Memory + name: istio-envoy + - emptyDir: + medium: Memory + name: go-proxy-envoy + - emptyDir: {} + name: istio-data + - emptyDir: {} + name: go-proxy-data + - downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + - fieldRef: + fieldPath: metadata.annotations + path: annotations + name: istio-podinfo + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + {{ toJsonMap + (strdict "networking.istio.io/traffic-distribution" "PreferClose") + (omit .InfrastructureAnnotations + "kubectl.kubernetes.io/last-applied-configuration" + "gateway.istio.io/name-override" + "gateway.istio.io/service-account" + "gateway.istio.io/controller-version" + ) | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" +spec: + ipFamilyPolicy: PreferDualStack + ports: + {{- range $key, $val := .Ports }} + - name: {{ $val.Name | quote }} + port: {{ $val.Port }} + protocol: TCP + appProtocol: {{ $val.AppProtocol }} + {{- end }} + selector: + "{{.GatewayNameLabel}}": "{{.Name}}" + {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} + loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} + {{- end }} + type: {{ .ServiceType | quote }} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{.DeploymentName | quote}} + maxReplicas: 1 +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + gateway.networking.k8s.io/gateway-name: {{.Name|quote}} + diff --git a/resources/v1.28.4/charts/istiod/templates/NOTES.txt b/resources/v1.28.4/charts/istiod/templates/NOTES.txt new file mode 100644 index 0000000000..0d07ea7f4c --- /dev/null +++ b/resources/v1.28.4/charts/istiod/templates/NOTES.txt @@ -0,0 +1,82 @@ +"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} + +Next steps: +{{- $profile := default "" .Values.profile }} +{{- if (eq $profile "ambient") }} + * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ + * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ +{{- else }} + * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ + * Try out our tasks to get started on common configurations: + * https://istio.io/latest/docs/tasks/traffic-management + * https://istio.io/latest/docs/tasks/security/ + * https://istio.io/latest/docs/tasks/policy-enforcement/ +{{- end }} + * Review the list of actively supported releases, CVE publications and our hardening guide: + * https://istio.io/latest/docs/releases/supported-releases/ + * https://istio.io/latest/news/security/ + * https://istio.io/latest/docs/ops/best-practices/security/ + +For further documentation see https://istio.io website + +{{- + $deps := dict + "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" + "global.certificates" "meshConfig.certificates" + "global.localityLbSetting" "meshConfig.localityLbSetting" + "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" + "global.enableTracing" "meshConfig.enableTracing" + "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" + "global.proxy.accessLogFile" "meshConfig.accessLogFile" + "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" + "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" + "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" + "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" + "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" + "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" + "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" + "global.mtls.enabled" "the PeerAuthentication resource" + "global.mtls.auto" "meshConfig.enableAutoMtls" + "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" + "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" + "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" + "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" + "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" + "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" +}} +{{- range $dep, $replace := $deps }} +{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} +{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} +{{- if not (eq $res "")}} +WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. +{{- end }} +{{- end }} +{{- + $failDeps := dict + "telemetry.v2.prometheus.configOverride" + "telemetry.v2.stackdriver.configOverride" + "telemetry.v2.stackdriver.disableOutbound" + "telemetry.v2.stackdriver.outboundAccessLogging" + "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" + "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" + "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" + "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" + "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" +}} +{{- range $dep, $replace := $failDeps }} +{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} +{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} +{{- if not (eq $res "")}} +{{fail (print $dep " is removed")}} +{{- end }} +{{- end }} +{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} +{{- fail "pilotCertProvider=kubernetes is not supported" }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.28.4/charts/istiod/templates/_helpers.tpl b/resources/v1.28.4/charts/istiod/templates/_helpers.tpl new file mode 100644 index 0000000000..042c92538d --- /dev/null +++ b/resources/v1.28.4/charts/istiod/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} +{{ define "default-prometheus" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled +}} +{{- end }} + +{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} +{{ define "default-sd-metrics" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled +}} +{{- end }} + +{{/* SD has metrics and logging split. */}} +{{ define "default-sd-logs" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled +}} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/autoscale.yaml b/resources/v1.28.4/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/autoscale.yaml rename to resources/v1.28.4/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/clusterrole.yaml b/resources/v1.28.4/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/clusterrole.yaml rename to resources/v1.28.4/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.28.4/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.28.4/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.28.4/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.28.4/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap-values.yaml b/resources/v1.28.4/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap-values.yaml rename to resources/v1.28.4/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap.yaml b/resources/v1.28.4/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/configmap.yaml rename to resources/v1.28.4/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.28.4/charts/istiod/templates/deployment.yaml b/resources/v1.28.4/charts/istiod/templates/deployment.yaml new file mode 100644 index 0000000000..15107e745c --- /dev/null +++ b/resources/v1.28.4/charts/istiod/templates/deployment.yaml @@ -0,0 +1,314 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + istio: pilot + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +{{- range $key, $val := .Values.deploymentLabels }} + {{ $key }}: "{{ $val }}" +{{- end }} + {{- if .Values.deploymentAnnotations }} + annotations: +{{ toYaml .Values.deploymentAnnotations | indent 4 }} + {{- end }} +spec: +{{- if not .Values.autoscaleEnabled }} +{{- if .Values.replicaCount }} + replicas: {{ .Values.replicaCount }} +{{- end }} +{{- end }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.rollingMaxSurge }} + maxUnavailable: {{ .Values.rollingMaxUnavailable }} + selector: + matchLabels: + {{- if ne .Values.revision "" }} + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + {{- else }} + istio: pilot + {{- end }} + template: + metadata: + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + sidecar.istio.io/inject: "false" + operator.istio.io/component: "Pilot" + {{- if ne .Values.revision "" }} + istio: istiod + {{- else }} + istio: pilot + {{- end }} + {{- range $key, $val := .Values.podLabels }} + {{ $key }}: "{{ $val }}" + {{- end }} + istio.io/dataplane-mode: none + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 8 }} + annotations: + prometheus.io/port: "15014" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.affinity }} + affinity: +{{- toYaml . | nindent 8 }} +{{- end }} + tolerations: + - key: cni.istio.io/not-ready + operator: "Exists" +{{- with .Values.tolerations }} +{{- toYaml . | nindent 8 }} +{{- end }} +{{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: +{{- toYaml . | nindent 8 }} +{{- end }} + serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} +{{- if .Values.global.priorityClassName }} + priorityClassName: "{{ .Values.global.priorityClassName }}" +{{- end }} +{{- with .Values.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 8 }} +{{- end }} + containers: + - name: discovery +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" +{{- end }} +{{- if .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.global.imagePullPolicy }} +{{- end }} + args: + - "discovery" + - --monitoringAddr=:15014 +{{- if .Values.global.logging.level }} + - --log_output_level={{ .Values.global.logging.level }} +{{- end}} +{{- if .Values.global.logAsJson }} + - --log_as_json +{{- end }} + - --domain + - {{ .Values.global.proxy.clusterDomain }} +{{- if .Values.taint.namespace }} + - --cniNamespace={{ .Values.taint.namespace }} +{{- end }} + - --keepaliveMaxServerConnectionAge + - "{{ .Values.keepaliveMaxServerConnectionAge }}" +{{- if .Values.extraContainerArgs }} + {{- with .Values.extraContainerArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} +{{- end }} + ports: + - containerPort: 8080 + protocol: TCP + name: http-debug + - containerPort: 15010 + protocol: TCP + name: grpc-xds + - containerPort: 15012 + protocol: TCP + name: tls-xds + - containerPort: 15017 + protocol: TCP + name: https-webhooks + - containerPort: 15014 + protocol: TCP + name: http-monitoring + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 1 + periodSeconds: 3 + timeoutSeconds: 5 + env: + - name: REVISION + value: "{{ .Values.revision | default `default` }}" + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.serviceAccountName + - name: KUBECONFIG + value: /var/run/secrets/remote/config + # If you explicitly told us where ztunnel lives, use that. + # Otherwise, assume it lives in our namespace + # Also, check for an explicit ENV override (legacy approach) and prefer that + # if present + {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} + {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} + {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} + - name: CA_TRUSTED_NODE_ACCOUNTS + value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" + {{- end }} + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + {{- with .Values.envVarFrom }} + {{- toYaml . | nindent 10 }} + {{- end }} +{{- if .Values.traceSampling }} + - name: PILOT_TRACE_SAMPLING + value: "{{ .Values.traceSampling }}" +{{- end }} +# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then +# don't set it here to avoid duplication. +# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 +{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} + - name: EXTERNAL_ISTIOD + value: "{{ .Values.global.externalIstiod }}" +{{- end }} +{{- if .Values.global.trustBundleName }} + - name: PILOT_CA_CERT_CONFIGMAP + value: "{{ .Values.global.trustBundleName }}" +{{- end }} + - name: PILOT_ENABLE_ANALYSIS + value: "{{ .Values.global.istiod.enableAnalysis }}" + - name: CLUSTER_ID + value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: "1" + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: "1" + - name: PLATFORM + value: "{{ coalesce .Values.global.platform .Values.platform }}" + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | trim | indent 12 }} +{{- end }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +{{- if .Values.seccompProfile }} + seccompProfile: +{{ toYaml .Values.seccompProfile | trim | indent 14 }} +{{- end }} + volumeMounts: + - name: istio-token + mountPath: /var/run/secrets/tokens + readOnly: true + - name: local-certs + mountPath: /var/run/secrets/istio-dns + - name: cacerts + mountPath: /etc/cacerts + readOnly: true + - name: istio-kubeconfig + mountPath: /var/run/secrets/remote + readOnly: true + {{- if .Values.jwksResolverExtraRootCA }} + - name: extracacerts + mountPath: /cacerts + {{- end }} + - name: istio-csr-dns-cert + mountPath: /var/run/secrets/istiod/tls + readOnly: true + - name: istio-csr-ca-configmap + mountPath: /var/run/secrets/istiod/ca + readOnly: true + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + volumes: + # Technically not needed on this pod - but it helps debugging/testing SDS + # Should be removed after everything works. + - emptyDir: + medium: Memory + name: local-certs + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: {{ .Values.global.sds.token.aud }} + expirationSeconds: 43200 + path: istio-token + # Optional: user-generated root + - name: cacerts + secret: + secretName: cacerts + optional: true + - name: istio-kubeconfig + secret: + secretName: istio-kubeconfig + optional: true + # Optional: istio-csr dns pilot certs + - name: istio-csr-dns-cert + secret: + secretName: istiod-tls + optional: true + - name: istio-csr-ca-configmap + {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + optional: true + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + defaultMode: 420 + optional: true + {{- end }} + {{- if .Values.jwksResolverExtraRootCA }} + - name: extracacerts + configMap: + name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + {{- end }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + +--- +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.28.4/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.28.4/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.28.4/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.28.4/charts/istiod/templates/istiod-injector-configmap.yaml new file mode 100644 index 0000000000..a5a6cf9ae8 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/templates/istiod-injector-configmap.yaml @@ -0,0 +1,83 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if not .Values.global.omitSidecarInjectorConfigMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: +{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} + values: |- +{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} +{{ $pilotVals := pick .Values "cni" "env" -}} +{{ $vals = set $vals "pilot" $pilotVals -}} +{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} +{{ $vals = set $vals "gateways" $gatewayVals -}} +{{ $vals | toPrettyJson | indent 4 }} + + # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching + # and istiod webhook functionality. + # + # New fields should not use Values - it is a 'primary' config object, users should be able + # to fine tune it or use it with kube-inject. + config: |- + # defaultTemplates defines the default template to use for pods that do not explicitly specify a template + {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} + defaultTemplates: +{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} + - {{ . }} +{{- end }} + {{- else }} + defaultTemplates: [sidecar] + {{- end }} + policy: {{ .Values.global.proxy.autoInject }} + alwaysInjectSelector: +{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} + neverInjectSelector: +{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} + injectedAnnotations: + {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} + "{{ $key }}": {{ $val | quote }} + {{- end }} + {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template + which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". + This should make it obvious that their installation is broken. + */}} + template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} + templates: +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} + sidecar: | +{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} + gateway: | +{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} + grpc-simple: | +{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} + grpc-agent: | +{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} + waypoint: | +{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} + kube-gateway: | +{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} +{{- end }} +{{- with .Values.sidecarInjectorWebhook.templates }} +{{ toYaml . | trim | indent 6 }} +{{- end }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.28.4/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.28.4/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/networkpolicy.yaml b/resources/v1.28.4/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.28.4/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.28.4/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.28.4/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.28.4/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.28.4/charts/istiod/templates/reader-clusterrole.yaml new file mode 100644 index 0000000000..e0b0ff42a4 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/templates/reader-clusterrole.yaml @@ -0,0 +1,65 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: + - "config.istio.io" + - "security.istio.io" + - "networking.istio.io" + - "authentication.istio.io" + - "rbac.istio.io" + - "telemetry.istio.io" + - "extensions.istio.io" + resources: ["*"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list" ] + resources: [ "workloadentries" ] + - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] + resources: ["gateways"] + verbs: ["get", "watch", "list"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceexports"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceimports"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +{{- if .Values.istiodRemote.enabled }} + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] +{{- end}} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.28.4/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.28.4/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.28.4/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.28.4/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.28.4/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.28.4/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.28.4/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.28.4/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.28.4/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.28.4/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/role.yaml b/resources/v1.28.4/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/role.yaml rename to resources/v1.28.4/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/rolebinding.yaml b/resources/v1.28.4/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/rolebinding.yaml rename to resources/v1.28.4/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/service.yaml b/resources/v1.28.4/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/service.yaml rename to resources/v1.28.4/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/serviceaccount.yaml b/resources/v1.28.4/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.28.4/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.28.4/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.28.4/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.28.4/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.28.4/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.28.4/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.28.4/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.28.4/charts/istiod/templates/zzz_profile.yaml b/resources/v1.28.4/charts/istiod/templates/zzz_profile.yaml new file mode 100644 index 0000000000..3d84956485 --- /dev/null +++ b/resources/v1.28.4/charts/istiod/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.28.4/charts/istiod/values.yaml b/resources/v1.28.4/charts/istiod/values.yaml new file mode 100644 index 0000000000..691fd7d7ae --- /dev/null +++ b/resources/v1.28.4/charts/istiod/values.yaml @@ -0,0 +1,583 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + autoscaleEnabled: true + autoscaleMin: 1 + autoscaleMax: 5 + autoscaleBehavior: {} + replicaCount: 1 + rollingMaxSurge: 100% + rollingMaxUnavailable: 25% + + hub: "" + tag: "" + variant: "" + + # Can be a full hub/image:tag + image: pilot + traceSampling: 1.0 + + # Resources for a small pilot install + resources: + requests: + cpu: 500m + memory: 2048Mi + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # Whether to use an existing CNI installation + cni: + enabled: false + provider: default + + # Additional container arguments + extraContainerArgs: [] + + env: {} + + envVarFrom: [] + + # Settings related to the untaint controller + # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready + # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes + taint: + # Controls whether or not the untaint controller is active + enabled: false + # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod + namespace: "" + + affinity: {} + + tolerations: [] + + cpu: + targetAverageUtilization: 80 + memory: {} + # targetAverageUtilization: 80 + + # Additional volumeMounts to the istiod container + volumeMounts: [] + + # Additional volumes to the istiod pod + volumes: [] + + # Inject initContainers into the istiod pod + initContainers: [] + + nodeSelector: {} + podAnnotations: {} + serviceAnnotations: {} + serviceAccountAnnotations: {} + sidecarInjectorWebhookAnnotations: {} + + topologySpreadConstraints: [] + + # You can use jwksResolverExtraRootCA to provide a root certificate + # in PEM format. This will then be trusted by pilot when resolving + # JWKS URIs. + jwksResolverExtraRootCA: "" + + # The following is used to limit how long a sidecar can be connected + # to a pilot. It balances out load across pilot instances at the cost of + # increasing system churn. + keepaliveMaxServerConnectionAge: 30m + + # Additional labels to apply to the deployment. + deploymentLabels: {} + + # Annotations to apply to the istiod deployment. + deploymentAnnotations: {} + + ## Mesh config settings + + # Install the mesh config map, generated from values.yaml. + # If false, pilot wil use default values (by default) or user-supplied values. + configMap: true + + # Additional labels to apply on the pod level for monitoring and logging configuration. + podLabels: {} + + # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: "" + ipFamilies: [] + + # Ambient mode only. + # Set this if you install ztunnel to a different namespace from `istiod`. + # If set, `istiod` will allow connections from trusted node proxy ztunnels + # in the provided namespace. + # If unset, `istiod` will assume the trusted node proxy ztunnel resides + # in the same namespace as itself. + trustedZtunnelNamespace: "" + # Set this if you install ztunnel with a name different from the default. + trustedZtunnelName: "" + + sidecarInjectorWebhook: + # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or + # always skip the injection on pods that match that label selector, regardless of the global policy. + # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + neverInjectSelector: [] + alwaysInjectSelector: [] + + # injectedAnnotations are additional annotations that will be added to the pod spec after injection + # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: + # + # annotations: + # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default + # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default + # + # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before + # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: + # injectedAnnotations: + # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default + # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default + injectedAnnotations: {} + + # This enables injection of sidecar in all namespaces, + # with the exception of namespaces with "istio-injection:disabled" annotation + # Only one environment should have this enabled. + enableNamespacesByDefault: false + + # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run + # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. + # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. + reinvocationPolicy: Never + + rewriteAppHTTPProbe: true + + # Templates defines a set of custom injection templates that can be used. For example, defining: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod + # being injected with the hello=world labels. + # This is intended for advanced configuration only; most users should use the built in template + templates: {} + + # Default templates specifies a set of default templates that are used in sidecar injection. + # By default, a template `sidecar` is always provided, which contains the template of default sidecar. + # To inject other additional templates, define it using the `templates` option, and add it to + # the default templates list. + # For example: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # defaultTemplates: ["sidecar", "hello"] + defaultTemplates: [] + istiodRemote: + # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, + # and istiod itself will NOT be installed in this cluster - only the support resources necessary + # to utilize a remote instance. + enabled: false + + # If `true`, indicates that this cluster/install should consume a "local istiod" installation, + # local istiod inject sidecars + enabledLocalInjectorIstiod: false + + # Sidecar injector mutating webhook configuration clientConfig.url value. + # For example: https://$remotePilotAddress:15017/inject + # The host should not refer to a service running in the cluster; use a service reference by specifying + # the clientConfig.service field instead. + injectionURL: "" + + # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. + # Override to pass env variables, for example: /inject/cluster/remote/net/network2 + injectionPath: "/inject" + + injectionCABundle: "" + telemetry: + enabled: true + v2: + # For Null VM case now. + # This also enables metadata exchange. + enabled: true + # Indicate if prometheus stats filter is enabled or not + prometheus: + enabled: true + # stackdriver filter settings. + stackdriver: + enabled: false + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # Revision tags are aliases to Istio control plane revisions + revisionTags: [] + + # For Helm compatibility. + ownerName: "" + + # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior + # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options + meshConfig: + enablePrometheusMerge: true + + experimental: + stableValidationPolicy: false + + global: + # Used to locate istiod. + istioNamespace: istio-system + # List of cert-signers to allow "approve" action in the istio cluster role + # + # certSigners: + # - clusterissuers.cert-manager.io/istio-ca + certSigners: [] + # enable pod disruption budget for the control plane, which is used to + # ensure Istio control plane components are gradually upgraded or recovered. + defaultPodDisruptionBudget: + enabled: true + # The values aren't mutable due to a current PodDisruptionBudget limitation + # minAvailable: 1 + + # A minimal set of requested resources to applied to all deployments so that + # Horizontal Pod Autoscaler will be able to function (if set). + # Each component can overwrite these default values by adding its own resources + # block in the relevant section below and setting the desired resources values. + defaultResources: + requests: + cpu: 10m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + # Default tag for Istio images. + tag: 1.28.4 + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Enabled by default in master for maximising testing. + istiod: + enableAnalysis: false + + # To output all istio components logs in json format by adding --log_as_json argument to each container argument + logAsJson: false + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + # The control plane has different scopes depending on component, but can configure default log level across all components + # If empty, default scope and level will be used as configured in code + logging: + level: "default:info" + + # When enabled, default NetworkPolicy resources will be created + networkPolicy: + enabled: false + + omitSidecarInjectorConfigMap: false + + # resourceScope controls what resources will be processed by helm. + # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator. + # It can be one of: + # - all: all resources are processed + # - cluster: only cluster-scoped resources are processed + # - namespace: only namespace-scoped resources are processed + resourceScope: all + + # Configure whether Operator manages webhook configurations. The current behavior + # of Istiod is to manage its own webhook configurations. + # When this option is set as true, Istio Operator, instead of webhooks, manages the + # webhook configurations. When this option is set as false, webhooks manage their + # own webhook configurations. + operatorManageWebhooks: false + + # Custom DNS config for the pod to resolve names of services in other + # clusters. Use this to add additional search domains, and other settings. + # see + # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + # This does not apply to gateway pods as they typically need a different + # set of DNS settings than the normal application pods (e.g., in + # multicluster scenarios). + # NOTE: If using templates, follow the pattern in the commented example below. + #podDNSSearchNamespaces: + #- global + #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" + + # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and + # system-node-critical, it is better to configure this in order to make sure your Istio pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + proxy: + image: proxyv2 + + # This controls the 'policy' in the sidecar injector. + autoInject: enabled + + # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value + # cluster domain. Default value is "cluster.local". + clusterDomain: "cluster.local" + + # Per Component log level for proxy, applies to gateways and sidecars. If a component level is + # not set, then the global "logLevel" will be used. + componentLogLevel: "misc:error" + + # istio ingress capture allowlist + # examples: + # Redirect only selected ports: --includeInboundPorts="80,8080" + excludeInboundPorts: "" + includeInboundPorts: "*" + + # istio egress capture allowlist + # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly + # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" + # would only capture egress traffic on those two IP Ranges, all other outbound traffic would + # be allowed by the sidecar + includeIPRanges: "*" + excludeIPRanges: "" + includeOutboundPorts: "" + excludeOutboundPorts: "" + + # Log level for proxy, applies to gateways and sidecars. + # Expected values are: trace|debug|info|warning|error|critical|off + logLevel: warning + + # Specify the path to the outlier event log. + # Example: /dev/stdout + outlierLogPath: "" + + #If set to true, istio-proxy container will have privileged securityContext + privileged: false + + seccompProfile: {} + + # The number of successive failed probes before indicating readiness failure. + readinessFailureThreshold: 4 + + # The initial delay for readiness probes in seconds. + readinessInitialDelaySeconds: 0 + + # The period between readiness probes. + readinessPeriodSeconds: 15 + + # Enables or disables a startup probe. + # For optimal startup times, changing this should be tied to the readiness probe values. + # + # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + # and doesn't spam the readiness endpoint too much + # + # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + startupProbe: + enabled: true + failureThreshold: 600 # 10 minutes + + # Resources for the sidecar. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + # Default port for Pilot agent health checks. A value of 0 will disable health checking. + statusPort: 15020 + + # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. + # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + tracer: "none" + + proxy_init: + # Base name for the proxy_init container, used to configure iptables. + image: proxyv2 + # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. + # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. + forceApplyIptables: false + + # configure remote pilot and istiod service and endpoint + remotePilotAddress: "" + + ############################################################################################## + # The following values are found in other charts. To effectively modify these values, make # + # make sure they are consistent across your Istio helm charts # + ############################################################################################## + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + # If not set explicitly, default to the Istio discovery address. + caAddress: "" + + # Enable control of remote clusters. + externalIstiod: false + + # Configure a remote cluster as the config cluster for an external istiod. + configCluster: false + + # configValidation enables the validation webhook for Istio configuration. + configValidation: true + + # Mesh ID means Mesh Identifier. It should be unique within the scope where + # meshes will interact with each other, but it is not required to be + # globally/universally unique. For example, if any of the following are true, + # then two meshes must have different Mesh IDs: + # - Meshes will have their telemetry aggregated in one place + # - Meshes will be federated together + # - Policy will be written referencing one mesh from the other + # + # If an administrator expects that any of these conditions may become true in + # the future, they should ensure their meshes have different Mesh IDs + # assigned. + # + # Within a multicluster mesh, each cluster must be (manually or auto) + # configured to have the same Mesh ID value. If an existing cluster 'joins' a + # multicluster mesh, it will need to be migrated to the new mesh ID. Details + # of migration TBD, and it may be a disruptive operation to change the Mesh + # ID post-install. + # + # If the mesh admin does not specify a value, Istio will use the value of the + # mesh's Trust Domain. The best practice is to select a proper Trust Domain + # value. + meshID: "" + + # Configure the mesh networks to be used by the Split Horizon EDS. + # + # The following example defines two networks with different endpoints association methods. + # For `network1` all endpoints that their IP belongs to the provided CIDR range will be + # mapped to network1. The gateway for this network example is specified by its public IP + # address and port. + # The second network, `network2`, in this example is defined differently with all endpoints + # retrieved through the specified Multi-Cluster registry being mapped to network2. The + # gateway is also defined differently with the name of the gateway service on the remote + # cluster. The public IP for the gateway will be determined from that remote service (only + # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, + # it still need to be configured manually). + # + # meshNetworks: + # network1: + # endpoints: + # - fromCidr: "192.168.0.1/24" + # gateways: + # - address: 1.1.1.1 + # port: 80 + # network2: + # endpoints: + # - fromRegistry: reg1 + # gateways: + # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local + # port: 443 + # + meshNetworks: {} + + # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. + mountMtlsCerts: false + + multiCluster: + # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection + # to properly label proxies + clusterName: "" + + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # Configure the certificate provider for control plane communication. + # Currently, two providers are supported: "kubernetes" and "istiod". + # As some platforms may not have kubernetes signing APIs, + # Istiod is the default + pilotCertProvider: istiod + + sds: + # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. + # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the + # JWT is intended for the CA. + token: + aud: istio-ca + + sts: + # The service port used by Security Token Service (STS) server to handle token exchange requests. + # Setting this port to a non-zero value enables STS server. + servicePort: 0 + + # The name of the CA for workload certificates. + # For example, when caName=GkeWorkloadCertificate, GKE workload certificates + # will be used as the certificates for workloads. + # The default value is "" and when caName="", the CA will be configured by other + # mechanisms (e.g., environmental variable CA_PROVIDER). + caName: "" + + waypoint: + # Resources for the waypoint proxy. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "2" + memory: 1Gi + + # If specified, affinity defines the scheduling constraints of waypoint pods. + affinity: {} + + # Topology Spread Constraints for the waypoint proxy. + topologySpreadConstraints: [] + + # Node labels for the waypoint proxy. + nodeSelector: {} + + # Tolerations for the waypoint proxy. + tolerations: [] + + base: + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + # Gateway Settings + gateways: + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + + # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it + seccompProfile: {} + + # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. + # For example: + # gatewayClasses: + # istio: + # service: + # spec: + # type: ClusterIP + # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. + gatewayClasses: {} + + pdb: + # -- Minimum available pods set in PodDisruptionBudget. + # Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. + # maxUnavailable: 1 + # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget. + # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ + unhealthyPodEvictionPolicy: "" diff --git a/resources/v1.28.4/charts/revisiontags/Chart.yaml b/resources/v1.28.4/charts/revisiontags/Chart.yaml new file mode 100644 index 0000000000..fd5d2d5dd6 --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +appVersion: 1.28.4 +description: Helm chart for istio revision tags +name: revisiontags +sources: +- https://github.com/istio-ecosystem/sail-operator +version: 0.1.0 + diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..d04117bfc0 --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..8fe80112bf --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 0000000000..209157cccf --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-demo.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-preview.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-remote.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.28.4/charts/revisiontags/files/profile-stable.yaml b/resources/v1.28.4/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.28.4/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.28.4/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.28.4/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.28.4/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.28.4/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.28.4/charts/revisiontags/templates/zzz_profile.yaml new file mode 100644 index 0000000000..3d84956485 --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.28.4/charts/revisiontags/values.yaml b/resources/v1.28.4/charts/revisiontags/values.yaml new file mode 100644 index 0000000000..691fd7d7ae --- /dev/null +++ b/resources/v1.28.4/charts/revisiontags/values.yaml @@ -0,0 +1,583 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + autoscaleEnabled: true + autoscaleMin: 1 + autoscaleMax: 5 + autoscaleBehavior: {} + replicaCount: 1 + rollingMaxSurge: 100% + rollingMaxUnavailable: 25% + + hub: "" + tag: "" + variant: "" + + # Can be a full hub/image:tag + image: pilot + traceSampling: 1.0 + + # Resources for a small pilot install + resources: + requests: + cpu: 500m + memory: 2048Mi + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # Whether to use an existing CNI installation + cni: + enabled: false + provider: default + + # Additional container arguments + extraContainerArgs: [] + + env: {} + + envVarFrom: [] + + # Settings related to the untaint controller + # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready + # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes + taint: + # Controls whether or not the untaint controller is active + enabled: false + # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod + namespace: "" + + affinity: {} + + tolerations: [] + + cpu: + targetAverageUtilization: 80 + memory: {} + # targetAverageUtilization: 80 + + # Additional volumeMounts to the istiod container + volumeMounts: [] + + # Additional volumes to the istiod pod + volumes: [] + + # Inject initContainers into the istiod pod + initContainers: [] + + nodeSelector: {} + podAnnotations: {} + serviceAnnotations: {} + serviceAccountAnnotations: {} + sidecarInjectorWebhookAnnotations: {} + + topologySpreadConstraints: [] + + # You can use jwksResolverExtraRootCA to provide a root certificate + # in PEM format. This will then be trusted by pilot when resolving + # JWKS URIs. + jwksResolverExtraRootCA: "" + + # The following is used to limit how long a sidecar can be connected + # to a pilot. It balances out load across pilot instances at the cost of + # increasing system churn. + keepaliveMaxServerConnectionAge: 30m + + # Additional labels to apply to the deployment. + deploymentLabels: {} + + # Annotations to apply to the istiod deployment. + deploymentAnnotations: {} + + ## Mesh config settings + + # Install the mesh config map, generated from values.yaml. + # If false, pilot wil use default values (by default) or user-supplied values. + configMap: true + + # Additional labels to apply on the pod level for monitoring and logging configuration. + podLabels: {} + + # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: "" + ipFamilies: [] + + # Ambient mode only. + # Set this if you install ztunnel to a different namespace from `istiod`. + # If set, `istiod` will allow connections from trusted node proxy ztunnels + # in the provided namespace. + # If unset, `istiod` will assume the trusted node proxy ztunnel resides + # in the same namespace as itself. + trustedZtunnelNamespace: "" + # Set this if you install ztunnel with a name different from the default. + trustedZtunnelName: "" + + sidecarInjectorWebhook: + # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or + # always skip the injection on pods that match that label selector, regardless of the global policy. + # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + neverInjectSelector: [] + alwaysInjectSelector: [] + + # injectedAnnotations are additional annotations that will be added to the pod spec after injection + # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: + # + # annotations: + # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default + # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default + # + # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before + # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: + # injectedAnnotations: + # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default + # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default + injectedAnnotations: {} + + # This enables injection of sidecar in all namespaces, + # with the exception of namespaces with "istio-injection:disabled" annotation + # Only one environment should have this enabled. + enableNamespacesByDefault: false + + # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run + # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. + # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. + reinvocationPolicy: Never + + rewriteAppHTTPProbe: true + + # Templates defines a set of custom injection templates that can be used. For example, defining: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod + # being injected with the hello=world labels. + # This is intended for advanced configuration only; most users should use the built in template + templates: {} + + # Default templates specifies a set of default templates that are used in sidecar injection. + # By default, a template `sidecar` is always provided, which contains the template of default sidecar. + # To inject other additional templates, define it using the `templates` option, and add it to + # the default templates list. + # For example: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # defaultTemplates: ["sidecar", "hello"] + defaultTemplates: [] + istiodRemote: + # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, + # and istiod itself will NOT be installed in this cluster - only the support resources necessary + # to utilize a remote instance. + enabled: false + + # If `true`, indicates that this cluster/install should consume a "local istiod" installation, + # local istiod inject sidecars + enabledLocalInjectorIstiod: false + + # Sidecar injector mutating webhook configuration clientConfig.url value. + # For example: https://$remotePilotAddress:15017/inject + # The host should not refer to a service running in the cluster; use a service reference by specifying + # the clientConfig.service field instead. + injectionURL: "" + + # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. + # Override to pass env variables, for example: /inject/cluster/remote/net/network2 + injectionPath: "/inject" + + injectionCABundle: "" + telemetry: + enabled: true + v2: + # For Null VM case now. + # This also enables metadata exchange. + enabled: true + # Indicate if prometheus stats filter is enabled or not + prometheus: + enabled: true + # stackdriver filter settings. + stackdriver: + enabled: false + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # Revision tags are aliases to Istio control plane revisions + revisionTags: [] + + # For Helm compatibility. + ownerName: "" + + # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior + # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options + meshConfig: + enablePrometheusMerge: true + + experimental: + stableValidationPolicy: false + + global: + # Used to locate istiod. + istioNamespace: istio-system + # List of cert-signers to allow "approve" action in the istio cluster role + # + # certSigners: + # - clusterissuers.cert-manager.io/istio-ca + certSigners: [] + # enable pod disruption budget for the control plane, which is used to + # ensure Istio control plane components are gradually upgraded or recovered. + defaultPodDisruptionBudget: + enabled: true + # The values aren't mutable due to a current PodDisruptionBudget limitation + # minAvailable: 1 + + # A minimal set of requested resources to applied to all deployments so that + # Horizontal Pod Autoscaler will be able to function (if set). + # Each component can overwrite these default values by adding its own resources + # block in the relevant section below and setting the desired resources values. + defaultResources: + requests: + cpu: 10m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + # Default tag for Istio images. + tag: 1.28.4 + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Enabled by default in master for maximising testing. + istiod: + enableAnalysis: false + + # To output all istio components logs in json format by adding --log_as_json argument to each container argument + logAsJson: false + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + # The control plane has different scopes depending on component, but can configure default log level across all components + # If empty, default scope and level will be used as configured in code + logging: + level: "default:info" + + # When enabled, default NetworkPolicy resources will be created + networkPolicy: + enabled: false + + omitSidecarInjectorConfigMap: false + + # resourceScope controls what resources will be processed by helm. + # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator. + # It can be one of: + # - all: all resources are processed + # - cluster: only cluster-scoped resources are processed + # - namespace: only namespace-scoped resources are processed + resourceScope: all + + # Configure whether Operator manages webhook configurations. The current behavior + # of Istiod is to manage its own webhook configurations. + # When this option is set as true, Istio Operator, instead of webhooks, manages the + # webhook configurations. When this option is set as false, webhooks manage their + # own webhook configurations. + operatorManageWebhooks: false + + # Custom DNS config for the pod to resolve names of services in other + # clusters. Use this to add additional search domains, and other settings. + # see + # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + # This does not apply to gateway pods as they typically need a different + # set of DNS settings than the normal application pods (e.g., in + # multicluster scenarios). + # NOTE: If using templates, follow the pattern in the commented example below. + #podDNSSearchNamespaces: + #- global + #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" + + # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and + # system-node-critical, it is better to configure this in order to make sure your Istio pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + proxy: + image: proxyv2 + + # This controls the 'policy' in the sidecar injector. + autoInject: enabled + + # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value + # cluster domain. Default value is "cluster.local". + clusterDomain: "cluster.local" + + # Per Component log level for proxy, applies to gateways and sidecars. If a component level is + # not set, then the global "logLevel" will be used. + componentLogLevel: "misc:error" + + # istio ingress capture allowlist + # examples: + # Redirect only selected ports: --includeInboundPorts="80,8080" + excludeInboundPorts: "" + includeInboundPorts: "*" + + # istio egress capture allowlist + # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly + # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" + # would only capture egress traffic on those two IP Ranges, all other outbound traffic would + # be allowed by the sidecar + includeIPRanges: "*" + excludeIPRanges: "" + includeOutboundPorts: "" + excludeOutboundPorts: "" + + # Log level for proxy, applies to gateways and sidecars. + # Expected values are: trace|debug|info|warning|error|critical|off + logLevel: warning + + # Specify the path to the outlier event log. + # Example: /dev/stdout + outlierLogPath: "" + + #If set to true, istio-proxy container will have privileged securityContext + privileged: false + + seccompProfile: {} + + # The number of successive failed probes before indicating readiness failure. + readinessFailureThreshold: 4 + + # The initial delay for readiness probes in seconds. + readinessInitialDelaySeconds: 0 + + # The period between readiness probes. + readinessPeriodSeconds: 15 + + # Enables or disables a startup probe. + # For optimal startup times, changing this should be tied to the readiness probe values. + # + # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + # and doesn't spam the readiness endpoint too much + # + # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + startupProbe: + enabled: true + failureThreshold: 600 # 10 minutes + + # Resources for the sidecar. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + # Default port for Pilot agent health checks. A value of 0 will disable health checking. + statusPort: 15020 + + # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. + # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + tracer: "none" + + proxy_init: + # Base name for the proxy_init container, used to configure iptables. + image: proxyv2 + # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. + # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. + forceApplyIptables: false + + # configure remote pilot and istiod service and endpoint + remotePilotAddress: "" + + ############################################################################################## + # The following values are found in other charts. To effectively modify these values, make # + # make sure they are consistent across your Istio helm charts # + ############################################################################################## + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + # If not set explicitly, default to the Istio discovery address. + caAddress: "" + + # Enable control of remote clusters. + externalIstiod: false + + # Configure a remote cluster as the config cluster for an external istiod. + configCluster: false + + # configValidation enables the validation webhook for Istio configuration. + configValidation: true + + # Mesh ID means Mesh Identifier. It should be unique within the scope where + # meshes will interact with each other, but it is not required to be + # globally/universally unique. For example, if any of the following are true, + # then two meshes must have different Mesh IDs: + # - Meshes will have their telemetry aggregated in one place + # - Meshes will be federated together + # - Policy will be written referencing one mesh from the other + # + # If an administrator expects that any of these conditions may become true in + # the future, they should ensure their meshes have different Mesh IDs + # assigned. + # + # Within a multicluster mesh, each cluster must be (manually or auto) + # configured to have the same Mesh ID value. If an existing cluster 'joins' a + # multicluster mesh, it will need to be migrated to the new mesh ID. Details + # of migration TBD, and it may be a disruptive operation to change the Mesh + # ID post-install. + # + # If the mesh admin does not specify a value, Istio will use the value of the + # mesh's Trust Domain. The best practice is to select a proper Trust Domain + # value. + meshID: "" + + # Configure the mesh networks to be used by the Split Horizon EDS. + # + # The following example defines two networks with different endpoints association methods. + # For `network1` all endpoints that their IP belongs to the provided CIDR range will be + # mapped to network1. The gateway for this network example is specified by its public IP + # address and port. + # The second network, `network2`, in this example is defined differently with all endpoints + # retrieved through the specified Multi-Cluster registry being mapped to network2. The + # gateway is also defined differently with the name of the gateway service on the remote + # cluster. The public IP for the gateway will be determined from that remote service (only + # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, + # it still need to be configured manually). + # + # meshNetworks: + # network1: + # endpoints: + # - fromCidr: "192.168.0.1/24" + # gateways: + # - address: 1.1.1.1 + # port: 80 + # network2: + # endpoints: + # - fromRegistry: reg1 + # gateways: + # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local + # port: 443 + # + meshNetworks: {} + + # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. + mountMtlsCerts: false + + multiCluster: + # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection + # to properly label proxies + clusterName: "" + + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # Configure the certificate provider for control plane communication. + # Currently, two providers are supported: "kubernetes" and "istiod". + # As some platforms may not have kubernetes signing APIs, + # Istiod is the default + pilotCertProvider: istiod + + sds: + # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. + # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the + # JWT is intended for the CA. + token: + aud: istio-ca + + sts: + # The service port used by Security Token Service (STS) server to handle token exchange requests. + # Setting this port to a non-zero value enables STS server. + servicePort: 0 + + # The name of the CA for workload certificates. + # For example, when caName=GkeWorkloadCertificate, GKE workload certificates + # will be used as the certificates for workloads. + # The default value is "" and when caName="", the CA will be configured by other + # mechanisms (e.g., environmental variable CA_PROVIDER). + caName: "" + + waypoint: + # Resources for the waypoint proxy. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "2" + memory: 1Gi + + # If specified, affinity defines the scheduling constraints of waypoint pods. + affinity: {} + + # Topology Spread Constraints for the waypoint proxy. + topologySpreadConstraints: [] + + # Node labels for the waypoint proxy. + nodeSelector: {} + + # Tolerations for the waypoint proxy. + tolerations: [] + + base: + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + # Gateway Settings + gateways: + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + + # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it + seccompProfile: {} + + # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. + # For example: + # gatewayClasses: + # istio: + # service: + # spec: + # type: ClusterIP + # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. + gatewayClasses: {} + + pdb: + # -- Minimum available pods set in PodDisruptionBudget. + # Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. + # maxUnavailable: 1 + # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget. + # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ + unhealthyPodEvictionPolicy: "" diff --git a/resources/v1.28.4/charts/ztunnel/Chart.yaml b/resources/v1.28.4/charts/ztunnel/Chart.yaml new file mode 100644 index 0000000000..84af74d241 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +appVersion: 1.28.4 +description: Helm chart for istio ztunnel components +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio-ztunnel +- istio +name: ztunnel +sources: +- https://github.com/istio/istio +version: 1.28.4 diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/README.md b/resources/v1.28.4/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/README.md rename to resources/v1.28.4/charts/ztunnel/README.md diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 0000000000..d04117bfc0 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..8fe80112bf --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 0000000000..209157cccf --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-demo.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-preview.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-remote.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.28.4/charts/ztunnel/files/profile-stable.yaml b/resources/v1.28.4/charts/ztunnel/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.28.4/charts/ztunnel/templates/NOTES.txt b/resources/v1.28.4/charts/ztunnel/templates/NOTES.txt new file mode 100644 index 0000000000..244f59db06 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/templates/NOTES.txt @@ -0,0 +1,5 @@ +ztunnel successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.28.4/charts/ztunnel/templates/_helpers.tpl b/resources/v1.28.4/charts/ztunnel/templates/_helpers.tpl new file mode 100644 index 0000000000..46a7a0b79d --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/templates/_helpers.tpl @@ -0,0 +1 @@ +{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.28.4/charts/ztunnel/templates/daemonset.yaml b/resources/v1.28.4/charts/ztunnel/templates/daemonset.yaml new file mode 100644 index 0000000000..b10e99cfa4 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/templates/daemonset.yaml @@ -0,0 +1,212 @@ +{{- if or (eq .Values.resourceScope "all") (eq .Values.resourceScope "namespace") }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +spec: + {{- with .Values.updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + app: ztunnel + template: + metadata: + labels: + sidecar.istio.io/inject: "false" + istio.io/dataplane-mode: none + app: ztunnel + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 8}} +{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} + annotations: + sidecar.istio.io/inject: "false" +{{- if .Values.revision }} + istio.io/rev: {{ .Values.revision }} +{{- end }} +{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} + spec: + nodeSelector: + kubernetes.io/os: linux +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | trim | indent 8 }} +{{- end }} + serviceAccountName: {{ include "ztunnel.release-name" . }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | trim | indent 8 }} +{{- end }} + containers: + - name: istio-proxy +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" +{{- end }} + ports: + - containerPort: 15020 + name: ztunnel-stats + protocol: TCP + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 10 }} +{{- end }} +{{- with .Values.imagePullPolicy }} + imagePullPolicy: {{ . }} +{{- end }} + securityContext: + # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true + # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 + allowPrivilegeEscalation: true + privileged: false + capabilities: + drop: + - ALL + add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html + - NET_ADMIN # Required for TPROXY and setsockopt + - SYS_ADMIN # Required for `setns` - doing things in other netns + - NET_RAW # Required for RAW/PACKET sockets, TPROXY + readOnlyRootFilesystem: true + runAsGroup: 1337 + runAsNonRoot: false + runAsUser: 0 +{{- if .Values.seLinuxOptions }} + seLinuxOptions: +{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} +{{- end }} + readinessProbe: + httpGet: + port: 15021 + path: /healthz/ready + args: + - proxy + - ztunnel + env: + - name: CA_ADDRESS + {{- if .Values.caAddress }} + value: {{ .Values.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 + {{- end }} + - name: XDS_ADDRESS + {{- if .Values.xdsAddress }} + value: {{ .Values.xdsAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 + {{- end }} + {{- if .Values.logAsJson }} + - name: LOG_FORMAT + value: json + {{- end}} + {{- if .Values.network }} + - name: NETWORK + value: {{ .Values.network | quote }} + {{- end }} + - name: RUST_LOG + value: {{ .Values.logLevel | quote }} + - name: RUST_BACKTRACE + value: "1" + - name: ISTIO_META_CLUSTER_ID + value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} + - name: INPOD_ENABLED + value: "true" + - name: TERMINATION_GRACE_PERIOD_SECONDS + value: "{{ .Values.terminationGracePeriodSeconds }}" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} + {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + - name: ZTUNNEL_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- with .Values.env }} + {{- range $key, $val := . }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /var/run/ztunnel + name: cni-ztunnel-sock-dir + - mountPath: /tmp + name: tmp + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + priorityClassName: system-node-critical + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + volumes: + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: istio-ca + - name: istiod-ca-cert + {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + - name: cni-ztunnel-sock-dir + hostPath: + path: /var/run/ztunnel + type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. + # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one + - name: tmp + emptyDir: {} + {{- with .Values.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/rbac.yaml b/resources/v1.28.4/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/rbac.yaml rename to resources/v1.28.4/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.28.4/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.28.4/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.28.4/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.28.4/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.28.4/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.28.4/charts/ztunnel/templates/zzz_profile.yaml new file mode 100644 index 0000000000..606c556697 --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if true }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.28.4/charts/ztunnel/values.yaml b/resources/v1.28.4/charts/ztunnel/values.yaml new file mode 100644 index 0000000000..618f23551d --- /dev/null +++ b/resources/v1.28.4/charts/ztunnel/values.yaml @@ -0,0 +1,136 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + # Hub to pull from. Image will be `Hub/Image:Tag-Variant` + hub: gcr.io/istio-release + # Tag to pull from. Image will be `Hub/Image:Tag-Variant` + tag: 1.28.4 + # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. + variant: "" + + # Image name to pull from. Image will be `Hub/Image:Tag-Variant` + # If Image contains a "/", it will replace the entire `image` in the pod. + image: ztunnel + + # Same as `global.network`, but will override it if set. + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. + # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. + resourceName: "" + + # Labels to apply to all top level resources + labels: {} + # Annotations to apply to all top level resources + annotations: {} + + # Additional volumeMounts to the ztunnel container + volumeMounts: [] + + # Additional volumes to the ztunnel pod + volumes: [] + + # Tolerations for the ztunnel pod + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + + # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). + podAnnotations: + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + + # Additional labels to apply on the pod level + podLabels: {} + + # Pod resource configuration + resources: + requests: + cpu: 200m + # Ztunnel memory scales with the size of the cluster and traffic load + # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. + memory: 512Mi + + resourceQuotas: + enabled: false + pods: 5000 + + # List of secret names to add to the service account as image pull secrets + imagePullSecrets: [] + + # A `key: value` mapping of environment variables to add to the pod + env: {} + + # Override for the pod imagePullPolicy + imagePullPolicy: "" + + # Settings for multicluster + multiCluster: + # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent + # with Istiod configuration. + clusterName: "" + + # meshConfig defines runtime configuration of components. + # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other + # components. + # TODO: https://github.com/istio/istio/issues/43248 + meshConfig: + defaultConfig: + proxyMetadata: {} + + # This value defines: + # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) + # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) + # Default K8S value is 30 seconds + terminationGracePeriodSeconds: 30 + + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. + revision: "" + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + caAddress: "" + + # The customized XDS address to retrieve configuration. + # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. + # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 + xdsAddress: "" + + # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. + istioNamespace: istio-system + + # Configuration log level of ztunnel binary, default is info. + # Valid values are: trace, debug, info, warn, error + logLevel: info + + # To output all logs in json format + logAsJson: false + + # Set to `type: RuntimeDefault` to use the default profile if available. + seLinuxOptions: {} + # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead + #seLinuxOptions: + # type: spc_t + + # resourceScope controls what resources will be processed by helm. + # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator. + # It can be one of: + # - all: all resources are processed + # - cluster: only cluster-scoped resources are processed + # - namespace: only namespace-scoped resources are processed + resourceScope: all + + # K8s DaemonSet update strategy. + # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 diff --git a/resources/v1.28.4/cni-1.28.4.tgz.etag b/resources/v1.28.4/cni-1.28.4.tgz.etag new file mode 100644 index 0000000000..0ab84bb9c8 --- /dev/null +++ b/resources/v1.28.4/cni-1.28.4.tgz.etag @@ -0,0 +1 @@ +bc40f538b846bd578df46f3318898e36 diff --git a/resources/v1.28.4/commit b/resources/v1.28.4/commit new file mode 100644 index 0000000000..15b13fd65b --- /dev/null +++ b/resources/v1.28.4/commit @@ -0,0 +1 @@ +1.28.4 diff --git a/resources/v1.28.4/gateway-1.28.4.tgz.etag b/resources/v1.28.4/gateway-1.28.4.tgz.etag new file mode 100644 index 0000000000..89372815a3 --- /dev/null +++ b/resources/v1.28.4/gateway-1.28.4.tgz.etag @@ -0,0 +1 @@ +75fbe99ff3604d9af5e216f7267e872f diff --git a/resources/v1.28.4/istiod-1.28.4.tgz.etag b/resources/v1.28.4/istiod-1.28.4.tgz.etag new file mode 100644 index 0000000000..beccf8e135 --- /dev/null +++ b/resources/v1.28.4/istiod-1.28.4.tgz.etag @@ -0,0 +1 @@ +2f7aeb4c63cd1d899efb9fe7b8cdd71e diff --git a/resources/v1.28.4/profiles/ambient.yaml b/resources/v1.28.4/profiles/ambient.yaml new file mode 100644 index 0000000000..71ea784a80 --- /dev/null +++ b/resources/v1.28.4/profiles/ambient.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: ambient diff --git a/resources/v1.28.4/profiles/default.yaml b/resources/v1.28.4/profiles/default.yaml new file mode 100644 index 0000000000..8f1ef19676 --- /dev/null +++ b/resources/v1.28.4/profiles/default.yaml @@ -0,0 +1,12 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + # Most default values come from the helm chart's values.yaml + # Below are the things that differ + values: + defaultRevision: "" + global: + istioNamespace: istio-system + configValidation: true + ztunnel: + resourceName: ztunnel diff --git a/resources/v1.28.4/profiles/demo.yaml b/resources/v1.28.4/profiles/demo.yaml new file mode 100644 index 0000000000..53c4b41633 --- /dev/null +++ b/resources/v1.28.4/profiles/demo.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: demo diff --git a/resources/v1.28.4/profiles/empty.yaml b/resources/v1.28.4/profiles/empty.yaml new file mode 100644 index 0000000000..4477cb1fe1 --- /dev/null +++ b/resources/v1.28.4/profiles/empty.yaml @@ -0,0 +1,5 @@ +# The empty profile has everything disabled +# This is useful as a base for custom user configuration +apiVersion: sailoperator.io/v1 +kind: Istio +spec: {} diff --git a/resources/v1.28.4/profiles/openshift-ambient.yaml b/resources/v1.28.4/profiles/openshift-ambient.yaml new file mode 100644 index 0000000000..76edf00cd8 --- /dev/null +++ b/resources/v1.28.4/profiles/openshift-ambient.yaml @@ -0,0 +1,7 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: ambient + global: + platform: openshift diff --git a/resources/v1.28.4/profiles/openshift.yaml b/resources/v1.28.4/profiles/openshift.yaml new file mode 100644 index 0000000000..41492660fe --- /dev/null +++ b/resources/v1.28.4/profiles/openshift.yaml @@ -0,0 +1,6 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + global: + platform: openshift diff --git a/resources/v1.28.4/profiles/preview.yaml b/resources/v1.28.4/profiles/preview.yaml new file mode 100644 index 0000000000..59d545c840 --- /dev/null +++ b/resources/v1.28.4/profiles/preview.yaml @@ -0,0 +1,8 @@ +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: preview diff --git a/resources/v1.28.4/profiles/remote.yaml b/resources/v1.28.4/profiles/remote.yaml new file mode 100644 index 0000000000..54c65c8ba9 --- /dev/null +++ b/resources/v1.28.4/profiles/remote.yaml @@ -0,0 +1,7 @@ +# The remote profile is used to configure a mesh cluster without a locally deployed control plane. +# Only the injector mutating webhook configuration is installed. +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: remote diff --git a/resources/v1.28.4/profiles/stable.yaml b/resources/v1.28.4/profiles/stable.yaml new file mode 100644 index 0000000000..285feba244 --- /dev/null +++ b/resources/v1.28.4/profiles/stable.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: stable diff --git a/resources/v1.28.4/ztunnel-1.28.4.tgz.etag b/resources/v1.28.4/ztunnel-1.28.4.tgz.etag new file mode 100644 index 0000000000..65bda0d04e --- /dev/null +++ b/resources/v1.28.4/ztunnel-1.28.4.tgz.etag @@ -0,0 +1 @@ +9c587ddf90690816bb9ed30fb105cf35 diff --git a/resources/v1.30-alpha.b38ad9e4/base-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag b/resources/v1.30-alpha.b38ad9e4/base-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag new file mode 100644 index 0000000000..e43ad2c8e0 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/base-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag @@ -0,0 +1 @@ +edabd70bfebb6c38becf6bd568455b41 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/Chart.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/Chart.yaml new file mode 100644 index 0000000000..4168830f65 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +description: Helm chart for deploying Istio cluster resources and CRDs +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +name: base +sources: +- https://github.com/istio/istio +version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/README.md b/resources/v1.30-alpha.b38ad9e4/charts/base/README.md new file mode 100644 index 0000000000..ae8f6d5b0e --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/README.md @@ -0,0 +1,35 @@ +# Istio base Helm Chart + +This chart installs resources shared by all Istio revisions. This includes Istio CRDs. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-base`: + +```console +kubectl create namespace istio-system +helm install istio-base istio/base -n istio-system +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.b38ad9e4/charts/base/templates/NOTES.txt new file mode 100644 index 0000000000..f12616f578 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/templates/NOTES.txt @@ -0,0 +1,5 @@ +Istio base successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml new file mode 100644 index 0000000000..30049df989 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml @@ -0,0 +1,55 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-default-policy.istio.io" + labels: + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.defaultRevision }} + app.kubernetes.io/name: "istiod" + {{ include "istio.labels" . | nindent 4 }} +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isProxyConfig + expression: "object.kind == 'ProxyConfig'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: "!variables.isProxyConfig" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-default-policy-binding.istio.io" +spec: + policyName: "stable-channel-default-policy.istio.io" + validationActions: [Deny] +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml new file mode 100644 index 0000000000..dcd16e964f --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml @@ -0,0 +1,58 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{- if not (eq .Values.defaultRevision "") }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: istiod-default-validator + labels: + app: istiod + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.defaultRevision | quote }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +webhooks: + - name: validation.istio.io + clientConfig: + {{- if .Values.base.validationURL }} + url: {{ .Values.base.validationURL }} + {{- else }} + service: + {{- if (eq .Values.defaultRevision "default") }} + name: istiod + {{- else }} + name: istiod-{{ .Values.defaultRevision }} + {{- end }} + namespace: {{ .Values.global.istioNamespace }} + path: "/validate" + {{- end }} + {{- if .Values.base.validationCABundle }} + caBundle: "{{ .Values.base.validationCABundle }}" + {{- end }} + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: + - "*" + resources: + - "*" + + {{- if .Values.base.validationCABundle }} + # Disable webhook controller in Pilot to stop patching it + failurePolicy: Fail + {{- else }} + # Fail open until the validation webhook is ready. The webhook controller + # will update this to `Fail` and patch in the `caBundle` when the webhook + # endpoint is ready. + failurePolicy: Ignore + {{- end }} + sideEffects: None + admissionReviewVersions: ["v1"] +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/templates/reader-serviceaccount.yaml new file mode 100644 index 0000000000..bb7a74ff48 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/templates/reader-serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# This singleton service account aggregates reader permissions for the revisions in a given cluster +# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, +# as otherwise compromising the token for this SA would give you access to *every* installed revision. +# Should be used for remote secret creation. +apiVersion: v1 +kind: ServiceAccount + {{- if .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: istio-reader-service-account + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/templates/zzz_profile.yaml new file mode 100644 index 0000000000..3d84956485 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/values.yaml b/resources/v1.30-alpha.b38ad9e4/charts/base/values.yaml new file mode 100644 index 0000000000..8353c57d6d --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/base/values.yaml @@ -0,0 +1,45 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + global: + + # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + + # Used to locate istiod. + istioNamespace: istio-system + + # resourceScope controls what resources will be processed by helm. + # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator. + # It can be one of: + # - all: all resources are processed + # - cluster: only cluster-scoped resources are processed + # - namespace: only namespace-scoped resources are processed + resourceScope: all + base: + # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. + # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. + # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. + excludedCRDs: [] + # Helm (as of V3) does not support upgrading CRDs, because it is not universally + # safe for them to support this. + # Istio as a project enforces certain backwards-compat guarantees that allow us + # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs + # as standard K8S resources in Helm, and disable Helm's CRD management. See also: + # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts + enableCRDTemplates: true + + # Validation webhook configuration url + # For example: https://$remotePilotAddress:15017/validate + validationURL: "" + # Validation webhook caBundle value. Useful when running pilot with a well known cert + validationCABundle: "" + + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + defaultRevision: "default" + experimental: + stableValidationPolicy: false diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/Chart.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/Chart.yaml new file mode 100644 index 0000000000..f61822e63a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +description: Helm chart for istio-cni components +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio-cni +- istio +name: cni +sources: +- https://github.com/istio/istio +version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/README.md b/resources/v1.30-alpha.b38ad9e4/charts/cni/README.md new file mode 100644 index 0000000000..f7e5cbd379 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/README.md @@ -0,0 +1,65 @@ +# Istio CNI Helm Chart + +This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) +for more information. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-cni`: + +```console +helm install istio-cni istio/cni -n kube-system +``` + +Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) +`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow +'system-node-critical' outside of kube-system. + +## Configuration + +To view supported configuration options and documentation, run: + +```console +helm show values istio/istio-cni +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### Ambient + +To enable ambient, you can use the ambient profile: `--set profile=ambient`. + +#### Calico + +For Calico, you must also modify the settings to allow source spoofing: + +- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` +- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) + +### GKE notes + +On GKE, 'kube-system' is required. + +If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` +it is auto-detected. diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/NOTES.txt new file mode 100644 index 0000000000..fb35525b99 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/NOTES.txt @@ -0,0 +1,5 @@ +"{{ .Release.Name }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/_helpers.tpl new file mode 100644 index 0000000000..73cc17b2f6 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/_helpers.tpl @@ -0,0 +1,8 @@ +{{- define "name" -}} + istio-cni +{{- end }} + + +{{- define "istio-tag" -}} + {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrole.yaml new file mode 100644 index 0000000000..51af4ce7ff --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrole.yaml @@ -0,0 +1,84 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +- apiGroups: [""] + resources: ["pods","nodes","namespaces"] + verbs: ["get", "list", "watch"] +{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{{- end }} +--- +{{- if .Values.repair.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-repair-role + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["watch", "get", "list"] +{{- if .Values.repair.repairPods }} +{{- /* No privileges needed*/}} +{{- else if .Values.repair.deletePods }} + - apiGroups: [""] + resources: ["pods"] + verbs: ["delete"] +{{- else if .Values.repair.labelPods }} + - apiGroups: [""] + {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} + resources: ["pods/status"] + verbs: ["patch", "update"] +{{- end }} +{{- end }} +--- +{{- if .Values.ambient.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-ambient + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} + resources: ["pods/status"] + verbs: ["patch", "update"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + resourceNames: ["{{ template "name" . }}-node"] + verbs: ["get"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..60e3c28be8 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrolebinding.yaml @@ -0,0 +1,66 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace }} +--- +{{- if .Values.repair.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-repair-rolebinding + labels: + k8s-app: {{ template "name" . }}-repair + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace}} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-repair-role +{{- end }} +--- +{{- if .Values.ambient.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-ambient + labels: + k8s-app: {{ template "name" . }}-repair + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace}} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-ambient +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/configmap-cni.yaml new file mode 100644 index 0000000000..9b5dd47925 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/configmap-cni.yaml @@ -0,0 +1,44 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "name" . }}-config + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +data: + CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} + AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} + AMBIENT_ENABLEMENT_SELECTOR: {{ .Values.ambient.enablementSelectors | toYaml | quote }} + AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} + AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} + AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} + ENABLE_AMBIENT_DETECTION_RETRY: {{ .Values.ambient.enableAmbientDetectionRetry | quote }} + {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values + CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. + {{- end }} + ISTIO_OWNED_CNI_CONFIG: {{ .Values.istioOwnedCNIConfig | quote }} + {{- if .Values.istioOwnedCNIConfig }} + ISTIO_OWNED_CNI_CONF_FILENAME: {{ .Values.istioOwnedCNIConfigFileName | quote }} + {{- end }} + CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} + EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" + REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} + REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} + REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} + REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} + REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} + REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} + REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} + NATIVE_NFTABLES: {{ .Values.global.nativeNftables | quote }} + {{- with .Values.env }} + {{- range $key, $val := . }} + {{ $key }}: "{{ $val }}" + {{- end }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/network-attachment-definition.yaml new file mode 100644 index 0000000000..37ef7c3e6d --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/network-attachment-definition.yaml @@ -0,0 +1,13 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if eq .Values.provider "multus" }} +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: {{ template "name" . }} + namespace: default + labels: + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/resourcequota.yaml new file mode 100644 index 0000000000..2e0be5ab40 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/resourcequota.yaml @@ -0,0 +1,21 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if .Values.resourceQuotas.enabled }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ template "name" . }}-resource-quota + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +spec: + hard: + pods: {{ .Values.resourceQuotas.pods | quote }} + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/serviceaccount.yaml new file mode 100644 index 0000000000..17c8e64a9d --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/serviceaccount.yaml @@ -0,0 +1,20 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +apiVersion: v1 +kind: ServiceAccount +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +metadata: + name: {{ template "name" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzy_descope_legacy.yaml new file mode 100644 index 0000000000..a9584ac29f --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzy_descope_legacy.yaml @@ -0,0 +1,3 @@ +{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. +Due to the file naming, this always happens after zzz_profile.yaml */}} +{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzz_profile.yaml new file mode 100644 index 0000000000..3d84956485 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.bcdd144c/charts/cni/values.yaml b/resources/v1.30-alpha.b38ad9e4/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.bcdd144c/charts/cni/values.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/cni/values.yaml index 28e3fd017b..8a37174ba7 100644 --- a/resources/v1.30-alpha.bcdd144c/charts/cni/values.yaml +++ b/resources/v1.30-alpha.b38ad9e4/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + tag: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/Chart.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/Chart.yaml new file mode 100644 index 0000000000..f25aafedec --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +description: Helm chart for deploying Istio gateways +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +- gateways +name: gateway +sources: +- https://github.com/istio/istio +type: application +version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/README.md b/resources/v1.30-alpha.b38ad9e4/charts/gateway/README.md new file mode 100644 index 0000000000..6344859a22 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/README.md @@ -0,0 +1,170 @@ +# Istio Gateway Helm Chart + +This chart installs an Istio gateway deployment. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-ingressgateway`: + +```console +helm install istio-ingressgateway istio/gateway +``` + +## Uninstalling the Chart + +To uninstall/delete the `istio-ingressgateway` deployment: + +```console +helm delete istio-ingressgateway +``` + +## Configuration + +To view supported configuration options and documentation, run: + +```console +helm show values istio/gateway +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### OpenShift + +When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: + +```console +helm install istio-ingressgateway istio/gateway --set profile=openshift +``` + +### `image: auto` Information + +The image used by the chart, `auto`, may be unintuitive. +This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). +This allows the same configurations and lifecycle to apply to gateways as sidecars. + +Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. +See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. + +### Examples + +#### Egress Gateway + +Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): + +```yaml +service: + # Egress gateways do not need an external LoadBalancer IP + type: ClusterIP +``` + +#### Multi-network/VM Gateway + +Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: + +```yaml +networkGateway: network-1 +``` + +### Migrating from other installation methods + +Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts +following the guidance below. +If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. + +WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. + +#### Legacy Gateway Helm charts + +Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. +These are replaced by this chart. +While not required, it is recommended all new users use this chart, and existing users migrate when possible. + +This chart has the following benefits and differences: +* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). +* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. +* Published to official Istio Helm repository. +* Single chart for all gateways (Ingress, Egress, East West). + +#### General concerns + +For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. + +If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: + +```yaml +app: istio-gateway +istio: gateway # the release name with leading istio- prefix stripped +``` + +If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels +`foo=bar,istio=ingressgateway`: + +```yaml +name: my-custom-gateway # Override the name to match existing resources +labels: + app: "" # Unset default app selector label + istio: ingressgateway # override default istio selector label + foo: bar # Add the existing custom selector label +``` + +#### Migrating an existing Helm release + +An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous +installation was done like: + +```console +helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system +``` + +It could be upgraded with + +```console +helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway +``` + +Note the name and labels are overridden to match the names of the existing installation. + +Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. +If you have AuthorizationPolicies that reference port these ports, you should update them during this process, +or customize the ports to match the old defaults. +See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. + +#### Other migrations + +If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. + +The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: + +```console +KINDS=(service deployment) +RELEASE=istio-ingressgateway +NAMESPACE=istio-system +for KIND in "${KINDS[@]}"; do + kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE + kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE + kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm +done +``` + +You may ignore errors about resources not being found. diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/NOTES.txt new file mode 100644 index 0000000000..fd0142911a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/NOTES.txt @@ -0,0 +1,9 @@ +"{{ include "gateway.name" . }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} + +Next steps: + * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ + * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/_helpers.tpl new file mode 100644 index 0000000000..e5a0a9b3c2 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{- define "gateway.name" -}} +{{- if eq .Release.Name "RELEASE-NAME" -}} + {{- .Values.name | default "istio-ingressgateway" -}} +{{- else -}} + {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} +{{- end -}} +{{- end }} + +{{- define "gateway.labels" -}} +{{ include "gateway.selectorLabels" . }} +{{- range $key, $val := .Values.labels }} +{{- if and (ne $key "app") (ne $key "istio") }} +{{ $key | quote }}: {{ $val | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "gateway.selectorLabels" -}} +app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} +istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} +{{- end }} + +{{/* +Keep sidecar injection labels together +https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy +*/}} +{{- define "gateway.sidecarInjectionLabels" -}} +sidecar.istio.io/inject: "true" +{{- with .Values.revision }} +istio.io/rev: {{ . | quote }} +{{- end }} +{{- end }} + +{{- define "gateway.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} +{{- else }} +{{- .Values.serviceAccount.name | default "default" }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/deployment.yaml new file mode 100644 index 0000000000..1d8f93a472 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/deployment.yaml @@ -0,0 +1,145 @@ +apiVersion: apps/v1 +kind: {{ .Values.kind | default "Deployment" }} +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} + replicas: {{ .Values.replicaCount }} + {{- end }} + {{- end }} + {{- with .Values.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.minReadySeconds }} + minReadySeconds: {{ . }} + {{- end }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 8}} + {{- range $key, $val := .Values.labels }} + {{- if and (ne $key "app") (ne $key "istio") }} + {{ $key | quote }}: {{ $val | quote }} + {{- end }} + {{- end }} + {{- with .Values.networkGateway }} + topology.istio.io/network: "{{.}}" + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.serviceAccountName" . }} + securityContext: + {{- if .Values.securityContext }} + {{- toYaml .Values.securityContext | nindent 8 }} + {{- else }} + # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- end }} + {{- with .Values.volumes }} + volumes: + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: istio-proxy + # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection + image: auto + {{- with .Values.imagePullPolicy }} + imagePullPolicy: {{ . }} + {{- end }} + securityContext: + {{- if .Values.containerSecurityContext }} + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- else }} + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + {{- if not (eq (.Values.platform | default "") "openshift") }} + runAsUser: 1337 + runAsGroup: 1337 + {{- end }} + runAsNonRoot: true + {{- end }} + env: + {{- with .Values.networkGateway }} + - name: ISTIO_META_REQUESTED_NETWORK_VIEW + value: "{{.}}" + {{- end }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + {{- with .Values.envVarFrom }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.additionalContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/hpa.yaml new file mode 100644 index 0000000000..64ecb6a4cd --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/hpa.yaml @@ -0,0 +1,40 @@ +{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: {{ .Values.kind | default "Deployment" }} + name: {{ include "gateway.name" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + type: Utilization + {{- end }} + {{- if .Values.autoscaling.autoscaleBehavior }} + behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/networkpolicy.yaml new file mode 100644 index 0000000000..ea2fab97b3 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/networkpolicy.yaml @@ -0,0 +1,47 @@ +{{- if (.Values.global.networkPolicy).enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "gateway.name" . }}{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "gateway.name" . }} + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Gateway" + istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} + release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "gateway.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + - Egress + ingress: + # Status/health check port + - from: [] + ports: + - protocol: TCP + port: 15021 + # Metrics endpoints for monitoring/prometheus + - from: [] + ports: + - protocol: TCP + port: 15020 + - protocol: TCP + port: 15090 + # Main gateway traffic ports +{{- if .Values.service.ports }} +{{- range .Values.service.ports }} + - from: [] + ports: + - protocol: {{ .protocol | default "TCP" }} + port: {{ .targetPort | default .port }} +{{- end }} +{{- end }} + egress: + # Allow all egress (gateways need to reach external services, istiod, and other cluster services) + - {} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000000..91869a0ead --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/poddisruptionbudget.yaml @@ -0,0 +1,21 @@ +{{- if .Values.podDisruptionBudget }} +# a workaround for https://github.com/kubernetes/kubernetes/issues/93476 +{{- if or (and .Values.autoscaling.enabled (gt (int .Values.autoscaling.minReplicas) 1)) (and (not .Values.autoscaling.enabled) (gt (int .Values.replicaCount) 1)) }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} +spec: + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + {{- with .Values.podDisruptionBudget }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/role.yaml new file mode 100644 index 0000000000..3d16079632 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/role.yaml @@ -0,0 +1,37 @@ +{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} +{{- if .Values.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "gateway.serviceAccountName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "gateway.serviceAccountName" . }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/service.yaml new file mode 100644 index 0000000000..d172364d0e --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/service.yaml @@ -0,0 +1,78 @@ +{{- if not (eq .Values.service.type "None") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.networkGateway }} + topology.istio.io/network: "{{.}}" + {{- end }} + annotations: + {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} +spec: +{{- with .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ . }}" +{{- end }} +{{- if eq .Values.service.type "LoadBalancer" }} + {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} + allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} + {{- end }} + {{- if hasKey .Values.service "loadBalancerClass" }} + loadBalancerClass: {{ .Values.service.loadBalancerClass }} + {{- end }} +{{- end }} +{{- if .Values.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} +{{- end }} +{{- if .Values.service.ipFamilies }} + ipFamilies: +{{- range .Values.service.ipFamilies }} + - {{ . }} +{{- end }} +{{- end }} +{{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: "{{ . }}" +{{- end }} +{{- with .Values.service.internalTrafficPolicy }} + internalTrafficPolicy: "{{ . }}" +{{- end }} + type: {{ .Values.service.type }} +{{- if not (eq .Values.service.clusterIP "") }} + clusterIP: {{ .Values.service.clusterIP }} +{{- end }} + ports: +{{- if .Values.networkGateway }} + - name: status-port + port: 15021 + targetPort: 15021 + - name: tls + port: 15443 + targetPort: 15443 + - name: tls-istiod + port: 15012 + targetPort: 15012 + - name: tls-webhook + port: 15017 + targetPort: 15017 +{{- else }} +{{ .Values.service.ports | toYaml | indent 4 }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: {{- range .Values.service.externalIPs }} + - {{.}} + {{- end }} +{{- end }} + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + {{- with .Values.service.selectorLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/serviceaccount.yaml new file mode 100644 index 0000000000..c88afeadd3 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/zzz_profile.yaml new file mode 100644 index 0000000000..606c556697 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if true }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.bcdd144c/charts/gateway/values.schema.json b/resources/v1.30-alpha.b38ad9e4/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/gateway/values.schema.json rename to resources/v1.30-alpha.b38ad9e4/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/values.yaml b/resources/v1.30-alpha.b38ad9e4/charts/gateway/values.yaml new file mode 100644 index 0000000000..d463634ec4 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/gateway/values.yaml @@ -0,0 +1,204 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + # Name allows overriding the release name. Generally this should not be set + name: "" + # revision declares which revision this gateway is a part of + revision: "" + + # Controls the spec.replicas setting for the Gateway deployment if set. + # Otherwise defaults to Kubernetes Deployment default (1). + replicaCount: + + kind: Deployment + + rbac: + # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed + # when using http://gateway-api.org/. + enabled: true + + serviceAccount: + # If set, a service account will be created. Otherwise, the default is used + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set, the release name is used + name: "" + + podAnnotations: + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + prometheus.io/path: "/stats/prometheus" + inject.istio.io/templates: "gateway" + sidecar.istio.io/inject: "true" + + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + containerSecurityContext: {} + + service: + # Type of service. Set to "None" to disable the service entirely + type: LoadBalancer + # Set to a specific ClusterIP, or "" for automatic assignment + clusterIP: "" + # Additional labels to add to the service selector + selectorLabels: {} + ports: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + annotations: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + externalTrafficPolicy: "" + externalIPs: [] + ipFamilyPolicy: "" + ipFamilies: [] + ## Whether to automatically allocate NodePorts (only for LoadBalancers). + # allocateLoadBalancerNodePorts: false + ## Set LoadBalancer class (only for LoadBalancers). + # loadBalancerClass: "" + + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: {} + autoscaleBehavior: {} + + # Pod environment variables + env: {} + + # Use envVarFrom to define full environment variable entries with complex sources, + # such as valueFrom.secretKeyRef, valueFrom.configMapKeyRef. Each item must include a `name` and `valueFrom`. + # + # Example: + # envVarFrom: + # - name: EXAMPLE_SECRET + # valueFrom: + # secretKeyRef: + # name: example-name + # key: example-key + envVarFrom: [] + + # Deployment Update strategy + strategy: {} + + # Sets the Deployment minReadySeconds value + minReadySeconds: + + # Optionally configure a custom readinessProbe. By default the control plane + # automatically injects the readinessProbe. If you wish to override that + # behavior, you may define your own readinessProbe here. + readinessProbe: {} + + # Labels to apply to all resources + labels: + # By default, don't enroll gateways into the ambient dataplane + "istio.io/dataplane-mode": none + + # Annotations to apply to all resources + annotations: {} + + nodeSelector: {} + + tolerations: [] + + topologySpreadConstraints: [] + + affinity: {} + + # If specified, the gateway will act as a network gateway for the given network. + networkGateway: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent + imagePullPolicy: "" + + imagePullSecrets: [] + + # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. + # + # By default, the `podDisruptionBudget` is disabled (set to `{}`), + # which means that no PodDisruptionBudget resource will be created. + # + # The PodDisruptionBudget can be only enabled if autoscaling is enabled + # with minReplicas > 1 or if autoscaling is disabled but replicaCount > 1. + # + # To enable the PodDisruptionBudget, configure it by specifying the + # `minAvailable` or `maxUnavailable`. For example, to set the + # minimum number of available replicas to 1, you can update this value as follows: + # + # podDisruptionBudget: + # minAvailable: 1 + # + # Or, to allow a maximum of 1 unavailable replica, you can set: + # + # podDisruptionBudget: + # maxUnavailable: 1 + # + # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. + # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: + # + # podDisruptionBudget: + # minAvailable: 1 + # unhealthyPodEvictionPolicy: AlwaysAllow + # + # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: + # + # podDisruptionBudget: {} + # + podDisruptionBudget: {} + + # Sets the per-pod terminationGracePeriodSeconds setting. + terminationGracePeriodSeconds: 30 + + # A list of `Volumes` added into the Gateway Pods. See + # https://kubernetes.io/docs/concepts/storage/volumes/. + volumes: [] + + # A list of `VolumeMounts` added into the Gateway Pods. See + # https://kubernetes.io/docs/concepts/storage/volumes/. + volumeMounts: [] + + # Inject initContainers into the Gateway Pods. + initContainers: [] + + # Inject additional containers into the Gateway Pods. + additionalContainers: [] + + # Configure this to a higher priority class in order to make sure your Istio gateway pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + # Configure the lifecycle hooks for the gateway. See + # https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/. + lifecycle: {} + + # When enabled, a default NetworkPolicy for gateways will be created + global: + networkPolicy: + enabled: false diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/Chart.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/Chart.yaml new file mode 100644 index 0000000000..8f7f426c1a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +description: Helm chart for istio control plane +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +- istiod +- istio-discovery +name: istiod +sources: +- https://github.com/istio/istio +version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/README.md b/resources/v1.30-alpha.b38ad9e4/charts/istiod/README.md new file mode 100644 index 0000000000..44f7b1d8ca --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/README.md @@ -0,0 +1,73 @@ +# Istiod Helm Chart + +This chart installs an Istiod deployment. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). + +To install the chart with the release name `istiod`: + +```console +kubectl create namespace istio-system +helm install istiod istio/istiod --namespace istio-system +``` + +## Uninstalling the Chart + +To uninstall/delete the `istiod` deployment: + +```console +helm delete istiod --namespace istio-system +``` + +## Configuration + +To view supported configuration options and documentation, run: + +```console +helm show values istio/istiod +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### Examples + +#### Configuring mesh configuration settings + +Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: + +```yaml +meshConfig: + accessLogFile: /dev/stdout +``` + +#### Revisions + +Control plane revisions allow deploying multiple versions of the control plane in the same cluster. +This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) + +```yaml +revision: my-revision-name +``` diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-agent.yaml new file mode 100644 index 0000000000..3b9240e36c --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-agent.yaml @@ -0,0 +1,318 @@ +{{- define "resources" }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` | quote }} + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` | quote }} + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} +{{- end }} +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: { + istio.io/rev: {{ .Revision | default "default" | quote }}, + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{- end }} + {{- end }} + sidecar.istio.io/rewriteAppHTTPProbers: "false", + } +spec: + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + ports: + - containerPort: 15020 + protocol: TCP + name: mesh-metrics + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + lifecycle: + postStart: + exec: + command: + - pilot-agent + - wait + - --url=http://localhost:15020/healthz/ready + env: + - name: ISTIO_META_GENERATOR + value: grpc + - name: OUTPUT_CERTS + value: /var/lib/istio/data + {{- if eq .InboundTrafficPolicyMode "localhost" }} + - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION + value: "true" + {{- end }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + # grpc uses xds:/// to resolve – no need to resolve VIP + - name: ISTIO_META_DNS_CAPTURE + value: "false" + - name: DISABLE_ENVOY + value: "true" + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15020 + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + resources: + {{ template "resources" . }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + # UDS channel between istioagent and gRPC client for XDS/SDS + - mountPath: /etc/istio/proxy + name: istio-xds + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 6 }} + {{ end }} + {{- end }} +{{- range $index, $container := .Spec.Containers }} +{{ if not (eq $container.Name "istio-proxy") }} + - name: {{ $container.Name }} + env: + - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" + value: "true" + - name: "GRPC_XDS_BOOTSTRAP" + value: "/etc/istio/proxy/grpc-bootstrap.json" + volumeMounts: + - mountPath: /var/lib/istio/data + name: istio-data + # UDS channel between istioagent and gRPC client for XDS/SDS + - mountPath: /etc/istio/proxy + name: istio-xds + {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} +{{- end }} +{{- end }} + volumes: + - emptyDir: + name: workload-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else }} + - emptyDir: + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-xds + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{ end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-simple.yaml new file mode 100644 index 0000000000..9ba0c7a46a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-simple.yaml @@ -0,0 +1,65 @@ +metadata: + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "false" +spec: + initContainers: + - name: grpc-bootstrap-init + image: busybox:1.28 + volumeMounts: + - mountPath: /var/lib/grpc/data/ + name: grpc-io-proxyless-bootstrap + env: + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_NAMESPACE + value: | + {{ .Values.global.istioNamespace }} + command: + - sh + - "-c" + - |- + NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" + SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" + echo ' + { + "xds_servers": [ + { + "server_uri": "'${SERVER_URI}'", + "channel_creds": [{"type": "insecure"}], + "server_features" : ["xds_v3"] + } + ], + "node": { + "id": "'${NODE_ID}'", + "metadata": { + "GENERATOR": "grpc" + } + } + }' > /var/lib/grpc/data/bootstrap.json + containers: + {{- range $index, $container := .Spec.Containers }} + - name: {{ $container.Name }} + env: + - name: GRPC_XDS_BOOTSTRAP + value: /var/lib/grpc/data/bootstrap.json + - name: GRPC_GO_LOG_VERBOSITY_LEVEL + value: "99" + - name: GRPC_GO_LOG_SEVERITY_LEVEL + value: info + volumeMounts: + - mountPath: /var/lib/grpc/data/ + name: grpc-io-proxyless-bootstrap + {{- end }} + volumes: + - name: grpc-io-proxyless-bootstrap + emptyDir: {} diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/NOTES.txt new file mode 100644 index 0000000000..0d07ea7f4c --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/NOTES.txt @@ -0,0 +1,82 @@ +"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} + +Next steps: +{{- $profile := default "" .Values.profile }} +{{- if (eq $profile "ambient") }} + * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ + * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ +{{- else }} + * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ + * Try out our tasks to get started on common configurations: + * https://istio.io/latest/docs/tasks/traffic-management + * https://istio.io/latest/docs/tasks/security/ + * https://istio.io/latest/docs/tasks/policy-enforcement/ +{{- end }} + * Review the list of actively supported releases, CVE publications and our hardening guide: + * https://istio.io/latest/docs/releases/supported-releases/ + * https://istio.io/latest/news/security/ + * https://istio.io/latest/docs/ops/best-practices/security/ + +For further documentation see https://istio.io website + +{{- + $deps := dict + "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" + "global.certificates" "meshConfig.certificates" + "global.localityLbSetting" "meshConfig.localityLbSetting" + "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" + "global.enableTracing" "meshConfig.enableTracing" + "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" + "global.proxy.accessLogFile" "meshConfig.accessLogFile" + "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" + "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" + "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" + "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" + "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" + "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" + "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" + "global.mtls.enabled" "the PeerAuthentication resource" + "global.mtls.auto" "meshConfig.enableAutoMtls" + "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" + "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" + "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" + "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" + "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" + "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" +}} +{{- range $dep, $replace := $deps }} +{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} +{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} +{{- if not (eq $res "")}} +WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. +{{- end }} +{{- end }} +{{- + $failDeps := dict + "telemetry.v2.prometheus.configOverride" + "telemetry.v2.stackdriver.configOverride" + "telemetry.v2.stackdriver.disableOutbound" + "telemetry.v2.stackdriver.outboundAccessLogging" + "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" + "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" + "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" + "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" + "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" +}} +{{- range $dep, $replace := $failDeps }} +{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} +{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} +{{- if not (eq $res "")}} +{{fail (print $dep " is removed")}} +{{- end }} +{{- end }} +{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} +{{- fail "pilotCertProvider=kubernetes is not supported" }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/_helpers.tpl new file mode 100644 index 0000000000..042c92538d --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} +{{ define "default-prometheus" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled +}} +{{- end }} + +{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} +{{ define "default-sd-metrics" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled +}} +{{- end }} + +{{/* SD has metrics and logging split. */}} +{{ define "default-sd-logs" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled +}} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/autoscale.yaml new file mode 100644 index 0000000000..9ab43b5bf0 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/autoscale.yaml @@ -0,0 +1,45 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + maxReplicas: {{ .Values.autoscaleMax }} + minReplicas: {{ .Values.autoscaleMin }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.cpu.targetAverageUtilization }} + {{- if .Values.memory.targetAverageUtilization }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.memory.targetAverageUtilization }} + {{- end }} + {{- if .Values.autoscaleBehavior }} + behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} + {{- end }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrole.yaml new file mode 100644 index 0000000000..3280c96b54 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrole.yaml @@ -0,0 +1,216 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: + # sidecar injection controller + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update", "patch"] + + # configuration validation webhook controller + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] + + # istio configuration + # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) + # please proceed with caution + - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] + verbs: ["get", "watch", "list"] + resources: ["*"] +{{- if .Values.global.istiod.enableAnalysis }} + - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] + verbs: ["update", "patch"] + resources: + - authorizationpolicies/status + - destinationrules/status + - envoyfilters/status + - gateways/status + - peerauthentications/status + - proxyconfigs/status + - requestauthentications/status + - serviceentries/status + - sidecars/status + - telemetries/status + - virtualservices/status + - wasmplugins/status + - workloadentries/status + - workloadgroups/status +{{- end }} + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "workloadentries" ] + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "workloadentries/status", "serviceentries/status" ] + - apiGroups: ["security.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "authorizationpolicies/status" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "services/status" ] + + # auto-detect installed CRD definitions + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + + # discovery and routing + - apiGroups: [""] + resources: ["pods", "nodes", "services", "namespaces", "endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + +{{- if .Values.taint.enabled }} + - apiGroups: [""] + resources: ["nodes"] + verbs: ["patch"] +{{- end }} + + # ingress controller +{{- if .Values.global.istiod.enableAnalysis }} + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["*"] +{{- end}} + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses", "ingressclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["*"] + + # required for CA's namespace controller + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] + + # Istiod and bootstrap. +{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} +{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} + - apiGroups: ["certificates.k8s.io"] + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: ["update", "create", "get", "delete", "watch"] + - apiGroups: ["certificates.k8s.io"] + resources: + - "signers" + resourceNames: +{{- range .Values.global.certSigners }} + - {{ . | quote }} +{{- end }} + verbs: ["approve"] +{{- end}} +{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + - apiGroups: ["certificates.k8s.io"] + resources: ["clustertrustbundles"] + verbs: ["update", "create", "delete", "list", "watch", "get"] + - apiGroups: ["certificates.k8s.io"] + resources: ["signers"] + resourceNames: ["istio.io/istiod-ca"] + verbs: ["attest"] +{{- end }} + + # Used by Istiod to verify the JWT tokens + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + + # Used by Istiod to verify gateway SDS + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] + + # Use for Kubernetes Service APIs + - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] + resources: ["*"] + verbs: ["get", "watch", "list"] + - apiGroups: ["gateway.networking.x-k8s.io"] + resources: + - xbackendtrafficpolicies/status + - xlistenersets/status + verbs: ["update", "patch"] + - apiGroups: ["gateway.networking.k8s.io"] + resources: + - backendtlspolicies/status + - gatewayclasses/status + - gateways/status + - grpcroutes/status + - httproutes/status + - referencegrants/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: ["update", "patch"] + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["gatewayclasses"] + verbs: ["create", "update", "patch", "delete"] + - apiGroups: ["inference.networking.k8s.io"] + resources: ["inferencepools"] + verbs: ["get", "watch", "list"] + - apiGroups: ["inference.networking.k8s.io"] + resources: ["inferencepools/status"] + verbs: ["update", "patch"] + + # Needed for multicluster secret reading, possibly ingress certs in the future + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + + # Used for MCS serviceexport management + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceexports"] + verbs: [ "get", "watch", "list", "create", "delete"] + + # Used for MCS serviceimport management + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceimports"] + verbs: ["get", "watch", "list"] +--- +{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: ["apps"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "deployments" ] + - apiGroups: ["autoscaling"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "horizontalpodautoscalers" ] + - apiGroups: ["policy"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "poddisruptionbudgets" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "services" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "serviceaccounts"] +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrolebinding.yaml new file mode 100644 index 0000000000..0ca21b9576 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrolebinding.yaml @@ -0,0 +1,43 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +--- +{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: +- kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-jwks.yaml new file mode 100644 index 0000000000..45943d3839 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-jwks.yaml @@ -0,0 +1,20 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if .Values.jwksResolverExtraRootCA }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-values.yaml new file mode 100644 index 0000000000..dcd1e3530c --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-values.yaml @@ -0,0 +1,21 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + annotations: + kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + original-values: |- +{{ .Values._original | toPrettyJson | indent 4 }} +{{- $_ := unset $.Values "_original" }} + merged-values: |- +{{ .Values | toPrettyJson | indent 4 }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap.yaml new file mode 100644 index 0000000000..a24ff9ee24 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap.yaml @@ -0,0 +1,113 @@ +{{- define "mesh" }} + # The trust domain corresponds to the trust root of a system. + # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain + trustDomain: "cluster.local" + + # The namespace to treat as the administrative root namespace for Istio configuration. + # When processing a leaf namespace Istio will search for declarations in that namespace first + # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace + # is processed as if it were declared in the leaf namespace. + rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} + + {{ $prom := include "default-prometheus" . | eq "true" }} + {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} + {{ $sdLogs := include "default-sd-logs" . | eq "true" }} + {{- if or $prom $sdMetrics $sdLogs }} + defaultProviders: + {{- if or $prom $sdMetrics }} + metrics: + {{ if $prom }}- prometheus{{ end }} + {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} + {{- end }} + {{- if and $sdMetrics $sdLogs }} + accessLogging: + - stackdriver + {{- end }} + {{- end }} + + defaultConfig: + {{- if .Values.global.meshID }} + meshId: "{{ .Values.global.meshID }}" + {{- end }} + {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} + image: + imageType: {{. | quote}} + {{- end }} + {{- if not (eq .Values.global.proxy.tracer "none") }} + tracing: + {{- if eq .Values.global.proxy.tracer "lightstep" }} + lightstep: + # Address of the LightStep Satellite pool + address: {{ .Values.global.tracer.lightstep.address }} + # Access Token used to communicate with the Satellite pool + accessToken: {{ .Values.global.tracer.lightstep.accessToken }} + {{- else if eq .Values.global.proxy.tracer "zipkin" }} + zipkin: + # Address of the Zipkin collector + address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} + {{- else if eq .Values.global.proxy.tracer "datadog" }} + datadog: + # Address of the Datadog Agent + address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} + {{- else if eq .Values.global.proxy.tracer "stackdriver" }} + stackdriver: + # enables trace output to stdout. + debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} + # The global default max number of attributes per span. + maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} + # The global default max number of annotation events per span. + maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} + # The global default max number of message events per span. + maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} + {{- end }} + {{- end }} + {{- if .Values.global.remotePilotAddress }} + {{- if and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod }} + # only primary `istiod` to xds and local `istiod` injection installs. + discoveryAddress: {{ printf "istiod-remote.%s.svc" .Release.Namespace }}:15012 + {{- else }} + discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 + {{- end }} + {{- else }} + discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 + {{- end }} +{{- end }} + +{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} +{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} +{{- $originalMesh := include "mesh" . | fromYaml }} +{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} + +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if .Values.configMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + + # Configuration file for the mesh networks to be used by the Split Horizon EDS. + meshNetworks: |- + {{- if .Values.global.meshNetworks }} + networks: +{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} + {{- else }} + networks: {} + {{- end }} + + mesh: |- +{{- if .Values.meshConfig }} +{{ $mesh | toYaml | indent 4 }} +{{- else }} +{{- include "mesh" . }} +{{- end }} +--- +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/gateway-class-configmap.yaml new file mode 100644 index 0000000000..9f7cdb01da --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/gateway-class-configmap.yaml @@ -0,0 +1,22 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{ range $key, $value := .Values.gatewayClasses }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} + namespace: {{ $.Release.Namespace }} + labels: + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + gateway.istio.io/defaults-for-class: {{$key|quote}} + {{- include "istio.labels" $ | nindent 4 }} +data: +{{ range $kind, $overlay := $value }} + {{$kind}}: | +{{$overlay|toYaml|trim|indent 4}} +{{ end }} +--- +{{ end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/mutatingwebhook.yaml new file mode 100644 index 0000000000..26a6c8f00d --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/mutatingwebhook.yaml @@ -0,0 +1,167 @@ +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- /* Core defines the common configuration used by all webhook segments */}} +{{/* Copy just what we need to avoid expensive deepCopy */}} +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + {{- if .caBundle }} + caBundle: "{{ .caBundle }}" + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} + +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} +{{- if not .Values.global.operatorManageWebhooks }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq .Release.Namespace "istio-system"}} + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} +{{- else }} + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +{{- end }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} + +{{- /* Case 1: namespace selector matches, and object doesn't disable */}} +{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + + +{{- /* Webhooks for default revision */}} +{{- if (eq .Values.revision "") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/networkpolicy.yaml new file mode 100644 index 0000000000..e844d5e5de --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/networkpolicy.yaml @@ -0,0 +1,47 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if (.Values.global.networkPolicy).enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + istio: pilot + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + policyTypes: + - Ingress + - Egress + ingress: + # Webhook from kube-apiserver + - from: [] + ports: + - protocol: TCP + port: 15017 + # xDS from potentially anywhere + - from: [] + ports: + - protocol: TCP + port: 15010 + - protocol: TCP + port: 15011 + - protocol: TCP + port: 15012 + - protocol: TCP + port: 8080 + - protocol: TCP + port: 15014 + # Allow all egress (needed because features like JWKS require connections to user-defined endpoints) + egress: + - {} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000000..0ac37d1cdf --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/poddisruptionbudget.yaml @@ -0,0 +1,41 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if .Values.global.defaultPodDisruptionBudget.enabled }} +# a workaround for https://github.com/kubernetes/kubernetes/issues/93476 +{{- if or (and .Values.autoscaleEnabled (gt (int .Values.autoscaleMin) 1)) (and (not .Values.autoscaleEnabled) (gt (int .Values.replicaCount) 1)) }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + istio: pilot + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + {{- if and .Values.pdb.minAvailable (not (hasKey .Values.pdb "maxUnavailable")) }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- else if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + {{- if .Values.pdb.unhealthyPodEvictionPolicy }} + unhealthyPodEvictionPolicy: {{ .Values.pdb.unhealthyPodEvictionPolicy }} + {{- end }} + selector: + matchLabels: + app: istiod + {{- if ne .Values.revision "" }} + istio.io/rev: {{ .Values.revision | quote }} + {{- else }} + istio: pilot + {{- end }} +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/reader-clusterrolebinding.yaml new file mode 100644 index 0000000000..624f00dce6 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/reader-clusterrolebinding.yaml @@ -0,0 +1,20 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: istio-reader-service-account + namespace: {{ .Values.global.istioNamespace }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-endpointslices.yaml new file mode 100644 index 0000000000..e2f4ff03b6 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-endpointslices.yaml @@ -0,0 +1,42 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if and .Values.global.remotePilotAddress .Values.istiodRemote.enabled }} +# if the remotePilotAddress is an IP addr +{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + {{- if .Values.istiodRemote.enabledLocalInjectorIstiod }} + # This file is only used for remote `istiod` installs. + # only primary `istiod` to xds and local `istiod` injection installs. + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }}-remote + {{- else }} + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} + {{- end }} + namespace: {{ .Release.Namespace }} + labels: + {{- if .Values.istiodRemote.enabledLocalInjectorIstiod }} + # only primary `istiod` to xds and local `istiod` injection installs. + kubernetes.io/service-name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }}-remote + {{- else }} + kubernetes.io/service-name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} + {{- end }} + {{- if .Release.Service }} + endpointslice.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- end }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +addressType: IPv4 +endpoints: +- addresses: + - {{ .Values.global.remotePilotAddress }} +ports: +- port: 15012 + name: tcp-istiod + protocol: TCP +- port: 15017 + name: tcp-webhook + protocol: TCP +--- +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-service.yaml new file mode 100644 index 0000000000..ab14497bac --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-service.yaml @@ -0,0 +1,43 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# This file is only used for remote +{{- if and .Values.global.remotePilotAddress .Values.istiodRemote.enabled }} +apiVersion: v1 +kind: Service +metadata: + {{- if .Values.istiodRemote.enabledLocalInjectorIstiod }} + # only primary `istiod` to xds and local `istiod` injection installs. + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }}-remote + {{- else }} + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} + {{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + app.kubernetes.io/name: "istiod" + {{ include "istio.labels" . | nindent 4 }} +spec: + ports: + - port: 15012 + name: tcp-istiod + protocol: TCP + - port: 443 + targetPort: 15017 + name: tcp-webhook + protocol: TCP + {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} + # if the remotePilotAddress is not an IP addr, we use ExternalName + type: ExternalName + externalName: {{ .Values.global.remotePilotAddress }} + {{- end }} +{{- if .Values.global.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} +{{- end }} +{{- if .Values.global.ipFamilies }} + ipFamilies: +{{- range .Values.global.ipFamilies }} + - {{ . }} +{{- end }} +{{- end }} +--- +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-mwc.yaml new file mode 100644 index 0000000000..556bb2f1e9 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-mwc.yaml @@ -0,0 +1,154 @@ +# Adapted from istio-discovery/templates/mutatingwebhook.yaml +# Removed paths for legacy and default selectors since a revision tag +# is inherently created from a specific revision +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} + +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{- if not .Values.global.operatorManageWebhooks }} +{{- range $tagName := $.Values.revisionTags }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq $.Release.Namespace "istio-system"}} + name: istio-revision-tag-{{ $tagName }} +{{- else }} + name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} +{{- end }} + labels: + istio.io/tag: {{ $tagName }} + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + +{{- /* When the tag is "default" we want to create webhooks for the default revision */}} +{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} +{{- if (eq $tagName "default") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +--- +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-svc.yaml new file mode 100644 index 0000000000..5c4826d23e --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-svc.yaml @@ -0,0 +1,57 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Adapted from istio-discovery/templates/service.yaml +{{- range $tagName := .Values.revisionTags }} +apiVersion: v1 +kind: Service +metadata: + name: istiod-revision-tag-{{ $tagName }} + namespace: {{ $.Release.Namespace }} + {{- if $.Values.serviceAnnotations }} + annotations: +{{ toYaml $.Values.serviceAnnotations | indent 4 }} + {{- end }} + labels: + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + istio.io/tag: {{ $tagName }} + operator.istio.io/component: "Pilot" + app: istiod + istio: pilot + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +spec: + ports: + - port: 15010 + name: grpc-xds # plaintext + protocol: TCP + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + protocol: TCP + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + protocol: TCP + - port: 15014 + name: http-monitoring # prometheus stats + protocol: TCP + selector: + app: istiod + {{- if ne $.Values.revision "" }} + istio.io/rev: {{ $.Values.revision | quote }} + {{- else }} + # Label used by the 'default' service. For versioned deployments we match with app and version. + # This avoids default deployment picking the canary + istio: pilot + {{- end }} + {{- if $.Values.ipFamilyPolicy }} + ipFamilyPolicy: {{ $.Values.ipFamilyPolicy }} + {{- end }} + {{- if $.Values.ipFamilies }} + ipFamilies: + {{- range $.Values.ipFamilies }} + - {{ . }} + {{- end }} + {{- end }} +--- +{{- end -}} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/role.yaml new file mode 100644 index 0000000000..8abe608b66 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/role.yaml @@ -0,0 +1,37 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: +# permissions to verify the webhook is ready and rejecting +# invalid config. We use --server-dry-run so no config is persisted. +- apiGroups: ["networking.istio.io"] + verbs: ["create"] + resources: ["gateways"] + +# For storing CA secret +- apiGroups: [""] + resources: ["secrets"] + # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config + verbs: ["create", "get", "watch", "list", "update", "delete"] + +# For status controller, so it can delete the distribution report configmap +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["delete"] + +# For gateway deployment controller +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "update", "patch", "create"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/rolebinding.yaml new file mode 100644 index 0000000000..731964f04d --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/rolebinding.yaml @@ -0,0 +1,23 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} +subjects: + - kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/service.yaml new file mode 100644 index 0000000000..c3aade8a49 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/service.yaml @@ -0,0 +1,59 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +apiVersion: v1 +kind: Service +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + {{- if .Values.serviceAnnotations }} + annotations: +{{ toYaml .Values.serviceAnnotations | indent 4 }} + {{- end }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: istiod + istio: pilot + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + ports: + - port: 15010 + name: grpc-xds # plaintext + protocol: TCP + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + protocol: TCP + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + protocol: TCP + - port: 15014 + name: http-monitoring # prometheus stats + protocol: TCP + selector: + app: istiod + {{- if ne .Values.revision "" }} + istio.io/rev: {{ .Values.revision | quote }} + {{- else }} + # Label used by the 'default' service. For versioned deployments we match with app and version. + # This avoids default deployment picking the canary + istio: pilot + {{- end }} + {{- if .Values.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} + {{- end }} + {{- if .Values.ipFamilies }} + ipFamilies: + {{- range .Values.ipFamilies }} + - {{ . }} + {{- end }} + {{- end }} + {{- if .Values.trafficDistribution }} + trafficDistribution: {{ .Values.trafficDistribution }} + {{- end }} +--- +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/serviceaccount.yaml new file mode 100644 index 0000000000..ee40eedf81 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/serviceaccount.yaml @@ -0,0 +1,26 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: v1 +kind: ServiceAccount + {{- if .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} + {{- if .Values.serviceAccountAnnotations }} + annotations: +{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} + {{- end }} +{{- end }} +--- +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingadmissionpolicy.yaml new file mode 100644 index 0000000000..838d9fbaf7 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingadmissionpolicy.yaml @@ -0,0 +1,65 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{- if .Values.experimental.stableValidationPolicy }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" + labels: + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + objectSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isProxyConfig + expression: "object.kind == 'ProxyConfig'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: "!variables.isProxyConfig" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" +spec: + policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" + validationActions: [Deny] +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingwebhookconfiguration.yaml new file mode 100644 index 0000000000..6903b29b50 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingwebhookconfiguration.yaml @@ -0,0 +1,70 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{- if .Values.global.configValidation }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +webhooks: + # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks + # are rejecting invalid configs on a per-revision basis. + - name: rev.validation.istio.io + clientConfig: + # Should change from base but cannot for API compat + {{- if .Values.base.validationURL }} + url: {{ .Values.base.validationURL }} + {{- else }} + service: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + path: "/validate" + {{- end }} + {{- if .Values.base.validationCABundle }} + caBundle: "{{ .Values.base.validationCABundle }}" + {{- end }} + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: + - "*" + resources: + - "*" + {{- if .Values.base.validationCABundle }} + # Disable webhook controller in Pilot to stop patching it + failurePolicy: Fail + {{- else }} + # Fail open until the validation webhook is ready. The webhook controller + # will update this to `Fail` and patch in the `caBundle` when the webhook + # endpoint is ready. + failurePolicy: Ignore + {{- end }} + sideEffects: None + admissionReviewVersions: ["v1"] + objectSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} +--- +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzy_descope_legacy.yaml new file mode 100644 index 0000000000..73202418ca --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzy_descope_legacy.yaml @@ -0,0 +1,3 @@ +{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. +Due to the file naming, this always happens after zzz_profile.yaml */}} +{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzz_profile.yaml new file mode 100644 index 0000000000..3d84956485 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.bcdd144c/charts/istiod/values.yaml b/resources/v1.30-alpha.b38ad9e4/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.bcdd144c/charts/istiod/values.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/istiod/values.yaml index c5854e9885..fdc17b4f9a 100644 --- a/resources/v1.30-alpha.bcdd144c/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.b38ad9e4/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + tag: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/Chart.yaml new file mode 100644 index 0000000000..20bddc5a70 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +description: Helm chart for istio revision tags +name: revisiontags +sources: +- https://github.com/istio-ecosystem/sail-operator +version: 0.1.0 + diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-mwc.yaml new file mode 100644 index 0000000000..556bb2f1e9 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-mwc.yaml @@ -0,0 +1,154 @@ +# Adapted from istio-discovery/templates/mutatingwebhook.yaml +# Removed paths for legacy and default selectors since a revision tag +# is inherently created from a specific revision +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} + +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{- if not .Values.global.operatorManageWebhooks }} +{{- range $tagName := $.Values.revisionTags }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq $.Release.Namespace "istio-system"}} + name: istio-revision-tag-{{ $tagName }} +{{- else }} + name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} +{{- end }} + labels: + istio.io/tag: {{ $tagName }} + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + +{{- /* When the tag is "default" we want to create webhooks for the default revision */}} +{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} +{{- if (eq $tagName "default") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +--- +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-svc.yaml new file mode 100644 index 0000000000..5c4826d23e --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-svc.yaml @@ -0,0 +1,57 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Adapted from istio-discovery/templates/service.yaml +{{- range $tagName := .Values.revisionTags }} +apiVersion: v1 +kind: Service +metadata: + name: istiod-revision-tag-{{ $tagName }} + namespace: {{ $.Release.Namespace }} + {{- if $.Values.serviceAnnotations }} + annotations: +{{ toYaml $.Values.serviceAnnotations | indent 4 }} + {{- end }} + labels: + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + istio.io/tag: {{ $tagName }} + operator.istio.io/component: "Pilot" + app: istiod + istio: pilot + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +spec: + ports: + - port: 15010 + name: grpc-xds # plaintext + protocol: TCP + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + protocol: TCP + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + protocol: TCP + - port: 15014 + name: http-monitoring # prometheus stats + protocol: TCP + selector: + app: istiod + {{- if ne $.Values.revision "" }} + istio.io/rev: {{ $.Values.revision | quote }} + {{- else }} + # Label used by the 'default' service. For versioned deployments we match with app and version. + # This avoids default deployment picking the canary + istio: pilot + {{- end }} + {{- if $.Values.ipFamilyPolicy }} + ipFamilyPolicy: {{ $.Values.ipFamilyPolicy }} + {{- end }} + {{- if $.Values.ipFamilies }} + ipFamilies: + {{- range $.Values.ipFamilies }} + - {{ . }} + {{- end }} + {{- end }} +--- +{{- end -}} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/zzz_profile.yaml new file mode 100644 index 0000000000..3d84956485 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/values.yaml b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.bcdd144c/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/revisiontags/values.yaml index c5854e9885..fdc17b4f9a 100644 --- a/resources/v1.30-alpha.bcdd144c/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + tag: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/Chart.yaml new file mode 100644 index 0000000000..5c53e8efb9 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +description: Helm chart for istio ztunnel components +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio-ztunnel +- istio +name: ztunnel +sources: +- https://github.com/istio/istio +version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/README.md b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/README.md new file mode 100644 index 0000000000..72ea6892e5 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/README.md @@ -0,0 +1,50 @@ +# Istio Ztunnel Helm Chart + +This chart installs an Istio ztunnel. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart: + +```console +helm install ztunnel istio/ztunnel +``` + +## Uninstalling the Chart + +To uninstall/delete the chart: + +```console +helm delete ztunnel +``` + +## Configuration + +To view supported configuration options and documentation, run: + +```console +helm show values istio/ztunnel +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-ambient.yaml new file mode 100644 index 0000000000..495fbcd434 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-demo.yaml new file mode 100644 index 0000000000..d6dc36dd0f --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-gke.yaml new file mode 100644 index 0000000000..dfe8a7d741 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3d.yaml new file mode 100644 index 0000000000..cd86d9ec58 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3s.yaml new file mode 100644 index 0000000000..07820106d9 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-microk8s.yaml new file mode 100644 index 0000000000..57d7f5e3cd --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-minikube.yaml new file mode 100644 index 0000000000..fa9992e204 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-openshift.yaml new file mode 100644 index 0000000000..8ddc5e1654 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-preview.yaml new file mode 100644 index 0000000000..181d7bda2c --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-remote.yaml new file mode 100644 index 0000000000..d17b9a801a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-stable.yaml new file mode 100644 index 0000000000..358282e69b --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/NOTES.txt new file mode 100644 index 0000000000..244f59db06 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/NOTES.txt @@ -0,0 +1,5 @@ +ztunnel successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/_helpers.tpl new file mode 100644 index 0000000000..46a7a0b79d --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/_helpers.tpl @@ -0,0 +1 @@ +{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/rbac.yaml new file mode 100644 index 0000000000..18291716bf --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/rbac.yaml @@ -0,0 +1,51 @@ +{{- if or (eq .Values.resourceScope "all") (eq .Values.resourceScope "cluster") }} +{{- if (eq (.Values.platform | default "") "openshift") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ztunnel.release-name" . }} + labels: + app: ztunnel + release: {{ include "ztunnel.release-name" . }} + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ztunnel.release-name" . }} + labels: + app: ztunnel + release: {{ include "ztunnel.release-name" . }} + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ztunnel.release-name" . }} +subjects: +- kind: ServiceAccount + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +--- +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/resourcequota.yaml new file mode 100644 index 0000000000..d33c9fe137 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/resourcequota.yaml @@ -0,0 +1,22 @@ +{{- if or (eq .Values.resourceScope "all") (eq .Values.resourceScope "namespace") }} +{{- if .Values.resourceQuotas.enabled }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} +spec: + hard: + pods: {{ .Values.resourceQuotas.pods | quote }} + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/serviceaccount.yaml new file mode 100644 index 0000000000..e1146f3920 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/serviceaccount.yaml @@ -0,0 +1,24 @@ +{{- if or (eq .Values.resourceScope "all") (eq .Values.resourceScope "namespace") }} +apiVersion: v1 +kind: ServiceAccount + {{- with .Values.imagePullSecrets }} +imagePullSecrets: + {{- range . }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/zzz_profile.yaml new file mode 100644 index 0000000000..606c556697 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if true }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/values.yaml b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.bcdd144c/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.b38ad9e4/charts/ztunnel/values.yaml index d50ce19751..643cd29d28 100644 --- a/resources/v1.30-alpha.bcdd144c/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 + tag: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.b38ad9e4/cni-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag b/resources/v1.30-alpha.b38ad9e4/cni-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag new file mode 100644 index 0000000000..31af34cc6e --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/cni-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag @@ -0,0 +1 @@ +87b59da1f42d445718d6fe657f1faffe diff --git a/resources/v1.30-alpha.b38ad9e4/commit b/resources/v1.30-alpha.b38ad9e4/commit new file mode 100644 index 0000000000..490ab875fd --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/commit @@ -0,0 +1 @@ +b38ad9e43536da97f4c7f0259d7a313aa17b69b3 diff --git a/resources/v1.30-alpha.b38ad9e4/gateway-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag b/resources/v1.30-alpha.b38ad9e4/gateway-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag new file mode 100644 index 0000000000..d324c750a0 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/gateway-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag @@ -0,0 +1 @@ +6bec10122ae562328306c14b9df5ad64 diff --git a/resources/v1.30-alpha.b38ad9e4/istiod-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag b/resources/v1.30-alpha.b38ad9e4/istiod-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag new file mode 100644 index 0000000000..6838a0c27a --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/istiod-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag @@ -0,0 +1 @@ +c9a0d0f70da5ca80587d32c7bacdbe8e diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/ambient.yaml b/resources/v1.30-alpha.b38ad9e4/profiles/ambient.yaml new file mode 100644 index 0000000000..71ea784a80 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/profiles/ambient.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: ambient diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/default.yaml b/resources/v1.30-alpha.b38ad9e4/profiles/default.yaml new file mode 100644 index 0000000000..8f1ef19676 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/profiles/default.yaml @@ -0,0 +1,12 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + # Most default values come from the helm chart's values.yaml + # Below are the things that differ + values: + defaultRevision: "" + global: + istioNamespace: istio-system + configValidation: true + ztunnel: + resourceName: ztunnel diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/demo.yaml b/resources/v1.30-alpha.b38ad9e4/profiles/demo.yaml new file mode 100644 index 0000000000..53c4b41633 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/profiles/demo.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: demo diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/empty.yaml b/resources/v1.30-alpha.b38ad9e4/profiles/empty.yaml new file mode 100644 index 0000000000..4477cb1fe1 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/profiles/empty.yaml @@ -0,0 +1,5 @@ +# The empty profile has everything disabled +# This is useful as a base for custom user configuration +apiVersion: sailoperator.io/v1 +kind: Istio +spec: {} diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.b38ad9e4/profiles/openshift-ambient.yaml new file mode 100644 index 0000000000..76edf00cd8 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/profiles/openshift-ambient.yaml @@ -0,0 +1,7 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: ambient + global: + platform: openshift diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/openshift.yaml b/resources/v1.30-alpha.b38ad9e4/profiles/openshift.yaml new file mode 100644 index 0000000000..41492660fe --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/profiles/openshift.yaml @@ -0,0 +1,6 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + global: + platform: openshift diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/preview.yaml b/resources/v1.30-alpha.b38ad9e4/profiles/preview.yaml new file mode 100644 index 0000000000..59d545c840 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/profiles/preview.yaml @@ -0,0 +1,8 @@ +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: preview diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/remote.yaml b/resources/v1.30-alpha.b38ad9e4/profiles/remote.yaml new file mode 100644 index 0000000000..54c65c8ba9 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/profiles/remote.yaml @@ -0,0 +1,7 @@ +# The remote profile is used to configure a mesh cluster without a locally deployed control plane. +# Only the injector mutating webhook configuration is installed. +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: remote diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/stable.yaml b/resources/v1.30-alpha.b38ad9e4/profiles/stable.yaml new file mode 100644 index 0000000000..285feba244 --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/profiles/stable.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: stable diff --git a/resources/v1.30-alpha.b38ad9e4/ztunnel-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag b/resources/v1.30-alpha.b38ad9e4/ztunnel-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag new file mode 100644 index 0000000000..d8176c24ef --- /dev/null +++ b/resources/v1.30-alpha.b38ad9e4/ztunnel-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag @@ -0,0 +1 @@ +c9f774e09d5546ed76658ade9a3dea22 diff --git a/resources/v1.30-alpha.bcdd144c/base-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag b/resources/v1.30-alpha.bcdd144c/base-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag deleted file mode 100644 index 122a1b3546..0000000000 --- a/resources/v1.30-alpha.bcdd144c/base-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -03a6f6445d4a304107b1a84fb48c37f9 diff --git a/resources/v1.30-alpha.bcdd144c/cni-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag b/resources/v1.30-alpha.bcdd144c/cni-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag deleted file mode 100644 index d1d4e9fbe7..0000000000 --- a/resources/v1.30-alpha.bcdd144c/cni-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -3aeeb82bfd223cdb7fadaedc8b9b2e08 diff --git a/resources/v1.30-alpha.bcdd144c/commit b/resources/v1.30-alpha.bcdd144c/commit deleted file mode 100644 index ada1d8b865..0000000000 --- a/resources/v1.30-alpha.bcdd144c/commit +++ /dev/null @@ -1 +0,0 @@ -bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6 diff --git a/resources/v1.30-alpha.bcdd144c/gateway-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag b/resources/v1.30-alpha.bcdd144c/gateway-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag deleted file mode 100644 index 81d40d0960..0000000000 --- a/resources/v1.30-alpha.bcdd144c/gateway-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -e1b4f0ead0824ebbf6c48f16947463c7 diff --git a/resources/v1.30-alpha.bcdd144c/istiod-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag b/resources/v1.30-alpha.bcdd144c/istiod-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag deleted file mode 100644 index 242cc74514..0000000000 --- a/resources/v1.30-alpha.bcdd144c/istiod-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -413652d0ad14edcb7cf1eee51b285274 diff --git a/resources/v1.30-alpha.bcdd144c/ztunnel-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag b/resources/v1.30-alpha.bcdd144c/ztunnel-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag deleted file mode 100644 index 4c8306edcf..0000000000 --- a/resources/v1.30-alpha.bcdd144c/ztunnel-1.30-alpha.bcdd144cfe5b2627efe004a08f28fd97e0a1b4f6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -37a0d0995cb48b33c5177cfacf5e6e1a From 0669d6d7a5673eaa5c3857a77ce6e299fb248ba6 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Wed, 18 Feb 2026 04:43:26 -0500 Subject: [PATCH 5/6] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1607) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 ++++++++-------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 ++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 ++--- chart/values.yaml | 10 +++--- docs/README.adoc | 8 ++--- docs/addons/addons.adoc | 8 ++--- docs/addons/observability.adoc | 8 ++--- docs/api-reference/sailoperator.io.md | 10 +++--- .../common/create-and-configure-gateways.adoc | 8 ++--- docs/common/istio-ambient-mode.adoc | 8 ++--- docs/common/istio-ambient-waypoint.adoc | 8 ++--- docs/common/istio-nftables.adoc | 8 ++--- docs/deployment-models/consolidating-cp.adoc | 8 ++--- docs/deployment-models/multicluster.adoc | 8 ++--- docs/deployment-models/multiple-mesh.adoc | 8 ++--- docs/dual-stack/dual-stack.adoc | 8 ++--- docs/general/getting-started.adoc | 8 ++--- docs/general/istiod-ha.adoc | 8 ++--- docs/general/plugin-ca.adoc | 8 ++--- docs/guidelines/guidelines.adoc | 16 ++++----- .../migration.adoc | 8 ++--- docs/update-strategy/update-strategy.adoc | 8 ++--- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 +++++----- ...d0770559f0a88687c79510f3fc6677688.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 33 +++++++++++++++++++ .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 4 +-- .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 25 ++++++++++++++ .../charts/gateway/templates/deployment.yaml | 2 +- .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 2 +- .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 2 +- .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 2 +- .../charts/istiod/files/kube-gateway.yaml | 2 +- .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 2 +- .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 25 ++++++++++++++ .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 4 +-- .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 26 +++++++++++++++ .../charts/ztunnel/templates/daemonset.yaml | 2 +- .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...d0770559f0a88687c79510f3fc6677688.tgz.etag | 1 + resources/v1.30-alpha.3376ee0d/commit | 1 + ...d0770559f0a88687c79510f3fc6677688.tgz.etag | 1 + ...d0770559f0a88687c79510f3fc6677688.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...d0770559f0a88687c79510f3fc6677688.tgz.etag | 1 + ...43536da97f4c7f0259d7a313aa17b69b3.tgz.etag | 1 - .../charts/cni/templates/_helpers.tpl | 8 ----- .../charts/ztunnel/templates/_helpers.tpl | 1 - ...43536da97f4c7f0259d7a313aa17b69b3.tgz.etag | 1 - resources/v1.30-alpha.b38ad9e4/commit | 1 - ...43536da97f4c7f0259d7a313aa17b69b3.tgz.etag | 1 - ...43536da97f4c7f0259d7a313aa17b69b3.tgz.etag | 1 - ...43536da97f4c7f0259d7a313aa17b69b3.tgz.etag | 1 - 240 files changed, 284 insertions(+), 184 deletions(-) create mode 100644 resources/v1.30-alpha.3376ee0d/base-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/README.md (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/NOTES.txt (100%) create mode 100644 resources/v1.30-alpha.3376ee0d/charts/cni/templates/_helpers.tpl rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/daemonset.yaml (98%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/templates/_helpers.tpl (68%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/templates/deployment.yaml (98%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/agentgateway.yaml (99%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/grpc-agent.yaml (99%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/injection-template.yaml (99%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/kube-gateway.yaml (99%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/files/waypoint.yaml (99%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/_helpers.tpl (57%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/deployment.yaml (98%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/templates/NOTES.txt (100%) create mode 100644 resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/_helpers.tpl rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/templates/daemonset.yaml (99%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.3376ee0d/cni-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag create mode 100644 resources/v1.30-alpha.3376ee0d/commit create mode 100644 resources/v1.30-alpha.3376ee0d/gateway-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag create mode 100644 resources/v1.30-alpha.3376ee0d/istiod-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.b38ad9e4 => v1.30-alpha.3376ee0d}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.3376ee0d/ztunnel-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag delete mode 100644 resources/v1.30-alpha.b38ad9e4/base-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag delete mode 100644 resources/v1.30-alpha.b38ad9e4/charts/cni/templates/_helpers.tpl delete mode 100644 resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/_helpers.tpl delete mode 100644 resources/v1.30-alpha.b38ad9e4/cni-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag delete mode 100644 resources/v1.30-alpha.b38ad9e4/commit delete mode 100644 resources/v1.30-alpha.b38ad9e4/gateway-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag delete mode 100644 resources/v1.30-alpha.b38ad9e4/istiod-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag delete mode 100644 resources/v1.30-alpha.b38ad9e4/ztunnel-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index f2c9237a7a..21dc63a06c 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.b38ad9e4 + // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3376ee0d"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.3376ee0d // +kubebuilder:default=v1.28.4 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 1b08179272..db70b8be48 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.b38ad9e4 + // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3376ee0d"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.3376ee0d // +kubebuilder:default=v1.28.4 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index f1fde9e3aa..7bd008f955 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.b38ad9e4. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4"} - // +kubebuilder:validation:Enum=v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.b38ad9e4 + // Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3376ee0d. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3376ee0d"} + // +kubebuilder:validation:Enum=v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.3376ee0d Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index a0fc7f8753..faa608edd7 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.b38ad9e4 + // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3376ee0d"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.3376ee0d // +kubebuilder:default=v1.28.4 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index c6e64ea759..16642b6006 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.b38ad9e4 + // Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3376ee0d"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.4;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.7;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.3376ee0d // +kubebuilder:default=v1.28.4 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index f46d91d2ec..c43e437d2c 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-17T05:30:35Z" + createdAt: "2026-02-18T05:31:32Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. displayName: Istio Version path: version x-descriptors: @@ -200,7 +200,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3376ee0d - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -238,7 +238,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.b38ad9e4. + Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3376ee0d. displayName: Istio Version path: version x-descriptors: @@ -256,7 +256,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3376ee0d - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -291,7 +291,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. displayName: Istio Version path: version x-descriptors: @@ -312,7 +312,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3376ee0d - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -368,7 +368,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. displayName: Istio Version path: version x-descriptors: @@ -389,7 +389,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.b38ad9e4 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3376ee0d - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -420,7 +420,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -830,10 +830,10 @@ spec: images.v1_28_4.istiod: gcr.io/istio-release/pilot:1.28.4 images.v1_28_4.proxy: gcr.io/istio-release/proxyv2:1.28.4 images.v1_28_4.ztunnel: gcr.io/istio-release/ztunnel:1.28.4 - images.v1_30-alpha_b38ad9e4.cni: gcr.io/istio-testing/install-cni:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 - images.v1_30-alpha_b38ad9e4.istiod: gcr.io/istio-testing/pilot:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 - images.v1_30-alpha_b38ad9e4.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 - images.v1_30-alpha_b38ad9e4.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + images.v1_30-alpha_3376ee0d.cni: gcr.io/istio-testing/install-cni:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 + images.v1_30-alpha_3376ee0d.istiod: gcr.io/istio-testing/pilot:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 + images.v1_30-alpha_3376ee0d.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 + images.v1_30-alpha_3376ee0d.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 6bbb12e97e..f262e2ac6b 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. enum: - v1.28-latest - v1.28.4 @@ -1520,7 +1520,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 542dba443f..627a4d6b32 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.b38ad9e4. + Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3376ee0d. enum: - v1.28.4 - v1.28.3 @@ -10167,7 +10167,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 1362fefb31..f8e0a066d3 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. enum: - v1.28-latest - v1.28.4 @@ -10249,7 +10249,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 232e3347f8..20be16c605 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3456,7 +3456,7 @@ spec: default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. enum: - v1.28-latest - v1.28.4 @@ -3498,7 +3498,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d type: string required: - namespace @@ -7020,7 +7020,7 @@ spec: default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. enum: - v1.28-latest - v1.28.4 @@ -7062,7 +7062,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index edec393287..db0b2033a2 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. enum: - v1.28-latest - v1.28.4 @@ -1520,7 +1520,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 1c8c4aa313..606efa5161 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.b38ad9e4. + Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3376ee0d. enum: - v1.28.4 - v1.28.3 @@ -10167,7 +10167,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 81c2361dd1..58b6655a3c 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. enum: - v1.28-latest - v1.28.4 @@ -10249,7 +10249,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 1782f26a34..a0b708fc76 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3456,7 +3456,7 @@ spec: default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. enum: - v1.28-latest - v1.28.4 @@ -3498,7 +3498,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d type: string required: - namespace @@ -7020,7 +7020,7 @@ spec: default: v1.28.4 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. + Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. enum: - v1.28-latest - v1.28.4 @@ -7062,7 +7062,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index a23f265c6e..82ed4672ad 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -54,10 +54,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_b38ad9e4.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 - images.v1_30-alpha_b38ad9e4.istiod: gcr.io/istio-testing/pilot:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 - images.v1_30-alpha_b38ad9e4.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 - images.v1_30-alpha_b38ad9e4.cni: gcr.io/istio-testing/install-cni:1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + images.v1_30-alpha_3376ee0d.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 + images.v1_30-alpha_3376ee0d.istiod: gcr.io/istio-testing/pilot:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 + images.v1_30-alpha_3376ee0d.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 + images.v1_30-alpha_3376ee0d.cni: gcr.io/istio-testing/install-cni:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 revisionHistoryLimit: 10 service: port: 8443 @@ -89,7 +89,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.b38ad9e4 + - v1.30-alpha.3376ee0d [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/README.adoc b/docs/README.adoc index c54da09ce6..d9fa05c345 100644 --- a/docs/README.adoc +++ b/docs/README.adoc @@ -1,9 +1,9 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../[Return to Project Root] diff --git a/docs/addons/addons.adoc b/docs/addons/addons.adoc index 57cef8481d..5c3660d26f 100644 --- a/docs/addons/addons.adoc +++ b/docs/addons/addons.adoc @@ -1,9 +1,9 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../README.adoc[Return to Project Root] diff --git a/docs/addons/observability.adoc b/docs/addons/observability.adoc index 380f26962c..d2afc774ff 100644 --- a/docs/addons/observability.adoc +++ b/docs/addons/observability.adoc @@ -1,9 +1,9 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../README.adoc[Return to Project Root] diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index ce9d03533e..1ed5303c10 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.b38ad9e4] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.3376ee0d] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.b38ad9e4. | | Enum: [v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.b38ad9e4] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3376ee0d. | | Enum: [v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.3376ee0d] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.b38ad9e4] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.3376ee0d] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3541,7 +3541,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.b38ad9e4] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.3376ee0d] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3707,7 +3707,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.b38ad9e4. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.b38ad9e4] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.4, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.7, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3376ee0d. | v1.28.4 | Enum: [v1.28-latest v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.7 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.3376ee0d] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/docs/common/create-and-configure-gateways.adoc b/docs/common/create-and-configure-gateways.adoc index 2dddfb9124..b213296ac0 100644 --- a/docs/common/create-and-configure-gateways.adoc +++ b/docs/common/create-and-configure-gateways.adoc @@ -1,9 +1,9 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../README.adoc[Return to Project Root] diff --git a/docs/common/istio-ambient-mode.adoc b/docs/common/istio-ambient-mode.adoc index 58dfea7b2d..d5967a951d 100644 --- a/docs/common/istio-ambient-mode.adoc +++ b/docs/common/istio-ambient-mode.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../README.adoc[Return to Project Root] diff --git a/docs/common/istio-ambient-waypoint.adoc b/docs/common/istio-ambient-waypoint.adoc index 6a718342e8..b26d8243a4 100644 --- a/docs/common/istio-ambient-waypoint.adoc +++ b/docs/common/istio-ambient-waypoint.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../README.adoc[Return to Project Root] diff --git a/docs/common/istio-nftables.adoc b/docs/common/istio-nftables.adoc index 91e9c62985..447d16be8e 100644 --- a/docs/common/istio-nftables.adoc +++ b/docs/common/istio-nftables.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../README.md[Return to Project Root] diff --git a/docs/deployment-models/consolidating-cp.adoc b/docs/deployment-models/consolidating-cp.adoc index df1fd6161d..0b36cd4bc5 100644 --- a/docs/deployment-models/consolidating-cp.adoc +++ b/docs/deployment-models/consolidating-cp.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../../README.adoc[Return to Project Root] diff --git a/docs/deployment-models/multicluster.adoc b/docs/deployment-models/multicluster.adoc index 8e5f6d6b1f..caf930b331 100644 --- a/docs/deployment-models/multicluster.adoc +++ b/docs/deployment-models/multicluster.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../README.adoc[Return to Project Root] diff --git a/docs/deployment-models/multiple-mesh.adoc b/docs/deployment-models/multiple-mesh.adoc index 84c07433ca..9a2b25112c 100644 --- a/docs/deployment-models/multiple-mesh.adoc +++ b/docs/deployment-models/multiple-mesh.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../../README.adoc[Return to Project Root] diff --git a/docs/dual-stack/dual-stack.adoc b/docs/dual-stack/dual-stack.adoc index 04edcb3c03..97eef6de6b 100644 --- a/docs/dual-stack/dual-stack.adoc +++ b/docs/dual-stack/dual-stack.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../../README.adoc[Return to Project Root] diff --git a/docs/general/getting-started.adoc b/docs/general/getting-started.adoc index acd836e0a1..d7fbef8258 100644 --- a/docs/general/getting-started.adoc +++ b/docs/general/getting-started.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../README.adoc[Return to Project Root] diff --git a/docs/general/istiod-ha.adoc b/docs/general/istiod-ha.adoc index b4acfd3a4e..b41a6d166d 100644 --- a/docs/general/istiod-ha.adoc +++ b/docs/general/istiod-ha.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../../README.adoc[Return to Project Root] diff --git a/docs/general/plugin-ca.adoc b/docs/general/plugin-ca.adoc index 5f3322603e..69bde0af07 100644 --- a/docs/general/plugin-ca.adoc +++ b/docs/general/plugin-ca.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../../README.adoc[Return to Project Root] diff --git a/docs/guidelines/guidelines.adoc b/docs/guidelines/guidelines.adoc index 7bbe5b6cd8..e853a01a5d 100644 --- a/docs/guidelines/guidelines.adoc +++ b/docs/guidelines/guidelines.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../../README.adoc[Return to Project Root] @@ -97,12 +97,12 @@ Use code blocks for commands or groups of commands that have the same context. * All AsciiDoc files should include variable definitions at the top for GitHub compatibility: ``` // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 ``` Note: that the values of the variables will be automatically updated on each release to keep them in sync with the actual versions. diff --git a/docs/migrate-from-sidecar-to-ambient/migration.adoc b/docs/migrate-from-sidecar-to-ambient/migration.adoc index b4ee6e8853..f5e07196a4 100644 --- a/docs/migrate-from-sidecar-to-ambient/migration.adoc +++ b/docs/migrate-from-sidecar-to-ambient/migration.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 = Migrating from Sidecar to Ambient Mode diff --git a/docs/update-strategy/update-strategy.adoc b/docs/update-strategy/update-strategy.adoc index bce866b3d8..67fae3b881 100644 --- a/docs/update-strategy/update-strategy.adoc +++ b/docs/update-strategy/update-strategy.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.3 -:istio_latest_version_revision_format: 1-28-3 +:istio_latest_version: 1.28.4 +:istio_latest_version_revision_format: 1-28-4 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.2 -:istio_latest_minus_one_version_revision_format: 1-28-2 +:istio_latest_minus_one_version: 1.28.3 +:istio_latest_minus_one_version_revision_format: 1-28-3 link:../../README.adoc[Return to Project Root] diff --git a/go.mod b/go.mod index 4423a94ed8..ff4fcae0d4 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260216182019-0f9c823fa50f - istio.io/istio v0.0.0-20260216202619-b38ad9e43536 + istio.io/istio v0.0.0-20260218003125-3376ee0d0770 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index 9e0750fccb..5fe4510d44 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260216181618-30c114faeea7 h1:4Kh+JRsFNW3u+vo68F istio.io/api v1.29.0-alpha.0.0.20260216181618-30c114faeea7/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260216182019-0f9c823fa50f h1:0IDLeNajOgmRi8iL4gSXnvzStlJC+32UuWg6TMsXhUU= istio.io/client-go v1.29.0-alpha.0.0.20260216182019-0f9c823fa50f/go.mod h1:R821SYceqLPFP8LpUU1dr9pe5pmFv1HKnKbPJlR3acU= -istio.io/istio v0.0.0-20260216202619-b38ad9e43536 h1:a0FTgs7yFASvKWBZHEDo2A8dHi4N265xoOUCe+SY7xA= -istio.io/istio v0.0.0-20260216202619-b38ad9e43536/go.mod h1:ZVaiDgw5BXZ/HaVhGrTJ8aCQzBYUipYn40Tr4hQy9Jc= +istio.io/istio v0.0.0-20260218003125-3376ee0d0770 h1:10t3I1pXEhwxHJEPNuQpgdOgZmFSQdqKjcNJR3QsWQQ= +istio.io/istio v0.0.0-20260218003125-3376ee0d0770/go.mod h1:ZVaiDgw5BXZ/HaVhGrTJ8aCQzBYUipYn40Tr4hQy9Jc= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 166fd3d085..f20ddc9418 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -227,15 +227,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.b38ad9e4 - - name: v1.30-alpha.b38ad9e4 - version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + ref: v1.30-alpha.3376ee0d + - name: v1.30-alpha.3376ee0d + version: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 repo: https://github.com/istio/istio branch: master - commit: b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + commit: 3376ee0d0770559f0a88687c79510f3fc6677688 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3/helm/base-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3/helm/cni-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3/helm/gateway-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3/helm/istiod-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3/helm/ztunnel-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688/helm/base-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688/helm/cni-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688/helm/gateway-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688/helm/istiod-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688/helm/ztunnel-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz diff --git a/resources/v1.30-alpha.3376ee0d/base-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag b/resources/v1.30-alpha.3376ee0d/base-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag new file mode 100644 index 0000000000..1152e9060f --- /dev/null +++ b/resources/v1.30-alpha.3376ee0d/base-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag @@ -0,0 +1 @@ +fa20260128e75a5f9d3da176ec96fd2c diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/Chart.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.b38ad9e4/charts/base/Chart.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/Chart.yaml index 4168830f65..f435928424 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +appVersion: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +version: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/README.md b/resources/v1.30-alpha.3376ee0d/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/README.md rename to resources/v1.30-alpha.3376ee0d/charts/base/README.md diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.3376ee0d/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.3376ee0d/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/base/values.yaml b/resources/v1.30-alpha.3376ee0d/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/base/values.yaml rename to resources/v1.30-alpha.3376ee0d/charts/base/values.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/Chart.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/Chart.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/Chart.yaml index f61822e63a..a029c1f559 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +appVersion: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +version: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/README.md b/resources/v1.30-alpha.3376ee0d/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/README.md rename to resources/v1.30-alpha.3376ee0d/charts/cni/README.md diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3376ee0d/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/_helpers.tpl new file mode 100644 index 0000000000..4185bfc79d --- /dev/null +++ b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/_helpers.tpl @@ -0,0 +1,33 @@ +{{- define "name" -}} + istio-cni +{{- end }} + + +{{- define "istio-tag" -}} + {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} +{{- end }} + +{{/* +Render resource requirements, omitting any nil values. +*/}} +{{- define "istio-cni.resources" -}} +{{- range $key := list "limits" "requests" }} + {{- $resources := index $ $key }} + {{- if $resources }} + {{- $hasValues := false }} + {{- range $name, $value := $resources }} + {{- if $value }} + {{- $hasValues = true }} + {{- end }} + {{- end }} + {{- if $hasValues }} +{{ $key }}: + {{- range $name, $value := $resources }} + {{- if $value }} + {{ $name }}: {{ $value }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/daemonset.yaml similarity index 98% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/daemonset.yaml index 0be2784012..d7b206e359 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/daemonset.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/daemonset.yaml @@ -215,9 +215,9 @@ spec: {{ end }} resources: {{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} +{{ include "istio-cni.resources" .Values.resources | trim | indent 12 }} {{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} +{{ include "istio-cni.resources" .Values.global.defaultResources | trim | indent 12 }} {{- end }} volumes: # Used to install CNI. diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/values.yaml b/resources/v1.30-alpha.3376ee0d/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.b38ad9e4/charts/cni/values.yaml rename to resources/v1.30-alpha.3376ee0d/charts/cni/values.yaml index 8a37174ba7..18765436da 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/cni/values.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + tag: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/Chart.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/Chart.yaml index f25aafedec..f4ea5fedc0 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +appVersion: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +version: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/README.md b/resources/v1.30-alpha.3376ee0d/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/README.md rename to resources/v1.30-alpha.3376ee0d/charts/gateway/README.md diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.3376ee0d/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/_helpers.tpl similarity index 68% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.3376ee0d/charts/gateway/templates/_helpers.tpl index e5a0a9b3c2..9d3cfa2ce8 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/_helpers.tpl +++ b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/_helpers.tpl @@ -38,3 +38,28 @@ istio.io/rev: {{ . | quote }} {{- .Values.serviceAccount.name | default "default" }} {{- end }} {{- end }} + +{{/* +Render resource requirements, omitting any nil values. +*/}} +{{- define "gateway.resources" -}} +{{- range $key := list "limits" "requests" }} + {{- $resources := index $ $key }} + {{- if $resources }} + {{- $hasValues := false }} + {{- range $name, $value := $resources }} + {{- if $value }} + {{- $hasValues = true }} + {{- end }} + {{- end }} + {{- if $hasValues }} +{{ $key }}: + {{- range $name, $value := $resources }} + {{- if $value }} + {{ $name }}: {{ $value }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/deployment.yaml similarity index 98% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/templates/deployment.yaml index 1d8f93a472..6daec4927b 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/deployment.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/deployment.yaml @@ -107,7 +107,7 @@ spec: protocol: TCP name: http-envoy-prom resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- include "gateway.resources" .Values.resources | trim | nindent 12 }} {{- with .Values.volumeMounts }} volumeMounts: {{- toYaml . | nindent 12 }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/values.schema.json b/resources/v1.30-alpha.3376ee0d/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/values.schema.json rename to resources/v1.30-alpha.3376ee0d/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.b38ad9e4/charts/gateway/values.yaml b/resources/v1.30-alpha.3376ee0d/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/gateway/values.yaml rename to resources/v1.30-alpha.3376ee0d/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/Chart.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/Chart.yaml index 8f7f426c1a..a022e5d432 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +appVersion: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +version: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/README.md b/resources/v1.30-alpha.3376ee0d/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/README.md rename to resources/v1.30-alpha.3376ee0d/charts/istiod/README.md diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/agentgateway.yaml similarity index 99% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/agentgateway.yaml index ca55352712..8ed6d8fbbd 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/agentgateway.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/agentgateway.yaml @@ -89,7 +89,7 @@ spec: {{- end }} {{- if .Values.global.proxy.resources }} resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} + {{- toYaml (omitNil .Values.global.proxy.resources) | nindent 10 }} {{- end }} {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} securityContext: diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/grpc-agent.yaml similarity index 99% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/grpc-agent.yaml index 3b9240e36c..1918935d68 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-agent.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/grpc-agent.yaml @@ -20,7 +20,7 @@ {{- end }} {{- else }} {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{ toYaml (omitNil .Values.global.proxy.resources) | indent 6 }} {{- end }} {{- end }} {{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/injection-template.yaml similarity index 99% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/injection-template.yaml index 82ef167172..f8efd03b1a 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/injection-template.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/injection-template.yaml @@ -20,7 +20,7 @@ {{- end }} {{- else }} {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{ toYaml (omitNil .Values.global.proxy.resources) | indent 6 }} {{- end }} {{- end }} {{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/kube-gateway.yaml similarity index 99% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/kube-gateway.yaml index 8d909beb83..f281176357 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/kube-gateway.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/kube-gateway.yaml @@ -92,7 +92,7 @@ spec: {{- end }} {{- if .Values.global.proxy.resources }} resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} + {{- toYaml (omitNil .Values.global.proxy.resources) | nindent 10 }} {{- end }} {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} securityContext: diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/waypoint.yaml similarity index 99% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/files/waypoint.yaml index 644d8780c3..3470c6153c 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/istiod/files/waypoint.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/istiod/files/waypoint.yaml @@ -216,7 +216,7 @@ spec: {{- end }} {{- if .Values.global.waypoint.resources }} resources: - {{- toYaml .Values.global.waypoint.resources | nindent 10 }} + {{- toYaml (omitNil .Values.global.waypoint.resources) | nindent 10 }} {{- end }} startupProbe: failureThreshold: 30 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/_helpers.tpl similarity index 57% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/_helpers.tpl index 042c92538d..c64f6af543 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/_helpers.tpl +++ b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/_helpers.tpl @@ -21,3 +21,28 @@ .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled }} {{- end }} + +{{/* +Render resource requirements, omitting any nil values. +*/}} +{{- define "istiod.resources" -}} +{{- range $key := list "limits" "requests" }} + {{- $resources := index $ $key }} + {{- if $resources }} + {{- $hasValues := false }} + {{- range $name, $value := $resources }} + {{- if $value }} + {{- $hasValues = true }} + {{- end }} + {{- end }} + {{- if $hasValues }} +{{ $key }}: + {{- range $name, $value := $resources }} + {{- if $value }} + {{ $name }}: {{ $value }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/deployment.yaml similarity index 98% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/deployment.yaml index da975afd5c..b255ced930 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/deployment.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/deployment.yaml @@ -222,9 +222,9 @@ spec: value: "{{ coalesce .Values.global.platform .Values.platform }}" resources: {{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} +{{ include "istiod.resources" .Values.resources | trim | indent 12 }} {{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} +{{ include "istiod.resources" .Values.global.defaultResources | trim | indent 12 }} {{- end }} securityContext: allowPrivilegeEscalation: false diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/istiod/values.yaml b/resources/v1.30-alpha.3376ee0d/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.b38ad9e4/charts/istiod/values.yaml rename to resources/v1.30-alpha.3376ee0d/charts/istiod/values.yaml index fdc17b4f9a..d4f741db67 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + tag: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/Chart.yaml index 20bddc5a70..a9e437c6c1 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +appVersion: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/values.yaml b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.b38ad9e4/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.3376ee0d/charts/revisiontags/values.yaml index fdc17b4f9a..d4f741db67 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + tag: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/Chart.yaml index 5c53e8efb9..32ebc77748 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +appVersion: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 +version: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/README.md b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/README.md rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/_helpers.tpl new file mode 100644 index 0000000000..ecbc4d3404 --- /dev/null +++ b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/_helpers.tpl @@ -0,0 +1,26 @@ +{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} + +{{/* +Render resource requirements, omitting any nil values. +*/}} +{{- define "ztunnel.resources" -}} +{{- range $key := list "limits" "requests" }} + {{- $resources := index $ $key }} + {{- if $resources }} + {{- $hasValues := false }} + {{- range $name, $value := $resources }} + {{- if $value }} + {{- $hasValues = true }} + {{- end }} + {{- end }} + {{- if $hasValues }} +{{ $key }}: + {{- range $name, $value := $resources }} + {{- if $value }} + {{ $name }}: {{ $value }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/daemonset.yaml similarity index 99% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/daemonset.yaml index cb5451a799..520f797190 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/daemonset.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/daemonset.yaml @@ -73,7 +73,7 @@ spec: protocol: TCP resources: {{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 10 }} +{{ include "ztunnel.resources" .Values.resources | trim | indent 10 }} {{- end }} {{- with .Values.imagePullPolicy }} imagePullPolicy: {{ . }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/values.yaml b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.b38ad9e4/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.3376ee0d/charts/ztunnel/values.yaml index 643cd29d28..34a4659675 100644 --- a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.3376ee0d/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3 + tag: 1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.3376ee0d/cni-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag b/resources/v1.30-alpha.3376ee0d/cni-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag new file mode 100644 index 0000000000..dd98770f21 --- /dev/null +++ b/resources/v1.30-alpha.3376ee0d/cni-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag @@ -0,0 +1 @@ +03230128ec6839211d403e5b30aebd94 diff --git a/resources/v1.30-alpha.3376ee0d/commit b/resources/v1.30-alpha.3376ee0d/commit new file mode 100644 index 0000000000..abe402995b --- /dev/null +++ b/resources/v1.30-alpha.3376ee0d/commit @@ -0,0 +1 @@ +3376ee0d0770559f0a88687c79510f3fc6677688 diff --git a/resources/v1.30-alpha.3376ee0d/gateway-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag b/resources/v1.30-alpha.3376ee0d/gateway-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag new file mode 100644 index 0000000000..7418cb9791 --- /dev/null +++ b/resources/v1.30-alpha.3376ee0d/gateway-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag @@ -0,0 +1 @@ +6b4828e19a2848e0db43046ba0c7e278 diff --git a/resources/v1.30-alpha.3376ee0d/istiod-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag b/resources/v1.30-alpha.3376ee0d/istiod-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag new file mode 100644 index 0000000000..e502dd7ada --- /dev/null +++ b/resources/v1.30-alpha.3376ee0d/istiod-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag @@ -0,0 +1 @@ +f29ffbe69057ac1391490d5feb8e004a diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/ambient.yaml b/resources/v1.30-alpha.3376ee0d/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/profiles/ambient.yaml rename to resources/v1.30-alpha.3376ee0d/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/default.yaml b/resources/v1.30-alpha.3376ee0d/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/profiles/default.yaml rename to resources/v1.30-alpha.3376ee0d/profiles/default.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/demo.yaml b/resources/v1.30-alpha.3376ee0d/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/profiles/demo.yaml rename to resources/v1.30-alpha.3376ee0d/profiles/demo.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/empty.yaml b/resources/v1.30-alpha.3376ee0d/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/profiles/empty.yaml rename to resources/v1.30-alpha.3376ee0d/profiles/empty.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.3376ee0d/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.3376ee0d/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/openshift.yaml b/resources/v1.30-alpha.3376ee0d/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/profiles/openshift.yaml rename to resources/v1.30-alpha.3376ee0d/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/preview.yaml b/resources/v1.30-alpha.3376ee0d/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/profiles/preview.yaml rename to resources/v1.30-alpha.3376ee0d/profiles/preview.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/remote.yaml b/resources/v1.30-alpha.3376ee0d/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/profiles/remote.yaml rename to resources/v1.30-alpha.3376ee0d/profiles/remote.yaml diff --git a/resources/v1.30-alpha.b38ad9e4/profiles/stable.yaml b/resources/v1.30-alpha.3376ee0d/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.b38ad9e4/profiles/stable.yaml rename to resources/v1.30-alpha.3376ee0d/profiles/stable.yaml diff --git a/resources/v1.30-alpha.3376ee0d/ztunnel-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag b/resources/v1.30-alpha.3376ee0d/ztunnel-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag new file mode 100644 index 0000000000..a7565ce409 --- /dev/null +++ b/resources/v1.30-alpha.3376ee0d/ztunnel-1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688.tgz.etag @@ -0,0 +1 @@ +1df83aabee809eedfa33be20e0644e03 diff --git a/resources/v1.30-alpha.b38ad9e4/base-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag b/resources/v1.30-alpha.b38ad9e4/base-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag deleted file mode 100644 index e43ad2c8e0..0000000000 --- a/resources/v1.30-alpha.b38ad9e4/base-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -edabd70bfebb6c38becf6bd568455b41 diff --git a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/_helpers.tpl deleted file mode 100644 index 73cc17b2f6..0000000000 --- a/resources/v1.30-alpha.b38ad9e4/charts/cni/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "name" -}} - istio-cni -{{- end }} - - -{{- define "istio-tag" -}} - {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} -{{- end }} diff --git a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/_helpers.tpl deleted file mode 100644 index 46a7a0b79d..0000000000 --- a/resources/v1.30-alpha.b38ad9e4/charts/ztunnel/templates/_helpers.tpl +++ /dev/null @@ -1 +0,0 @@ -{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.30-alpha.b38ad9e4/cni-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag b/resources/v1.30-alpha.b38ad9e4/cni-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag deleted file mode 100644 index 31af34cc6e..0000000000 --- a/resources/v1.30-alpha.b38ad9e4/cni-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -87b59da1f42d445718d6fe657f1faffe diff --git a/resources/v1.30-alpha.b38ad9e4/commit b/resources/v1.30-alpha.b38ad9e4/commit deleted file mode 100644 index 490ab875fd..0000000000 --- a/resources/v1.30-alpha.b38ad9e4/commit +++ /dev/null @@ -1 +0,0 @@ -b38ad9e43536da97f4c7f0259d7a313aa17b69b3 diff --git a/resources/v1.30-alpha.b38ad9e4/gateway-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag b/resources/v1.30-alpha.b38ad9e4/gateway-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag deleted file mode 100644 index d324c750a0..0000000000 --- a/resources/v1.30-alpha.b38ad9e4/gateway-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -6bec10122ae562328306c14b9df5ad64 diff --git a/resources/v1.30-alpha.b38ad9e4/istiod-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag b/resources/v1.30-alpha.b38ad9e4/istiod-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag deleted file mode 100644 index 6838a0c27a..0000000000 --- a/resources/v1.30-alpha.b38ad9e4/istiod-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -c9a0d0f70da5ca80587d32c7bacdbe8e diff --git a/resources/v1.30-alpha.b38ad9e4/ztunnel-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag b/resources/v1.30-alpha.b38ad9e4/ztunnel-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag deleted file mode 100644 index d8176c24ef..0000000000 --- a/resources/v1.30-alpha.b38ad9e4/ztunnel-1.30-alpha.b38ad9e43536da97f4c7f0259d7a313aa17b69b3.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -c9f774e09d5546ed76658ade9a3dea22 From 8c3015ff10959b3f43c678a362767e170b08dfab Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot Date: Wed, 18 Feb 2026 21:24:52 +0000 Subject: [PATCH 6/6] Automated regeneration --- ...cemeshoperator3.clusterserviceversion.yaml | 88 +++---------------- chart/values.yaml | 58 +----------- 2 files changed, 13 insertions(+), 133 deletions(-) diff --git a/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml b/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml index b9d4e19124..2fe68af6b6 100644 --- a/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml +++ b/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml @@ -44,9 +44,9 @@ metadata: ] capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security - containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-18T05:31:32Z" - description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. + containerImage: quay.io/sail-dev/sail-operator:3.0-latest + createdAt: "2026-02-18T21:24:48Z" + description: The OpenShift Service Mesh Operator enables you to install, configure, and manage an instance of Red Hat OpenShift Service Mesh. OpenShift Service Mesh is based on the open source Istio project. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" features.operators.openshift.io/csi: "false" @@ -405,23 +405,10 @@ spec: ### Overview - - v1.28-latest - - v1.28.4 - - v1.28.3 - - v1.28.2 - - v1.28.1 - - v1.28.0 - - v1.27-latest - - v1.27.7 - - v1.27.6 - - v1.27.5 - - v1.27.4 - - v1.27.3 - - v1.27.2 - - v1.27.1 - - v1.27.0 - - master - - v1.30-alpha.3376ee0d + Red Hat OpenShift Service Mesh, based on the open source [Istio](https://istio.io/) project, adds a transparent layer on existing + distributed applications without requiring any changes to the service code. You add Red Hat OpenShift Service Mesh + support to services by deploying a special sidecar proxy throughout your environment that intercepts all network + communication between microservices. You configure and manage the service mesh using the control plane features. Red Hat OpenShift Service Mesh provides an easy way to create a network of deployed services that provides discovery, load balancing, service-to-service authentication, failure recovery, metrics, and monitoring. A service mesh also @@ -804,62 +791,11 @@ spec: template: metadata: annotations: - images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 - images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 - images.v1_27_0.ztunnel: gcr.io/istio-release/ztunnel:1.27.0 - images.v1_27_1.cni: gcr.io/istio-release/install-cni:1.27.1 - images.v1_27_1.istiod: gcr.io/istio-release/pilot:1.27.1 - images.v1_27_1.proxy: gcr.io/istio-release/proxyv2:1.27.1 - images.v1_27_1.ztunnel: gcr.io/istio-release/ztunnel:1.27.1 - images.v1_27_2.cni: gcr.io/istio-release/install-cni:1.27.2 - images.v1_27_2.istiod: gcr.io/istio-release/pilot:1.27.2 - images.v1_27_2.proxy: gcr.io/istio-release/proxyv2:1.27.2 - images.v1_27_2.ztunnel: gcr.io/istio-release/ztunnel:1.27.2 - images.v1_27_3.cni: gcr.io/istio-release/install-cni:1.27.3 - images.v1_27_3.istiod: gcr.io/istio-release/pilot:1.27.3 - images.v1_27_3.proxy: gcr.io/istio-release/proxyv2:1.27.3 - images.v1_27_3.ztunnel: gcr.io/istio-release/ztunnel:1.27.3 - images.v1_27_4.cni: gcr.io/istio-release/install-cni:1.27.4 - images.v1_27_4.istiod: gcr.io/istio-release/pilot:1.27.4 - images.v1_27_4.proxy: gcr.io/istio-release/proxyv2:1.27.4 - images.v1_27_4.ztunnel: gcr.io/istio-release/ztunnel:1.27.4 - images.v1_27_5.cni: gcr.io/istio-release/install-cni:1.27.5 - images.v1_27_5.istiod: gcr.io/istio-release/pilot:1.27.5 - images.v1_27_5.proxy: gcr.io/istio-release/proxyv2:1.27.5 - images.v1_27_5.ztunnel: gcr.io/istio-release/ztunnel:1.27.5 - images.v1_27_6.cni: gcr.io/istio-release/install-cni:1.27.6 - images.v1_27_6.istiod: gcr.io/istio-release/pilot:1.27.6 - images.v1_27_6.proxy: gcr.io/istio-release/proxyv2:1.27.6 - images.v1_27_6.ztunnel: gcr.io/istio-release/ztunnel:1.27.6 - images.v1_27_7.cni: gcr.io/istio-release/install-cni:1.27.7 - images.v1_27_7.istiod: gcr.io/istio-release/pilot:1.27.7 - images.v1_27_7.proxy: gcr.io/istio-release/proxyv2:1.27.7 - images.v1_27_7.ztunnel: gcr.io/istio-release/ztunnel:1.27.7 - images.v1_28_0.cni: gcr.io/istio-release/install-cni:1.28.0 - images.v1_28_0.istiod: gcr.io/istio-release/pilot:1.28.0 - images.v1_28_0.proxy: gcr.io/istio-release/proxyv2:1.28.0 - images.v1_28_0.ztunnel: gcr.io/istio-release/ztunnel:1.28.0 - images.v1_28_1.cni: gcr.io/istio-release/install-cni:1.28.1 - images.v1_28_1.istiod: gcr.io/istio-release/pilot:1.28.1 - images.v1_28_1.proxy: gcr.io/istio-release/proxyv2:1.28.1 - images.v1_28_1.ztunnel: gcr.io/istio-release/ztunnel:1.28.1 - images.v1_28_2.cni: gcr.io/istio-release/install-cni:1.28.2 - images.v1_28_2.istiod: gcr.io/istio-release/pilot:1.28.2 - images.v1_28_2.proxy: gcr.io/istio-release/proxyv2:1.28.2 - images.v1_28_2.ztunnel: gcr.io/istio-release/ztunnel:1.28.2 - images.v1_28_3.cni: gcr.io/istio-release/install-cni:1.28.3 - images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 - images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 - images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_28_4.cni: gcr.io/istio-release/install-cni:1.28.4 - images.v1_28_4.istiod: gcr.io/istio-release/pilot:1.28.4 - images.v1_28_4.proxy: gcr.io/istio-release/proxyv2:1.28.4 - images.v1_28_4.ztunnel: gcr.io/istio-release/ztunnel:1.28.4 - images.v1_30-alpha_3376ee0d.cni: gcr.io/istio-testing/install-cni:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 - images.v1_30-alpha_3376ee0d.istiod: gcr.io/istio-testing/pilot:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 - images.v1_30-alpha_3376ee0d.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 - images.v1_30-alpha_3376ee0d.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 + images.v1_24_4.cni: registry.redhat.io/openshift-service-mesh/istio-cni-rhel9:1.24.4 + images.v1_24_4.istiod: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.24.4 + images.v1_24_4.must-gather: registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9:3.0.1 + images.v1_24_4.proxy: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9:1.24.4 + images.v1_24_4.ztunnel: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.24.4 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: servicemeshoperator3 diff --git a/chart/values.yaml b/chart/values.yaml index 82ed4672ad..18776a9ecf 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,63 +1,7 @@ name: sailoperator deployment: name: sail-operator - annotations: - images.v1_28_4.ztunnel: gcr.io/istio-release/ztunnel:1.28.4 - images.v1_28_4.istiod: gcr.io/istio-release/pilot:1.28.4 - images.v1_28_4.proxy: gcr.io/istio-release/proxyv2:1.28.4 - images.v1_28_4.cni: gcr.io/istio-release/install-cni:1.28.4 - images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 - images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 - images.v1_28_3.cni: gcr.io/istio-release/install-cni:1.28.3 - images.v1_28_2.ztunnel: gcr.io/istio-release/ztunnel:1.28.2 - images.v1_28_2.istiod: gcr.io/istio-release/pilot:1.28.2 - images.v1_28_2.proxy: gcr.io/istio-release/proxyv2:1.28.2 - images.v1_28_2.cni: gcr.io/istio-release/install-cni:1.28.2 - images.v1_28_1.ztunnel: gcr.io/istio-release/ztunnel:1.28.1 - images.v1_28_1.istiod: gcr.io/istio-release/pilot:1.28.1 - images.v1_28_1.proxy: gcr.io/istio-release/proxyv2:1.28.1 - images.v1_28_1.cni: gcr.io/istio-release/install-cni:1.28.1 - images.v1_28_0.ztunnel: gcr.io/istio-release/ztunnel:1.28.0 - images.v1_28_0.istiod: gcr.io/istio-release/pilot:1.28.0 - images.v1_28_0.proxy: gcr.io/istio-release/proxyv2:1.28.0 - images.v1_28_0.cni: gcr.io/istio-release/install-cni:1.28.0 - images.v1_27_7.ztunnel: gcr.io/istio-release/ztunnel:1.27.7 - images.v1_27_7.istiod: gcr.io/istio-release/pilot:1.27.7 - images.v1_27_7.proxy: gcr.io/istio-release/proxyv2:1.27.7 - images.v1_27_7.cni: gcr.io/istio-release/install-cni:1.27.7 - images.v1_27_6.ztunnel: gcr.io/istio-release/ztunnel:1.27.6 - images.v1_27_6.istiod: gcr.io/istio-release/pilot:1.27.6 - images.v1_27_6.proxy: gcr.io/istio-release/proxyv2:1.27.6 - images.v1_27_6.cni: gcr.io/istio-release/install-cni:1.27.6 - images.v1_27_5.ztunnel: gcr.io/istio-release/ztunnel:1.27.5 - images.v1_27_5.istiod: gcr.io/istio-release/pilot:1.27.5 - images.v1_27_5.proxy: gcr.io/istio-release/proxyv2:1.27.5 - images.v1_27_5.cni: gcr.io/istio-release/install-cni:1.27.5 - images.v1_27_4.ztunnel: gcr.io/istio-release/ztunnel:1.27.4 - images.v1_27_4.istiod: gcr.io/istio-release/pilot:1.27.4 - images.v1_27_4.proxy: gcr.io/istio-release/proxyv2:1.27.4 - images.v1_27_4.cni: gcr.io/istio-release/install-cni:1.27.4 - images.v1_27_3.ztunnel: gcr.io/istio-release/ztunnel:1.27.3 - images.v1_27_3.istiod: gcr.io/istio-release/pilot:1.27.3 - images.v1_27_3.proxy: gcr.io/istio-release/proxyv2:1.27.3 - images.v1_27_3.cni: gcr.io/istio-release/install-cni:1.27.3 - images.v1_27_2.ztunnel: gcr.io/istio-release/ztunnel:1.27.2 - images.v1_27_2.istiod: gcr.io/istio-release/pilot:1.27.2 - images.v1_27_2.proxy: gcr.io/istio-release/proxyv2:1.27.2 - images.v1_27_2.cni: gcr.io/istio-release/install-cni:1.27.2 - images.v1_27_1.ztunnel: gcr.io/istio-release/ztunnel:1.27.1 - images.v1_27_1.istiod: gcr.io/istio-release/pilot:1.27.1 - images.v1_27_1.proxy: gcr.io/istio-release/proxyv2:1.27.1 - images.v1_27_1.cni: gcr.io/istio-release/install-cni:1.27.1 - images.v1_27_0.ztunnel: gcr.io/istio-release/ztunnel:1.27.0 - images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 - images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 - images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_3376ee0d.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 - images.v1_30-alpha_3376ee0d.istiod: gcr.io/istio-testing/pilot:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 - images.v1_30-alpha_3376ee0d.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 - images.v1_30-alpha_3376ee0d.cni: gcr.io/istio-testing/install-cni:1.30-alpha.3376ee0d0770559f0a88687c79510f3fc6677688 + annotations: {} revisionHistoryLimit: 10 service: port: 8443