chore(deps): update istio-prod to v1.25.0 for prod env #207
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- main/istio_talos_manifests_istio_prod_manifest_main.yaml 2025-03-20 02:57:59.973082899 +0000
+++ pr/istio_talos_manifests_istio_prod_manifest_pr.yaml 2025-03-20 02:57:50.777055123 +0000
@@ -10,22 +10,22 @@
app: istiod
istio.io/rev: "default"
install.operator.istio.io/owning-resource: unknown
operator.istio.io/component: "Pilot"
release: istio
istio: pilot
app.kubernetes.io/name: "istiod"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "istio"
app.kubernetes.io/part-of: "istio"
- app.kubernetes.io/version: "1.24.3"
- helm.sh/chart: istiod-1.24.3
+ app.kubernetes.io/version: "1.25.0"
+ helm.sh/chart: istiod-1.25.0
spec:
minAvailable: 1
selector:
matchLabels:
app: istiod
istio: pilot
---
# Source: istio/charts/base/templates/reader-serviceaccount.yaml
# This singleton service account aggregates reader permissions for the revisions in a given cluster
# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be,
@@ -36,73 +36,74 @@
metadata:
name: istio-reader-service-account
namespace: istio-system
labels:
app: istio-reader
release: istio
app.kubernetes.io/name: "istio-reader"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "istio"
app.kubernetes.io/part-of: "istio"
- app.kubernetes.io/version: "1.24.3"
- helm.sh/chart: base-1.24.3
+ app.kubernetes.io/version: "1.25.0"
+ helm.sh/chart: base-1.25.0
---
# Source: istio/charts/gateway/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: istio
namespace: github-runner
labels:
app.kubernetes.io/name: istio
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "istio"
app.kubernetes.io/part-of: "istio"
- app.kubernetes.io/version: "1.24.3"
- helm.sh/chart: gateway-1.24.3
+ app.kubernetes.io/version: "1.25.0"
+ helm.sh/chart: gateway-1.25.0
app: istio
istio: istio
+ "istio.io/dataplane-mode": "none"
---
# Source: istio/charts/istiod/templates/serviceaccount.yaml
# Created if this is not a remote istiod, OR if it is and is also a config cluster
apiVersion: v1
kind: ServiceAccount
metadata:
name: istiod
namespace: istio-system
labels:
app: istiod
release: istio
app.kubernetes.io/name: "istiod"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "istio"
app.kubernetes.io/part-of: "istio"
- app.kubernetes.io/version: "1.24.3"
- helm.sh/chart: istiod-1.24.3
+ app.kubernetes.io/version: "1.25.0"
+ helm.sh/chart: istiod-1.25.0
---
# Source: istio/charts/istiod/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: istio
namespace: github-runner
labels:
istio.io/rev: "default"
install.operator.istio.io/owning-resource: unknown
operator.istio.io/component: "Pilot"
release: istio
app.kubernetes.io/name: "istiod"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "istio"
app.kubernetes.io/part-of: "istio"
- app.kubernetes.io/version: "1.24.3"
- helm.sh/chart: istiod-1.24.3
+ app.kubernetes.io/version: "1.25.0"
+ helm.sh/chart: istiod-1.25.0
data:
# Configuration file for the mesh networks to be used by the Split Horizon EDS.
meshNetworks: |-
networks: {}
mesh: |-
defaultConfig:
discoveryAddress: istiod.github-runner.svc:15012
defaultProviders:
@@ -120,22 +121,22 @@
namespace: github-runner
labels:
istio.io/rev: "default"
install.operator.istio.io/owning-resource: unknown
operator.istio.io/component: "Pilot"
release: istio
app.kubernetes.io/name: "istiod"
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "istio"
app.kubernetes.io/part-of: "istio"
- app.kubernetes.io/version: "1.24.3"
- helm.sh/chart: istiod-1.24.3
+ app.kubernetes.io/version: "1.25.0"
+ helm.sh/chart: istiod-1.25.0
data:
values: |-
{
"gateways": {
"seccompProfile": {},
"securityContext": {}
},
"global": {
"caAddress": "",
@@ -215,21 +216,21 @@
},
"remotePilotAddress": "",
"sds": {
"token": {
"aud": "istio-ca"
}
},
"sts": {
"servicePort": 0
},
- "tag": "1.24.3",
+ "tag": "1.25.0",
"variant": "",
"waypoint": {
"affinity": {},
"nodeSelector": {},
"resources": {
"limits": {
"cpu": "2",
"memory": "1Gi"
},
"requests": {
@@ -324,29 +325,30 @@
kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}",
{{- end }}
{{- end }}
{{- if .Values.pilot.cni.enabled }}
{{- if eq .Values.pilot.cni.provider "multus" }}
k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}',
{{- end }}
sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}",
{{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }}
{{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }}
- {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}traffic.sidecar.istio.io/includeInboundPorts: "{{.}}",{{ end }}
+ traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}",
traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}",
{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }}
traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}",
{{- end }}
{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }}
traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}",
{{- end }}
{{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }}
+ {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }}
{{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }}
{{- end }}
}
spec:
{{- $holdProxy := and
(or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts)
(not $nativeSidecar) }}
initContainers:
{{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }}
{{ if .Values.pilot.cni.enabled -}}
@@ -386,20 +388,24 @@
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}"
{{ end -}}
{{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}}
- "-o"
- "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}"
{{ end -}}
{{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}}
- "-k"
- "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}"
{{ end -}}
+ {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}}
+ - "-k"
+ - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}"
+ {{ end -}}
{{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}}
- "-c"
- "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}"
{{ end -}}
- "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}"
{{ if .Values.global.logAsJson -}}
- "--log_as_json"
{{ end -}}
{{ if .Values.pilot.cni.enabled -}}
- "--run-validation"
@@ -565,23 +571,23 @@
- name: ISTIO_META_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: ISTIO_META_INTERCEPTION_MODE
value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}"
{{- if .Values.global.network }}
- name: ISTIO_META_NETWORK
value: "{{ .Values.global.network }}"
{{- end }}
- {{- if .DeploymentMeta.Name }}
+ {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }}
- name: ISTIO_META_WORKLOAD_NAME
- value: "{{ .DeploymentMeta.Name }}"
+ value: "{{ . }}"
{{ end }}
{{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }}
- name: ISTIO_META_OWNER
value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }}
{{- end}}
{{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }}
- name: ISTIO_BOOTSTRAP_OVERRIDE
value: "/etc/istio/custom-bootstrap/custom_bootstrap.json"
{{- end }}
{{- if .Values.global.meshID }}
@@ -787,27 +793,30 @@
- name: {{ . }}
{{- end }}
{{- end }}
gateway: |
{{- $containers := list }}
{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}}
metadata:
labels:
service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }}
service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }}
- annotations: {
- istio.io/rev: {{ .Revision | default "default" | quote }},
- {{- if eq (len $containers) 1 }}
- kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}",
- kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}",
- {{ end }}
- }
+ annotations:
+ istio.io/rev: {{ .Revision | default "default" | quote }}
+ {{- if ge (len $containers) 1 }}
+ {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }}
+ kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}"
+ {{- end }}
+ {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }}
+ kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}"
+ {{- end }}
+ {{- end }}
spec:
securityContext:
{{- if .Values.gateways.securityContext }}
{{- toYaml .Values.gateways.securityContext | nindent 4 }}
{{- else }}
sysctls:
- name: net.ipv4.ip_unprivileged_port_start
value: "0"
{{- end }}
containers:
@@ -1612,20 +1621,24 @@
value: {{.DeploymentName}}
- name: ISTIO_META_OWNER
value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}
{{- if .Values.global.meshID }}
- name: ISTIO_META_MESH_ID
value: "{{ .Values.global.meshID }}"
{{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}
- name: ISTIO_META_MESH_ID
value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}"
{{- end }}
+ {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}
+ - name: TRUST_DOMAIN
+ value: "{{ . }}"
+ {{- end }}
{{- if .Values.global.waypoint.resources }}
resources:
{{- toYaml .Values.global.waypoint.resources | nindent 10 }}
{{- end }}
startupProbe:
failureThreshold: 30
httpGet:
path: /healthz/ready
port: 15021
scheme: HTTP
@@ -2109,22 +2122,22 @@
# without any templating+the old labels, if desired.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: istio
- app.kubernetes.io/version: 1.24.3
- helm.sh/chart: base-1.24.3
+ app.kubernetes.io/version: 1.25.0
+ helm.sh/chart: base-1.25.0
name: wasmplugins.extensions.istio.io
spec:
group: extensions.istio.io
names:
categories:
- istio-io
- extensions-istio-io
kind: WasmPlugin
listKind: WasmPluginList
plural: wasmplugins
@@ -2235,28 +2248,28 @@
selector:
description: Criteria used to select the specific set of pods/VMs
on which this plugin configuration should be applied.
properties:
matchLabels:
additionalProperties:
maxLength: 63
type: string
x-kubernetes-validations:
- message: wildcard not allowed in label value match
- rule: '!self.contains(''*'')'
+ rule: '!self.contains("*")'
description: One or more labels that indicate a specific set of
pods/VMs on which a policy should be applied.
maxProperties: 4096
type: object
x-kubernetes-validations:
- message: wildcard not allowed in label key match
- rule: self.all(key, !key.contains('*'))
+ rule: self.all(key, !key.contains("*"))
- message: key must not be empty
rule: self.all(key, key.size() != 0)
type: object
sha256:
description: SHA256 checksum that will be used to verify Wasm module
or OCI container.
pattern: (^$|^[a-f0-9]{64}$)
type: string
targetRef:
properties:
@@ -2279,25 +2292,20 @@
namespace:
description: namespace is the namespace of the referent.
type: string
x-kubernetes-validations:
- message: cross namespace referencing is not currently supported
rule: self.size() == 0
required:
- kind
- name
type: object
- x-kubernetes-validations:
- - message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
- gateway.networking.k8s.io/Gateway
- rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''],
- [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]'
targetRefs:
description: Optional.
items:
properties:
group:
description: group is the group of the target resource.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
@@ -2314,47 +2322,41 @@
namespace:
description: namespace is the namespace of the referent.
type: string
x-kubernetes-validations:
- message: cross namespace referencing is not currently supported
rule: self.size() == 0
required:
- kind
- name
type: object
- x-kubernetes-validations:
- - message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
- gateway.networking.k8s.io/Gateway
- rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''],
- [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]'
maxItems: 16
type: array
type:
description: |-
Specifies the type of Wasm Extension to be used.
Valid Options: HTTP, NETWORK
enum:
- UNSPECIFIED_PLUGIN_TYPE
- HTTP
- NETWORK
type: string
url:
description: URL of a Wasm module or OCI container.
minLength: 1
type: string
x-kubernetes-validations:
- message: url must have schema one of [http, https, file, oci]
- rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'',
- ''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) &&
- url(''http://'' +self).getScheme() in ['''', ''http'', ''https'',
- ''oci'', ''file''])'
+ rule: |-
+ isURL(self) ? (url(self).getScheme() in ["", "http", "https", "oci", "file"]) : (isURL("http://" + self) &&
+ url("http://" + self).getScheme() in ["", "http", "https", "oci", "file"])
verificationKey:
type: string
vmConfig:
description: Configuration for a Wasm VM.
properties:
env:
description: Specifies environment variables to be injected to
this VM.
items:
properties:
@@ -2374,71 +2376,76 @@
Valid Options: INLINE, HOST
enum:
- INLINE
- HOST
type: string
required:
- name
type: object
x-kubernetes-validations:
- message: value may only be set when valueFrom is INLINE
- rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST''
+ rule: '(has(self.valueFrom) ? self.valueFrom : "") != "HOST"
|| !has(self.value)'
maxItems: 256
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
required:
- url
type: object
x-kubernetes-validations:
- message: only one of targetRefs or selector can be set
- rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1
+ rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0)
+ + (has(self.targetRefs) ? 1 : 0) <= 1'
status:
properties:
conditions:
description: Current service state of the resource.
items:
properties:
lastProbeTime:
description: Last time we probed the condition.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
+ observedGeneration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Resource Generation to which the Condition refers.
+ x-kubernetes-int-or-string: true
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
- description: Resource Generation to which the Reconciled Condition
- refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
@@ -2481,22 +2488,22 @@
# without any templating+the old labels, if desired.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: istio
- app.kubernetes.io/version: 1.24.3
- helm.sh/chart: base-1.24.3
+ app.kubernetes.io/version: 1.25.0
+ helm.sh/chart: base-1.25.0
name: destinationrules.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: DestinationRule
listKind: DestinationRuleList
plural: destinationrules
@@ -4318,28 +4325,28 @@
workloadSelector:
description: Criteria used to select the specific set of pods/VMs
on which this `DestinationRule` configuration should be applied.
properties:
matchLabels:
additionalProperties:
maxLength: 63
type: string
x-kubernetes-validations:
- message: wildcard not allowed in label value match
- rule: '!self.contains(''*'')'
+ rule: '!self.contains("*")'
description: One or more labels that indicate a specific set of
pods/VMs on which a policy should be applied.
maxProperties: 4096
type: object
x-kubernetes-validations:
- message: wildcard not allowed in label key match
- rule: self.all(key, !key.contains('*'))
+ rule: self.all(key, !key.contains("*"))
- message: key must not be empty
rule: self.all(key, key.size() != 0)
type: object
required:
- host
type: object
status:
properties:
conditions:
description: Current service state of the resource.
@@ -4351,38 +4358,42 @@
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
+ observedGeneration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Resource Generation to which the Condition refers.
+ x-kubernetes-int-or-string: true
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
- description: Resource Generation to which the Reconciled Condition
- refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
@@ -6228,28 +6239,28 @@
workloadSelector:
description: Criteria used to select the specific set of pods/VMs
on which this `DestinationRule` configuration should be applied.
properties:
matchLabels:
additionalProperties:
maxLength: 63
type: string
x-kubernetes-validations:
- message: wildcard not allowed in label value match
- rule: '!self.contains(''*'')'
+ rule: '!self.contains("*")'
description: One or more labels that indicate a specific set of
pods/VMs on which a policy should be applied.
maxProperties: 4096
type: object
x-kubernetes-validations:
- message: wildcard not allowed in label key match
- rule: self.all(key, !key.contains('*'))
+ rule: self.all(key, !key.contains("*"))
- message: key must not be empty
rule: self.all(key, key.size() != 0)
type: object
required:
- host
type: object
status:
properties:
conditions:
description: Current service state of the resource.
@@ -6261,38 +6272,42 @@
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
+ observedGeneration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Resource Generation to which the Condition refers.
+ x-kubernetes-int-or-string: true
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
- description: Resource Generation to which the Reconciled Condition
- refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
@@ -8138,28 +8153,28 @@
workloadSelector:
description: Criteria used to select the specific set of pods/VMs
on which this `DestinationRule` configuration should be applied.
properties:
matchLabels:
additionalProperties:
maxLength: 63
type: string
x-kubernetes-validations:
- message: wildcard not allowed in label value match
- rule: '!self.contains(''*'')'
+ rule: '!self.contains("*")'
description: One or more labels that indicate a specific set of
pods/VMs on which a policy should be applied.
maxProperties: 4096
type: object
x-kubernetes-validations:
- message: wildcard not allowed in label key match
- rule: self.all(key, !key.contains('*'))
+ rule: self.all(key, !key.contains("*"))
- message: key must not be empty
rule: self.all(key, key.size() != 0)
type: object
required:
- host
type: object
status:
properties:
conditions:
description: Current service state of the resource.
@@ -8171,38 +8186,42 @@
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
+ observedGeneration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Resource Generation to which the Condition refers.
+ x-kubernetes-int-or-string: true
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
- description: Resource Generation to which the Reconciled Condition
- refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
@@ -8243,22 +8262,22 @@
# without any templating+the old labels, if desired.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: istio
- app.kubernetes.io/version: 1.24.3
- helm.sh/chart: base-1.24.3
+ app.kubernetes.io/version: 1.25.0
+ helm.sh/chart: base-1.25.0
name: envoyfilters.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: EnvoyFilter
listKind: EnvoyFilterList
plural: envoyfilters
@@ -8434,20 +8453,23 @@
description: The service port number or gateway server
port number for which this route configuration was
generated.
maximum: 4294967295
minimum: 0
type: integer
vhost:
description: Match a specific virtual host in a route
configuration and apply the patch to the virtual host.
properties:
+ domainName:
+ description: Match a domain name in a virtual host.
+ type: string
name:
description: The VirtualHosts objects generated
by Istio are named as host:port, where the host
typically corresponds to the VirtualService's
host field or the hostname of a service in the
registry.
type: string
route:
description: Match a specific route within the virtual
host.
@@ -8535,84 +8557,84 @@
namespace:
description: namespace is the namespace of the referent.
type: string
x-kubernetes-validations:
- message: cross namespace referencing is not currently supported
rule: self.size() == 0
required:
- kind
- name
type: object
- x-kubernetes-validations:
- - message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
- gateway.networking.k8s.io/Gateway
- rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''],
- [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]'
maxItems: 16
type: array
workloadSelector:
description: Criteria used to select the specific set of pods/VMs
on which this patch configuration should be applied.
properties:
labels:
additionalProperties:
maxLength: 63
type: string
x-kubernetes-validations:
- message: wildcard is not supported in selector
- rule: '!self.contains(''*'')'
+ rule: '!self.contains("*")'
description: One or more labels that indicate a specific set of
pods/VMs on which the configuration should be applied.
maxProperties: 256
type: object
type: object
type: object
x-kubernetes-validations:
- message: only one of targetRefs or workloadSelector can be set
- rule: (has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1
+ rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.targetRefs)
+ ? 1 : 0) <= 1'
status:
properties:
conditions:
description: Current service state of the resource.
items:
properties:
lastProbeTime:
description: Last time we probed the condition.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
+ observedGeneration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Resource Generation to which the Condition refers.
+ x-kubernetes-int-or-string: true
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
- description: Resource Generation to which the Reconciled Condition
- refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
@@ -8653,22 +8675,22 @@
# without any templating+the old labels, if desired.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: istio
- app.kubernetes.io/version: 1.24.3
- helm.sh/chart: base-1.24.3
+ app.kubernetes.io/version: 1.25.0
+ helm.sh/chart: base-1.25.0
name: gateways.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: Gateway
listKind: GatewayList
plural: gateways
@@ -8842,38 +8864,42 @@
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
+ observedGeneration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Resource Generation to which the Condition refers.
+ x-kubernetes-int-or-string: true
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
- description: Resource Generation to which the Reconciled Condition
- refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
@@ -9071,38 +9097,42 @@
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
+ observedGeneration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Resource Generation to which the Condition refers.
+ x-kubernetes-int-or-string: true
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
- description: Resource Generation to which the Reconciled Condition
- refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
@@ -9300,38 +9330,42 @@
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
+ observedGeneration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Resource Generation to which the Condition refers.
+ x-kubernetes-int-or-string: true
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
- description: Resource Generation to which the Reconciled Condition
- refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
@@ -9372,22 +9406,22 @@
# without any templating+the old labels, if desired.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: istio
- app.kubernetes.io/version: 1.24.3
- helm.sh/chart: base-1.24.3
+ app.kubernetes.io/version: 1.25.0
+ helm.sh/chart: base-1.25.0
name: proxyconfigs.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: ProxyConfig
listKind: ProxyConfigList
plural: proxyconfigs
@@ -9423,28 +9457,28 @@
type: object
selector:
description: Optional.
properties:
matchLabels:
additionalProperties:
maxLength: 63
type: string
x-kubernetes-validations:
- message: wildcard not allowed in label value match
- rule: '!self.contains(''*'')'
+ rule: '!self.contains("*")'
description: One or more labels that indicate a specific set of
pods/VMs on which a policy should be applied.
maxProperties: 4096
type: object
x-kubernetes-validations:
- message: wildcard not allowed in label key match
- rule: self.all(key, !key.contains('*'))
+ rule: self.all(key, !key.contains("*"))
- message: key must not be empty
rule: self.all(key, key.size() != 0)
type: object
type: object
status:
properties:
conditions:
description: Current service state of the resource.
items:
properties:
@@ -9454,38 +9488,42 @@
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
+ observedGeneration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Resource Generation to which the Condition refers.
+ x-kubernetes-int-or-string: true
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
- description: Resource Generation to which the Reconciled Condition
- refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
@@ -9526,22 +9564,22 @@
# without any templating+the old labels, if desired.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: istio
- app.kubernetes.io/version: 1.24.3
- helm.sh/chart: base-1.24.3
+ app.kubernetes.io/version: 1.25.0
+ helm.sh/chart: base-1.25.0
name: serviceentries.networking.istio.io
spec:
group: networking.istio.io
names:
categories:
- istio-io
- networking-istio-io
kind: ServiceEntry
listKind: ServiceEntryList
plural: serviceentries
@@ -9591,25 +9629,25 @@
description: One or more endpoints associated with the service.
items:
properties:
address:
description: Address associated with the network endpoint without
the port.
maxLength: 256
type: string
x-kubernetes-validations:
- message: UDS must be an absolute path or abstract socket
- rule: 'self.startsWith(''unix://'') ? (self.substring(7,8)
- == ''/'' || self.substring(7,8) == ''@'') : true'
+ rule: 'self.startsWith("unix://") ? (self.substring(7, 8)
+ == "/" || self.substring(7, 8) == "@") : true'
- message: UDS may not be a dir
- rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'')
- : true'
+ rule: 'self.startsWith("unix://") ? !self.endsWith("/") :
+ true'
labels:
additionalProperties:
type: string
description: One or more labels associated with the endpoint.
maxProperties: 256
type: object
locality:
description: The locality associated with the endpoint.
maxLength: 2048
type: string
@@ -9624,52 +9662,52 @@
minimum: 0
type: integer
x-kubernetes-validations:
- message: port must be between 1-65535
rule: 0 < self && self <= 65535
description: Set of ports associated with the endpoint.
maxProperties: 128
type: object
x-kubernetes-validations:
- message: port name must be valid
- rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))
+ rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$"))
serviceAccount:
description: The service account associated with the workload
if a sidecar is present in the workload.
maxLength: 253
type: string
weight:
description: The load balancing weight associated with the endpoint.
maximum: 4294967295
minimum: 0
type: integer
type: object
x-kubernetes-validations:
- message: Address is required
rule: has(self.address) || has(self.network)
- message: UDS may not include ports
- rule: '(has(self.address) && self.address.startsWith(''unix://''))
+ rule: '(has(self.address) ? self.address : "").startsWith("unix://")
? !has(self.ports) : true'
maxItems: 4096
type: array
exportTo:
description: A list of namespaces to which this service is exported.
items:
type: string
type: array
hosts:
description: The hosts associated with the ServiceEntry.
items:
type: string
x-kubernetes-validations:
- message: hostname cannot be wildcard
- rule: self != '*'
+ rule: self != "*"
maxItems: 256
minItems: 1
type: array
location:
description: |-
Specify whether the service should be considered external to the mesh or part of the mesh.
Valid Options: MESH_EXTERNAL, MESH_INTERNAL
enum:
- MESH_EXTERNAL
@@ -9735,80 +9773,85 @@
type: array
workloadSelector:
description: Applicable only for MESH_INTERNAL services.
properties:
labels:
additionalProperties:
maxLength: 63
type: string
x-kubernetes-validations:
- message: wildcard is not supported in selector
- rule: '!self.contains(''*'')'
+ rule: '!self.contains("*")'
description: One or more labels that indicate a specific set of
pods/VMs on which the configuration should be applied.
maxProperties: 256
type: object
type: object
required:
- hosts
type: object
x-kubernetes-validations:
- message: only one of WorkloadSelector or Endpoints can be set
- rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1
+ rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ?
+ 1 : 0) <= 1'
- message: CIDR addresses are allowed only for NONE/STATIC resolution
types
- rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/''))
- && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution
- != ''NONE''))'
+ rule: '!((has(self.addresses) ? self.addresses : []).exists(k, k.contains("/"))
+ && !((has(self.resolution) ? self.resolution : "NONE") in ["STATIC",
+ "NONE"]))'
- message: NONE mode cannot set endpoints
- rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints)
- : true'
+ rule: '((has(self.resolution) ? self.resolution : "NONE") == "NONE")
+ ? !has(self.endpoints) : true'
- message: DNS_ROUND_ROBIN mode cannot have multiple endpoints
- rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'')
- ? (!has(self.endpoints) || size(self.endpoints) == 1) : true'
+ rule: '((has(self.resolution) ? self.resolution : "") == "DNS_ROUND_ROBIN")
+ ? ((has(self.endpoints) ? self.endpoints : []).size() <= 1) : true'
status:
properties:
conditions:
description: Current service state of the resource.
items:
properties:
lastProbeTime:
description: Last time we probed the condition.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
+ observedGeneration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Resource Generation to which the Condition refers.
+ x-kubernetes-int-or-string: true
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
observedGeneration:
anyOf:
- type: integer
- type: string
- description: Resource Generation to which the Reconciled Condition
- refers.
x-kubernetes-int-or-string: true
validationMessages:
description: Includes any errors or warnings detected by Istio's analyzers.
items:
properties:
documentationUrl:
description: A url pointing to the Istio documentation for this
specific error type.
type: string
level:
@@ -9884,25 +9927,25 @@
description: One or more endpoints associated with the service.
items:
properties:
address:
description: Address associated with the network endpoint without
the port.
maxLength: 256
type: string
x-kubernetes-validations:
- message: UDS must be an absolute path or abstract socket
- rule: 'self.startsWith(''unix://'') ? (self.substring(7,8)
- == ''/'' || self.substring(7,8) == ''@'') : true'
+ rule: 'self.startsWith("unix://") ? (self.substring(7, 8)
+ == "/" || self.substring(7, 8) == "@") : true'
- message: UDS may not be a dir
- rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'')
- : true'
+ rule: 'self.startsWith("unix://") ? !self.endsWith("/") :
+ true'
labels:
additionalProperties:
type: string
description: One or more labels associated with the endpoint.
maxProperties: 256
type: object
locality:
description: The locality associated with the endpoint.
maxLength: 2048
type: string
@@ -9917,52 +9960,52 @@
minimum: 0
type: integer
x-kubernetes-validations:
- message: port must be between 1-65535
rule: 0 < self && self <= 65535
[Truncated: Diff output was too large]
|
ixxeL2097
force-pushed
the
renovate/helm/istio-prod
branch
from
89a7407 to
4c1ef87
Compare
ixxeL2097
force-pushed
the
main
branch
12 times, most recently
from
32c0a77 to
79d8dbc
Compare
ixxeL2097
force-pushed
the
renovate/helm/istio-prod
branch
from
4c1ef87 to
9bfd8bf
Compare
ixxeL2097
force-pushed
the
renovate/helm/istio-prod
branch
6 times, most recently
from
61f199d to
c2c6e9b
Compare
ixxeL2097
force-pushed
the
renovate/helm/istio-prod
branch
from
c2c6e9b to
1d4e0bd
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.24.3->1.25.01.24.3->1.25.01.24.3->1.25.0Release Notes
istio/istio (base)
v1.25.0: Istio 1.25.0Compare Source
Artifacts
Release Notes
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Renovate Bot.