diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index c51042990..ceb5fc907 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -34,7 +34,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/maistra-dev/sail-operator:0.2-latest - createdAt: "2024-12-05T05:04:58Z" + createdAt: "2024-12-06T05:05:33Z" description: Experimental operator for installing Istio service mesh features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -357,7 +357,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - latest (42220247) + - latest (8051a30d) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -607,10 +607,10 @@ spec: template: metadata: annotations: - images.latest.cni: gcr.io/istio-testing/install-cni:1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef - images.latest.istiod: gcr.io/istio-testing/pilot:1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef - images.latest.proxy: gcr.io/istio-testing/proxyv2:1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef - images.latest.ztunnel: gcr.io/istio-testing/ztunnel:1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef + images.latest.cni: gcr.io/istio-testing/install-cni:1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d + images.latest.istiod: gcr.io/istio-testing/pilot:1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d + images.latest.proxy: gcr.io/istio-testing/proxyv2:1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d + images.latest.ztunnel: gcr.io/istio-testing/ztunnel:1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d images.v1_21_6.cni: docker.io/istio/install-cni:1.21.6 images.v1_21_6.istiod: docker.io/istio/pilot:1.21.6 images.v1_21_6.proxy: docker.io/istio/proxyv2:1.21.6 @@ -791,13 +791,13 @@ spec: provider: name: Red Hat, Inc. relatedImages: - - image: gcr.io/istio-testing/install-cni:1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef + - image: gcr.io/istio-testing/install-cni:1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d name: latest.cni - - image: gcr.io/istio-testing/pilot:1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef + - image: gcr.io/istio-testing/pilot:1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d name: latest.istiod - - image: gcr.io/istio-testing/proxyv2:1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef + - image: gcr.io/istio-testing/proxyv2:1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d name: latest.proxy - - image: gcr.io/istio-testing/ztunnel:1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef + - image: gcr.io/istio-testing/ztunnel:1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d name: latest.ztunnel - image: docker.io/istio/install-cni:1.21.6 name: v1_21_6.cni diff --git a/chart/values.yaml b/chart/values.yaml index 8e39fa03f..862709345 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -25,7 +25,7 @@ csv: - v1.22.6 - v1.22.5 - v1.21.6 - - latest (42220247) + - latest (8051a30d) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/go.mod b/go.mod index bfd4ce143..a2a130e39 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.16.3 istio.io/client-go v1.24.0-alpha.0.0.20241204015120-8f91b6fd01de - istio.io/istio v0.0.0-20241205013639-42220247e244 + istio.io/istio v0.0.0-20241206003106-8051a30d73b6 k8s.io/api v0.31.2 k8s.io/apiextensions-apiserver v0.31.2 k8s.io/apimachinery v0.31.2 diff --git a/go.sum b/go.sum index c40c60cae..fcd1262e2 100644 --- a/go.sum +++ b/go.sum @@ -499,8 +499,8 @@ istio.io/api v1.24.0-alpha.0.0.20241204014820-f3e32c3b7a56 h1:sG5j5h8Xph+tyJSURU istio.io/api v1.24.0-alpha.0.0.20241204014820-f3e32c3b7a56/go.mod h1:MQnRok7RZ20/PE56v0LxmoWH0xVxnCQPNuf9O7PAN1I= istio.io/client-go v1.24.0-alpha.0.0.20241204015120-8f91b6fd01de h1:BmRGuLcI0YBdbtmPQQLyFx10CF3CRkzXJniuvsmpCyQ= istio.io/client-go v1.24.0-alpha.0.0.20241204015120-8f91b6fd01de/go.mod h1:+D0rb9jJ2uSUF3ew4CES/Gch/SZbrzA3NU6jAxx+dwc= -istio.io/istio v0.0.0-20241205013639-42220247e244 h1:P7fod/93Pa1gySIWbKHqndM2HXGROi6HWy1/EVZsy1Q= -istio.io/istio v0.0.0-20241205013639-42220247e244/go.mod h1:5MSIeN4xUz+HFe69b9268rl0WTpol5PPgCf/YmQduwY= +istio.io/istio v0.0.0-20241206003106-8051a30d73b6 h1:p5QLFC+xxlDXkd0O8wwN/f6fYlczw9lXSQulGW4ZuqM= +istio.io/istio v0.0.0-20241206003106-8051a30d73b6/go.mod h1:5MSIeN4xUz+HFe69b9268rl0WTpol5PPgCf/YmQduwY= k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0= diff --git a/resources/latest/charts/base/Chart.yaml b/resources/latest/charts/base/Chart.yaml index 3284c0f12..0eff722db 100644 --- a/resources/latest/charts/base/Chart.yaml +++ b/resources/latest/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef +appVersion: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef +version: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d diff --git a/resources/latest/charts/cni/Chart.yaml b/resources/latest/charts/cni/Chart.yaml index eb162b2b5..5d04f0169 100644 --- a/resources/latest/charts/cni/Chart.yaml +++ b/resources/latest/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef +appVersion: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef +version: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d diff --git a/resources/latest/charts/cni/templates/clusterrole.yaml b/resources/latest/charts/cni/templates/clusterrole.yaml index 30f159603..bd9ba7fdf 100644 --- a/resources/latest/charts/cni/templates/clusterrole.yaml +++ b/resources/latest/charts/cni/templates/clusterrole.yaml @@ -77,4 +77,8 @@ rules: {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} resources: ["pods/status"] verbs: ["patch", "update"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + resourceNames: ["{{ template "name" . }}-node"] + verbs: ["get"] {{- end }} diff --git a/resources/latest/charts/cni/templates/daemonset.yaml b/resources/latest/charts/cni/templates/daemonset.yaml index b529fcb0c..a8c4ef98b 100644 --- a/resources/latest/charts/cni/templates/daemonset.yaml +++ b/resources/latest/charts/cni/templates/daemonset.yaml @@ -123,6 +123,11 @@ spec: # network namespaces in `/proc` to obtain descriptors for entering pod network # namespaces. There does not appear to be a more granular capability for this. - SYS_ADMIN + # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose + # the typical ability to read/write to folders owned by others. + # This can cause problems if the hostPath mounts we use, which we require write access into, + # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. + - DAC_OVERRIDE {{- if .Values.seLinuxOptions }} {{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} seLinuxOptions: diff --git a/resources/latest/charts/cni/values.yaml b/resources/latest/charts/cni/values.yaml index bc39ce832..9d5eebeb5 100644 --- a/resources/latest/charts/cni/values.yaml +++ b/resources/latest/charts/cni/values.yaml @@ -113,7 +113,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef + tag: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/latest/charts/gateway/Chart.yaml b/resources/latest/charts/gateway/Chart.yaml index efe998257..818c114b4 100644 --- a/resources/latest/charts/gateway/Chart.yaml +++ b/resources/latest/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef +appVersion: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef +version: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d diff --git a/resources/latest/charts/istiod/Chart.yaml b/resources/latest/charts/istiod/Chart.yaml index cfc393b7c..2036b1cd6 100644 --- a/resources/latest/charts/istiod/Chart.yaml +++ b/resources/latest/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef +appVersion: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef +version: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d diff --git a/resources/latest/charts/istiod/values.yaml b/resources/latest/charts/istiod/values.yaml index 45ae32948..960e415b9 100644 --- a/resources/latest/charts/istiod/values.yaml +++ b/resources/latest/charts/istiod/values.yaml @@ -242,7 +242,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef + tag: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/revisiontags/values.yaml b/resources/latest/charts/revisiontags/values.yaml index 45ae32948..960e415b9 100644 --- a/resources/latest/charts/revisiontags/values.yaml +++ b/resources/latest/charts/revisiontags/values.yaml @@ -242,7 +242,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef + tag: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/ztunnel/Chart.yaml b/resources/latest/charts/ztunnel/Chart.yaml index c21dfe536..67baee670 100644 --- a/resources/latest/charts/ztunnel/Chart.yaml +++ b/resources/latest/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef +appVersion: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef +version: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d diff --git a/resources/latest/charts/ztunnel/values.yaml b/resources/latest/charts/ztunnel/values.yaml index f5a5d61d3..d7527b2b7 100644 --- a/resources/latest/charts/ztunnel/values.yaml +++ b/resources/latest/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef + tag: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/versions.yaml b/versions.yaml index 8477ab8ea..cdb523868 100644 --- a/versions.yaml +++ b/versions.yaml @@ -84,13 +84,13 @@ versions: - https://istio-release.storage.googleapis.com/charts/cni-1.21.6.tgz - https://istio-release.storage.googleapis.com/charts/ztunnel-1.21.6.tgz - name: latest - version: 1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef + version: 1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d repo: https://github.com/istio/istio branch: master - commit: 42220247e24431fa3f3833e586672a610f6e9eef + commit: 8051a30d73b62f2b4a9d33c4fa7e3d256c79933d charts: - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef/helm/base-1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef/helm/cni-1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef/helm/gateway-1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef/helm/istiod-1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef/helm/ztunnel-1.25-alpha.42220247e24431fa3f3833e586672a610f6e9eef.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d/helm/base-1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d/helm/cni-1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d/helm/gateway-1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d/helm/istiod-1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d/helm/ztunnel-1.25-alpha.8051a30d73b62f2b4a9d33c4fa7e3d256c79933d.tgz