[Automated] Update net-istio nightly (knative#14706)

* Update net-istio nightly bumping knative.dev/net-istio ca16070...04509ce: > 04509ce Add K8s 1.29 testing and bump github actions (# 1241) > c57f453 Update community files (# 1242) > a5b1f5c upgrade to latest dependencies (# 1236) > 34c78f0 Update community files (# 1235) > fbee9c0 Replace deprecated sets usages with generic version (# 1234) > f87389c upgrade to latest dependencies (# 1233) > 5db6d0f Update community files (# 1232) > 373ba92 Update community files (# 1230) > d0708dd upgrade to latest dependencies (# 1231) > fadb996 upgrade to latest dependencies (# 1229) > 4af3076 upgrade to latest dependencies (# 1225) > 6899886 Use ko label filter instead of removing KnativeCertificate yaml (# 1224) > e6e6cb7 Update net-istio to use `KnativeCertificate` instead of control-protocol secret (# 1221) > b3007f4 upgrade to latest dependencies (# 1223) Signed-off-by: Knative Automation <automation@knative.team> * don't run internal system tls tests for Istio * disable istio-tls in kind-e2e --------- Signed-off-by: Knative Automation <automation@knative.team> Co-authored-by: dprotaso <dprotaso@gmail.com>
nak3 · Jan 16, 2024 · 3cea8b4 · 3cea8b4
1 parent 752314e
commit 3cea8b4
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 31 deletions.
diff --git a/.github/workflows/kind-e2e.yaml b/.github/workflows/kind-e2e.yaml
@@ -94,7 +94,7 @@ jobs:
         - kourier
         - kourier-tls
         - istio
-        - istio-tls
+        # - istio-tls
         # Disabled due to flakiness: https://github.com/knative/serving/issues/14637
         # - istio-ambient
         - contour
@@ -119,10 +119,10 @@ jobs:
         - ingress: istio
           namespace-resources: virtualservices
 
-        - ingress: istio-tls
-          ingress-class: istio
-          namespace-resources: virtualservices
-          enable-tls: 1
+        # - ingress: istio-tls
+        #   ingress-class: istio
+        #   namespace-resources: virtualservices
+        #   enable-tls: 1
 
         # Disabled due to flakiness: https://github.com/knative/serving/issues/14637
         # - ingress: istio-ambient

diff --git a/test/e2e/systeminternaltls/system_internal_tls_test.go b/test/e2e/systeminternaltls/system_internal_tls_test.go
@@ -44,9 +44,8 @@ func TestSystemInternalTLS(t *testing.T) {
 		t.Skip("Alpha features not enabled")
 	}
 
-	if !(strings.Contains(test.ServingFlags.IngressClass, "kourier") ||
-		strings.Contains(test.ServingFlags.IngressClass, "istio")) {
-		t.Skip("Skip this test for non-kourier or non-istio ingress.")
+	if !strings.Contains(test.ServingFlags.IngressClass, "kourier") {
+		t.Skip("Skip this test for non-kourier ingress.")
 	}
 
 	t.Parallel()

diff --git a/third_party/istio-latest/net-istio.yaml b/third_party/istio-latest/net-istio.yaml
@@ -1,4 +1,4 @@
-# Generated when HEAD was ca1607073bf133f274a8a15b3c6bb640c8931fdb
+# Generated when HEAD was 04509ce7e3e23875f97abfcf82c95038e0ec8df4
 #
 # Copyright 2019 The Knative Authors
 #
@@ -22,7 +22,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     serving.knative.dev/controller: "true"
     networking.knative.dev/ingress-provider: istio
 rules:
@@ -54,7 +54,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 spec:
   selector:
@@ -93,7 +93,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 spec:
   selector:
@@ -114,7 +114,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
     experimental.istio.io/disable-gateway-port-translation: "true"
 spec:
@@ -149,7 +149,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 data:
   # TODO(nghia): Extract the .svc.cluster.local suffix into its own config.
@@ -203,7 +203,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 spec:
   selector:
@@ -221,7 +221,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 spec:
   selector:
@@ -254,7 +254,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 spec:
   selector:
@@ -271,14 +271,14 @@ spec:
         app: net-istio-controller
         app.kubernetes.io/component: net-istio
         app.kubernetes.io/name: knative-serving
-        app.kubernetes.io/version: "20231201-ca160707"
+        app.kubernetes.io/version: "20240115-04509ce7"
     spec:
       serviceAccountName: controller
       containers:
         - name: controller
           # This is the Go import path for the binary that is containerized
           # and substituted here.
-          image: gcr.io/knative-nightly/knative.dev/net-istio/cmd/controller@sha256:7ddf80fdc8807ac2b05d12f3fa8190269384426bcb4e178b2fb8b7caf33def11
+          image: gcr.io/knative-nightly/knative.dev/net-istio/cmd/controller@sha256:6a3844ed4e779996c50339f416a57d1ea9189ba1c382303a8d6f370d9d126589
           resources:
             requests:
               cpu: 30m
@@ -357,7 +357,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 spec:
   selector:
@@ -371,14 +371,14 @@ spec:
         role: net-istio-webhook
         app.kubernetes.io/component: net-istio
         app.kubernetes.io/name: knative-serving
-        app.kubernetes.io/version: "20231201-ca160707"
+        app.kubernetes.io/version: "20240115-04509ce7"
     spec:
       serviceAccountName: controller
       containers:
         - name: webhook
           # This is the Go import path for the binary that is containerized
           # and substituted here.
-          image: gcr.io/knative-nightly/knative.dev/net-istio/cmd/webhook@sha256:f019acde3c4d4741e58facf5bdc6625adc0c66547639718b70c588ebb5a73efb
+          image: gcr.io/knative-nightly/knative.dev/net-istio/cmd/webhook@sha256:af4a5e38a05fd9682fcc1b3d8f6b68aea803fa7f380f1650805442a37ffd39dc
           resources:
             requests:
               cpu: 20m
@@ -462,7 +462,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 
 ---
@@ -489,7 +489,7 @@ metadata:
     role: net-istio-webhook
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 spec:
   ports:
@@ -528,7 +528,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 webhooks:
   - admissionReviewVersions:
@@ -567,7 +567,7 @@ metadata:
   labels:
     app.kubernetes.io/component: net-istio
     app.kubernetes.io/name: knative-serving
-    app.kubernetes.io/version: "20231201-ca160707"
+    app.kubernetes.io/version: "20240115-04509ce7"
     networking.knative.dev/ingress-provider: istio
 webhooks:
   - admissionReviewVersions:
@@ -600,14 +600,20 @@ webhooks:
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-kind: Secret
+apiVersion: networking.internal.knative.dev/v1alpha1
+kind: Certificate
 metadata:
+  annotations:
+    networking.knative.dev/certificate.class: cert-manager.certificate.networking.knative.dev
+  labels:
+    networking.knative.dev/certificate-type: system-internal
+    knative.dev/install-knative-certificate: "true"
   name: routing-serving-certs
   namespace: istio-system
-  labels:
-    serving-certs-ctrl: "data-plane-routing"
-    networking.internal.knative.dev/certificate-uid: "serving-certs"
+spec:
+  dnsNames:
+    - kn-routing
+  secretName: routing-serving-certs
 # The data is populated when system-internal-tls is enabled.
 
 ---