diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 38649ca97..7f057ea2f 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "istio build-tools", - "image": "gcr.io/istio-testing/build-tools:master-f53c293f26fde9fd818b2ddc22dc3836dd58103e", + "image": "gcr.io/istio-testing/build-tools:master-0b8e6b9676d328fbeb28a23b8d1134dcc56d98ec", "privileged": true, "remoteEnv": { "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", diff --git a/.github/workflows/update-deps.yaml b/.github/workflows/update-deps.yaml index 02fae778c..98cf48313 100644 --- a/.github/workflows/update-deps.yaml +++ b/.github/workflows/update-deps.yaml @@ -23,7 +23,7 @@ jobs: update-deps: runs-on: ubuntu-latest container: - image: gcr.io/istio-testing/build-tools:master-f53c293f26fde9fd818b2ddc22dc3836dd58103e + image: gcr.io/istio-testing/build-tools:master-0b8e6b9676d328fbeb28a23b8d1134dcc56d98ec options: --entrypoint '' steps: diff --git a/Makefile.core.mk b/Makefile.core.mk index a9cf33ee3..9f1374724 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -469,7 +469,7 @@ ISTIOCTL ?= $(LOCALBIN)/istioctl ## Tool Versions OPERATOR_SDK_VERSION ?= v1.38.0 -HELM_VERSION ?= v3.16.3 +HELM_VERSION ?= v3.16.4 CONTROLLER_TOOLS_VERSION ?= v0.16.5 OPM_VERSION ?= v1.48.0 OLM_VERSION ?= v0.30.0 diff --git a/bundle/manifests/extensions.istio.io_wasmplugins.yaml b/bundle/manifests/extensions.istio.io_wasmplugins.yaml index 98dec3286..cd7c2de8a 100644 --- a/bundle/manifests/extensions.istio.io_wasmplugins.yaml +++ b/bundle/manifests/extensions.istio.io_wasmplugins.yaml @@ -133,14 +133,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -180,8 +180,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -215,8 +216,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: @@ -235,10 +237,9 @@ spec: type: string x-kubernetes-validations: - message: url must have schema one of [http, https, file, oci] - rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'', - ''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) && - url(''http://'' +self).getScheme() in ['''', ''http'', ''https'', - ''oci'', ''file''])' + rule: |- + isURL(self) ? (url(self).getScheme() in ["", "http", "https", "oci", "file"]) : (isURL("http://" + self) && + url("http://" + self).getScheme() in ["", "http", "https", "oci", "file"]) verificationKey: type: string vmConfig: @@ -272,7 +273,7 @@ spec: type: object x-kubernetes-validations: - message: value may only be set when valueFrom is INLINE - rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST'' + rule: '(has(self.valueFrom) ? self.valueFrom : "") != "HOST" || !has(self.value)' maxItems: 256 type: array @@ -285,7 +286,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: diff --git a/bundle/manifests/networking.istio.io_destinationrules.yaml b/bundle/manifests/networking.istio.io_destinationrules.yaml index ca6a6daed..f90f96905 100644 --- a/bundle/manifests/networking.istio.io_destinationrules.yaml +++ b/bundle/manifests/networking.istio.io_destinationrules.yaml @@ -1844,14 +1844,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -3758,14 +3758,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -5672,14 +5672,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object diff --git a/bundle/manifests/networking.istio.io_envoyfilters.yaml b/bundle/manifests/networking.istio.io_envoyfilters.yaml index 4f9d6563f..ac318e55a 100644 --- a/bundle/manifests/networking.istio.io_envoyfilters.yaml +++ b/bundle/manifests/networking.istio.io_envoyfilters.yaml @@ -302,8 +302,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array workloadSelector: @@ -316,7 +317,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -325,7 +326,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or workloadSelector can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.targetRefs) + ? 1 : 0) <= 1' status: properties: conditions: diff --git a/bundle/manifests/networking.istio.io_proxyconfigs.yaml b/bundle/manifests/networking.istio.io_proxyconfigs.yaml index a5b7a373b..e5692807f 100644 --- a/bundle/manifests/networking.istio.io_proxyconfigs.yaml +++ b/bundle/manifests/networking.istio.io_proxyconfigs.yaml @@ -58,14 +58,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object diff --git a/bundle/manifests/networking.istio.io_serviceentries.yaml b/bundle/manifests/networking.istio.io_serviceentries.yaml index 2f35395b6..bf013b384 100644 --- a/bundle/manifests/networking.istio.io_serviceentries.yaml +++ b/bundle/manifests/networking.istio.io_serviceentries.yaml @@ -72,11 +72,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) - == ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) + == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : + true' labels: additionalProperties: type: string @@ -105,7 +105,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -121,7 +121,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -136,7 +136,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != '*' + rule: self != "*" maxItems: 256 minItems: 1 type: array @@ -216,7 +216,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -227,18 +227,20 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? + 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) - && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution - != ''NONE''))' + rule: |- + !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && + self.resolution != "STATIC" && self.resolution != "NONE") - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') - ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' + rule: |- + (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || + size(self.endpoints) == 1) : true status: properties: conditions: @@ -369,11 +371,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) - == ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) + == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : + true' labels: additionalProperties: type: string @@ -402,7 +404,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -418,7 +420,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -433,7 +435,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != '*' + rule: self != "*" maxItems: 256 minItems: 1 type: array @@ -513,7 +515,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -524,18 +526,20 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? + 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) - && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution - != ''NONE''))' + rule: |- + !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && + self.resolution != "STATIC" && self.resolution != "NONE") - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') - ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' + rule: |- + (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || + size(self.endpoints) == 1) : true status: properties: conditions: @@ -666,11 +670,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) - == ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) + == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : + true' labels: additionalProperties: type: string @@ -699,7 +703,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -715,7 +719,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -730,7 +734,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != '*' + rule: self != "*" maxItems: 256 minItems: 1 type: array @@ -810,7 +814,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -821,18 +825,20 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? + 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) - && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution - != ''NONE''))' + rule: |- + !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && + self.resolution != "STATIC" && self.resolution != "NONE") - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') - ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' + rule: |- + (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || + size(self.endpoints) == 1) : true status: properties: conditions: diff --git a/bundle/manifests/networking.istio.io_sidecars.yaml b/bundle/manifests/networking.istio.io_sidecars.yaml index 38a3a21fa..144cd8977 100644 --- a/bundle/manifests/networking.istio.io_sidecars.yaml +++ b/bundle/manifests/networking.istio.io_sidecars.yaml @@ -477,7 +477,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -1019,7 +1019,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -1561,7 +1561,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 diff --git a/bundle/manifests/networking.istio.io_workloadentries.yaml b/bundle/manifests/networking.istio.io_workloadentries.yaml index 5a42a45b6..60ec0badd 100644 --- a/bundle/manifests/networking.istio.io_workloadentries.yaml +++ b/bundle/manifests/networking.istio.io_workloadentries.yaml @@ -52,10 +52,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' - || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" + || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -84,7 +84,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -100,8 +100,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? - !has(self.ports) : true' + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) + : true' status: properties: conditions: @@ -212,10 +212,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' - || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" + || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -244,7 +244,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -260,8 +260,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? - !has(self.ports) : true' + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) + : true' status: properties: conditions: @@ -372,10 +372,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' - || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" + || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -404,7 +404,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -420,8 +420,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? - !has(self.ports) : true' + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) + : true' status: properties: conditions: diff --git a/bundle/manifests/networking.istio.io_workloadgroups.yaml b/bundle/manifests/networking.istio.io_workloadgroups.yaml index 743608162..23b7e6d31 100644 --- a/bundle/manifests/networking.istio.io_workloadgroups.yaml +++ b/bundle/manifests/networking.istio.io_workloadgroups.yaml @@ -144,7 +144,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ['', 'HTTP', 'HTTPS'] + rule: self in ["", "HTTP", "HTTPS"] required: - port type: object @@ -197,11 +197,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == - ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == + "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -230,7 +229,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -244,7 +243,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' required: - template @@ -453,7 +452,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ['', 'HTTP', 'HTTPS'] + rule: self in ["", "HTTP", "HTTPS"] required: - port type: object @@ -506,11 +505,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == - ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == + "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -539,7 +537,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -553,7 +551,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' required: - template @@ -762,7 +760,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ['', 'HTTP', 'HTTPS'] + rule: self in ["", "HTTP", "HTTPS"] required: - port type: object @@ -815,11 +813,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == - ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == + "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -848,7 +845,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -862,7 +859,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' required: - template diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 13bdd10cf..b47380415 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -34,7 +34,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/maistra-dev/sail-operator:0.3-latest - createdAt: "2024-12-16T05:05:54Z" + createdAt: "2024-12-17T05:05:14Z" description: Experimental operator for installing Istio service mesh features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -358,7 +358,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - latest (1192d742) + - latest (0542a4c9) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -634,10 +634,10 @@ spec: template: metadata: annotations: - images.latest.cni: gcr.io/istio-testing/install-cni:1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 - images.latest.istiod: gcr.io/istio-testing/pilot:1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 - images.latest.proxy: gcr.io/istio-testing/proxyv2:1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 - images.latest.ztunnel: gcr.io/istio-testing/ztunnel:1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + images.latest.cni: gcr.io/istio-testing/install-cni:1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d + images.latest.istiod: gcr.io/istio-testing/pilot:1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d + images.latest.proxy: gcr.io/istio-testing/proxyv2:1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d + images.latest.ztunnel: gcr.io/istio-testing/ztunnel:1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d images.v1_21_6.cni: docker.io/istio/install-cni:1.21.6 images.v1_21_6.istiod: docker.io/istio/pilot:1.21.6 images.v1_21_6.proxy: docker.io/istio/proxyv2:1.21.6 @@ -818,13 +818,13 @@ spec: provider: name: Red Hat, Inc. relatedImages: - - image: gcr.io/istio-testing/install-cni:1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + - image: gcr.io/istio-testing/install-cni:1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d name: latest.cni - - image: gcr.io/istio-testing/pilot:1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + - image: gcr.io/istio-testing/pilot:1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d name: latest.istiod - - image: gcr.io/istio-testing/proxyv2:1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + - image: gcr.io/istio-testing/proxyv2:1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d name: latest.proxy - - image: gcr.io/istio-testing/ztunnel:1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + - image: gcr.io/istio-testing/ztunnel:1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d name: latest.ztunnel - image: docker.io/istio/install-cni:1.21.6 name: v1_21_6.cni diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index a08d4dea9..86c22bca4 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -655,7 +655,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -670,7 +671,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -720,8 +721,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that + the container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -734,8 +735,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -767,7 +768,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -782,7 +784,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -832,8 +834,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that + the container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -846,8 +848,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -3518,7 +3520,8 @@ spec: Only one health check method of 3 can be set at a time. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -3539,8 +3542,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a - GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. @@ -3559,8 +3561,8 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to - perform. + description: HTTPGet specifies an HTTP GET request + to perform. properties: host: description: |- @@ -3627,8 +3629,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection to a + TCP port. properties: host: description: 'Optional: Host name to connect to, @@ -7430,6 +7432,8 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: @@ -7461,8 +7465,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: @@ -7501,8 +7507,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -7521,8 +7529,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -7575,6 +7584,8 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: @@ -7686,7 +7697,7 @@ spec: csi: description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external - CSI drivers (Beta feature). + CSI drivers. properties: driver: description: |- @@ -8157,6 +8168,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to @@ -8202,9 +8214,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -8220,6 +8232,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: @@ -8255,7 +8269,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: @@ -8279,6 +8293,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -8488,9 +8503,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -8506,8 +8521,11 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. properties: fsType: description: |- @@ -8878,8 +8896,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -8918,6 +8937,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -8990,8 +9010,9 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: default: xfs @@ -9124,8 +9145,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -9170,8 +9192,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index bd5716c3a..af241152c 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -724,7 +724,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -739,7 +740,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -789,8 +790,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that + the container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -803,8 +804,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -836,7 +837,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -851,7 +853,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -901,8 +903,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that + the container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -915,8 +917,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -3587,7 +3589,8 @@ spec: Only one health check method of 3 can be set at a time. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -3608,8 +3611,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a - GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. @@ -3628,8 +3630,8 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to - perform. + description: HTTPGet specifies an HTTP GET request + to perform. properties: host: description: |- @@ -3696,8 +3698,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection to a + TCP port. properties: host: description: 'Optional: Host name to connect to, @@ -7499,6 +7501,8 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: @@ -7530,8 +7534,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: @@ -7570,8 +7576,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -7590,8 +7598,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -7644,6 +7653,8 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: @@ -7755,7 +7766,7 @@ spec: csi: description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external - CSI drivers (Beta feature). + CSI drivers. properties: driver: description: |- @@ -8226,6 +8237,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to @@ -8271,9 +8283,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -8289,6 +8301,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: @@ -8324,7 +8338,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: @@ -8348,6 +8362,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -8557,9 +8572,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -8575,8 +8590,11 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. properties: fsType: description: |- @@ -8947,8 +8965,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -8987,6 +9006,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -9059,8 +9079,9 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: default: xfs @@ -9193,8 +9214,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -9239,8 +9261,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 3d65dd4a4..0bff6a375 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -1293,7 +1293,8 @@ spec: Only one health check method of 3 can be set at a time. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -1314,8 +1315,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. @@ -1334,7 +1334,7 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -1402,8 +1402,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3718,6 +3718,8 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: @@ -3749,8 +3751,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: @@ -3789,8 +3793,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -3809,8 +3815,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -3863,6 +3870,8 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: @@ -3974,7 +3983,7 @@ spec: csi: description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external - CSI drivers (Beta feature). + CSI drivers. properties: driver: description: |- @@ -4445,6 +4454,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to @@ -4490,9 +4500,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -4508,6 +4518,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: @@ -4543,7 +4555,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: @@ -4567,6 +4579,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -4776,9 +4789,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -4794,8 +4807,11 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. properties: fsType: description: |- @@ -5166,8 +5182,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -5206,6 +5223,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -5278,8 +5296,9 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: default: xfs @@ -5412,8 +5431,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -5458,8 +5478,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- diff --git a/bundle/manifests/security.istio.io_authorizationpolicies.yaml b/bundle/manifests/security.istio.io_authorizationpolicies.yaml index 7f450f367..fa157496c 100644 --- a/bundle/manifests/security.istio.io_authorizationpolicies.yaml +++ b/bundle/manifests/security.istio.io_authorizationpolicies.yaml @@ -217,14 +217,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -259,8 +259,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -294,14 +295,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -574,14 +577,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -616,8 +619,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -651,14 +655,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: diff --git a/bundle/manifests/security.istio.io_peerauthentications.yaml b/bundle/manifests/security.istio.io_peerauthentications.yaml index e0393c18e..8bcfa2a7c 100644 --- a/bundle/manifests/security.istio.io_peerauthentications.yaml +++ b/bundle/manifests/security.istio.io_peerauthentications.yaml @@ -92,22 +92,23 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object type: object x-kubernetes-validations: - message: portLevelMtls requires selector - rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() - > 0) || !has(self.portLevelMtls) + rule: |- + has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0 || + !has(self.portLevelMtls) status: properties: conditions: @@ -255,22 +256,23 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object type: object x-kubernetes-validations: - message: portLevelMtls requires selector - rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() - > 0) || !has(self.portLevelMtls) + rule: |- + has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0 || + !has(self.portLevelMtls) status: properties: conditions: diff --git a/bundle/manifests/security.istio.io_requestauthentications.yaml b/bundle/manifests/security.istio.io_requestauthentications.yaml index 52135c199..74fda7a7f 100644 --- a/bundle/manifests/security.istio.io_requestauthentications.yaml +++ b/bundle/manifests/security.istio.io_requestauthentications.yaml @@ -93,7 +93,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] jwksUri: description: URL of the provider's public key set to validate signature of the JWT. @@ -102,7 +102,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] outputClaimToHeaders: description: This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -139,7 +139,8 @@ spec: type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set - rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 + rule: '(has(self.jwksUri) ? 1 : 0) + (has(self.jwks_uri) ? 1 : + 0) + (has(self.jwks) ? 1 : 0) <= 1' maxItems: 4096 type: array selector: @@ -151,14 +152,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -193,8 +194,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -228,14 +230,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -384,7 +388,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] jwksUri: description: URL of the provider's public key set to validate signature of the JWT. @@ -393,7 +397,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] outputClaimToHeaders: description: This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -430,7 +434,8 @@ spec: type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set - rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 + rule: '(has(self.jwksUri) ? 1 : 0) + (has(self.jwks_uri) ? 1 : + 0) + (has(self.jwks) ? 1 : 0) <= 1' maxItems: 4096 type: array selector: @@ -442,14 +447,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -484,8 +489,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -519,14 +525,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: diff --git a/bundle/manifests/telemetry.istio.io_telemetries.yaml b/bundle/manifests/telemetry.istio.io_telemetries.yaml index 9a897b7b9..f14ec2442 100644 --- a/bundle/manifests/telemetry.istio.io_telemetries.yaml +++ b/bundle/manifests/telemetry.istio.io_telemetries.yaml @@ -165,11 +165,11 @@ spec: type: object x-kubernetes-validations: - message: value must be set when operation is UPSERT - rule: '((has(self.operation) ? self.operation : '''') - == ''UPSERT'') ? self.value != '''' : true' + rule: '((has(self.operation) ? self.operation : "") + == "UPSERT") ? (self.value != "") : true' - message: value must not be set when operation is REMOVE - rule: '((has(self.operation) ? self.operation : '''') - == ''REMOVE'') ? !has(self.value) : true' + rule: '((has(self.operation) ? self.operation : "") + == "REMOVE") ? !has(self.value) : true' description: Optional. type: object type: object @@ -203,14 +203,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -245,8 +245,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -280,8 +281,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array tracing: @@ -401,7 +403,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -622,11 +625,11 @@ spec: type: object x-kubernetes-validations: - message: value must be set when operation is UPSERT - rule: '((has(self.operation) ? self.operation : '''') - == ''UPSERT'') ? self.value != '''' : true' + rule: '((has(self.operation) ? self.operation : "") + == "UPSERT") ? (self.value != "") : true' - message: value must not be set when operation is REMOVE - rule: '((has(self.operation) ? self.operation : '''') - == ''REMOVE'') ? !has(self.value) : true' + rule: '((has(self.operation) ? self.operation : "") + == "REMOVE") ? !has(self.value) : true' description: Optional. type: object type: object @@ -660,14 +663,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -702,8 +705,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -737,8 +741,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array tracing: @@ -858,7 +863,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: diff --git a/chart/crds/extensions.istio.io_wasmplugins.yaml b/chart/crds/extensions.istio.io_wasmplugins.yaml index 2067b280d..02af2f68c 100644 --- a/chart/crds/extensions.istio.io_wasmplugins.yaml +++ b/chart/crds/extensions.istio.io_wasmplugins.yaml @@ -133,14 +133,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -180,8 +180,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -215,8 +216,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: @@ -235,10 +237,9 @@ spec: type: string x-kubernetes-validations: - message: url must have schema one of [http, https, file, oci] - rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'', - ''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) && - url(''http://'' +self).getScheme() in ['''', ''http'', ''https'', - ''oci'', ''file''])' + rule: |- + isURL(self) ? (url(self).getScheme() in ["", "http", "https", "oci", "file"]) : (isURL("http://" + self) && + url("http://" + self).getScheme() in ["", "http", "https", "oci", "file"]) verificationKey: type: string vmConfig: @@ -272,7 +273,7 @@ spec: type: object x-kubernetes-validations: - message: value may only be set when valueFrom is INLINE - rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST'' + rule: '(has(self.valueFrom) ? self.valueFrom : "") != "HOST" || !has(self.value)' maxItems: 256 type: array @@ -285,7 +286,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: diff --git a/chart/crds/networking.istio.io_destinationrules.yaml b/chart/crds/networking.istio.io_destinationrules.yaml index f787b2d8a..6b12a12c1 100644 --- a/chart/crds/networking.istio.io_destinationrules.yaml +++ b/chart/crds/networking.istio.io_destinationrules.yaml @@ -1843,14 +1843,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -3757,14 +3757,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -5671,14 +5671,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object diff --git a/chart/crds/networking.istio.io_envoyfilters.yaml b/chart/crds/networking.istio.io_envoyfilters.yaml index c69200c11..769bb9e23 100644 --- a/chart/crds/networking.istio.io_envoyfilters.yaml +++ b/chart/crds/networking.istio.io_envoyfilters.yaml @@ -301,8 +301,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array workloadSelector: @@ -315,7 +316,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -324,7 +325,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or workloadSelector can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.targetRefs) + ? 1 : 0) <= 1' status: properties: conditions: diff --git a/chart/crds/networking.istio.io_proxyconfigs.yaml b/chart/crds/networking.istio.io_proxyconfigs.yaml index e7e64d508..ff7c7d9cc 100644 --- a/chart/crds/networking.istio.io_proxyconfigs.yaml +++ b/chart/crds/networking.istio.io_proxyconfigs.yaml @@ -57,14 +57,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object diff --git a/chart/crds/networking.istio.io_serviceentries.yaml b/chart/crds/networking.istio.io_serviceentries.yaml index de8ff0350..9eeeb95eb 100644 --- a/chart/crds/networking.istio.io_serviceentries.yaml +++ b/chart/crds/networking.istio.io_serviceentries.yaml @@ -71,11 +71,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) - == ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) + == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : + true' labels: additionalProperties: type: string @@ -104,7 +104,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -120,7 +120,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -135,7 +135,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != '*' + rule: self != "*" maxItems: 256 minItems: 1 type: array @@ -215,7 +215,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -226,18 +226,20 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? + 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) - && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution - != ''NONE''))' + rule: |- + !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && + self.resolution != "STATIC" && self.resolution != "NONE") - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') - ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' + rule: |- + (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || + size(self.endpoints) == 1) : true status: properties: conditions: @@ -368,11 +370,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) - == ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) + == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : + true' labels: additionalProperties: type: string @@ -401,7 +403,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -417,7 +419,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -432,7 +434,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != '*' + rule: self != "*" maxItems: 256 minItems: 1 type: array @@ -512,7 +514,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -523,18 +525,20 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? + 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) - && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution - != ''NONE''))' + rule: |- + !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && + self.resolution != "STATIC" && self.resolution != "NONE") - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') - ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' + rule: |- + (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || + size(self.endpoints) == 1) : true status: properties: conditions: @@ -665,11 +669,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) - == ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) + == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : + true' labels: additionalProperties: type: string @@ -698,7 +702,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -714,7 +718,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -729,7 +733,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != '*' + rule: self != "*" maxItems: 256 minItems: 1 type: array @@ -809,7 +813,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -820,18 +824,20 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? + 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) - && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution - != ''NONE''))' + rule: |- + !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && + self.resolution != "STATIC" && self.resolution != "NONE") - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') - ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' + rule: |- + (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || + size(self.endpoints) == 1) : true status: properties: conditions: diff --git a/chart/crds/networking.istio.io_sidecars.yaml b/chart/crds/networking.istio.io_sidecars.yaml index 3ea0e2665..acda4e66c 100644 --- a/chart/crds/networking.istio.io_sidecars.yaml +++ b/chart/crds/networking.istio.io_sidecars.yaml @@ -476,7 +476,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -1018,7 +1018,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -1560,7 +1560,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 diff --git a/chart/crds/networking.istio.io_workloadentries.yaml b/chart/crds/networking.istio.io_workloadentries.yaml index f0053326f..ac933d4c8 100644 --- a/chart/crds/networking.istio.io_workloadentries.yaml +++ b/chart/crds/networking.istio.io_workloadentries.yaml @@ -51,10 +51,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' - || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" + || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -83,7 +83,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -99,8 +99,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? - !has(self.ports) : true' + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) + : true' status: properties: conditions: @@ -211,10 +211,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' - || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" + || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -243,7 +243,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -259,8 +259,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? - !has(self.ports) : true' + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) + : true' status: properties: conditions: @@ -371,10 +371,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' - || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" + || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -403,7 +403,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -419,8 +419,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? - !has(self.ports) : true' + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) + : true' status: properties: conditions: diff --git a/chart/crds/networking.istio.io_workloadgroups.yaml b/chart/crds/networking.istio.io_workloadgroups.yaml index 3db330455..5796474b2 100644 --- a/chart/crds/networking.istio.io_workloadgroups.yaml +++ b/chart/crds/networking.istio.io_workloadgroups.yaml @@ -143,7 +143,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ['', 'HTTP', 'HTTPS'] + rule: self in ["", "HTTP", "HTTPS"] required: - port type: object @@ -196,11 +196,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == - ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == + "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -229,7 +228,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -243,7 +242,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' required: - template @@ -452,7 +451,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ['', 'HTTP', 'HTTPS'] + rule: self in ["", "HTTP", "HTTPS"] required: - port type: object @@ -505,11 +504,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == - ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == + "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -538,7 +536,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -552,7 +550,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' required: - template @@ -761,7 +759,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ['', 'HTTP', 'HTTPS'] + rule: self in ["", "HTTP", "HTTPS"] required: - port type: object @@ -814,11 +812,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == - ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == + "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -847,7 +844,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -861,7 +858,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' required: - template diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 30f7069d4..498c2ea02 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -655,7 +655,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -670,7 +671,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -720,8 +721,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that + the container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -734,8 +735,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -767,7 +768,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -782,7 +784,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -832,8 +834,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that + the container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -846,8 +848,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -3518,7 +3520,8 @@ spec: Only one health check method of 3 can be set at a time. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -3539,8 +3542,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a - GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. @@ -3559,8 +3561,8 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to - perform. + description: HTTPGet specifies an HTTP GET request + to perform. properties: host: description: |- @@ -3627,8 +3629,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection to a + TCP port. properties: host: description: 'Optional: Host name to connect to, @@ -7430,6 +7432,8 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: @@ -7461,8 +7465,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: @@ -7501,8 +7507,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -7521,8 +7529,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -7575,6 +7584,8 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: @@ -7686,7 +7697,7 @@ spec: csi: description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external - CSI drivers (Beta feature). + CSI drivers. properties: driver: description: |- @@ -8157,6 +8168,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to @@ -8202,9 +8214,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -8220,6 +8232,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: @@ -8255,7 +8269,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: @@ -8279,6 +8293,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -8488,9 +8503,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -8506,8 +8521,11 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. properties: fsType: description: |- @@ -8878,8 +8896,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -8918,6 +8937,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -8990,8 +9010,9 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: default: xfs @@ -9124,8 +9145,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -9170,8 +9192,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index bec59f5c6..ee757af95 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -724,7 +724,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -739,7 +740,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -789,8 +790,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that + the container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -803,8 +804,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -836,7 +837,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -851,7 +853,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -901,8 +903,8 @@ spec: - port type: object sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. + description: Sleep represents a duration that + the container should sleep. properties: seconds: description: Seconds is the number of seconds @@ -915,8 +917,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect @@ -3587,7 +3589,8 @@ spec: Only one health check method of 3 can be set at a time. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in + the container. properties: command: description: |- @@ -3608,8 +3611,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a - GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. @@ -3628,8 +3630,8 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to - perform. + description: HTTPGet specifies an HTTP GET request + to perform. properties: host: description: |- @@ -3696,8 +3698,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection to a + TCP port. properties: host: description: 'Optional: Host name to connect to, @@ -7499,6 +7501,8 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: @@ -7530,8 +7534,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: @@ -7570,8 +7576,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -7590,8 +7598,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -7644,6 +7653,8 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: @@ -7755,7 +7766,7 @@ spec: csi: description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external - CSI drivers (Beta feature). + CSI drivers. properties: driver: description: |- @@ -8226,6 +8237,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to @@ -8271,9 +8283,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -8289,6 +8301,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: @@ -8324,7 +8338,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: @@ -8348,6 +8362,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -8557,9 +8572,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -8575,8 +8590,11 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. properties: fsType: description: |- @@ -8947,8 +8965,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -8987,6 +9006,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -9059,8 +9079,9 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: default: xfs @@ -9193,8 +9214,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -9239,8 +9261,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 6b5b16143..ed3ce625a 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -1293,7 +1293,8 @@ spec: Only one health check method of 3 can be set at a time. properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute + in the container. properties: command: description: |- @@ -1314,8 +1315,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving - a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. @@ -1334,7 +1334,7 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request + description: HTTPGet specifies an HTTP GET request to perform. properties: host: @@ -1402,8 +1402,8 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + description: TCPSocket specifies a connection + to a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3718,6 +3718,8 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: @@ -3749,8 +3751,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk - mount on the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: @@ -3789,8 +3793,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -3809,8 +3815,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -3863,6 +3870,8 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: @@ -3974,7 +3983,7 @@ spec: csi: description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external - CSI drivers (Beta feature). + CSI drivers. properties: driver: description: |- @@ -4445,6 +4454,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to @@ -4490,9 +4500,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -4508,6 +4518,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: @@ -4543,7 +4555,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: @@ -4567,6 +4579,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -4776,9 +4789,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -4794,8 +4807,11 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. properties: fsType: description: |- @@ -5166,8 +5182,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -5206,6 +5223,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -5278,8 +5296,9 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: default: xfs @@ -5412,8 +5431,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume - attached and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -5458,8 +5478,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- diff --git a/chart/crds/security.istio.io_authorizationpolicies.yaml b/chart/crds/security.istio.io_authorizationpolicies.yaml index a83d6ee0c..734288200 100644 --- a/chart/crds/security.istio.io_authorizationpolicies.yaml +++ b/chart/crds/security.istio.io_authorizationpolicies.yaml @@ -216,14 +216,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -258,8 +258,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -293,14 +294,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -573,14 +576,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -615,8 +618,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -650,14 +654,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: diff --git a/chart/crds/security.istio.io_peerauthentications.yaml b/chart/crds/security.istio.io_peerauthentications.yaml index 329efc01f..e2692039b 100644 --- a/chart/crds/security.istio.io_peerauthentications.yaml +++ b/chart/crds/security.istio.io_peerauthentications.yaml @@ -91,22 +91,23 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object type: object x-kubernetes-validations: - message: portLevelMtls requires selector - rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() - > 0) || !has(self.portLevelMtls) + rule: |- + has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0 || + !has(self.portLevelMtls) status: properties: conditions: @@ -254,22 +255,23 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object type: object x-kubernetes-validations: - message: portLevelMtls requires selector - rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() - > 0) || !has(self.portLevelMtls) + rule: |- + has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0 || + !has(self.portLevelMtls) status: properties: conditions: diff --git a/chart/crds/security.istio.io_requestauthentications.yaml b/chart/crds/security.istio.io_requestauthentications.yaml index 2d6729688..d060a1127 100644 --- a/chart/crds/security.istio.io_requestauthentications.yaml +++ b/chart/crds/security.istio.io_requestauthentications.yaml @@ -92,7 +92,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] jwksUri: description: URL of the provider's public key set to validate signature of the JWT. @@ -101,7 +101,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] outputClaimToHeaders: description: This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -138,7 +138,8 @@ spec: type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set - rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 + rule: '(has(self.jwksUri) ? 1 : 0) + (has(self.jwks_uri) ? 1 : + 0) + (has(self.jwks) ? 1 : 0) <= 1' maxItems: 4096 type: array selector: @@ -150,14 +151,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -192,8 +193,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -227,14 +229,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -383,7 +387,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] jwksUri: description: URL of the provider's public key set to validate signature of the JWT. @@ -392,7 +396,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] outputClaimToHeaders: description: This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -429,7 +433,8 @@ spec: type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set - rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 + rule: '(has(self.jwksUri) ? 1 : 0) + (has(self.jwks_uri) ? 1 : + 0) + (has(self.jwks) ? 1 : 0) <= 1' maxItems: 4096 type: array selector: @@ -441,14 +446,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -483,8 +488,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -518,14 +524,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: diff --git a/chart/crds/telemetry.istio.io_telemetries.yaml b/chart/crds/telemetry.istio.io_telemetries.yaml index beaa1537b..117a06d9a 100644 --- a/chart/crds/telemetry.istio.io_telemetries.yaml +++ b/chart/crds/telemetry.istio.io_telemetries.yaml @@ -164,11 +164,11 @@ spec: type: object x-kubernetes-validations: - message: value must be set when operation is UPSERT - rule: '((has(self.operation) ? self.operation : '''') - == ''UPSERT'') ? self.value != '''' : true' + rule: '((has(self.operation) ? self.operation : "") + == "UPSERT") ? (self.value != "") : true' - message: value must not be set when operation is REMOVE - rule: '((has(self.operation) ? self.operation : '''') - == ''REMOVE'') ? !has(self.value) : true' + rule: '((has(self.operation) ? self.operation : "") + == "REMOVE") ? !has(self.value) : true' description: Optional. type: object type: object @@ -202,14 +202,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -244,8 +244,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -279,8 +280,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array tracing: @@ -400,7 +402,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -621,11 +624,11 @@ spec: type: object x-kubernetes-validations: - message: value must be set when operation is UPSERT - rule: '((has(self.operation) ? self.operation : '''') - == ''UPSERT'') ? self.value != '''' : true' + rule: '((has(self.operation) ? self.operation : "") + == "UPSERT") ? (self.value != "") : true' - message: value must not be set when operation is REMOVE - rule: '((has(self.operation) ? self.operation : '''') - == ''REMOVE'') ? !has(self.value) : true' + rule: '((has(self.operation) ? self.operation : "") + == "REMOVE") ? !has(self.value) : true' description: Optional. type: object type: object @@ -659,14 +662,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -701,8 +704,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -736,8 +740,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array tracing: @@ -857,7 +862,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: diff --git a/chart/values.yaml b/chart/values.yaml index 32868649a..5f1c3ba32 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -25,7 +25,7 @@ csv: - v1.22.6 - v1.22.5 - v1.21.6 - - latest (1192d742) + - latest (0542a4c9) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha index 95b705e7e..5c2bdff6e 100644 --- a/common/.commonfiles.sha +++ b/common/.commonfiles.sha @@ -1 +1 @@ -c2c2ba7e08159409af8d452aa5683f9c65dd4ee6 +9b8f6788017ae4be609087a254139cdd69806f73 diff --git a/common/scripts/kind_provisioner.sh b/common/scripts/kind_provisioner.sh index 9e9ea59cf..a79af424b 100644 --- a/common/scripts/kind_provisioner.sh +++ b/common/scripts/kind_provisioner.sh @@ -32,7 +32,7 @@ set -x #################################################################### # DEFAULT_KIND_IMAGE is used to set the Kubernetes version for KinD unless overridden in params to setup_kind_cluster(s) -DEFAULT_KIND_IMAGE="gcr.io/istio-testing/kind-node:v1.28.4" +DEFAULT_KIND_IMAGE="gcr.io/istio-testing/kind-node:v1.30.0" # the default kind cluster should be ipv4 if not otherwise specified IP_FAMILY="${IP_FAMILY:-ipv4}" @@ -195,7 +195,7 @@ function setup_kind_cluster() { kubectl taint nodes "${NAME}"-control-plane node-role.kubernetes.io/control-plane- 2>/dev/null || true # Determine what CNI to install - case "${KUBERNETES_CNI:-}" in + case "${KUBERNETES_CNI:-}" in "calico") echo "Installing Calico CNI" diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh index 94a83ed0e..82ab62499 100755 --- a/common/scripts/setup_env.sh +++ b/common/scripts/setup_env.sh @@ -75,7 +75,7 @@ fi TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io} PROJECT_ID=${PROJECT_ID:-istio-testing} if [[ "${IMAGE_VERSION:-}" == "" ]]; then - IMAGE_VERSION=master-f53c293f26fde9fd818b2ddc22dc3836dd58103e + IMAGE_VERSION=master-0b8e6b9676d328fbeb28a23b8d1134dcc56d98ec fi if [[ "${IMAGE_NAME:-}" == "" ]]; then IMAGE_NAME=build-tools diff --git a/go.mod b/go.mod index ab34acff2..f8523360b 100644 --- a/go.mod +++ b/go.mod @@ -1,45 +1,45 @@ module github.com/istio-ecosystem/sail-operator -go 1.23 +go 1.23.0 -toolchain go1.23.2 +toolchain go1.23.4 // Client-go does not handle different versions of mergo due to some breaking changes - use the matching version // This replacement is aligned with istio/istio's go.mod replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.5 require ( - github.com/Masterminds/semver/v3 v3.3.0 + github.com/Masterminds/semver/v3 v3.3.1 github.com/elastic/crd-ref-docs v0.1.0 github.com/go-logr/logr v1.4.2 github.com/google/go-cmp v0.6.0 github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0 - github.com/magiconair/properties v1.8.7 - github.com/onsi/ginkgo/v2 v2.20.2 - github.com/onsi/gomega v1.35.1 - github.com/prometheus/common v0.60.1 - github.com/stretchr/testify v1.9.0 - golang.org/x/mod v0.21.0 - golang.org/x/text v0.20.0 - golang.org/x/tools v0.26.0 + github.com/magiconair/properties v1.8.9 + github.com/onsi/ginkgo/v2 v2.22.0 + github.com/onsi/gomega v1.36.0 + github.com/prometheus/common v0.61.0 + github.com/stretchr/testify v1.10.0 + golang.org/x/mod v0.22.0 + golang.org/x/text v0.21.0 + golang.org/x/tools v0.28.0 gomodules.xyz/jsonpatch/v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.16.3 - istio.io/client-go v1.24.0-alpha.0.0.20241213165604-5e53cc1d5852 - istio.io/istio v0.0.0-20241216012244-1192d7427e83 - k8s.io/api v0.31.2 - k8s.io/apiextensions-apiserver v0.31.2 - k8s.io/apimachinery v0.31.2 - k8s.io/cli-runtime v0.31.2 - k8s.io/client-go v0.31.2 - sigs.k8s.io/controller-runtime v0.19.1 + istio.io/client-go v1.24.0-alpha.0.0.20241216213027-61ceb94240c7 + istio.io/istio v0.0.0-20241216235858-0542a4c97f8a + k8s.io/api v0.32.0 + k8s.io/apiextensions-apiserver v0.32.0 + k8s.io/apimachinery v0.32.0 + k8s.io/cli-runtime v0.32.0 + k8s.io/client-go v0.32.0 + sigs.k8s.io/controller-runtime v0.19.3 ) require ( dario.cat/mergo v1.0.1 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect - github.com/BurntSushi/toml v1.3.2 // indirect + github.com/BurntSushi/toml v1.4.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect @@ -50,27 +50,26 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/chai2010/gettext-go v1.0.2 // indirect + github.com/chai2010/gettext-go v1.0.3 // indirect github.com/containerd/containerd v1.7.23 // indirect github.com/containerd/errdefs v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect - github.com/cyphar/filepath-securejoin v0.3.4 // indirect + github.com/cyphar/filepath-securejoin v0.3.5 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v27.3.1+incompatible // indirect + github.com/docker/cli v27.4.0+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker v26.1.5+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.2 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect - github.com/emicklei/go-restful/v3 v3.12.0 // indirect + github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-errors/errors v1.5.1 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect @@ -84,12 +83,11 @@ require ( github.com/gobwas/glob v0.2.3 // indirect github.com/goccy/go-yaml v1.12.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/google/btree v1.1.2 // indirect - github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/btree v1.1.3 // indirect + github.com/google/gnostic-models v0.6.9 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect + github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.1 // indirect @@ -109,15 +107,15 @@ require ( github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/lib/pq v1.10.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect - github.com/mailru/easyjson v0.7.7 // indirect + github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/locker v1.0.1 // indirect - github.com/moby/spdystream v0.4.0 // indirect + github.com/moby/spdystream v0.5.0 // indirect github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect @@ -132,7 +130,7 @@ require ( github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect - github.com/rivo/uniseg v0.4.6 // indirect + github.com/rivo/uniseg v0.4.7 // indirect github.com/rubenv/sql-migrate v1.7.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect @@ -145,42 +143,42 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect - go.opentelemetry.io/otel v1.32.0 // indirect - go.opentelemetry.io/otel/metric v1.32.0 // indirect - go.opentelemetry.io/otel/trace v1.32.0 // indirect - go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.33.0 // indirect + go.opentelemetry.io/otel/metric v1.33.0 // indirect + go.opentelemetry.io/otel/trace v1.33.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.29.0 // indirect - golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect - golang.org/x/net v0.31.0 // indirect + golang.org/x/crypto v0.31.0 // indirect + golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect + golang.org/x/net v0.32.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect - golang.org/x/sync v0.9.0 // indirect - golang.org/x/sys v0.27.0 // indirect - golang.org/x/term v0.26.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect golang.org/x/time v0.8.0 // indirect golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect - google.golang.org/grpc v1.68.0 // indirect - google.golang.org/protobuf v1.35.2 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/grpc v1.69.0 // indirect + google.golang.org/protobuf v1.36.0 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gotest.tools/v3 v3.5.1 // indirect - istio.io/api v1.24.0-alpha.0.0.20241213165305-e1f82e2bed66 // indirect - k8s.io/apiserver v0.31.2 // indirect - k8s.io/component-base v0.31.2 // indirect + istio.io/api v1.24.0-alpha.0.0.20241216212528-e71149d830e3 // indirect + k8s.io/apiserver v0.32.0 // indirect + k8s.io/component-base v0.32.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 // indirect - k8s.io/kubectl v0.31.2 // indirect - k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 // indirect + k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect + k8s.io/kubectl v0.32.0 // indirect + k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect oras.land/oras-go v1.2.5 // indirect sigs.k8s.io/controller-tools v0.15.0 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.17.2 // indirect - sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect + sigs.k8s.io/kustomize/api v0.18.0 // indirect + sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 40c2ebbeb..4d1d824b9 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8af github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -16,8 +16,8 @@ github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJ github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= -github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4= +github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= @@ -52,8 +52,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXe github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= -github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= +github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80= +github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= @@ -69,8 +69,8 @@ github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7np github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= -github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= +github.com/cyphar/filepath-securejoin v0.3.5 h1:L81NHjquoQmcPgXcttUS9qTSR/+bXry6pbSINQGpjj4= +github.com/cyphar/filepath-securejoin v0.3.5/go.mod h1:edhVd3c6OXKjUmSrVa/tGJRS9joFTxlslFCAyaxigkE= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -79,8 +79,8 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v27.3.1+incompatible h1:qEGdFBF3Xu6SCvCYhc7CzaQTlBmqDuzxPDpigSyeKQQ= -github.com/docker/cli v27.3.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.4.0+incompatible h1:/nJzWkcI1MDMN+U+px/YXnQWJqnu4J+QKGTfD6ptiTc= +github.com/docker/cli v27.4.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v26.1.5+incompatible h1:NEAxTwEjxV6VbBMBoGG3zPqbiJosIApZjxlbrG9q3/g= @@ -97,8 +97,8 @@ github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arX github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= github.com/elastic/crd-ref-docs v0.1.0 h1:Cr5kz89QB3Iuuj7dhAfLMApCrChEGAaIBTxGk/xuRKw= github.com/elastic/crd-ref-docs v0.1.0/go.mod h1:X83mMBdJt05heJUYiS3T0yJ/JkCuliuhSUNav5Gjo/U= -github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= -github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= +github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= @@ -157,8 +157,8 @@ github.com/goccy/go-yaml v1.12.0/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHv github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -166,10 +166,10 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= -github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= -github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= +github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= @@ -177,8 +177,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA= -github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -239,17 +239,17 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= -github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM= +github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= +github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= +github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= -github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -263,8 +263,8 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= -github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= -github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= +github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= @@ -289,10 +289,10 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= -github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= +github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.36.0 h1:Pb12RlruUtj4XUuPUqeEWc6j5DkVVVA49Uf6YLfC95Y= +github.com/onsi/gomega v1.36.0/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -320,18 +320,18 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= -github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= +github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ= +github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.4.6 h1:Sovz9sDSwbOz9tgUy8JpT+KgCkPYJEN/oYzlJiYTNLg= -github.com/rivo/uniseg v0.4.6/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI= github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= @@ -362,8 +362,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -385,16 +385,16 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM= -go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= -go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= -go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= -go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= -go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= -go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= -go.starlark.net v0.0.0-20231121155337-90ade8b19d09 h1:hzy3LFnSN8kuQK8h9tHl4ndF6UruMj47OqwqsS+/Ai4= -go.starlark.net v0.0.0-20231121155337-90ade8b19d09/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= +go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= +go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= +go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= +go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= +go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -407,22 +407,22 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4= +golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= +golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -430,8 +430,8 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -442,22 +442,22 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -466,14 +466,14 @@ golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 h1:LLhsEBxRTBLuKlQxFBYUO golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU= -google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= -google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= -google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= +google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= +google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -485,7 +485,6 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -495,47 +494,47 @@ gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY= helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU= -istio.io/api v1.24.0-alpha.0.0.20241213165305-e1f82e2bed66 h1:TduJO0W8SpqeFvoYhk5J/Z6/G5j4tswt3c/IoO/kKiA= -istio.io/api v1.24.0-alpha.0.0.20241213165305-e1f82e2bed66/go.mod h1:MQnRok7RZ20/PE56v0LxmoWH0xVxnCQPNuf9O7PAN1I= -istio.io/client-go v1.24.0-alpha.0.0.20241213165604-5e53cc1d5852 h1:SmzL794lAJvOWzR5B5Sepw5PDNEV3BsRlbi44hoOJWM= -istio.io/client-go v1.24.0-alpha.0.0.20241213165604-5e53cc1d5852/go.mod h1:7dC2PM9+bwEl2SQDmz5MZCE5uUUINRc80UWnZokh0lo= -istio.io/istio v0.0.0-20241216012244-1192d7427e83 h1:9pqWD0NcojCAcU4Z/2+Qu41j7gayaPI2Q7DeApe+8Ik= -istio.io/istio v0.0.0-20241216012244-1192d7427e83/go.mod h1:A3Lzkg62F2DSPCcf7PwmX+LOeX3h+CaT7njpK/5KUhw= -k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= -k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= -k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0= -k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM= -k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= -k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/apiserver v0.31.2 h1:VUzOEUGRCDi6kX1OyQ801m4A7AUPglpsmGvdsekmcI4= -k8s.io/apiserver v0.31.2/go.mod h1:o3nKZR7lPlJqkU5I3Ove+Zx3JuoFjQobGX1Gctw6XuE= -k8s.io/cli-runtime v0.31.2 h1:7FQt4C4Xnqx8V1GJqymInK0FFsoC+fAZtbLqgXYVOLQ= -k8s.io/cli-runtime v0.31.2/go.mod h1:XROyicf+G7rQ6FQJMbeDV9jqxzkWXTYD6Uxd15noe0Q= -k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc= -k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs= -k8s.io/component-base v0.31.2 h1:Z1J1LIaC0AV+nzcPRFqfK09af6bZ4D1nAOpWsy9owlA= -k8s.io/component-base v0.31.2/go.mod h1:9PeyyFN/drHjtJZMCTkSpQJS3U9OXORnHQqMLDz0sUQ= +istio.io/api v1.24.0-alpha.0.0.20241216212528-e71149d830e3 h1:dI9hH2w1tdZ+SPffuHoHRBdh9+5hRGoEkO51L51UbmA= +istio.io/api v1.24.0-alpha.0.0.20241216212528-e71149d830e3/go.mod h1:QFzEXv/IT582T0FHZVp1QoolvE4ws0zz/vVO55blmlE= +istio.io/client-go v1.24.0-alpha.0.0.20241216213027-61ceb94240c7 h1:8Cp/Vr0X2ZjEOvMKHIt1m86uU2baabTcGFtrqRjmVuQ= +istio.io/client-go v1.24.0-alpha.0.0.20241216213027-61ceb94240c7/go.mod h1:KGD1lKSP58Mb7m4Y10y+/bnQE93GT0ec+BBNgKRChJI= +istio.io/istio v0.0.0-20241216235858-0542a4c97f8a h1:oPIAewVdDzk/qMmugvfCDVzkRJVtj+C3/YlAcCX94zM= +istio.io/istio v0.0.0-20241216235858-0542a4c97f8a/go.mod h1:PlI+cPeQQ2ksL1DyZJYxIv2gqOVIVaHFz1vP3iXLUBg= +k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= +k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= +k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= +k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= +k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= +k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apiserver v0.32.0 h1:VJ89ZvQZ8p1sLeiWdRJpRD6oLozNZD2+qVSLi+ft5Qs= +k8s.io/apiserver v0.32.0/go.mod h1:HFh+dM1/BE/Hm4bS4nTXHVfN6Z6tFIZPi649n83b4Ag= +k8s.io/cli-runtime v0.32.0 h1:dP+OZqs7zHPpGQMCGAhectbHU2SNCuZtIimRKTv2T1c= +k8s.io/cli-runtime v0.32.0/go.mod h1:Mai8ht2+esoDRK5hr861KRy6z0zHsSTYttNVJXgP3YQ= +k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= +k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= +k8s.io/component-base v0.32.0 h1:d6cWHZkCiiep41ObYQS6IcgzOUQUNpywm39KVYaUqzU= +k8s.io/component-base v0.32.0/go.mod h1:JLG2W5TUxUu5uDyKiH2R/7NnxJo1HlPoRIIbVLkK5eM= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 h1:Q8Z7VlGhcJgBHJHYugJ/K/7iB8a2eSxCyxdVjJp+lLY= -k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubectl v0.31.2 h1:gTxbvRkMBwvTSAlobiTVqsH6S8Aa1aGyBcu5xYLsn8M= -k8s.io/kubectl v0.31.2/go.mod h1:EyASYVU6PY+032RrTh5ahtSOMgoDRIux9V1JLKtG5xM= -k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= -k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= +k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas= +k8s.io/kubectl v0.32.0 h1:rpxl+ng9qeG79YA4Em9tLSfX0G8W0vfaiPVrc/WR7Xw= +k8s.io/kubectl v0.32.0/go.mod h1:qIjSX+QgPQUgdy8ps6eKsYNF+YmFOAO3WygfucIqFiE= +k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= +k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= -sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= -sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw= +sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM= sigs.k8s.io/controller-tools v0.15.0 h1:4dxdABXGDhIa68Fiwaif0vcu32xfwmgQ+w8p+5CxoAI= sigs.k8s.io/controller-tools v0.15.0/go.mod h1:8zUSS2T8Hx0APCNRhJWbS3CAQEbIxLa07khzh7pZmXM= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= -sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= -sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= -sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo= +sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U= +sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E= +sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo= +sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk= +sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/resources/latest/charts/base/Chart.yaml b/resources/latest/charts/base/Chart.yaml index c798f4109..dac5426ee 100644 --- a/resources/latest/charts/base/Chart.yaml +++ b/resources/latest/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 +appVersion: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 +version: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d diff --git a/resources/latest/charts/base/files/crd-all.gen.yaml b/resources/latest/charts/base/files/crd-all.gen.yaml index 0cd2305f0..5360fe804 100644 --- a/resources/latest/charts/base/files/crd-all.gen.yaml +++ b/resources/latest/charts/base/files/crd-all.gen.yaml @@ -133,14 +133,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -180,8 +180,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -215,8 +216,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: @@ -235,10 +237,9 @@ spec: type: string x-kubernetes-validations: - message: url must have schema one of [http, https, file, oci] - rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'', - ''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) && - url(''http://'' +self).getScheme() in ['''', ''http'', ''https'', - ''oci'', ''file''])' + rule: |- + isURL(self) ? (url(self).getScheme() in ["", "http", "https", "oci", "file"]) : (isURL("http://" + self) && + url("http://" + self).getScheme() in ["", "http", "https", "oci", "file"]) verificationKey: type: string vmConfig: @@ -272,7 +273,7 @@ spec: type: object x-kubernetes-validations: - message: value may only be set when valueFrom is INLINE - rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST'' + rule: '(has(self.valueFrom) ? self.valueFrom : "") != "HOST" || !has(self.value)' maxItems: 256 type: array @@ -285,7 +286,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -2214,14 +2216,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -4128,14 +4130,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -6042,14 +6044,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -6440,8 +6442,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array workloadSelector: @@ -6454,7 +6457,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -6463,7 +6466,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or workloadSelector can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.targetRefs) + ? 1 : 0) <= 1' status: properties: conditions: @@ -7329,14 +7333,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -7495,11 +7499,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) - == ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) + == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : + true' labels: additionalProperties: type: string @@ -7528,7 +7532,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -7544,7 +7548,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -7559,7 +7563,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != '*' + rule: self != "*" maxItems: 256 minItems: 1 type: array @@ -7639,7 +7643,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -7650,18 +7654,20 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? + 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) - && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution - != ''NONE''))' + rule: |- + !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && + self.resolution != "STATIC" && self.resolution != "NONE") - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') - ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' + rule: |- + (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || + size(self.endpoints) == 1) : true status: properties: conditions: @@ -7792,11 +7798,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) - == ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) + == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : + true' labels: additionalProperties: type: string @@ -7825,7 +7831,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -7841,7 +7847,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -7856,7 +7862,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != '*' + rule: self != "*" maxItems: 256 minItems: 1 type: array @@ -7936,7 +7942,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -7947,18 +7953,20 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? + 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) - && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution - != ''NONE''))' + rule: |- + !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && + self.resolution != "STATIC" && self.resolution != "NONE") - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') - ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' + rule: |- + (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || + size(self.endpoints) == 1) : true status: properties: conditions: @@ -8089,11 +8097,11 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) - == ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) + == "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : + true' labels: additionalProperties: type: string @@ -8122,7 +8130,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -8138,7 +8146,7 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' maxItems: 4096 type: array @@ -8153,7 +8161,7 @@ spec: type: string x-kubernetes-validations: - message: hostname cannot be wildcard - rule: self != '*' + rule: self != "*" maxItems: 256 minItems: 1 type: array @@ -8233,7 +8241,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -8244,18 +8252,20 @@ spec: type: object x-kubernetes-validations: - message: only one of WorkloadSelector or Endpoints can be set - rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1 + rule: '(has(self.workloadSelector) ? 1 : 0) + (has(self.endpoints) ? + 1 : 0) <= 1' - message: CIDR addresses are allowed only for NONE/STATIC resolution types - rule: '!(has(self.addresses) && self.addresses.exists(k, k.contains(''/'')) - && (has(self.resolution) && self.resolution != ''STATIC'' && self.resolution - != ''NONE''))' + rule: |- + !(has(self.addresses) && self.addresses.exists(k, k.contains("/")) && has(self.resolution) && + self.resolution != "STATIC" && self.resolution != "NONE") - message: NONE mode cannot set endpoints - rule: '(!has(self.resolution) || self.resolution == ''NONE'') ? !has(self.endpoints) + rule: '(!has(self.resolution) || self.resolution == "NONE") ? !has(self.endpoints) : true' - message: DNS_ROUND_ROBIN mode cannot have multiple endpoints - rule: '(has(self.resolution) && self.resolution == ''DNS_ROUND_ROBIN'') - ? (!has(self.endpoints) || size(self.endpoints) == 1) : true' + rule: |- + (has(self.resolution) && self.resolution == "DNS_ROUND_ROBIN") ? (!has(self.endpoints) || + size(self.endpoints) == 1) : true status: properties: conditions: @@ -8817,7 +8827,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -9359,7 +9369,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -9901,7 +9911,7 @@ spec: type: string x-kubernetes-validations: - message: wildcard is not supported in selector - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. maxProperties: 256 @@ -13188,10 +13198,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' - || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" + || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -13220,7 +13230,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -13236,8 +13246,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? - !has(self.ports) : true' + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) + : true' status: properties: conditions: @@ -13348,10 +13358,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' - || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" + || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -13380,7 +13390,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -13396,8 +13406,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? - !has(self.ports) : true' + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) + : true' status: properties: conditions: @@ -13508,10 +13518,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' - || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == "/" + || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -13540,7 +13550,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -13556,8 +13566,8 @@ spec: - message: Address is required rule: has(self.address) || has(self.network) - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? - !has(self.ports) : true' + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) + : true' status: properties: conditions: @@ -13786,7 +13796,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ['', 'HTTP', 'HTTPS'] + rule: self in ["", "HTTP", "HTTPS"] required: - port type: object @@ -13839,11 +13849,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == - ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == + "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -13872,7 +13881,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -13886,7 +13895,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' required: - template @@ -14095,7 +14104,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ['', 'HTTP', 'HTTPS'] + rule: self in ["", "HTTP", "HTTPS"] required: - port type: object @@ -14148,11 +14157,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == - ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == + "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -14181,7 +14189,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -14195,7 +14203,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' required: - template @@ -14404,7 +14412,7 @@ spec: type: string x-kubernetes-validations: - message: scheme must be one of [HTTP, HTTPS] - rule: self in ['', 'HTTP', 'HTTPS'] + rule: self in ["", "HTTP", "HTTPS"] required: - port type: object @@ -14457,11 +14465,10 @@ spec: type: string x-kubernetes-validations: - message: UDS must be an absolute path or abstract socket - rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == - ''/'' || self.substring(7,8) == ''@'') : true' + rule: 'self.startsWith("unix://") ? (self.substring(7, 8) == + "/" || self.substring(7, 8) == "@") : true' - message: UDS may not be a dir - rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') - : true' + rule: 'self.startsWith("unix://") ? !self.endsWith("/") : true' labels: additionalProperties: type: string @@ -14490,7 +14497,7 @@ spec: type: object x-kubernetes-validations: - message: port name must be valid - rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + rule: self.all(key, size(key) < 63 && key.matches("^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$")) serviceAccount: description: The service account associated with the workload if a sidecar is present in the workload. @@ -14504,7 +14511,7 @@ spec: type: object x-kubernetes-validations: - message: UDS may not include ports - rule: '(has(self.address) && self.address.startsWith(''unix://'')) + rule: '(has(self.address) && self.address.startsWith("unix://")) ? !has(self.ports) : true' required: - template @@ -14810,14 +14817,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -14852,8 +14859,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -14887,14 +14895,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -15167,14 +15177,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -15209,8 +15219,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -15244,14 +15255,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -15426,22 +15439,23 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object type: object x-kubernetes-validations: - message: portLevelMtls requires selector - rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() - > 0) || !has(self.portLevelMtls) + rule: |- + has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0 || + !has(self.portLevelMtls) status: properties: conditions: @@ -15589,22 +15603,23 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object type: object x-kubernetes-validations: - message: portLevelMtls requires selector - rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() - > 0) || !has(self.portLevelMtls) + rule: |- + has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() > 0 || + !has(self.portLevelMtls) status: properties: conditions: @@ -15780,7 +15795,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] jwksUri: description: URL of the provider's public key set to validate signature of the JWT. @@ -15789,7 +15804,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] outputClaimToHeaders: description: This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -15826,7 +15841,8 @@ spec: type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set - rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 + rule: '(has(self.jwksUri) ? 1 : 0) + (has(self.jwks_uri) ? 1 : + 0) + (has(self.jwks) ? 1 : 0) <= 1' maxItems: 4096 type: array selector: @@ -15838,14 +15854,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -15880,8 +15896,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -15915,14 +15932,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -16071,7 +16090,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] jwksUri: description: URL of the provider's public key set to validate signature of the JWT. @@ -16080,7 +16099,7 @@ spec: type: string x-kubernetes-validations: - message: url must have scheme http:// or https:// - rule: url(self).getScheme() in ['http', 'https'] + rule: url(self).getScheme() in ["http", "https"] outputClaimToHeaders: description: This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -16117,7 +16136,8 @@ spec: type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set - rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 + rule: '(has(self.jwksUri) ? 1 : 0) + (has(self.jwks_uri) ? 1 : + 0) + (has(self.jwks) ? 1 : 0) <= 1' maxItems: 4096 type: array selector: @@ -16129,14 +16149,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -16171,8 +16191,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -16206,14 +16227,16 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -16461,11 +16484,11 @@ spec: type: object x-kubernetes-validations: - message: value must be set when operation is UPSERT - rule: '((has(self.operation) ? self.operation : '''') - == ''UPSERT'') ? self.value != '''' : true' + rule: '((has(self.operation) ? self.operation : "") + == "UPSERT") ? (self.value != "") : true' - message: value must not be set when operation is REMOVE - rule: '((has(self.operation) ? self.operation : '''') - == ''REMOVE'') ? !has(self.value) : true' + rule: '((has(self.operation) ? self.operation : "") + == "REMOVE") ? !has(self.value) : true' description: Optional. type: object type: object @@ -16499,14 +16522,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -16541,8 +16564,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -16576,8 +16600,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array tracing: @@ -16697,7 +16722,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: @@ -16918,11 +16944,11 @@ spec: type: object x-kubernetes-validations: - message: value must be set when operation is UPSERT - rule: '((has(self.operation) ? self.operation : '''') - == ''UPSERT'') ? self.value != '''' : true' + rule: '((has(self.operation) ? self.operation : "") + == "UPSERT") ? (self.value != "") : true' - message: value must not be set when operation is REMOVE - rule: '((has(self.operation) ? self.operation : '''') - == ''REMOVE'') ? !has(self.value) : true' + rule: '((has(self.operation) ? self.operation : "") + == "REMOVE") ? !has(self.value) : true' description: Optional. type: object type: object @@ -16956,14 +16982,14 @@ spec: type: string x-kubernetes-validations: - message: wildcard not allowed in label value match - rule: '!self.contains(''*'')' + rule: '!self.contains("*")' description: One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. maxProperties: 4096 type: object x-kubernetes-validations: - message: wildcard not allowed in label key match - rule: self.all(key, !key.contains('*')) + rule: self.all(key, !key.contains("*")) - message: key must not be empty rule: self.all(key, key.size() != 0) type: object @@ -16998,8 +17024,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' targetRefs: description: Optional. items: @@ -17033,8 +17060,9 @@ spec: x-kubernetes-validations: - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway - rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], - [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + rule: '[self.group, self.kind] in [["core", "Service"], ["", "Service"], + ["gateway.networking.k8s.io", "Gateway"], ["networking.istio.io", + "ServiceEntry"]]' maxItems: 16 type: array tracing: @@ -17154,7 +17182,8 @@ spec: type: object x-kubernetes-validations: - message: only one of targetRefs or selector can be set - rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + rule: '(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + + (has(self.targetRefs) ? 1 : 0) <= 1' status: properties: conditions: diff --git a/resources/latest/charts/cni/Chart.yaml b/resources/latest/charts/cni/Chart.yaml index fcc9635e0..9d234e554 100644 --- a/resources/latest/charts/cni/Chart.yaml +++ b/resources/latest/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 +appVersion: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 +version: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d diff --git a/resources/latest/charts/cni/values.yaml b/resources/latest/charts/cni/values.yaml index c284e8a2d..61515c898 100644 --- a/resources/latest/charts/cni/values.yaml +++ b/resources/latest/charts/cni/values.yaml @@ -113,7 +113,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + tag: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/latest/charts/gateway/Chart.yaml b/resources/latest/charts/gateway/Chart.yaml index 696bd74c0..1566ce03b 100644 --- a/resources/latest/charts/gateway/Chart.yaml +++ b/resources/latest/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 +appVersion: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 +version: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d diff --git a/resources/latest/charts/istiod/Chart.yaml b/resources/latest/charts/istiod/Chart.yaml index 9e6565101..37b8e0a4a 100644 --- a/resources/latest/charts/istiod/Chart.yaml +++ b/resources/latest/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 +appVersion: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 +version: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d diff --git a/resources/latest/charts/istiod/values.yaml b/resources/latest/charts/istiod/values.yaml index 78403460c..9071fb170 100644 --- a/resources/latest/charts/istiod/values.yaml +++ b/resources/latest/charts/istiod/values.yaml @@ -242,7 +242,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + tag: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/revisiontags/values.yaml b/resources/latest/charts/revisiontags/values.yaml index 78403460c..9071fb170 100644 --- a/resources/latest/charts/revisiontags/values.yaml +++ b/resources/latest/charts/revisiontags/values.yaml @@ -242,7 +242,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + tag: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/ztunnel/Chart.yaml b/resources/latest/charts/ztunnel/Chart.yaml index f46e42a0a..7c37ead1a 100644 --- a/resources/latest/charts/ztunnel/Chart.yaml +++ b/resources/latest/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 +appVersion: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 +version: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d diff --git a/resources/latest/charts/ztunnel/values.yaml b/resources/latest/charts/ztunnel/values.yaml index a16df1c22..f531ebb9f 100644 --- a/resources/latest/charts/ztunnel/values.yaml +++ b/resources/latest/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + tag: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/versions.yaml b/versions.yaml index a2ff24d87..dcb3b20a0 100644 --- a/versions.yaml +++ b/versions.yaml @@ -84,13 +84,13 @@ versions: - https://istio-release.storage.googleapis.com/charts/cni-1.21.6.tgz - https://istio-release.storage.googleapis.com/charts/ztunnel-1.21.6.tgz - name: latest - version: 1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + version: 1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d repo: https://github.com/istio/istio branch: master - commit: 1192d7427e8300a3f3ce7a68c238ad0a960f3c38 + commit: 0542a4c97f8a849d14aa94606e5110b5cf111e2d charts: - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38/helm/base-1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38/helm/cni-1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38/helm/gateway-1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38/helm/istiod-1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38/helm/ztunnel-1.25-alpha.1192d7427e8300a3f3ce7a68c238ad0a960f3c38.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d/helm/base-1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d/helm/cni-1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d/helm/gateway-1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d/helm/istiod-1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d/helm/ztunnel-1.25-alpha.0542a4c97f8a849d14aa94606e5110b5cf111e2d.tgz