From 3e1e112ce38c879e218946986858cbefd34e09a9 Mon Sep 17 00:00:00 2001 From: Vladimir Videlov Date: Tue, 11 Jun 2024 15:16:46 +0200 Subject: [PATCH 1/7] Bump Istio to 1.21.3 --- README.md | 4 ++-- docs/release-notes/1.7.0.md | 2 +- docs/user/README.md | 2 +- go.mod | 6 +++--- go.sum | 16 ++++++++-------- internal/istiooperator/istio-operator-light.yaml | 2 +- internal/istiooperator/istio-operator.yaml | 2 +- sec-scanners-config.yaml | 6 +++--- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index d07aa90dc3..f6139ee988 100644 --- a/README.md +++ b/README.md @@ -11,8 +11,8 @@ Istio is an open-source service mesh that provides a uniform way to manage, conn Kyma Istio Operator is a component of the Kyma runtime that handles the management and configuration of the Istio service mesh. Within Kyma Istio Operator, [Istio Controller](/docs/user/00-10-overview-istio-controller.md) is responsible for installing, uninstalling, and upgrading Istio. -The latest release includes the following versions of Istio and Envoy: -**Istio version:** 1.21.2 +The latest release includes the following versions of Istio and Envoy: +**Istio version:** 1.21.3 **Envoy version:** 1.29.4 ## Install Kyma Istio Operator and Istio from the latest release diff --git a/docs/release-notes/1.7.0.md b/docs/release-notes/1.7.0.md index 1d2032c8c5..71aa066b86 100644 --- a/docs/release-notes/1.7.0.md +++ b/docs/release-notes/1.7.0.md @@ -1,7 +1,7 @@ ## New Features - Allow for opting out of the **ENABLE_EXTERNAL_NAME_ALIAS** Istio pilot environment variable in the Istio custom resource. This allows for retaining behavior that was present in Istio prior to version 1.21. See issue [#787](https://github.com/kyma-project/istio/issues/787 ). -- Update the Istio version to 1.21.2 [#802](https://github.com/kyma-project/istio/pull/802). Read [Istio 1.21.2 Release Announcement](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.2/) and [Change Notes](https://istio.io/latest/news/releases/1.21.x/announcing-1.21/change-notes/) for more details. +- Update the Istio version to 1.21.3 [#XXX](https://github.com/kyma-project/istio/pull/XXX). Read [Istio 1.21.3 Release Announcement](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/) and [Change Notes](https://istio.io/latest/news/releases/1.21.x/announcing-1.21/change-notes/) for more details. - Add Request Authentication UI for Kyma dashboard [#816](https://github.com/kyma-project/istio/pull/816) - Now, Istio Operator does not restart Pods with Istio Sidecar, which contain custom image annotations. See the issue [#698](https://github.com/kyma-project/istio/issues/698) and [Istio Resource Annotations](https://istio.io/latest/docs/reference/config/annotations/#SidecarProxyImage) for more details. - Change Istio Ingress Gateway's scaling to be based only on CPU utilization. This adjustment ensures that the scaling is more responsive to traffic changes, as the Istio Ingress Gateway memory utilization is not a good indicator of the traffic load. diff --git a/docs/user/README.md b/docs/user/README.md index c83c94f762..18d9dffe8f 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -9,7 +9,7 @@ Istio is an open-source service mesh that provides a uniform way to manage, conn Kyma Istio Operator is an essential part of the Istio module that handles the management and configuration of the Istio service mesh. It contains [Istio Controller](./00-10-overview-istio-controller.md) that is responsible for installing, uninstalling, and upgrading Istio. The latest release includes the following versions of Istio and Envoy: -**Istio version:** 1.21.2 +**Istio version:** 1.21.3 **Envoy version:** 1.29.4 ## Useful Links diff --git a/go.mod b/go.mod index 80428fa123..011ca303de 100644 --- a/go.mod +++ b/go.mod @@ -24,9 +24,9 @@ require ( golang.org/x/time v0.5.0 google.golang.org/protobuf v1.34.1 gopkg.in/yaml.v3 v3.0.1 - istio.io/api v1.21.2 - istio.io/client-go v1.21.2 - istio.io/istio v0.0.0-20240418224740-ed90e14d3473 + istio.io/api v1.21.3-0.20240422111456-ce2c1feea604 + istio.io/client-go v1.21.3-0.20240422111956-6caf45ef5297 + istio.io/istio v0.0.0-20240601203759-7f26a100ece0 k8s.io/api v0.29.3 k8s.io/apiextensions-apiserver v0.29.3 k8s.io/apimachinery v0.29.3 diff --git a/go.sum b/go.sum index 22fcb3a32c..20efd648cd 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvM github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= -github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE= +github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= @@ -973,12 +973,12 @@ helm.sh/helm/v3 v3.14.2/go.mod h1:2itvvDv2WSZXTllknfQo6j7u3VVgMAvm8POCDgYH424= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -istio.io/api v1.21.2 h1:rnMcWXez7JIpfQjhYQMCkSGoie9U0hCq9lFEo2jP11w= -istio.io/api v1.21.2/go.mod h1:TFCMUCAHRjxBv1CsIsFCsYHPHi4axVI4vdIzVr8eFjY= -istio.io/client-go v1.21.2 h1:8uS4hUj7LaK2XRmflJuRGtNsPh64abzE9DjAYUSvlyM= -istio.io/client-go v1.21.2/go.mod h1:mqwsapfu4b1FG47puY9H8y4+ga1+d+hxfdosNQ1HclY= -istio.io/istio v0.0.0-20240418224740-ed90e14d3473 h1:zsjwlgx+1bxhs2oNTAOY0pxzezBbGHrxzQvKhen7Z9E= -istio.io/istio v0.0.0-20240418224740-ed90e14d3473/go.mod h1:lMGbMU1FIeSVgOpE/2tVg+lnDrEn3JvTZL5lPUYOv44= +istio.io/api v1.21.3-0.20240422111456-ce2c1feea604 h1:rBkCndZuKojMaNBV6iC7zD/q8zwDKDaWs+1t8mrf13Q= +istio.io/api v1.21.3-0.20240422111456-ce2c1feea604/go.mod h1:TFCMUCAHRjxBv1CsIsFCsYHPHi4axVI4vdIzVr8eFjY= +istio.io/client-go v1.21.3-0.20240422111956-6caf45ef5297 h1:79TwlDwAC9BOIsmNJuoBj1DFeifnntHKovTU3C8a6PM= +istio.io/client-go v1.21.3-0.20240422111956-6caf45ef5297/go.mod h1:9LEzw82gl2VZrc9fNnWrkGMmhWSrYsgcgi650KY3LII= +istio.io/istio v0.0.0-20240601203759-7f26a100ece0 h1:6HLkTVaj5+eXNmHCV2BRntBLGnEyRlbSKSYfqppzKqo= +istio.io/istio v0.0.0-20240601203759-7f26a100ece0/go.mod h1:3Sdk3OWMOVuli/H/AaOPpk+5VpJqpDxtbr5OUN+A9VU= k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= k8s.io/api v0.18.4/go.mod h1:lOIQAKYgai1+vz9J7YcDZwC26Z0zQewYOGWdyIPUUQ4= k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= diff --git a/internal/istiooperator/istio-operator-light.yaml b/internal/istiooperator/istio-operator-light.yaml index 13e4f1b636..b173e0ffe0 100644 --- a/internal/istiooperator/istio-operator-light.yaml +++ b/internal/istiooperator/istio-operator-light.yaml @@ -7,7 +7,7 @@ metadata: kyma-project.io/module: istio spec: hub: europe-docker.pkg.dev/kyma-project/prod/external/istio - tag: "1.21.2-distroless" + tag: "1.21.3-distroless" components: base: enabled: true diff --git a/internal/istiooperator/istio-operator.yaml b/internal/istiooperator/istio-operator.yaml index 5a4b492a04..07163f288a 100644 --- a/internal/istiooperator/istio-operator.yaml +++ b/internal/istiooperator/istio-operator.yaml @@ -7,7 +7,7 @@ metadata: kyma-project.io/module: istio spec: hub: europe-docker.pkg.dev/kyma-project/prod/external/istio - tag: "1.21.2-distroless" + tag: "1.21.3-distroless" components: base: enabled: true diff --git a/sec-scanners-config.yaml b/sec-scanners-config.yaml index 98afd921fc..9f7425fecd 100644 --- a/sec-scanners-config.yaml +++ b/sec-scanners-config.yaml @@ -1,9 +1,9 @@ module-name: istio protecode: - europe-docker.pkg.dev/kyma-project/prod/istio-manager:v20240529-eccefa05 - - europe-docker.pkg.dev/kyma-project/prod/external/istio/install-cni:1.21.2-distroless - - europe-docker.pkg.dev/kyma-project/prod/external/istio/proxyv2:1.21.2-distroless - - europe-docker.pkg.dev/kyma-project/prod/external/istio/pilot:1.21.2-distroless + - europe-docker.pkg.dev/kyma-project/prod/external/istio/install-cni:1.21.3-distroless + - europe-docker.pkg.dev/kyma-project/prod/external/istio/proxyv2:1.21.3-distroless + - europe-docker.pkg.dev/kyma-project/prod/external/istio/pilot:1.21.3-distroless whitesource: language: golang-mod subprojects: false From 7273f6e985d99cc2aad209e5f3b15bcc4b3f00ff Mon Sep 17 00:00:00 2001 From: Vladimir Videlov Date: Tue, 11 Jun 2024 15:18:26 +0200 Subject: [PATCH 2/7] rns --- docs/release-notes/1.6.4.md | 3 +++ docs/release-notes/1.7.0.md | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 docs/release-notes/1.6.4.md diff --git a/docs/release-notes/1.6.4.md b/docs/release-notes/1.6.4.md new file mode 100644 index 0000000000..4d5c4c6db2 --- /dev/null +++ b/docs/release-notes/1.6.4.md @@ -0,0 +1,3 @@ +## New Features + +- Update the Istio version to 1.21.3 [#877](https://github.com/kyma-project/istio/pull/877). Read [Istio 1.21.3 Release Announcement](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/) and [Change Notes](https://istio.io/latest/news/releases/1.21.x/announcing-1.21/change-notes/) for more details. diff --git a/docs/release-notes/1.7.0.md b/docs/release-notes/1.7.0.md index 71aa066b86..3f28c8f870 100644 --- a/docs/release-notes/1.7.0.md +++ b/docs/release-notes/1.7.0.md @@ -1,7 +1,7 @@ ## New Features - Allow for opting out of the **ENABLE_EXTERNAL_NAME_ALIAS** Istio pilot environment variable in the Istio custom resource. This allows for retaining behavior that was present in Istio prior to version 1.21. See issue [#787](https://github.com/kyma-project/istio/issues/787 ). -- Update the Istio version to 1.21.3 [#XXX](https://github.com/kyma-project/istio/pull/XXX). Read [Istio 1.21.3 Release Announcement](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/) and [Change Notes](https://istio.io/latest/news/releases/1.21.x/announcing-1.21/change-notes/) for more details. +- Update the Istio version to 1.21.3 [#877](https://github.com/kyma-project/istio/pull/877). Read [Istio 1.21.3 Release Announcement](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/) and [Change Notes](https://istio.io/latest/news/releases/1.21.x/announcing-1.21/change-notes/) for more details. - Add Request Authentication UI for Kyma dashboard [#816](https://github.com/kyma-project/istio/pull/816) - Now, Istio Operator does not restart Pods with Istio Sidecar, which contain custom image annotations. See the issue [#698](https://github.com/kyma-project/istio/issues/698) and [Istio Resource Annotations](https://istio.io/latest/docs/reference/config/annotations/#SidecarProxyImage) for more details. - Change Istio Ingress Gateway's scaling to be based only on CPU utilization. This adjustment ensures that the scaling is more responsive to traffic changes, as the Istio Ingress Gateway memory utilization is not a good indicator of the traffic load. From 106d6731fa24b3cbeb941f39b030cd6b44a8fc7d Mon Sep 17 00:00:00 2001 From: Vladimir Videlov Date: Wed, 12 Jun 2024 12:12:21 +0200 Subject: [PATCH 3/7] Update envoy version in docs --- README.md | 2 +- docs/user/README.md | 2 +- internal/reconciliations/istio/client.go | 9 +++++---- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index f6139ee988..82cc89ddd0 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Kyma Istio Operator is a component of the Kyma runtime that handles the manageme The latest release includes the following versions of Istio and Envoy: **Istio version:** 1.21.3 -**Envoy version:** 1.29.4 +**Envoy version:** 1.29.5 ## Install Kyma Istio Operator and Istio from the latest release diff --git a/docs/user/README.md b/docs/user/README.md index 18d9dffe8f..d6910d4d5d 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -10,7 +10,7 @@ Kyma Istio Operator is an essential part of the Istio module that handles the ma The latest release includes the following versions of Istio and Envoy: **Istio version:** 1.21.3 -**Envoy version:** 1.29.4 +**Envoy version:** 1.29.5 ## Useful Links diff --git a/internal/reconciliations/istio/client.go b/internal/reconciliations/istio/client.go index 8446101968..905cf7a8f4 100644 --- a/internal/reconciliations/istio/client.go +++ b/internal/reconciliations/istio/client.go @@ -3,6 +3,11 @@ package istio import ( "context" "fmt" + "os" + "os/exec" + "sync" + "time" + "github.com/pkg/errors" "istio.io/api/operator/v1alpha1" "istio.io/istio/istioctl/pkg/install/k8sversion" @@ -17,13 +22,9 @@ import ( apiErrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/rest" - "os" - "os/exec" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" - "sync" - "time" istio "istio.io/istio/operator/cmd/mesh" "istio.io/istio/operator/pkg/util/clog" From 7d9d561fd597a291b967c84771c47ef5cfcda8b6 Mon Sep 17 00:00:00 2001 From: Vladimir Videlov Date: Wed, 12 Jun 2024 13:57:00 +0200 Subject: [PATCH 4/7] Update 1.7.0 RNs --- docs/release-notes/1.7.0.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/release-notes/1.7.0.md b/docs/release-notes/1.7.0.md index 3f28c8f870..6ec2c87a88 100644 --- a/docs/release-notes/1.7.0.md +++ b/docs/release-notes/1.7.0.md @@ -1,7 +1,6 @@ ## New Features - Allow for opting out of the **ENABLE_EXTERNAL_NAME_ALIAS** Istio pilot environment variable in the Istio custom resource. This allows for retaining behavior that was present in Istio prior to version 1.21. See issue [#787](https://github.com/kyma-project/istio/issues/787 ). -- Update the Istio version to 1.21.3 [#877](https://github.com/kyma-project/istio/pull/877). Read [Istio 1.21.3 Release Announcement](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/) and [Change Notes](https://istio.io/latest/news/releases/1.21.x/announcing-1.21/change-notes/) for more details. - Add Request Authentication UI for Kyma dashboard [#816](https://github.com/kyma-project/istio/pull/816) - Now, Istio Operator does not restart Pods with Istio Sidecar, which contain custom image annotations. See the issue [#698](https://github.com/kyma-project/istio/issues/698) and [Istio Resource Annotations](https://istio.io/latest/docs/reference/config/annotations/#SidecarProxyImage) for more details. - Change Istio Ingress Gateway's scaling to be based only on CPU utilization. This adjustment ensures that the scaling is more responsive to traffic changes, as the Istio Ingress Gateway memory utilization is not a good indicator of the traffic load. From f9cca9bfe9ea88e30cdbb3ca75f823ff50b043ad Mon Sep 17 00:00:00 2001 From: Vladimir Videlov Date: Wed, 12 Jun 2024 14:12:34 +0200 Subject: [PATCH 5/7] Update 1.6.4 RNs --- docs/release-notes/1.6.4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/1.6.4.md b/docs/release-notes/1.6.4.md index 4d5c4c6db2..d97e4b8df6 100644 --- a/docs/release-notes/1.6.4.md +++ b/docs/release-notes/1.6.4.md @@ -1,3 +1,3 @@ ## New Features -- Update the Istio version to 1.21.3 [#877](https://github.com/kyma-project/istio/pull/877). Read [Istio 1.21.3 Release Announcement](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/) and [Change Notes](https://istio.io/latest/news/releases/1.21.x/announcing-1.21/change-notes/) for more details. +- Update the Istio version to 1.21.3 [#877](https://github.com/kyma-project/istio/pull/877). Read [Istio 1.21.3 Release Announcement](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/) and [Change Notes](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/#changes) for more details. From e0c50023db1549cba011a28fb17ee91a26e0b12a Mon Sep 17 00:00:00 2001 From: Vladimir Videlov Date: Wed, 12 Jun 2024 14:22:06 +0200 Subject: [PATCH 6/7] Add 1.21.3 RNs for 1.7.0 --- docs/release-notes/1.7.0.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/release-notes/1.7.0.md b/docs/release-notes/1.7.0.md index 6ec2c87a88..b1269f53af 100644 --- a/docs/release-notes/1.7.0.md +++ b/docs/release-notes/1.7.0.md @@ -1,5 +1,6 @@ ## New Features +- Update the Istio version to 1.21.3 [#877](https://github.com/kyma-project/istio/pull/877). Read [Istio 1.21.3 Release Announcement](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/) and [Change Notes](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/#changes) for more details. - Allow for opting out of the **ENABLE_EXTERNAL_NAME_ALIAS** Istio pilot environment variable in the Istio custom resource. This allows for retaining behavior that was present in Istio prior to version 1.21. See issue [#787](https://github.com/kyma-project/istio/issues/787 ). - Add Request Authentication UI for Kyma dashboard [#816](https://github.com/kyma-project/istio/pull/816) - Now, Istio Operator does not restart Pods with Istio Sidecar, which contain custom image annotations. See the issue [#698](https://github.com/kyma-project/istio/issues/698) and [Istio Resource Annotations](https://istio.io/latest/docs/reference/config/annotations/#SidecarProxyImage) for more details. From 06ca83378687cdeecce2a091c040a1303a5e446a Mon Sep 17 00:00:00 2001 From: Vladimir Videlov Date: Wed, 12 Jun 2024 14:28:14 +0200 Subject: [PATCH 7/7] Do not include patch release RNs on main --- docs/release-notes/1.6.4.md | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 docs/release-notes/1.6.4.md diff --git a/docs/release-notes/1.6.4.md b/docs/release-notes/1.6.4.md deleted file mode 100644 index d97e4b8df6..0000000000 --- a/docs/release-notes/1.6.4.md +++ /dev/null @@ -1,3 +0,0 @@ -## New Features - -- Update the Istio version to 1.21.3 [#877](https://github.com/kyma-project/istio/pull/877). Read [Istio 1.21.3 Release Announcement](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/) and [Change Notes](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/#changes) for more details.