diff --git a/Makefile.core.mk b/Makefile.core.mk index a0d1295c5..e839bdde2 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -477,7 +477,7 @@ HELM_VERSION ?= v3.16.4 CONTROLLER_TOOLS_VERSION ?= v0.16.5 OPM_VERSION ?= v1.49.0 OLM_VERSION ?= v0.30.0 -GITLEAKS_VERSION ?= v8.21.2 +GITLEAKS_VERSION ?= v8.22.0 ISTIOCTL_VERSION ?= 1.23.0 # GENERATE_RELATED_IMAGES defines whether `spec.relatedImages` is going to be generated or not diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 888f50a84..65d1ca227 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -34,7 +34,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/maistra-dev/sail-operator:0.3-latest - createdAt: "2024-12-19T05:05:23Z" + createdAt: "2024-12-22T05:04:58Z" description: Experimental operator for installing Istio service mesh features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -371,7 +371,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - latest (d547b858) + - latest (3378e2a1) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -647,10 +647,10 @@ spec: template: metadata: annotations: - images.latest.cni: gcr.io/istio-testing/install-cni:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea - images.latest.istiod: gcr.io/istio-testing/pilot:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea - images.latest.proxy: gcr.io/istio-testing/proxyv2:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea - images.latest.ztunnel: gcr.io/istio-testing/ztunnel:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + images.latest.cni: gcr.io/istio-testing/install-cni:1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 + images.latest.istiod: gcr.io/istio-testing/pilot:1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 + images.latest.proxy: gcr.io/istio-testing/proxyv2:1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 + images.latest.ztunnel: gcr.io/istio-testing/ztunnel:1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 images.v1_21_6.cni: docker.io/istio/install-cni:1.21.6 images.v1_21_6.istiod: docker.io/istio/pilot:1.21.6 images.v1_21_6.proxy: docker.io/istio/proxyv2:1.21.6 @@ -843,13 +843,13 @@ spec: provider: name: Red Hat, Inc. relatedImages: - - image: gcr.io/istio-testing/install-cni:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + - image: gcr.io/istio-testing/install-cni:1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 name: latest.cni - - image: gcr.io/istio-testing/pilot:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + - image: gcr.io/istio-testing/pilot:1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 name: latest.istiod - - image: gcr.io/istio-testing/proxyv2:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + - image: gcr.io/istio-testing/proxyv2:1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 name: latest.proxy - - image: gcr.io/istio-testing/ztunnel:1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + - image: gcr.io/istio-testing/ztunnel:1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 name: latest.ztunnel - image: docker.io/istio/install-cni:1.21.6 name: v1_21_6.cni diff --git a/chart/values.yaml b/chart/values.yaml index b7e608d05..0661cf17c 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -28,7 +28,7 @@ csv: - v1.22.6 - v1.22.5 - v1.21.6 - - latest (d547b858) + - latest (3378e2a1) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/go.mod b/go.mod index 0cc6605f8..ddd51a702 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.16.3 istio.io/client-go v1.24.0-alpha.0.0.20241218215832-3daa0126820b - istio.io/istio v0.0.0-20241219014932-d547b8580cf6 + istio.io/istio v0.0.0-20241221235517-3378e2a1dbd5 k8s.io/api v0.32.0 k8s.io/apiextensions-apiserver v0.32.0 k8s.io/apimachinery v0.32.0 diff --git a/go.sum b/go.sum index 13fa41fe8..46810d661 100644 --- a/go.sum +++ b/go.sum @@ -498,8 +498,8 @@ istio.io/api v1.24.0-alpha.0.0.20241218215532-27d505cbdb11 h1:AlkTHCbrikiyS6Pz4Q istio.io/api v1.24.0-alpha.0.0.20241218215532-27d505cbdb11/go.mod h1:QFzEXv/IT582T0FHZVp1QoolvE4ws0zz/vVO55blmlE= istio.io/client-go v1.24.0-alpha.0.0.20241218215832-3daa0126820b h1:c8USLMmfK3eOUbQ4ut9nT4fnX48nx4mUc7q2AMu5Ppo= istio.io/client-go v1.24.0-alpha.0.0.20241218215832-3daa0126820b/go.mod h1:SETUIw6SAGTLesSeed9N0SbW+72RoYB1J9LHuWgpMkQ= -istio.io/istio v0.0.0-20241219014932-d547b8580cf6 h1:HN+KGGjBUnAY/oAcuAJgZITuwIajFZdPYyxyefozmyg= -istio.io/istio v0.0.0-20241219014932-d547b8580cf6/go.mod h1:TiOIr/B86DoFGpimy1QGCrQbCT4XCJIbZ9fvs1mZ7AU= +istio.io/istio v0.0.0-20241221235517-3378e2a1dbd5 h1:cMOGr6FZWXWF7eD85KdFvYUbah1sG3NOvwdbVhGGPmk= +istio.io/istio v0.0.0-20241221235517-3378e2a1dbd5/go.mod h1:TiOIr/B86DoFGpimy1QGCrQbCT4XCJIbZ9fvs1mZ7AU= k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= diff --git a/resources/latest/charts/base/Chart.yaml b/resources/latest/charts/base/Chart.yaml index 360100c65..2789bce46 100644 --- a/resources/latest/charts/base/Chart.yaml +++ b/resources/latest/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +appVersion: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +version: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 diff --git a/resources/latest/charts/cni/Chart.yaml b/resources/latest/charts/cni/Chart.yaml index 7dff03064..e95869aee 100644 --- a/resources/latest/charts/cni/Chart.yaml +++ b/resources/latest/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +appVersion: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +version: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 diff --git a/resources/latest/charts/cni/templates/clusterrole.yaml b/resources/latest/charts/cni/templates/clusterrole.yaml index bd9ba7fdf..a51cd782f 100644 --- a/resources/latest/charts/cni/templates/clusterrole.yaml +++ b/resources/latest/charts/cni/templates/clusterrole.yaml @@ -18,7 +18,7 @@ rules: - apiGroups: [""] resources: ["pods","nodes","namespaces"] verbs: ["get", "list", "watch"] -{{- if (eq (coalesce .Values.platform .Values.global.platform) "openshift") }} +{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} - apiGroups: ["security.openshift.io"] resources: ["securitycontextconstraints"] resourceNames: ["privileged"] diff --git a/resources/latest/charts/cni/templates/configmap-cni.yaml b/resources/latest/charts/cni/templates/configmap-cni.yaml index 39a09fb69..2c2bfe57f 100644 --- a/resources/latest/charts/cni/templates/configmap-cni.yaml +++ b/resources/latest/charts/cni/templates/configmap-cni.yaml @@ -16,6 +16,7 @@ data: AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | default "false" | quote }} AMBIENT_IPV6: {{ .Values.ambient.ipv6 | default "false" | quote }} + AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | default "false" | quote }} {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. {{- end }} diff --git a/resources/latest/charts/cni/values.yaml b/resources/latest/charts/cni/values.yaml index bbcd96e2d..23eef09eb 100644 --- a/resources/latest/charts/cni/values.yaml +++ b/resources/latest/charts/cni/values.yaml @@ -51,6 +51,8 @@ _internal_defaults_do_not_set: dnsCapture: false # If enabled, and ambient is enabled, enables ipv6 support ipv6: true + # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. + reconcileIptablesOnStartup: false repair: @@ -113,7 +115,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + tag: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/latest/charts/gateway/Chart.yaml b/resources/latest/charts/gateway/Chart.yaml index 2f5888196..28ee5faf7 100644 --- a/resources/latest/charts/gateway/Chart.yaml +++ b/resources/latest/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +appVersion: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +version: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 diff --git a/resources/latest/charts/gateway/templates/deployment.yaml b/resources/latest/charts/gateway/templates/deployment.yaml index e9bfbbd36..9db59d8b9 100644 --- a/resources/latest/charts/gateway/templates/deployment.yaml +++ b/resources/latest/charts/gateway/templates/deployment.yaml @@ -77,7 +77,7 @@ spec: allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: true - {{- if not (eq .Values.platform "openshift") }} + {{- if not (eq (.Values.platform | default "") "openshift") }} runAsUser: 1337 runAsGroup: 1337 {{- end }} diff --git a/resources/latest/charts/istiod/Chart.yaml b/resources/latest/charts/istiod/Chart.yaml index 3e0c4d7e3..5d1b86e1b 100644 --- a/resources/latest/charts/istiod/Chart.yaml +++ b/resources/latest/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +appVersion: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +version: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 diff --git a/resources/latest/charts/istiod/values.yaml b/resources/latest/charts/istiod/values.yaml index f359aa8ec..3e65d28d4 100644 --- a/resources/latest/charts/istiod/values.yaml +++ b/resources/latest/charts/istiod/values.yaml @@ -242,7 +242,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + tag: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/revisiontags/values.yaml b/resources/latest/charts/revisiontags/values.yaml index f359aa8ec..3e65d28d4 100644 --- a/resources/latest/charts/revisiontags/values.yaml +++ b/resources/latest/charts/revisiontags/values.yaml @@ -242,7 +242,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + tag: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/ztunnel/Chart.yaml b/resources/latest/charts/ztunnel/Chart.yaml index 387b012f2..84e5ebf4d 100644 --- a/resources/latest/charts/ztunnel/Chart.yaml +++ b/resources/latest/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +appVersion: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea +version: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 diff --git a/resources/latest/charts/ztunnel/templates/rbac.yaml b/resources/latest/charts/ztunnel/templates/rbac.yaml index 21b0e8de3..3b90cf5af 100644 --- a/resources/latest/charts/ztunnel/templates/rbac.yaml +++ b/resources/latest/charts/ztunnel/templates/rbac.yaml @@ -21,7 +21,7 @@ metadata: {{- .Values.annotations | toYaml | nindent 4 }} {{- end }} --- -{{- if (eq .Values.platform "openshift") }} +{{- if (eq (.Values.platform | default "") "openshift") }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/resources/latest/charts/ztunnel/values.yaml b/resources/latest/charts/ztunnel/values.yaml index 5c8b9bd67..05c58a92f 100644 --- a/resources/latest/charts/ztunnel/values.yaml +++ b/resources/latest/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + tag: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/versions.yaml b/versions.yaml index 4dbc419ff..90c3aac8f 100644 --- a/versions.yaml +++ b/versions.yaml @@ -115,13 +115,13 @@ versions: - https://istio-release.storage.googleapis.com/charts/cni-1.21.6.tgz - https://istio-release.storage.googleapis.com/charts/ztunnel-1.21.6.tgz - name: latest - version: 1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea + version: 1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8 repo: https://github.com/istio/istio branch: master - commit: d547b8580cf6298e15ba732823b2e027071516ea + commit: 3378e2a1dbd54456273a5252b12606a7279d39e8 charts: - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea/helm/base-1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea/helm/cni-1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea/helm/gateway-1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea/helm/istiod-1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea.tgz - - https://storage.googleapis.com/istio-build/dev/1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea/helm/ztunnel-1.25-alpha.d547b8580cf6298e15ba732823b2e027071516ea.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8/helm/base-1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8/helm/cni-1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8/helm/gateway-1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8/helm/istiod-1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8.tgz + - https://storage.googleapis.com/istio-build/dev/1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8/helm/ztunnel-1.25-alpha.3378e2a1dbd54456273a5252b12606a7279d39e8.tgz