From 25debe967476ec06cb010caa2347ce07613c92d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Luk=C5=A1a?= Date: Fri, 19 Apr 2024 14:35:43 +0200 Subject: [PATCH 01/11] Use INFO level to log missing namespace in IstioRevision/IstioCNI (#64) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Lukša --- controllers/istiocni/istiocni_controller.go | 27 ++++++++++++++----- .../istiorevision/istiorevision_controller.go | 26 +++++++++++++----- go.mod | 1 + 3 files changed, 40 insertions(+), 14 deletions(-) diff --git a/controllers/istiocni/istiocni_controller.go b/controllers/istiocni/istiocni_controller.go index 747b33ea8..8ca919ac1 100644 --- a/controllers/istiocni/istiocni_controller.go +++ b/controllers/istiocni/istiocni_controller.go @@ -36,6 +36,7 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -43,6 +44,7 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/reconcile" + "istio.io/istio/pkg/log" "istio.io/istio/pkg/ptr" ) @@ -92,12 +94,7 @@ func NewReconciler( func (r *Reconciler) Reconcile(ctx context.Context, cni *v1alpha1.IstioCNI) (ctrl.Result, error) { log := logf.FromContext(ctx) - if err := validateIstioCNI(cni); err != nil { - return ctrl.Result{}, err - } - - log.Info("Installing components") - reconcileErr := r.installHelmChart(ctx, cni) + reconcileErr := r.doReconcile(ctx, cni) log.Info("Reconciliation done. Updating status.") statusErr := r.updateStatus(ctx, cni, reconcileErr) @@ -109,13 +106,29 @@ func (r *Reconciler) Finalize(ctx context.Context, cni *v1alpha1.IstioCNI) error return r.uninstallHelmChart(ctx, cni) } -func validateIstioCNI(cni *v1alpha1.IstioCNI) error { +func (r *Reconciler) doReconcile(ctx context.Context, cni *v1alpha1.IstioCNI) error { + if err := r.validateIstioCNI(ctx, cni); err != nil { + return err + } + + log.Info("Installing Helm chart") + return r.installHelmChart(ctx, cni) +} + +func (r *Reconciler) validateIstioCNI(ctx context.Context, cni *v1alpha1.IstioCNI) error { if cni.Spec.Version == "" { return reconciler.NewValidationError("spec.version not set") } if cni.Spec.Namespace == "" { return reconciler.NewValidationError("spec.namespace not set") } + + if err := r.Client.Get(ctx, types.NamespacedName{Name: cni.Spec.Namespace}, &corev1.Namespace{}); err != nil { + if apierrors.IsNotFound(err) { + return reconciler.NewValidationError(fmt.Sprintf("namespace %q doesn't exist", cni.Spec.Namespace)) + } + return err + } return nil } diff --git a/controllers/istiorevision/istiorevision_controller.go b/controllers/istiorevision/istiorevision_controller.go index bbb2a2e50..203af0670 100644 --- a/controllers/istiorevision/istiorevision_controller.go +++ b/controllers/istiorevision/istiorevision_controller.go @@ -50,6 +50,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" networkingv1alpha3 "istio.io/client-go/pkg/apis/networking/v1alpha3" + "istio.io/istio/pkg/log" "istio.io/istio/pkg/ptr" ) @@ -100,12 +101,7 @@ func NewReconciler(client client.Client, scheme *runtime.Scheme, resourceDir str func (r *Reconciler) Reconcile(ctx context.Context, rev *v1alpha1.IstioRevision) (ctrl.Result, error) { log := logf.FromContext(ctx) - if err := validateIstioRevision(rev); err != nil { - return ctrl.Result{}, err - } - - log.Info("Installing components") - reconcileErr := r.installHelmCharts(ctx, rev) + reconcileErr := r.doReconcile(ctx, rev) log.Info("Reconciliation done. Updating status.") statusErr := r.updateStatus(ctx, rev, reconcileErr) @@ -113,17 +109,33 @@ func (r *Reconciler) Reconcile(ctx context.Context, rev *v1alpha1.IstioRevision) return ctrl.Result{}, errors.Join(reconcileErr, statusErr) } +func (r *Reconciler) doReconcile(ctx context.Context, rev *v1alpha1.IstioRevision) error { + if err := r.validateIstioRevision(ctx, rev); err != nil { + return err + } + + log.Info("Installing Helm chart") + return r.installHelmCharts(ctx, rev) +} + func (r *Reconciler) Finalize(ctx context.Context, rev *v1alpha1.IstioRevision) error { return r.uninstallHelmCharts(ctx, rev) } -func validateIstioRevision(rev *v1alpha1.IstioRevision) error { +func (r *Reconciler) validateIstioRevision(ctx context.Context, rev *v1alpha1.IstioRevision) error { if rev.Spec.Version == "" { return reconciler.NewValidationError("spec.version not set") } if rev.Spec.Namespace == "" { return reconciler.NewValidationError("spec.namespace not set") } + if err := r.Client.Get(ctx, types.NamespacedName{Name: rev.Spec.Namespace}, &corev1.Namespace{}); err != nil { + if apierrors.IsNotFound(err) { + return reconciler.NewValidationError(fmt.Sprintf("namespace %q doesn't exist", rev.Spec.Namespace)) + } + return err + } + if rev.Spec.Values == nil { return reconciler.NewValidationError("spec.values not set") } diff --git a/go.mod b/go.mod index f0fb968d0..9cb1e3c6e 100644 --- a/go.mod +++ b/go.mod @@ -156,6 +156,7 @@ require ( google.golang.org/grpc v1.61.0 // indirect google.golang.org/protobuf v1.32.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gotest.tools/v3 v3.5.1 // indirect istio.io/api v1.19.0-alpha.1.0.20240224002031-63dcee0970de // indirect From 3067e15f73f7675b04674f9e345387added1d7d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Luk=C5=A1a?= Date: Fri, 19 Apr 2024 15:31:42 +0200 Subject: [PATCH 02/11] Ensure control plane is deployed immediately when the target namespace is created (#65) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Lukša --- controllers/istiocni/istiocni_controller.go | 2 +- .../istiorevision/istiorevision_controller.go | 30 +++++++-- pkg/kube/key.go | 27 ++++++++ tests/e2e/controlplane/control_plane_test.go | 27 ++++---- tests/e2e/operator/operator_install_test.go | 7 +- tests/e2e/util/client/client.go | 6 +- tests/e2e/util/common/e2e_utils.go | 10 --- tests/integration/api/istiorevision_test.go | 66 +++++++++++++++++++ 8 files changed, 138 insertions(+), 37 deletions(-) create mode 100644 pkg/kube/key.go diff --git a/controllers/istiocni/istiocni_controller.go b/controllers/istiocni/istiocni_controller.go index 8ca919ac1..cc48772cb 100644 --- a/controllers/istiocni/istiocni_controller.go +++ b/controllers/istiocni/istiocni_controller.go @@ -44,7 +44,6 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "istio.io/istio/pkg/log" "istio.io/istio/pkg/ptr" ) @@ -107,6 +106,7 @@ func (r *Reconciler) Finalize(ctx context.Context, cni *v1alpha1.IstioCNI) error } func (r *Reconciler) doReconcile(ctx context.Context, cni *v1alpha1.IstioCNI) error { + log := logf.FromContext(ctx) if err := r.validateIstioCNI(ctx, cni); err != nil { return err } diff --git a/controllers/istiorevision/istiorevision_controller.go b/controllers/istiorevision/istiorevision_controller.go index 203af0670..e66b20614 100644 --- a/controllers/istiorevision/istiorevision_controller.go +++ b/controllers/istiorevision/istiorevision_controller.go @@ -50,7 +50,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" networkingv1alpha3 "istio.io/client-go/pkg/apis/networking/v1alpha3" - "istio.io/istio/pkg/log" "istio.io/istio/pkg/ptr" ) @@ -110,6 +109,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, rev *v1alpha1.IstioRevision) } func (r *Reconciler) doReconcile(ctx context.Context, rev *v1alpha1.IstioRevision) error { + log := logf.FromContext(ctx) if err := r.validateIstioRevision(ctx, rev); err != nil { return err } @@ -187,8 +187,12 @@ func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error { // ownedResourceHandler handles resources that are owned by the IstioRevision CR ownedResourceHandler := handler.EnqueueRequestForOwner(r.Scheme, r.RESTMapper(), &v1alpha1.IstioRevision{}, handler.OnlyControllerOwner()) - // nsHandler handles namespaces that reference the IstioRevision CR via the istio.io/rev or istio-injection labels. - // The handler triggers the reconciliation of the referenced IstioRevision CR so that its InUse condition is updated. + // nsHandler triggers reconciliation in two cases: + // - when a namespace that is referenced in IstioRevision.spec.namespace is + // created, so that the control plane is installed immediately. + // - when a namespace that references the IstioRevision CR via the istio.io/rev + // or istio-injection labels is updated, so that the InUse condition of + // the IstioRevision CR is updated. nsHandler := handler.EnqueueRequestsFromMapFunc(r.mapNamespaceToReconcileRequest) // podHandler handles pods that reference the IstioRevision CR via the istio.io/rev or sidecar.istio.io/inject labels. @@ -433,11 +437,27 @@ func istiodDeploymentKey(rev *v1alpha1.IstioRevision) client.ObjectKey { } func (r *Reconciler) mapNamespaceToReconcileRequest(ctx context.Context, ns client.Object) []reconcile.Request { + log := logf.FromContext(ctx) + var requests []reconcile.Request + + // Check if any IstioRevision references this namespace in .spec.namespace + revList := v1alpha1.IstioRevisionList{} + if err := r.Client.List(ctx, &revList); err != nil { + log.Error(err, "failed to list IstioRevisions") + return nil + } + for _, rev := range revList.Items { + if rev.Spec.Namespace == ns.GetName() { + requests = append(requests, reconcile.Request{NamespacedName: types.NamespacedName{Name: rev.Name}}) + } + } + + // Check if the namespace references an IstioRevision in its labels revision := getReferencedRevisionFromNamespace(ns.GetLabels()) if revision != "" { - return []reconcile.Request{{NamespacedName: types.NamespacedName{Name: revision}}} + requests = append(requests, reconcile.Request{NamespacedName: types.NamespacedName{Name: revision}}) } - return nil + return requests } func (r *Reconciler) mapPodToReconcileRequest(ctx context.Context, pod client.Object) []reconcile.Request { diff --git a/pkg/kube/key.go b/pkg/kube/key.go new file mode 100644 index 000000000..116359fd3 --- /dev/null +++ b/pkg/kube/key.go @@ -0,0 +1,27 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package kube + +import "sigs.k8s.io/controller-runtime/pkg/client" + +// key returns the client.ObjectKey for the given name and namespace. If no namespace is provided, it returns a key cluster scoped +func Key(name string, namespace ...string) client.ObjectKey { + if len(namespace) > 1 { + panic("you can only provide one namespace") + } else if len(namespace) == 1 { + return client.ObjectKey{Name: name, Namespace: namespace[0]} + } + return client.ObjectKey{Name: name} +} diff --git a/tests/e2e/controlplane/control_plane_test.go b/tests/e2e/controlplane/control_plane_test.go index 06ad9915b..2a90acbbf 100644 --- a/tests/e2e/controlplane/control_plane_test.go +++ b/tests/e2e/controlplane/control_plane_test.go @@ -24,6 +24,7 @@ import ( "time" "github.com/istio-ecosystem/sail-operator/api/v1alpha1" + "github.com/istio-ecosystem/sail-operator/pkg/kube" . "github.com/istio-ecosystem/sail-operator/pkg/test/util/ginkgo" "github.com/istio-ecosystem/sail-operator/pkg/test/util/supportedversion" common "github.com/istio-ecosystem/sail-operator/tests/e2e/util/common" @@ -58,7 +59,7 @@ var _ = Describe("Control Plane Installation", Ordered, func() { Expect(helm.Install("sail-operator", filepath.Join(baseDir, "chart"), "--namespace "+namespace, "--set=image="+image, extraArg)). To(Succeed(), "Operator failed to be deployed") - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(deploymentName, namespace), &appsv1.Deployment{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(deploymentName, namespace), &appsv1.Deployment{}). Should(HaveCondition(appsv1.DeploymentAvailable, metav1.ConditionTrue), "Error getting Istio CRD") Success("Operator is deployed in the namespace and Running") }) @@ -78,12 +79,12 @@ metadata: Success("IstioCNI created") cni := &v1alpha1.IstioCNI{} - Expect(cl.Get(ctx, common.Key("default"), cni)).To(Succeed()) + Expect(cl.Get(ctx, kube.Key("default"), cni)).To(Succeed()) Expect(cni.Spec.Version).To(Equal(supportedversion.Default)) Expect(cni.Spec.Namespace).To(Equal("istio-cni")) Expect(cl.Delete(ctx, cni)).To(Succeed()) - Eventually(cl.Get).WithArguments(ctx, common.Key("default"), cni).Should(ReturnNotFoundError()) + Eventually(cl.Get).WithArguments(ctx, kube.Key("default"), cni).Should(ReturnNotFoundError()) }, ) @@ -102,14 +103,14 @@ metadata: Success("Istio created") istio := &v1alpha1.Istio{} - Expect(cl.Get(ctx, common.Key("default"), istio)).To(Succeed()) + Expect(cl.Get(ctx, kube.Key("default"), istio)).To(Succeed()) Expect(istio.Spec.Version).To(Equal(supportedversion.Default)) Expect(istio.Spec.Namespace).To(Equal("istio-system")) Expect(istio.Spec.UpdateStrategy).ToNot(BeNil()) Expect(istio.Spec.UpdateStrategy.Type).To(Equal(v1alpha1.UpdateStrategyTypeInPlace)) Expect(cl.Delete(ctx, istio)).To(Succeed()) - Eventually(cl.Get).WithArguments(ctx, common.Key("default"), istio).Should(ReturnNotFoundError()) + Eventually(cl.Get).WithArguments(ctx, kube.Key("default"), istio).Should(ReturnNotFoundError()) }, ) }) @@ -144,7 +145,7 @@ spec: It("deploys the CNI DaemonSet", func(ctx SpecContext) { Eventually(func(g Gomega) { daemonset := &appsv1.DaemonSet{} - g.Expect(cl.Get(ctx, common.Key("istio-cni-node", istioCniNamespace), daemonset)).To(Succeed(), "Error getting IstioCNI DaemonSet") + g.Expect(cl.Get(ctx, kube.Key("istio-cni-node", istioCniNamespace), daemonset)).To(Succeed(), "Error getting IstioCNI DaemonSet") g.Expect(daemonset.Status.NumberAvailable). To(Equal(daemonset.Status.CurrentNumberScheduled), "CNI DaemonSet Pods not Available; expected numberAvailable to be equal to currentNumberScheduled") }).Should(Succeed(), "CNI DaemonSet Pods are not Available") @@ -152,13 +153,13 @@ spec: }) It("updates the status to Reconciled", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(istioCniName), &v1alpha1.IstioCNI{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(istioCniName), &v1alpha1.IstioCNI{}). Should(HaveCondition(v1alpha1.IstioCNIConditionReconciled, metav1.ConditionTrue), "IstioCNI is not Reconciled; unexpected Condition") Success("IstioCNI is Reconciled") }) It("updates the status to Ready", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(istioCniName), &v1alpha1.IstioCNI{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(istioCniName), &v1alpha1.IstioCNI{}). Should(HaveCondition(v1alpha1.IstioCNIConditionReady, metav1.ConditionTrue), "IstioCNI is not Ready; unexpected Condition") Success("IstioCNI is Ready") }) @@ -188,19 +189,19 @@ spec: }) It("updates the Istio CR status to Reconciled", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(istioName), &v1alpha1.Istio{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(istioName), &v1alpha1.Istio{}). Should(HaveCondition(v1alpha1.IstioConditionReconciled, metav1.ConditionTrue), "Istio is not Reconciled; unexpected Condition") Success("Istio CR is Reconciled") }) It("updates the Istio CR status to Ready", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(istioName), &v1alpha1.Istio{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(istioName), &v1alpha1.Istio{}). Should(HaveCondition(v1alpha1.IstioConditionReady, metav1.ConditionTrue), "Istio is not Ready; unexpected Condition") Success("Istio CR is Ready") }) It("deploys istiod", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key("istiod", controlPlaneNamespace), &appsv1.Deployment{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key("istiod", controlPlaneNamespace), &appsv1.Deployment{}). Should(HaveCondition(appsv1.DeploymentAvailable, metav1.ConditionTrue), "Istiod is not Available; unexpected Condition") Expect(getVersionFromIstiod()).To(Equal(version.Version), "Unexpected istiod version") Success("Istiod is deployed in the namespace and Running") @@ -220,7 +221,7 @@ spec: }) It("removes everything from the namespace", func(ctx SpecContext) { - Eventually(cl.Get).WithArguments(ctx, common.Key("istiod", controlPlaneNamespace), &appsv1.Deployment{}). + Eventually(cl.Get).WithArguments(ctx, kube.Key("istiod", controlPlaneNamespace), &appsv1.Deployment{}). Should(ReturnNotFoundError(), "Istiod should not exist anymore") common.CheckNamespaceEmpty(ctx, cl, controlPlaneNamespace) Success("Namespace is empty") @@ -235,7 +236,7 @@ spec: It("removes everything from the CNI namespace", func(ctx SpecContext) { daemonset := &appsv1.DaemonSet{} - Eventually(cl.Get).WithArguments(ctx, common.Key("istio-cni-node", istioCniNamespace), daemonset). + Eventually(cl.Get).WithArguments(ctx, kube.Key("istio-cni-node", istioCniNamespace), daemonset). Should(ReturnNotFoundError(), "IstioCNI DaemonSet should not exist anymore") common.CheckNamespaceEmpty(ctx, cl, istioCniNamespace) Success("CNI namespace is empty") diff --git a/tests/e2e/operator/operator_install_test.go b/tests/e2e/operator/operator_install_test.go index 0dfdd96ce..102198917 100644 --- a/tests/e2e/operator/operator_install_test.go +++ b/tests/e2e/operator/operator_install_test.go @@ -20,6 +20,7 @@ import ( "path/filepath" "time" + "github.com/istio-ecosystem/sail-operator/pkg/kube" . "github.com/istio-ecosystem/sail-operator/pkg/test/util/ginkgo" common "github.com/istio-ecosystem/sail-operator/tests/e2e/util/common" . "github.com/istio-ecosystem/sail-operator/tests/e2e/util/gomega" @@ -84,7 +85,7 @@ var _ = Describe("Operator", Ordered, func() { It("updates the CRDs status to Established", func(ctx SpecContext) { for _, crdName := range sailCRDs { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(crdName), &apiextensionsv1.CustomResourceDefinition{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(crdName), &apiextensionsv1.CustomResourceDefinition{}). Should(HaveCondition(apiextensionsv1.Established, metav1.ConditionTrue), "Error getting Istio CRD") } Success("CRDs are Established") @@ -92,13 +93,13 @@ var _ = Describe("Operator", Ordered, func() { Specify("istio crd is present", func(ctx SpecContext) { // When the operator runs in OCP cluster, the CRD is created but not available at the moment - Eventually(cl.Get).WithArguments(ctx, common.Key("istios.operator.istio.io"), &apiextensionsv1.CustomResourceDefinition{}). + Eventually(cl.Get).WithArguments(ctx, kube.Key("istios.operator.istio.io"), &apiextensionsv1.CustomResourceDefinition{}). Should(Succeed(), "Error getting Istio CRD") Success("Istio CRD is present") }) It("starts successfully", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(deploymentName, namespace), &appsv1.Deployment{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(deploymentName, namespace), &appsv1.Deployment{}). Should(HaveCondition(appsv1.DeploymentAvailable, metav1.ConditionTrue), "Error getting Istio CRD") }) diff --git a/tests/e2e/util/client/client.go b/tests/e2e/util/client/client.go index 70243c83b..9ab45ee74 100644 --- a/tests/e2e/util/client/client.go +++ b/tests/e2e/util/client/client.go @@ -15,7 +15,6 @@ package client import ( - "flag" "fmt" "log" "os" @@ -29,11 +28,8 @@ import ( // getConfig returns the configuration of the kubernetes go-client func getConfig() (*rest.Config, error) { - kubeconfig := flag.String("kubeconfig", os.Getenv("KUBECONFIG"), "(optional) absolute path to the kubeconfig file") - flag.Parse() - // use the current context in kubeconfig - config, err := clientcmd.BuildConfigFromFlags("", *kubeconfig) + config, err := clientcmd.BuildConfigFromFlags("", os.Getenv("KUBECONFIG")) if err != nil { return nil, fmt.Errorf("error building config: %w", err) } diff --git a/tests/e2e/util/common/e2e_utils.go b/tests/e2e/util/common/e2e_utils.go index efa4976fc..49b4c6f62 100644 --- a/tests/e2e/util/common/e2e_utils.go +++ b/tests/e2e/util/common/e2e_utils.go @@ -41,16 +41,6 @@ var ( istioCniNamespace = env.Get("ISTIOCNI_NAMESPACE", "istio-cni") ) -// key returns the client.ObjectKey for the given name and namespace. If no namespace is provided, it returns a key cluster scoped -func Key(name string, namespace ...string) client.ObjectKey { - if len(namespace) > 1 { - panic("you can only provide one namespace") - } else if len(namespace) == 1 { - return client.ObjectKey{Name: name, Namespace: namespace[0]} - } - return client.ObjectKey{Name: name} -} - // getObject returns the object with the given key func GetObject(ctx context.Context, cl client.Client, key client.ObjectKey, obj client.Object) (client.Object, error) { err := cl.Get(ctx, key, obj) diff --git a/tests/integration/api/istiorevision_test.go b/tests/integration/api/istiorevision_test.go index 4d5c88794..46d75dae9 100644 --- a/tests/integration/api/istiorevision_test.go +++ b/tests/integration/api/istiorevision_test.go @@ -21,6 +21,7 @@ import ( "time" "github.com/istio-ecosystem/sail-operator/api/v1alpha1" + "github.com/istio-ecosystem/sail-operator/pkg/kube" . "github.com/istio-ecosystem/sail-operator/pkg/test/util/ginkgo" "github.com/istio-ecosystem/sail-operator/pkg/test/util/supportedversion" . "github.com/onsi/ginkgo/v2" @@ -158,6 +159,71 @@ var _ = Describe("IstioRevision resource", Ordered, func() { }) }) + Describe("reconciles immediately after target namespace is created", func() { + BeforeAll(func() { + Step("Creating the IstioRevision resource without the namespace") + rev = &v1alpha1.IstioRevision{ + ObjectMeta: metav1.ObjectMeta{ + Name: revName, + }, + Spec: v1alpha1.IstioRevisionSpec{ + Version: supportedversion.Default, + Namespace: "nonexistent-namespace", + Values: &v1alpha1.Values{ + Revision: revName, + Global: &v1alpha1.GlobalConfig{ + IstioNamespace: "nonexistent-namespace", + }, + }, + }, + } + Expect(k8sClient.Create(ctx, rev)).To(Succeed()) + }) + + AfterAll(func() { + Expect(k8sClient.Delete(ctx, rev)).To(Succeed()) + Eventually(k8sClient.Get).WithArguments(ctx, kube.Key(revName), rev).Should(ReturnNotFoundError()) + }) + + It("indicates in the status that the namespace doesn't exist", func() { + Eventually(func(g Gomega) { + g.Expect(k8sClient.Get(ctx, revKey, rev)).To(Succeed()) + g.Expect(rev.Status.ObservedGeneration).To(Equal(rev.ObjectMeta.Generation)) + + reconciled := rev.Status.GetCondition(v1alpha1.IstioRevisionConditionReconciled) + g.Expect(reconciled.Status).To(Equal(metav1.ConditionFalse)) + g.Expect(reconciled.Reason).To(Equal(v1alpha1.IstioRevisionReasonReconcileError)) + g.Expect(reconciled.Message).To(ContainSubstring(`namespace "nonexistent-namespace" doesn't exist`)) + }).Should(Succeed()) + }) + + When("the namespace is created", func() { + BeforeAll(func() { + ns := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: "nonexistent-namespace", + }, + } + Expect(k8sClient.Create(ctx, ns)).To(Succeed()) + }) + + It("reconciles immediately", func() { + Step("Checking if istiod is deployed immediately") + istiod := &appsv1.Deployment{} + istiodKey := client.ObjectKey{Name: "istiod-" + revName, Namespace: "nonexistent-namespace"} + Eventually(k8sClient.Get).WithArguments(ctx, istiodKey, istiod).WithTimeout(10 * time.Second).Should(Succeed()) + + Step("Checking if the status is updated") + Eventually(func(g Gomega) { + g.Expect(k8sClient.Get(ctx, revKey, rev)).To(Succeed()) + g.Expect(rev.Status.ObservedGeneration).To(Equal(rev.ObjectMeta.Generation)) + reconciled := rev.Status.GetCondition(v1alpha1.IstioRevisionConditionReconciled) + g.Expect(reconciled.Status).To(Equal(metav1.ConditionTrue)) + }).Should(Succeed()) + }) + }) + }) + It("successfully reconciles the resource", func() { Step("Creating the custom resource") rev = &v1alpha1.IstioRevision{ From 823ef1f2039ebef044218da8babfea4170d21fc8 Mon Sep 17 00:00:00 2001 From: Istio Automation Date: Fri, 19 Apr 2024 16:07:52 -0700 Subject: [PATCH 03/11] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#66) Signed-off-by: istio-testing --- .../sailoperator.clusterserviceversion.yaml | 4 ++-- chart/values.yaml | 2 +- go.mod | 1 - resources/latest/charts/base/Chart.yaml | 4 ++-- resources/latest/charts/cni/Chart.yaml | 4 ++-- resources/latest/charts/cni/values.yaml | 2 +- resources/latest/charts/gateway/Chart.yaml | 4 ++-- resources/latest/charts/istiod/Chart.yaml | 4 ++-- .../latest/charts/istiod/files/kube-gateway.yaml | 2 +- resources/latest/charts/istiod/values.yaml | 2 +- resources/latest/charts/ztunnel/Chart.yaml | 4 ++-- resources/latest/charts/ztunnel/values.yaml | 2 +- versions.yaml | 12 ++++++------ 13 files changed, 23 insertions(+), 24 deletions(-) diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 25d19dd50..71bd34280 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -34,7 +34,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/maistra-dev/sail-operator:3.0-latest - createdAt: "2024-04-18T23:02:03Z" + createdAt: "2024-04-19T23:01:33Z" description: Experimental operator for installing Istio service mesh features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -288,7 +288,7 @@ spec: This version of the operator supports the following Istio versions: - v1.21.0 - - latest (bf9fd612) + - latest (3112392b) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/pre-main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator diff --git a/chart/values.yaml b/chart/values.yaml index 2fa051c0b..ade97a306 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -17,7 +17,7 @@ csv: This version of the operator supports the following Istio versions: - v1.21.0 - - latest (bf9fd612) + - latest (3112392b) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/pre-main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/go.mod b/go.mod index 9cb1e3c6e..f0fb968d0 100644 --- a/go.mod +++ b/go.mod @@ -156,7 +156,6 @@ require ( google.golang.org/grpc v1.61.0 // indirect google.golang.org/protobuf v1.32.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gotest.tools/v3 v3.5.1 // indirect istio.io/api v1.19.0-alpha.1.0.20240224002031-63dcee0970de // indirect diff --git a/resources/latest/charts/base/Chart.yaml b/resources/latest/charts/base/Chart.yaml index 05701b759..ec7ae3bad 100644 --- a/resources/latest/charts/base/Chart.yaml +++ b/resources/latest/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d diff --git a/resources/latest/charts/cni/Chart.yaml b/resources/latest/charts/cni/Chart.yaml index 5b2ee9711..5caa528ed 100644 --- a/resources/latest/charts/cni/Chart.yaml +++ b/resources/latest/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio/tree/master/cni -version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d diff --git a/resources/latest/charts/cni/values.yaml b/resources/latest/charts/cni/values.yaml index fbbde7c79..7209c9411 100644 --- a/resources/latest/charts/cni/values.yaml +++ b/resources/latest/charts/cni/values.yaml @@ -110,7 +110,7 @@ defaults: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 + tag: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/latest/charts/gateway/Chart.yaml b/resources/latest/charts/gateway/Chart.yaml index b258a91c5..6241b3071 100644 --- a/resources/latest/charts/gateway/Chart.yaml +++ b/resources/latest/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d diff --git a/resources/latest/charts/istiod/Chart.yaml b/resources/latest/charts/istiod/Chart.yaml index f34043bf7..60dd5a678 100644 --- a/resources/latest/charts/istiod/Chart.yaml +++ b/resources/latest/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d diff --git a/resources/latest/charts/istiod/files/kube-gateway.yaml b/resources/latest/charts/istiod/files/kube-gateway.yaml index 512859b04..8d1dc5de9 100644 --- a/resources/latest/charts/istiod/files/kube-gateway.yaml +++ b/resources/latest/charts/istiod/files/kube-gateway.yaml @@ -138,7 +138,7 @@ spec: {{- end }} {{- if .Values.global.proxy.lifecycle }} lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} {{- end }} env: - name: PILOT_CERT_PROVIDER diff --git a/resources/latest/charts/istiod/values.yaml b/resources/latest/charts/istiod/values.yaml index a4ddd3643..bbc802294 100644 --- a/resources/latest/charts/istiod/values.yaml +++ b/resources/latest/charts/istiod/values.yaml @@ -231,7 +231,7 @@ defaults: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 + tag: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/ztunnel/Chart.yaml b/resources/latest/charts/ztunnel/Chart.yaml index dca74af72..aaa68dae5 100644 --- a/resources/latest/charts/ztunnel/Chart.yaml +++ b/resources/latest/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d diff --git a/resources/latest/charts/ztunnel/values.yaml b/resources/latest/charts/ztunnel/values.yaml index dd58a35a0..1668ed15c 100644 --- a/resources/latest/charts/ztunnel/values.yaml +++ b/resources/latest/charts/ztunnel/values.yaml @@ -2,7 +2,7 @@ defaults: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 + tag: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/versions.yaml b/versions.yaml index 7dd909cf8..1750fb0a1 100644 --- a/versions.yaml +++ b/versions.yaml @@ -24,10 +24,10 @@ versions: version: 1.22-alpha repo: https://github.com/istio/istio branch: master - commit: bf9fd6127f5bebf2f0024362f3c687849f390749 + commit: 3112392b96748f15315150044244f0052a2f730d charts: - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749/helm/base-1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749/helm/cni-1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749/helm/gateway-1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749/helm/istiod-1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749/helm/ztunnel-1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749.tgz + - https://storage.googleapis.com/istio-build/dev/1.22-alpha.3112392b96748f15315150044244f0052a2f730d/helm/base-1.22-alpha.3112392b96748f15315150044244f0052a2f730d.tgz + - https://storage.googleapis.com/istio-build/dev/1.22-alpha.3112392b96748f15315150044244f0052a2f730d/helm/cni-1.22-alpha.3112392b96748f15315150044244f0052a2f730d.tgz + - https://storage.googleapis.com/istio-build/dev/1.22-alpha.3112392b96748f15315150044244f0052a2f730d/helm/gateway-1.22-alpha.3112392b96748f15315150044244f0052a2f730d.tgz + - https://storage.googleapis.com/istio-build/dev/1.22-alpha.3112392b96748f15315150044244f0052a2f730d/helm/istiod-1.22-alpha.3112392b96748f15315150044244f0052a2f730d.tgz + - https://storage.googleapis.com/istio-build/dev/1.22-alpha.3112392b96748f15315150044244f0052a2f730d/helm/ztunnel-1.22-alpha.3112392b96748f15315150044244f0052a2f730d.tgz From 5dce42481dab1e2bccd3e598c85ce478b5b15cfc Mon Sep 17 00:00:00 2001 From: Francisco Herrera Date: Tue, 23 Apr 2024 10:27:58 +0200 Subject: [PATCH 04/11] Update SetDefaultEventuallyTimeout for e2e test (#69) Signed-off-by: frherrer --- tests/e2e/controlplane/control_plane_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/controlplane/control_plane_test.go b/tests/e2e/controlplane/control_plane_test.go index 2a90acbbf..a6e4236e2 100644 --- a/tests/e2e/controlplane/control_plane_test.go +++ b/tests/e2e/controlplane/control_plane_test.go @@ -43,7 +43,7 @@ import ( var istiodVersionRegex = regexp.MustCompile(`Version:"(\d+\.\d+(\.\d+|-\w+))`) var _ = Describe("Control Plane Installation", Ordered, func() { - SetDefaultEventuallyTimeout(60 * time.Second) + SetDefaultEventuallyTimeout(120 * time.Second) SetDefaultEventuallyPollingInterval(time.Second) debugInfoLogged := false From 70d7e827d9fad5f50fb60d4d516afb98fa2fcbb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Luk=C5=A1a?= Date: Tue, 23 Apr 2024 10:37:57 +0200 Subject: [PATCH 05/11] Ensure CI highlights failure in lint-watches.sh (#70) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Lukša --- hack/lint-watches.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/lint-watches.sh b/hack/lint-watches.sh index cd90a922d..2e6bc1808 100755 --- a/hack/lint-watches.sh +++ b/hack/lint-watches.sh @@ -47,7 +47,7 @@ check_watches() { # Print missing lines, if any if [[ ${#missing_kinds[@]} -gt 0 ]]; then - printf "The following kinds aren't watched in %s:\n" "$controllerPath" + printf "FAIL: The following kinds aren't watched in %s:\n" "$controllerPath" for line in "${missing_kinds[@]}"; do printf " - %s\n" "$line" done From 2d2e22f46c916330d28320bf72e70f160b2c59d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Luk=C5=A1a?= Date: Tue, 23 Apr 2024 11:19:57 +0200 Subject: [PATCH 06/11] Make lint-watches ignore ValidatingAdmissionPolicy(Binding) (#71) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Lukša --- controllers/istiorevision/istiorevision_controller.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/controllers/istiorevision/istiorevision_controller.go b/controllers/istiorevision/istiorevision_controller.go index e66b20614..37fdd726d 100644 --- a/controllers/istiorevision/istiorevision_controller.go +++ b/controllers/istiorevision/istiorevision_controller.go @@ -236,6 +236,8 @@ func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error { ownedResourceHandler, builder.WithPredicates(validatingWebhookConfigPredicate{})). + // +lint-watches:ignore: ValidatingAdmissionPolicy (TODO: fix this when CI supports golang 1.22 and k8s 1.30) + // +lint-watches:ignore: ValidatingAdmissionPolicyBinding (TODO: fix this when CI supports golang 1.22 and k8s 1.30) // +lint-watches:ignore: CustomResourceDefinition (prevents `make lint-watches` from bugging us about CRDs) Complete(reconciler.NewStandardReconcilerWithFinalizer(r.Client, &v1alpha1.IstioRevision{}, r.Reconcile, r.Finalize, constants.FinalizerName)) } From bbf93797fc61a0a63d2ce056a2384ce43bee44cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Luk=C5=A1a?= Date: Tue, 23 Apr 2024 14:43:57 +0200 Subject: [PATCH 07/11] Ensure update-istio.sh updates version field in versions.yaml (#72) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Lukša --- hack/update-istio.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hack/update-istio.sh b/hack/update-istio.sh index 11b8a26a6..9c9f4aa47 100755 --- a/hack/update-istio.sh +++ b/hack/update-istio.sh @@ -40,8 +40,12 @@ echo FULL_VERSION=$(curl -sSfL "${URL}") echo Full version: "${FULL_VERSION}" -yq -i '(.versions[] | select(.name == "latest") | .commit) = "'"${COMMIT}"'"' "${VERSIONS_YAML_FILE}" +PARTIAL_VERSION="${FULL_VERSION%.*}" +echo Partial version: "${PARTIAL_VERSION}" + yq -i ' + (.versions[] | select(.name == "latest") | .version) = "'"${PARTIAL_VERSION}"'" | + (.versions[] | select(.name == "latest") | .commit) = "'"${COMMIT}"'" | (.versions[] | select(.name == "latest") | .charts) = [ "https://storage.googleapis.com/istio-build/dev/'"${FULL_VERSION}"'/helm/base-'"${FULL_VERSION}"'.tgz", "https://storage.googleapis.com/istio-build/dev/'"${FULL_VERSION}"'/helm/cni-'"${FULL_VERSION}"'.tgz", From 9b1c21ceffb2e721580b6896e7d0b5e40d1ecd4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Luk=C5=A1a?= Date: Tue, 23 Apr 2024 14:51:57 +0200 Subject: [PATCH 08/11] Wrap errors to provide context (#68) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Wrap errors to provide context Signed-off-by: Marko Lukša * Add called function instead of the caller to error message Signed-off-by: Marko Lukša * Fix lint errors Signed-off-by: Marko Lukša * Fix test Signed-off-by: Marko Lukša --------- Signed-off-by: Marko Lukša --- controllers/istio/istio_controller.go | 55 +++++++++++++------ controllers/istio/istio_controller_test.go | 4 +- controllers/istiocni/istiocni_controller.go | 31 ++++++++--- .../istiorevision/istiorevision_controller.go | 44 +++++++++------ pkg/helm/values.go | 2 +- pkg/profiles/profiles.go | 5 +- pkg/reconciler/errors.go | 2 +- 7 files changed, 94 insertions(+), 49 deletions(-) diff --git a/controllers/istio/istio_controller.go b/controllers/istio/istio_controller.go index 7ebbaecbf..1e5f44617 100644 --- a/controllers/istio/istio_controller.go +++ b/controllers/istio/istio_controller.go @@ -85,11 +85,8 @@ func (r *Reconciler) Reconcile(ctx context.Context, istio *v1alpha1.Istio) (ctrl // doReconcile is the function that actually reconciles the Istio object. Any error reported by this // function should get reported in the status of the Istio object by the caller. func (r *Reconciler) doReconcile(ctx context.Context, istio *v1alpha1.Istio) (result ctrl.Result, err error) { - if istio.Spec.Version == "" { - return ctrl.Result{}, reconciler.NewValidationError("no spec.version set") - } - if istio.Spec.Namespace == "" { - return ctrl.Result{}, reconciler.NewValidationError("no spec.namespace set") + if err := validateIstio(istio); err != nil { + return ctrl.Result{}, err } var values *v1alpha1.Values @@ -104,6 +101,16 @@ func (r *Reconciler) doReconcile(ctx context.Context, istio *v1alpha1.Istio) (re return r.pruneInactiveRevisions(ctx, istio) } +func validateIstio(istio *v1alpha1.Istio) error { + if istio.Spec.Version == "" { + return reconciler.NewValidationError("no spec.version set") + } + if istio.Spec.Namespace == "" { + return reconciler.NewValidationError("no spec.namespace set") + } + return nil +} + func (r *Reconciler) reconcileActiveRevision(ctx context.Context, istio *v1alpha1.Istio, values *v1alpha1.Values) error { log := logf.FromContext(ctx) @@ -116,7 +123,9 @@ func (r *Reconciler) reconcileActiveRevision(ctx context.Context, istio *v1alpha rev.Spec.Version = istio.Spec.Version rev.Spec.Values = values log.Info("Updating IstioRevision") - err = r.Client.Update(ctx, &rev) + if err = r.Client.Update(ctx, &rev); err != nil { + return fmt.Errorf("failed to update IstioRevision %q: %w", rev.Name, err) + } } else if apierrors.IsNotFound(err) { // create new rev = v1alpha1.IstioRevision{ @@ -140,16 +149,21 @@ func (r *Reconciler) reconcileActiveRevision(ctx context.Context, istio *v1alpha }, } log.Info("Creating IstioRevision") - err = r.Client.Create(ctx, &rev) + if err = r.Client.Create(ctx, &rev); err != nil { + return fmt.Errorf("failed to create IstioRevision %q: %w", rev.Name, err) + } } - return err + if err != nil { + return fmt.Errorf("failed to get active IstioRevision: %w", err) + } + return nil } func (r *Reconciler) pruneInactiveRevisions(ctx context.Context, istio *v1alpha1.Istio) (ctrl.Result, error) { log := logf.FromContext(ctx) revisions, err := r.getRevisions(ctx, istio) if err != nil { - return ctrl.Result{}, err + return ctrl.Result{}, fmt.Errorf("failed to get revisions: %w", err) } // the following code does two things: @@ -174,7 +188,7 @@ func (r *Reconciler) pruneInactiveRevisions(ctx context.Context, istio *v1alpha1 log.Info("Deleting expired IstioRevision", "IstioRevision", rev.Name) err = r.Client.Delete(ctx, &rev) if err != nil { - return ctrl.Result{}, err + return ctrl.Result{}, fmt.Errorf("delete failed: %w", err) } } else { log.V(2).Info("IstioRevision is not in use, but hasn't yet expired", "IstioRevision", rev.Name, "InUseLastTransitionTime", inUseCondition.LastTransitionTime) @@ -210,13 +224,16 @@ func getPruningGracePeriod(istio *v1alpha1.Istio) time.Duration { func (r *Reconciler) getActiveRevision(ctx context.Context, istio *v1alpha1.Istio) (v1alpha1.IstioRevision, error) { rev := v1alpha1.IstioRevision{} err := r.Client.Get(ctx, getActiveRevisionKey(istio), &rev) - return rev, err + if err != nil { + return rev, fmt.Errorf("get failed: %w", err) + } + return rev, nil } func (r *Reconciler) getRevisions(ctx context.Context, istio *v1alpha1.Istio) ([]v1alpha1.IstioRevision, error) { revList := v1alpha1.IstioRevisionList{} if err := r.Client.List(ctx, &revList); err != nil { - return nil, err + return nil, fmt.Errorf("list failed: %w", err) } var revisions []v1alpha1.IstioRevision @@ -276,12 +293,12 @@ func computeIstioRevisionValues(istio *v1alpha1.Istio, defaultProfile string, re // apply userValues on top of defaultValues from profiles mergedHelmValues, err := profiles.Apply(getProfilesDir(resourceDir, istio), defaultProfile, istio.Spec.Profile, helm.FromValues(userValues)) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to apply profile: %w", err) } values, err := helm.ToValues(mergedHelmValues, &v1alpha1.Values{}) if err != nil { - return nil, err + return nil, fmt.Errorf("conversion to Helm values failed: %w", err) } // override values that are not configurable by the user @@ -423,7 +440,7 @@ func (r *Reconciler) determineStatus(ctx context.Context, istio *v1alpha1.Istio, status.SetCondition(activeRevisionGetFailed(v1alpha1.IstioConditionReconciled)) status.SetCondition(activeRevisionGetFailed(v1alpha1.IstioConditionReady)) status.State = v1alpha1.IstioReasonFailedToGetActiveRevision - errs.Add(err) + errs.Add(fmt.Errorf("failed to get active IstioRevision: %w", err)) } } @@ -452,10 +469,14 @@ func (r *Reconciler) determineStatus(ctx context.Context, istio *v1alpha1.Istio, func (r *Reconciler) updateStatus(ctx context.Context, istio *v1alpha1.Istio, reconcileErr error) error { var errs errlist.Builder status, err := r.determineStatus(ctx, istio, reconcileErr) - errs.Add(err) + if err != nil { + errs.Add(fmt.Errorf("failed to determine status: %w", err)) + } if !reflect.DeepEqual(istio.Status, status) { - errs.Add(r.Client.Status().Patch(ctx, istio, kube.NewStatusPatch(status))) + if err := r.Client.Status().Patch(ctx, istio, kube.NewStatusPatch(status)); err != nil { + errs.Add(fmt.Errorf("failed to patch status: %w", err)) + } } return errs.Error() } diff --git a/controllers/istio/istio_controller_test.go b/controllers/istio/istio_controller_test.go index bd10e2aff..a0109a126 100644 --- a/controllers/istio/istio_controller_test.go +++ b/controllers/istio/istio_controller_test.go @@ -391,13 +391,13 @@ func TestDetermineStatus(t *testing.T) { Type: v1alpha1.IstioConditionReconciled, Status: metav1.ConditionUnknown, Reason: v1alpha1.IstioReasonFailedToGetActiveRevision, - Message: "failed to get active IstioRevision: simulated error", + Message: "failed to get active IstioRevision: get failed: simulated error", }, { Type: v1alpha1.IstioConditionReady, Status: metav1.ConditionUnknown, Reason: v1alpha1.IstioReasonFailedToGetActiveRevision, - Message: "failed to get active IstioRevision: simulated error", + Message: "failed to get active IstioRevision: get failed: simulated error", }, }, Revisions: v1alpha1.RevisionSummary{}, diff --git a/controllers/istiocni/istiocni_controller.go b/controllers/istiocni/istiocni_controller.go index cc48772cb..acbf17c8b 100644 --- a/controllers/istiocni/istiocni_controller.go +++ b/controllers/istiocni/istiocni_controller.go @@ -47,7 +47,10 @@ import ( "istio.io/istio/pkg/ptr" ) -const cniReleaseName = "istio-cni" +const ( + cniReleaseName = "istio-cni" + cniChartName = "cni" +) // Reconciler reconciles an IstioCNI object type Reconciler struct { @@ -127,7 +130,7 @@ func (r *Reconciler) validateIstioCNI(ctx context.Context, cni *v1alpha1.IstioCN if apierrors.IsNotFound(err) { return reconciler.NewValidationError(fmt.Sprintf("namespace %q doesn't exist", cni.Spec.Namespace)) } - return err + return fmt.Errorf("get failed: %w", err) } return nil } @@ -151,15 +154,18 @@ func (r *Reconciler) installHelmChart(ctx context.Context, cni *v1alpha1.IstioCN // apply userValues on top of defaultValues from profiles mergedHelmValues, err := profiles.Apply(getProfilesDir(r.ResourceDirectory, cni), r.DefaultProfile, cni.Spec.Profile, helm.FromValues(userValues)) if err != nil { - return err + return fmt.Errorf("failed to apply profile: %w", err) } _, err = r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(cni), mergedHelmValues, cni.Spec.Namespace, cniReleaseName, ownerReference) - return err + if err != nil { + return fmt.Errorf("failed to install/update Helm chart %q: %w", cniChartName, err) + } + return nil } func (r *Reconciler) getChartDir(cni *v1alpha1.IstioCNI) string { - return path.Join(r.ResourceDirectory, cni.Spec.Version, "charts", "cni") + return path.Join(r.ResourceDirectory, cni.Spec.Version, "charts", cniChartName) } func getProfilesDir(resourceDir string, cni *v1alpha1.IstioCNI) string { @@ -189,7 +195,10 @@ func applyImageDigests(cni *v1alpha1.IstioCNI, values *v1alpha1.CNIValues, confi func (r *Reconciler) uninstallHelmChart(ctx context.Context, cni *v1alpha1.IstioCNI) error { _, err := r.ChartManager.UninstallChart(ctx, cniReleaseName, cni.Spec.Namespace) - return err + if err != nil { + return fmt.Errorf("failed to uninstall Helm chart %q: %w", cniChartName, err) + } + return nil } // SetupWithManager sets up the controller with the Manager. @@ -243,10 +252,14 @@ func (r *Reconciler) updateStatus(ctx context.Context, cni *v1alpha1.IstioCNI, r var errs errlist.Builder status, err := r.determineStatus(ctx, cni, reconcileErr) - errs.Add(err) + if err != nil { + errs.Add(fmt.Errorf("failed to determine status: %w", err)) + } if !reflect.DeepEqual(cni.Status, status) { - errs.Add(r.Client.Status().Patch(ctx, cni, kube.NewStatusPatch(status))) + if err := r.Client.Status().Patch(ctx, cni, kube.NewStatusPatch(status)); err != nil { + errs.Add(fmt.Errorf("failed to patch status: %w", err)) + } } return errs.Error() } @@ -297,7 +310,7 @@ func (r *Reconciler) determineReadyCondition(ctx context.Context, cni *v1alpha1. c.Status = metav1.ConditionUnknown c.Reason = v1alpha1.IstioCNIReasonReadinessCheckFailed c.Message = fmt.Sprintf("failed to get readiness: %v", err) - return c, err + return c, fmt.Errorf("get failed: %w", err) } return c, nil } diff --git a/controllers/istiorevision/istiorevision_controller.go b/controllers/istiorevision/istiorevision_controller.go index 37fdd726d..ccd3263fb 100644 --- a/controllers/istiorevision/istiorevision_controller.go +++ b/controllers/istiorevision/istiorevision_controller.go @@ -58,6 +58,8 @@ const ( IstioInjectionEnabledValue = "enabled" IstioRevLabel = "istio.io/rev" IstioSidecarInjectLabel = "sidecar.istio.io/inject" + + istiodChartName = "istiod" ) // Reconciler reconciles an IstioRevision object @@ -133,7 +135,7 @@ func (r *Reconciler) validateIstioRevision(ctx context.Context, rev *v1alpha1.Is if apierrors.IsNotFound(err) { return reconciler.NewValidationError(fmt.Sprintf("namespace %q doesn't exist", rev.Spec.Namespace)) } - return err + return fmt.Errorf("get failed: %w", err) } if rev.Spec.Values == nil { @@ -163,21 +165,25 @@ func (r *Reconciler) installHelmCharts(ctx context.Context, rev *v1alpha1.IstioR } values := helm.FromValues(rev.Spec.Values) - _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(rev, "istiod"), values, rev.Spec.Namespace, getReleaseName(rev, "istiod"), ownerReference) - return err + _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(rev), + values, rev.Spec.Namespace, getReleaseName(rev, istiodChartName), ownerReference) + if err != nil { + return fmt.Errorf("failed to install/update Helm chart %q: %w", istiodChartName, err) + } + return nil } func getReleaseName(rev *v1alpha1.IstioRevision, chartName string) string { return fmt.Sprintf("%s-%s", rev.Name, chartName) } -func (r *Reconciler) getChartDir(rev *v1alpha1.IstioRevision, chartName string) string { - return path.Join(r.ResourceDirectory, rev.Spec.Version, "charts", chartName) +func (r *Reconciler) getChartDir(rev *v1alpha1.IstioRevision) string { + return path.Join(r.ResourceDirectory, rev.Spec.Version, "charts", istiodChartName) } func (r *Reconciler) uninstallHelmCharts(ctx context.Context, rev *v1alpha1.IstioRevision) error { - if _, err := r.ChartManager.UninstallChart(ctx, getReleaseName(rev, "istiod"), rev.Spec.Namespace); err != nil { - return err + if _, err := r.ChartManager.UninstallChart(ctx, getReleaseName(rev, istiodChartName), rev.Spec.Namespace); err != nil { + return fmt.Errorf("failed to uninstall Helm chart %q: %w", istiodChartName, err) } return nil } @@ -264,10 +270,14 @@ func (r *Reconciler) updateStatus(ctx context.Context, rev *v1alpha1.IstioRevisi var errs errlist.Builder status, err := r.determineStatus(ctx, rev, reconcileErr) - errs.Add(err) + if err != nil { + errs.Add(fmt.Errorf("failed to determine status: %w", err)) + } if !reflect.DeepEqual(rev.Status, status) { - errs.Add(r.Client.Status().Patch(ctx, rev, kube.NewStatusPatch(status))) + if err := r.Client.Status().Patch(ctx, rev, kube.NewStatusPatch(status)); err != nil { + errs.Add(fmt.Errorf("failed to patch status: %w", err)) + } } return errs.Error() } @@ -318,7 +328,7 @@ func (r *Reconciler) determineReadyCondition(ctx context.Context, rev *v1alpha1. c.Status = metav1.ConditionUnknown c.Reason = v1alpha1.IstioRevisionReasonReadinessCheckFailed c.Message = fmt.Sprintf("failed to get readiness: %v", err) - return c, err + return c, fmt.Errorf("get failed: %w", err) } return c, nil } @@ -337,12 +347,12 @@ func (r *Reconciler) determineInUseCondition(ctx context.Context, rev *v1alpha1. c.Reason = v1alpha1.IstioRevisionReasonNotReferenced c.Message = "Not referenced by any pod or namespace" } - } else { - c.Status = metav1.ConditionUnknown - c.Reason = v1alpha1.IstioRevisionReasonUsageCheckFailed - c.Message = fmt.Sprintf("failed to determine if revision is in use: %v", err) + return c, nil } - return c, err + c.Status = metav1.ConditionUnknown + c.Reason = v1alpha1.IstioRevisionReasonUsageCheckFailed + c.Message = fmt.Sprintf("failed to determine if revision is in use: %v", err) + return c, fmt.Errorf("failed to determine if IstioRevision is in use: %w", err) } func (r *Reconciler) isRevisionReferencedByWorkloads(ctx context.Context, rev *v1alpha1.IstioRevision) (bool, error) { @@ -350,7 +360,7 @@ func (r *Reconciler) isRevisionReferencedByWorkloads(ctx context.Context, rev *v nsList := corev1.NamespaceList{} nsMap := map[string]corev1.Namespace{} if err := r.Client.List(ctx, &nsList); err != nil { // TODO: can we optimize this by specifying a label selector - return false, err + return false, fmt.Errorf("failed to list namespaces: %w", err) } for _, ns := range nsList.Items { if namespaceReferencesRevision(ns, rev) { @@ -362,7 +372,7 @@ func (r *Reconciler) isRevisionReferencedByWorkloads(ctx context.Context, rev *v podList := corev1.PodList{} if err := r.Client.List(ctx, &podList); err != nil { // TODO: can we optimize this by specifying a label selector - return false, err + return false, fmt.Errorf("failed to list pods: %w", err) } for _, pod := range podList.Items { if ns, found := nsMap[pod.Namespace]; found && podReferencesRevision(pod, ns, rev) { diff --git a/pkg/helm/values.go b/pkg/helm/values.go index 326aed6b6..1538e9031 100644 --- a/pkg/helm/values.go +++ b/pkg/helm/values.go @@ -61,7 +61,7 @@ func FromValues(values any) Values { func ToValues[V any](helmValues Values, values V) (V, error) { data, err := json.Marshal(helmValues) if err != nil { - return values, err + return values, fmt.Errorf("failed to marshal Values struct: %w", err) } decoder := json.NewDecoder(strings.NewReader(string(data))) diff --git a/pkg/profiles/profiles.go b/pkg/profiles/profiles.go index ba3d1508d..4476b5bf1 100644 --- a/pkg/profiles/profiles.go +++ b/pkg/profiles/profiles.go @@ -28,9 +28,10 @@ import ( ) func Apply(profilesDir string, defaultProfile, userProfile string, userValues helm.Values) (helm.Values, error) { - defaultValues, err := getValuesFromProfiles(profilesDir, resolve(defaultProfile, userProfile)) + profile := resolve(defaultProfile, userProfile) + defaultValues, err := getValuesFromProfiles(profilesDir, profile) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get values from profile %q: %w", profile, err) } return mergeOverwrite(defaultValues, userValues), nil } diff --git a/pkg/reconciler/errors.go b/pkg/reconciler/errors.go index fa632bfbb..3fd452990 100644 --- a/pkg/reconciler/errors.go +++ b/pkg/reconciler/errors.go @@ -21,7 +21,7 @@ type ValidationError struct { } func (v ValidationError) Error() string { - return v.message + return "validation error: " + v.message } func NewValidationError(message string) error { From be0bd9d729c88fc4e6af17a9e4090c248af5c822 Mon Sep 17 00:00:00 2001 From: Daniel Grimm Date: Tue, 23 Apr 2024 15:38:36 +0200 Subject: [PATCH 09/11] Make bundle generation work during merges (#73) This is required for https://github.com/openshift-service-mesh/sail-operator/pull/14 Signed-off-by: Daniel Grimm --- Makefile.core.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.core.mk b/Makefile.core.mk index 94acbf9fa..ac306ef03 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -461,7 +461,7 @@ bundle: gen helm operator-sdk ## Generate bundle manifests and metadata, then va if (git ls-files --error-unmatch "$$csvPath" &>/dev/null); then \ if ! (git diff "$$csvPath" | grep '^[+-][^+-][^+-]' | grep -v "createdAt:" >/dev/null); then \ echo "reverting timestamp change in $$csvPath"; \ - git checkout "$$csvPath"; \ + git checkout "$$csvPath" || echo "failed to revert timestamp change. assuming we're in the middle of a merge"; \ fi \ fi $(OPERATOR_SDK) bundle validate ./bundle From b8ffa78deb884e1c8e9355c24a5e4f0630c19aa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Luk=C5=A1a?= Date: Tue, 23 Apr 2024 16:20:37 +0200 Subject: [PATCH 10/11] Refactor (#76) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Merge if statements Signed-off-by: Marko Lukša * Replace multiple ifs with switch Signed-off-by: Marko Lukša --------- Signed-off-by: Marko Lukša --- pkg/reconciler/reconciler.go | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/pkg/reconciler/reconciler.go b/pkg/reconciler/reconciler.go index 2524b1114..af517de19 100644 --- a/pkg/reconciler/reconciler.go +++ b/pkg/reconciler/reconciler.go @@ -79,36 +79,33 @@ func (r *StandardReconciler[T]) Reconcile(ctx context.Context, req ctrl.Request) } if !obj.GetDeletionTimestamp().IsZero() { - if r.finalizationEnabled() { - if kube.HasFinalizer(obj, r.finalizer) { - if err := r.finalize(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return kube.RemoveFinalizer(ctx, r.client, obj, r.finalizer) + if r.finalizationEnabled() && kube.HasFinalizer(obj, r.finalizer) { + if err := r.finalize(ctx, obj); err != nil { + return ctrl.Result{}, err } + return kube.RemoveFinalizer(ctx, r.client, obj, r.finalizer) } return ctrl.Result{}, nil } - if r.finalizationEnabled() { - if !kube.HasFinalizer(obj, r.finalizer) { - return kube.AddFinalizer(ctx, r.client, obj, r.finalizer) - } + if r.finalizationEnabled() && !kube.HasFinalizer(obj, r.finalizer) { + return kube.AddFinalizer(ctx, r.client, obj, r.finalizer) } result, err := r.reconcile(ctx, obj) - - if errors.IsForbidden(err) && strings.Contains(err.Error(), "RESTMapping") { + switch { + case errors.IsForbidden(err) && strings.Contains(err.Error(), "RESTMapping"): log.Info("APIServer seems to be not ready - RESTMapper of gc admission plugin is not up to date. Retrying...", "error", err) return ctrl.Result{Requeue: true}, nil - } else if errors.IsConflict(err) { + case errors.IsConflict(err): log.Info("Conflict detected. Retrying...") return ctrl.Result{Requeue: true}, nil - } else if IsValidationError(err) { + case IsValidationError(err): log.Info("Validation failed", "error", err) return ctrl.Result{}, nil + default: + return result, err } - return result, err } func (r *StandardReconciler[T]) finalizationEnabled() bool { From 3cdbfcb04b9a5707529c6fac6f1161552c8f0c9a Mon Sep 17 00:00:00 2001 From: Istio Automation Date: Tue, 23 Apr 2024 16:09:12 -0700 Subject: [PATCH 11/11] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#67) Signed-off-by: istio-testing --- .devcontainer/devcontainer.json | 2 +- Makefile.core.mk | 2 +- api/v1alpha1/istio_types.go | 4 +- api/v1alpha1/istiocni_types.go | 4 +- .../extensions.istio.io_wasmplugins.yaml | 1 + .../networking.istio.io_destinationrules.yaml | 180 ++++++++ .../networking.istio.io_envoyfilters.yaml | 8 + .../networking.istio.io_gateways.yaml | 12 + .../networking.istio.io_proxyconfigs.yaml | 1 + .../networking.istio.io_serviceentries.yaml | 24 ++ .../networking.istio.io_sidecars.yaml | 42 ++ .../networking.istio.io_virtualservices.yaml | 78 ++++ .../networking.istio.io_workloadentries.yaml | 12 + .../networking.istio.io_workloadgroups.yaml | 24 ++ .../operator.istio.io_istiocnis.yaml | 5 +- .../operator.istio.io_istiorevisions.yaml | 2 +- .../manifests/operator.istio.io_istios.yaml | 5 +- .../sailoperator.clusterserviceversion.yaml | 10 +- .../telemetry.istio.io_telemetries.yaml | 2 + .../crds/extensions.istio.io_wasmplugins.yaml | 1 + .../networking.istio.io_destinationrules.yaml | 180 ++++++++ .../networking.istio.io_envoyfilters.yaml | 8 + chart/crds/networking.istio.io_gateways.yaml | 12 + .../networking.istio.io_proxyconfigs.yaml | 1 + .../networking.istio.io_serviceentries.yaml | 24 ++ chart/crds/networking.istio.io_sidecars.yaml | 42 ++ .../networking.istio.io_virtualservices.yaml | 78 ++++ .../networking.istio.io_workloadentries.yaml | 12 + .../networking.istio.io_workloadgroups.yaml | 24 ++ chart/crds/operator.istio.io_istiocnis.yaml | 5 +- .../operator.istio.io_istiorevisions.yaml | 2 +- chart/crds/operator.istio.io_istios.yaml | 5 +- .../crds/telemetry.istio.io_telemetries.yaml | 2 + chart/values.yaml | 2 +- common/.commonfiles.sha | 2 +- common/scripts/setup_env.sh | 2 +- resources/latest/charts/base/Chart.yaml | 4 +- .../latest/charts/base/crds/crd-all.gen.yaml | 384 ++++++++++++++++++ .../charts/base/files/profile-stable.yaml | 8 + .../templates/validatingadmissionpolicy.yaml | 48 +++ resources/latest/charts/base/values.yaml | 2 + resources/latest/charts/cni/Chart.yaml | 6 +- .../charts/cni/files/profile-stable.yaml | 8 + resources/latest/charts/cni/values.yaml | 2 +- resources/latest/charts/gateway/Chart.yaml | 4 +- .../charts/gateway/files/profile-stable.yaml | 8 + resources/latest/charts/istiod/Chart.yaml | 4 +- .../charts/istiod/files/profile-stable.yaml | 8 + .../templates/validatingadmissionpolicy.yaml | 54 +++ resources/latest/charts/istiod/values.yaml | 5 +- resources/latest/charts/ztunnel/Chart.yaml | 4 +- .../charts/ztunnel/files/profile-stable.yaml | 8 + resources/latest/charts/ztunnel/values.yaml | 2 +- resources/latest/profiles/stable.yaml | 5 + versions.yaml | 14 +- 55 files changed, 1354 insertions(+), 44 deletions(-) create mode 100644 resources/latest/charts/base/files/profile-stable.yaml create mode 100644 resources/latest/charts/base/templates/validatingadmissionpolicy.yaml create mode 100644 resources/latest/charts/cni/files/profile-stable.yaml create mode 100644 resources/latest/charts/gateway/files/profile-stable.yaml create mode 100644 resources/latest/charts/istiod/files/profile-stable.yaml create mode 100644 resources/latest/charts/istiod/templates/validatingadmissionpolicy.yaml create mode 100644 resources/latest/charts/ztunnel/files/profile-stable.yaml create mode 100644 resources/latest/profiles/stable.yaml diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index e6ccff8c8..508c2685e 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "istio build-tools", - "image": "gcr.io/istio-testing/build-tools:master-f24be7b713480aab44d862ac839ead0b5324d593", + "image": "gcr.io/istio-testing/build-tools:master-8fb9ce88f6ad4cdd35c1660cd0ad0ab67eff4c6c", "privileged": true, "remoteEnv": { "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", diff --git a/Makefile.core.mk b/Makefile.core.mk index ac306ef03..20cdb8b1a 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -403,7 +403,7 @@ OPM ?= $(LOCALBIN)/opm ## Tool Versions OPERATOR_SDK_VERSION ?= v1.34.1 HELM_VERSION ?= v3.14.4 -CONTROLLER_TOOLS_VERSION ?= v0.14.0 +CONTROLLER_TOOLS_VERSION ?= v0.15.0 OPM_VERSION ?= v1.39.0 GITLEAKS_VERSION ?= v8.18.2 diff --git a/api/v1alpha1/istio_types.go b/api/v1alpha1/istio_types.go index 47d2126a8..de49eb7f5 100644 --- a/api/v1alpha1/istio_types.go +++ b/api/v1alpha1/istio_types.go @@ -51,10 +51,10 @@ type IstioSpec struct { // +sail:profile // The built-in installation configuration profile to use. // The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - // Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + // Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. // +++PROFILES-DROPDOWN-HIDDEN-UNTIL-WE-FULLY-IMPLEMENT-THEM+++operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Profile",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:ambient", "urn:alm:descriptor:com.tectonic.ui:select:default", "urn:alm:descriptor:com.tectonic.ui:select:demo", "urn:alm:descriptor:com.tectonic.ui:select:empty", "urn:alm:descriptor:com.tectonic.ui:select:external", "urn:alm:descriptor:com.tectonic.ui:select:minimal", "urn:alm:descriptor:com.tectonic.ui:select:preview", "urn:alm:descriptor:com.tectonic.ui:select:remote"} // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:hidden"} - // +kubebuilder:validation:Enum=ambient;default;demo;empty;external;minimal;openshift-ambient;openshift;preview;remote + // +kubebuilder:validation:Enum=ambient;default;demo;empty;external;minimal;openshift-ambient;openshift;preview;remote;stable Profile string `json:"profile,omitempty"` // Namespace to which the Istio components should be installed. diff --git a/api/v1alpha1/istiocni_types.go b/api/v1alpha1/istiocni_types.go index 11dca1d03..b4437f23f 100644 --- a/api/v1alpha1/istiocni_types.go +++ b/api/v1alpha1/istiocni_types.go @@ -37,10 +37,10 @@ type IstioCNISpec struct { // +sail:profile // The built-in installation configuration profile to use. // The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - // Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + // Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. // +++PROFILES-DROPDOWN-HIDDEN-UNTIL-WE-FULLY-IMPLEMENT-THEM+++operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Profile",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:ambient", "urn:alm:descriptor:com.tectonic.ui:select:default", "urn:alm:descriptor:com.tectonic.ui:select:demo", "urn:alm:descriptor:com.tectonic.ui:select:empty", "urn:alm:descriptor:com.tectonic.ui:select:external", "urn:alm:descriptor:com.tectonic.ui:select:minimal", "urn:alm:descriptor:com.tectonic.ui:select:preview", "urn:alm:descriptor:com.tectonic.ui:select:remote"} // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:hidden"} - // +kubebuilder:validation:Enum=ambient;default;demo;empty;external;minimal;openshift-ambient;openshift;preview;remote + // +kubebuilder:validation:Enum=ambient;default;demo;empty;external;minimal;openshift-ambient;openshift;preview;remote;stable Profile string `json:"profile,omitempty"` // Namespace to which the Istio CNI component should be installed. diff --git a/bundle/manifests/extensions.istio.io_wasmplugins.yaml b/bundle/manifests/extensions.istio.io_wasmplugins.yaml index 2a8108f71..e1a8532a5 100644 --- a/bundle/manifests/extensions.istio.io_wasmplugins.yaml +++ b/bundle/manifests/extensions.istio.io_wasmplugins.yaml @@ -120,6 +120,7 @@ spec: type: string priority: description: Determines ordering of `WasmPlugins` in the same `phase`. + format: int32 nullable: true type: integer selector: diff --git a/bundle/manifests/networking.istio.io_destinationrules.yaml b/bundle/manifests/networking.istio.io_destinationrules.yaml index c7f58b46e..39bda7540 100644 --- a/bundle/manifests/networking.istio.io_destinationrules.yaml +++ b/bundle/manifests/networking.istio.io_destinationrules.yaml @@ -152,6 +152,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -236,10 +238,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -248,6 +252,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -267,6 +272,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -327,6 +334,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -335,11 +344,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -448,6 +461,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -535,10 +550,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -548,6 +565,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -567,6 +585,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -628,6 +648,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -636,11 +658,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -670,6 +696,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -809,6 +837,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -901,6 +931,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -984,10 +1016,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -996,6 +1030,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1015,6 +1050,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1073,6 +1110,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1081,11 +1120,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1192,6 +1235,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -1276,10 +1321,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -1288,6 +1335,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1307,6 +1355,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1367,6 +1417,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1375,11 +1427,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1406,6 +1462,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1543,6 +1601,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -1699,6 +1759,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -1783,10 +1845,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -1795,6 +1859,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1814,6 +1879,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1874,6 +1941,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1882,11 +1951,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1995,6 +2068,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2082,10 +2157,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2095,6 +2172,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2114,6 +2192,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2175,6 +2255,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2183,11 +2265,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2217,6 +2303,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -2356,6 +2444,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -2448,6 +2538,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -2531,10 +2623,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -2543,6 +2637,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2562,6 +2657,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2620,6 +2717,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2628,11 +2727,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2739,6 +2842,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2823,10 +2928,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2835,6 +2942,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2854,6 +2962,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2914,6 +3024,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2922,11 +3034,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2953,6 +3069,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -3090,6 +3208,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -3246,6 +3366,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3330,10 +3452,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3342,6 +3466,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3361,6 +3486,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3421,6 +3548,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3429,11 +3558,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3542,6 +3675,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3629,10 +3764,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3642,6 +3779,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3661,6 +3799,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3722,6 +3862,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3730,11 +3872,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3764,6 +3910,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -3903,6 +4051,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -3995,6 +4145,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -4078,10 +4230,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -4090,6 +4244,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4109,6 +4264,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4167,6 +4324,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4175,11 +4334,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4286,6 +4449,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -4370,10 +4535,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -4382,6 +4549,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4401,6 +4569,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4461,6 +4631,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4469,11 +4641,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4500,6 +4676,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -4637,6 +4815,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost diff --git a/bundle/manifests/networking.istio.io_envoyfilters.yaml b/bundle/manifests/networking.istio.io_envoyfilters.yaml index cccef7eb3..4f50dc899 100644 --- a/bundle/manifests/networking.istio.io_envoyfilters.yaml +++ b/bundle/manifests/networking.istio.io_envoyfilters.yaml @@ -80,6 +80,8 @@ spec: portNumber: description: The service port for which this cluster was generated. + maximum: 4294967295 + minimum: 0 type: integer service: description: The fully qualified service name for this @@ -112,6 +114,8 @@ spec: destinationPort: description: The destination_port value used by a filter chain's match condition. + maximum: 4294967295 + minimum: 0 type: integer filter: description: The name of a specific filter to apply @@ -151,6 +155,8 @@ spec: portNumber: description: The service port/gateway port to which traffic is being sent/received. + maximum: 4294967295 + minimum: 0 type: integer type: object proxy: @@ -185,6 +191,8 @@ spec: description: The service port number or gateway server port number for which this route configuration was generated. + maximum: 4294967295 + minimum: 0 type: integer vhost: description: Match a specific virtual host in a route diff --git a/bundle/manifests/networking.istio.io_gateways.yaml b/bundle/manifests/networking.istio.io_gateways.yaml index 2034b6b7e..a5d29e784 100644 --- a/bundle/manifests/networking.istio.io_gateways.yaml +++ b/bundle/manifests/networking.istio.io_gateways.yaml @@ -66,11 +66,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -223,11 +227,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -380,11 +388,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number diff --git a/bundle/manifests/networking.istio.io_proxyconfigs.yaml b/bundle/manifests/networking.istio.io_proxyconfigs.yaml index edccbcb6f..38d1c488a 100644 --- a/bundle/manifests/networking.istio.io_proxyconfigs.yaml +++ b/bundle/manifests/networking.istio.io_proxyconfigs.yaml @@ -32,6 +32,7 @@ spec: properties: concurrency: description: The number of worker threads to run. + format: int32 nullable: true type: integer environmentVariables: diff --git a/bundle/manifests/networking.istio.io_serviceentries.yaml b/bundle/manifests/networking.istio.io_serviceentries.yaml index 81f47cbff..b6d7dec08 100644 --- a/bundle/manifests/networking.istio.io_serviceentries.yaml +++ b/bundle/manifests/networking.istio.io_serviceentries.yaml @@ -81,6 +81,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -90,6 +92,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -121,6 +125,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -128,6 +134,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -229,6 +237,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -238,6 +248,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -269,6 +281,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -276,6 +290,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -377,6 +393,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -386,6 +404,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -417,6 +437,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -424,6 +446,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number diff --git a/bundle/manifests/networking.istio.io_sidecars.yaml b/bundle/manifests/networking.istio.io_sidecars.yaml index dee309986..c078f97aa 100644 --- a/bundle/manifests/networking.istio.io_sidecars.yaml +++ b/bundle/manifests/networking.istio.io_sidecars.yaml @@ -64,11 +64,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -152,6 +156,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -260,6 +266,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -281,11 +289,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -396,6 +408,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -476,11 +490,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -564,6 +582,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -672,6 +692,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -693,11 +715,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -808,6 +834,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -888,11 +916,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -976,6 +1008,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -1084,6 +1118,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -1105,11 +1141,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1220,6 +1260,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: diff --git a/bundle/manifests/networking.istio.io_virtualservices.yaml b/bundle/manifests/networking.istio.io_virtualservices.yaml index 94bdd1790..ef165bd13 100644 --- a/bundle/manifests/networking.istio.io_virtualservices.yaml +++ b/bundle/manifests/networking.istio.io_virtualservices.yaml @@ -172,6 +172,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -397,6 +399,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -542,6 +546,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -551,9 +557,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -582,6 +592,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -636,10 +648,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -715,6 +731,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -794,6 +812,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -828,6 +848,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -872,6 +894,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -911,6 +935,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1089,6 +1115,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -1314,6 +1342,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -1459,6 +1489,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1468,9 +1500,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -1499,6 +1535,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1553,10 +1591,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -1632,6 +1674,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1711,6 +1755,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -1745,6 +1791,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1789,6 +1837,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -1828,6 +1878,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2006,6 +2058,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -2231,6 +2285,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -2376,6 +2432,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2385,9 +2443,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -2416,6 +2478,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2470,10 +2534,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -2549,6 +2617,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2628,6 +2698,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -2662,6 +2734,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2706,6 +2780,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -2745,6 +2821,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: diff --git a/bundle/manifests/networking.istio.io_workloadentries.yaml b/bundle/manifests/networking.istio.io_workloadentries.yaml index 455aa2221..05df3ba66 100644 --- a/bundle/manifests/networking.istio.io_workloadentries.yaml +++ b/bundle/manifests/networking.istio.io_workloadentries.yaml @@ -63,6 +63,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -72,6 +74,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -121,6 +125,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -130,6 +136,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -179,6 +187,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -188,6 +198,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: diff --git a/bundle/manifests/networking.istio.io_workloadgroups.yaml b/bundle/manifests/networking.istio.io_workloadgroups.yaml index 07040f3eb..508a309fa 100644 --- a/bundle/manifests/networking.istio.io_workloadgroups.yaml +++ b/bundle/manifests/networking.istio.io_workloadgroups.yaml @@ -110,6 +110,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -136,6 +138,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -167,6 +171,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -176,6 +182,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -275,6 +283,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -301,6 +311,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -332,6 +344,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -341,6 +355,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -442,6 +458,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -468,6 +486,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -499,6 +519,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -508,6 +530,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: diff --git a/bundle/manifests/operator.istio.io_istiocnis.yaml b/bundle/manifests/operator.istio.io_istiocnis.yaml index d4bf63b68..42d53e59b 100644 --- a/bundle/manifests/operator.istio.io_istiocnis.yaml +++ b/bundle/manifests/operator.istio.io_istiocnis.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: istiocnis.operator.istio.io spec: @@ -70,7 +70,7 @@ spec: description: |- The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. enum: - ambient - default @@ -82,6 +82,7 @@ spec: - openshift - preview - remote + - stable type: string values: description: Defines the values to be passed to the Helm charts when diff --git a/bundle/manifests/operator.istio.io_istiorevisions.yaml b/bundle/manifests/operator.istio.io_istiorevisions.yaml index 47c2df93f..f8f50ed6e 100644 --- a/bundle/manifests/operator.istio.io_istiorevisions.yaml +++ b/bundle/manifests/operator.istio.io_istiorevisions.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: istiorevisions.operator.istio.io spec: diff --git a/bundle/manifests/operator.istio.io_istios.yaml b/bundle/manifests/operator.istio.io_istios.yaml index 9a51f32b0..89aab8fa0 100644 --- a/bundle/manifests/operator.istio.io_istios.yaml +++ b/bundle/manifests/operator.istio.io_istios.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: istios.operator.istio.io spec: @@ -87,7 +87,7 @@ spec: description: |- The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. enum: - ambient - default @@ -99,6 +99,7 @@ spec: - openshift - preview - remote + - stable type: string updateStrategy: default: diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 71bd34280..14988f31c 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -34,7 +34,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/maistra-dev/sail-operator:3.0-latest - createdAt: "2024-04-19T23:01:33Z" + createdAt: "2024-04-23T23:01:44Z" description: Experimental operator for installing Istio service mesh features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -174,7 +174,8 @@ spec: - description: 'The built-in installation configuration profile to use. The ''default'' profile is always applied. On OpenShift, the ''openshift'' profile is also applied on top of ''default''. Must be one of: ambient, default, - demo, empty, external, minimal, openshift-ambient, openshift, preview, remote.' + demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, + stable.' displayName: Profile path: profile x-descriptors: @@ -268,7 +269,8 @@ spec: - description: 'The built-in installation configuration profile to use. The ''default'' profile is always applied. On OpenShift, the ''openshift'' profile is also applied on top of ''default''. Must be one of: ambient, default, - demo, empty, external, minimal, openshift-ambient, openshift, preview, remote.' + demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, + stable.' displayName: Profile path: profile x-descriptors: @@ -288,7 +290,7 @@ spec: This version of the operator supports the following Istio versions: - v1.21.0 - - latest (3112392b) + - latest (713cd5d1) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/pre-main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator diff --git a/bundle/manifests/telemetry.istio.io_telemetries.yaml b/bundle/manifests/telemetry.istio.io_telemetries.yaml index a71a2f7af..2999b6bd9 100644 --- a/bundle/manifests/telemetry.istio.io_telemetries.yaml +++ b/bundle/manifests/telemetry.istio.io_telemetries.yaml @@ -333,6 +333,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true @@ -659,6 +660,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true diff --git a/chart/crds/extensions.istio.io_wasmplugins.yaml b/chart/crds/extensions.istio.io_wasmplugins.yaml index 70f8dfc5b..6f241cce2 100644 --- a/chart/crds/extensions.istio.io_wasmplugins.yaml +++ b/chart/crds/extensions.istio.io_wasmplugins.yaml @@ -120,6 +120,7 @@ spec: type: string priority: description: Determines ordering of `WasmPlugins` in the same `phase`. + format: int32 nullable: true type: integer selector: diff --git a/chart/crds/networking.istio.io_destinationrules.yaml b/chart/crds/networking.istio.io_destinationrules.yaml index 8e3fe2283..f27661cdd 100644 --- a/chart/crds/networking.istio.io_destinationrules.yaml +++ b/chart/crds/networking.istio.io_destinationrules.yaml @@ -151,6 +151,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -235,10 +237,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -247,6 +251,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -266,6 +271,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -326,6 +333,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -334,11 +343,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -447,6 +460,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -534,10 +549,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -547,6 +564,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -566,6 +584,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -627,6 +647,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -635,11 +657,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -669,6 +695,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -808,6 +836,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -900,6 +930,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -983,10 +1015,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -995,6 +1029,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1014,6 +1049,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1072,6 +1109,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1080,11 +1119,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1191,6 +1234,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -1275,10 +1320,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -1287,6 +1334,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1306,6 +1354,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1366,6 +1416,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1374,11 +1426,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1405,6 +1461,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1542,6 +1600,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -1698,6 +1758,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -1782,10 +1844,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -1794,6 +1858,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1813,6 +1878,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1873,6 +1940,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1881,11 +1950,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1994,6 +2067,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2081,10 +2156,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2094,6 +2171,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2113,6 +2191,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2174,6 +2254,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2182,11 +2264,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2216,6 +2302,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -2355,6 +2443,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -2447,6 +2537,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -2530,10 +2622,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -2542,6 +2636,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2561,6 +2656,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2619,6 +2716,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2627,11 +2726,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2738,6 +2841,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2822,10 +2927,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2834,6 +2941,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2853,6 +2961,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2913,6 +3023,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2921,11 +3033,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2952,6 +3068,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -3089,6 +3207,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -3245,6 +3365,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3329,10 +3451,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3341,6 +3465,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3360,6 +3485,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3420,6 +3547,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3428,11 +3557,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3541,6 +3674,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3628,10 +3763,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3641,6 +3778,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3660,6 +3798,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3721,6 +3861,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3729,11 +3871,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3763,6 +3909,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -3902,6 +4050,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -3994,6 +4144,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -4077,10 +4229,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -4089,6 +4243,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4108,6 +4263,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4166,6 +4323,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4174,11 +4333,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4285,6 +4448,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -4369,10 +4534,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -4381,6 +4548,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4400,6 +4568,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4460,6 +4630,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4468,11 +4640,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4499,6 +4675,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -4636,6 +4814,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost diff --git a/chart/crds/networking.istio.io_envoyfilters.yaml b/chart/crds/networking.istio.io_envoyfilters.yaml index 6166addaf..43cf891ab 100644 --- a/chart/crds/networking.istio.io_envoyfilters.yaml +++ b/chart/crds/networking.istio.io_envoyfilters.yaml @@ -79,6 +79,8 @@ spec: portNumber: description: The service port for which this cluster was generated. + maximum: 4294967295 + minimum: 0 type: integer service: description: The fully qualified service name for this @@ -111,6 +113,8 @@ spec: destinationPort: description: The destination_port value used by a filter chain's match condition. + maximum: 4294967295 + minimum: 0 type: integer filter: description: The name of a specific filter to apply @@ -150,6 +154,8 @@ spec: portNumber: description: The service port/gateway port to which traffic is being sent/received. + maximum: 4294967295 + minimum: 0 type: integer type: object proxy: @@ -184,6 +190,8 @@ spec: description: The service port number or gateway server port number for which this route configuration was generated. + maximum: 4294967295 + minimum: 0 type: integer vhost: description: Match a specific virtual host in a route diff --git a/chart/crds/networking.istio.io_gateways.yaml b/chart/crds/networking.istio.io_gateways.yaml index 6ea0bf907..987789ffe 100644 --- a/chart/crds/networking.istio.io_gateways.yaml +++ b/chart/crds/networking.istio.io_gateways.yaml @@ -65,11 +65,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -222,11 +226,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -379,11 +387,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number diff --git a/chart/crds/networking.istio.io_proxyconfigs.yaml b/chart/crds/networking.istio.io_proxyconfigs.yaml index 8763a7dd7..73644c1bc 100644 --- a/chart/crds/networking.istio.io_proxyconfigs.yaml +++ b/chart/crds/networking.istio.io_proxyconfigs.yaml @@ -31,6 +31,7 @@ spec: properties: concurrency: description: The number of worker threads to run. + format: int32 nullable: true type: integer environmentVariables: diff --git a/chart/crds/networking.istio.io_serviceentries.yaml b/chart/crds/networking.istio.io_serviceentries.yaml index 1ebaf3d10..90c3dddae 100644 --- a/chart/crds/networking.istio.io_serviceentries.yaml +++ b/chart/crds/networking.istio.io_serviceentries.yaml @@ -80,6 +80,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -89,6 +91,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -120,6 +124,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -127,6 +133,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -228,6 +236,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -237,6 +247,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -268,6 +280,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -275,6 +289,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -376,6 +392,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -385,6 +403,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -416,6 +436,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -423,6 +445,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number diff --git a/chart/crds/networking.istio.io_sidecars.yaml b/chart/crds/networking.istio.io_sidecars.yaml index 8bf57e6e5..52bae793f 100644 --- a/chart/crds/networking.istio.io_sidecars.yaml +++ b/chart/crds/networking.istio.io_sidecars.yaml @@ -63,11 +63,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -151,6 +155,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -259,6 +265,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -280,11 +288,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -395,6 +407,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -475,11 +489,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -563,6 +581,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -671,6 +691,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -692,11 +714,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -807,6 +833,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -887,11 +915,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -975,6 +1007,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -1083,6 +1117,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -1104,11 +1140,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1219,6 +1259,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: diff --git a/chart/crds/networking.istio.io_virtualservices.yaml b/chart/crds/networking.istio.io_virtualservices.yaml index ce2bf0fca..70416a985 100644 --- a/chart/crds/networking.istio.io_virtualservices.yaml +++ b/chart/crds/networking.istio.io_virtualservices.yaml @@ -171,6 +171,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -396,6 +398,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -541,6 +545,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -550,9 +556,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -581,6 +591,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -635,10 +647,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -714,6 +730,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -793,6 +811,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -827,6 +847,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -871,6 +893,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -910,6 +934,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1088,6 +1114,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -1313,6 +1341,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -1458,6 +1488,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1467,9 +1499,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -1498,6 +1534,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1552,10 +1590,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -1631,6 +1673,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1710,6 +1754,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -1744,6 +1790,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1788,6 +1836,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -1827,6 +1877,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2005,6 +2057,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -2230,6 +2284,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -2375,6 +2431,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2384,9 +2442,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -2415,6 +2477,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2469,10 +2533,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -2548,6 +2616,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2627,6 +2697,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -2661,6 +2733,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2705,6 +2779,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -2744,6 +2820,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: diff --git a/chart/crds/networking.istio.io_workloadentries.yaml b/chart/crds/networking.istio.io_workloadentries.yaml index 14cb96292..0e5613a0c 100644 --- a/chart/crds/networking.istio.io_workloadentries.yaml +++ b/chart/crds/networking.istio.io_workloadentries.yaml @@ -62,6 +62,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -71,6 +73,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -120,6 +124,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -129,6 +135,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -178,6 +186,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -187,6 +197,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: diff --git a/chart/crds/networking.istio.io_workloadgroups.yaml b/chart/crds/networking.istio.io_workloadgroups.yaml index 57530cc33..ff5d1b3b6 100644 --- a/chart/crds/networking.istio.io_workloadgroups.yaml +++ b/chart/crds/networking.istio.io_workloadgroups.yaml @@ -109,6 +109,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -135,6 +137,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -166,6 +170,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -175,6 +181,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -274,6 +282,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -300,6 +310,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -331,6 +343,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -340,6 +354,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -441,6 +457,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -467,6 +485,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -498,6 +518,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -507,6 +529,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: diff --git a/chart/crds/operator.istio.io_istiocnis.yaml b/chart/crds/operator.istio.io_istiocnis.yaml index b947f710b..e64b1b7f3 100644 --- a/chart/crds/operator.istio.io_istiocnis.yaml +++ b/chart/crds/operator.istio.io_istiocnis.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: istiocnis.operator.istio.io spec: group: operator.istio.io @@ -70,7 +70,7 @@ spec: description: |- The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. enum: - ambient - default @@ -82,6 +82,7 @@ spec: - openshift - preview - remote + - stable type: string values: description: Defines the values to be passed to the Helm charts when diff --git a/chart/crds/operator.istio.io_istiorevisions.yaml b/chart/crds/operator.istio.io_istiorevisions.yaml index f2ed71bf4..aa225caf9 100644 --- a/chart/crds/operator.istio.io_istiorevisions.yaml +++ b/chart/crds/operator.istio.io_istiorevisions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: istiorevisions.operator.istio.io spec: group: operator.istio.io diff --git a/chart/crds/operator.istio.io_istios.yaml b/chart/crds/operator.istio.io_istios.yaml index 349a94566..91212cb41 100644 --- a/chart/crds/operator.istio.io_istios.yaml +++ b/chart/crds/operator.istio.io_istios.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: istios.operator.istio.io spec: group: operator.istio.io @@ -87,7 +87,7 @@ spec: description: |- The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. enum: - ambient - default @@ -99,6 +99,7 @@ spec: - openshift - preview - remote + - stable type: string updateStrategy: default: diff --git a/chart/crds/telemetry.istio.io_telemetries.yaml b/chart/crds/telemetry.istio.io_telemetries.yaml index 7f5578823..3ea0d3000 100644 --- a/chart/crds/telemetry.istio.io_telemetries.yaml +++ b/chart/crds/telemetry.istio.io_telemetries.yaml @@ -332,6 +332,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true @@ -658,6 +659,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true diff --git a/chart/values.yaml b/chart/values.yaml index ade97a306..3451969d5 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -17,7 +17,7 @@ csv: This version of the operator supports the following Istio versions: - v1.21.0 - - latest (3112392b) + - latest (713cd5d1) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/pre-main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha index cea32550f..e8b9cef8d 100644 --- a/common/.commonfiles.sha +++ b/common/.commonfiles.sha @@ -1 +1 @@ -9088296b1343d1a3b2e3f822f6d7942ff2de7a15 +e815dd568ad11e92eb49f05df6e5218dc89e159f diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh index 50866ae13..f0b871340 100755 --- a/common/scripts/setup_env.sh +++ b/common/scripts/setup_env.sh @@ -75,7 +75,7 @@ fi TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io} PROJECT_ID=${PROJECT_ID:-istio-testing} if [[ "${IMAGE_VERSION:-}" == "" ]]; then - IMAGE_VERSION=master-f24be7b713480aab44d862ac839ead0b5324d593 + IMAGE_VERSION=master-8fb9ce88f6ad4cdd35c1660cd0ad0ab67eff4c6c fi if [[ "${IMAGE_NAME:-}" == "" ]]; then IMAGE_NAME=build-tools diff --git a/resources/latest/charts/base/Chart.yaml b/resources/latest/charts/base/Chart.yaml index ec7ae3bad..435195b18 100644 --- a/resources/latest/charts/base/Chart.yaml +++ b/resources/latest/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d +appVersion: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d +version: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 diff --git a/resources/latest/charts/base/crds/crd-all.gen.yaml b/resources/latest/charts/base/crds/crd-all.gen.yaml index 85aab80fe..1625d85f9 100644 --- a/resources/latest/charts/base/crds/crd-all.gen.yaml +++ b/resources/latest/charts/base/crds/crd-all.gen.yaml @@ -120,6 +120,7 @@ spec: type: string priority: description: Determines ordering of `WasmPlugins` in the same `phase`. + format: int32 nullable: true type: integer selector: @@ -399,6 +400,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -483,10 +486,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -495,6 +500,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -514,6 +520,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -574,6 +582,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -582,11 +592,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -695,6 +709,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -782,10 +798,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -795,6 +813,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -814,6 +833,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -875,6 +896,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -883,11 +906,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -917,6 +944,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1056,6 +1085,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -1148,6 +1179,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -1231,10 +1264,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -1243,6 +1278,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1262,6 +1298,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1320,6 +1358,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1328,11 +1368,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1439,6 +1483,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -1523,10 +1569,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -1535,6 +1583,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1554,6 +1603,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1614,6 +1665,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1622,11 +1675,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1653,6 +1710,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1790,6 +1849,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -1946,6 +2007,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2030,10 +2093,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2042,6 +2107,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2061,6 +2127,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2121,6 +2189,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2129,11 +2199,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2242,6 +2316,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2329,10 +2405,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2342,6 +2420,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2361,6 +2440,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2422,6 +2503,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2430,11 +2513,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2464,6 +2551,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -2603,6 +2692,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -2695,6 +2786,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -2778,10 +2871,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -2790,6 +2885,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2809,6 +2905,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2867,6 +2965,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2875,11 +2975,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2986,6 +3090,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3070,10 +3176,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3082,6 +3190,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3101,6 +3210,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3161,6 +3272,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3169,11 +3282,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3200,6 +3317,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -3337,6 +3456,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -3493,6 +3614,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3577,10 +3700,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3589,6 +3714,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3608,6 +3734,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3668,6 +3796,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3676,11 +3806,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3789,6 +3923,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3876,10 +4012,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3889,6 +4027,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3908,6 +4047,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3969,6 +4110,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3977,11 +4120,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4011,6 +4158,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -4150,6 +4299,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -4242,6 +4393,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -4325,10 +4478,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -4337,6 +4492,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4356,6 +4512,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4414,6 +4572,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4422,11 +4582,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4533,6 +4697,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -4617,10 +4783,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -4629,6 +4797,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4648,6 +4817,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4708,6 +4879,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4716,11 +4889,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4747,6 +4924,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -4884,6 +5063,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -4994,6 +5175,8 @@ spec: portNumber: description: The service port for which this cluster was generated. + maximum: 4294967295 + minimum: 0 type: integer service: description: The fully qualified service name for this @@ -5026,6 +5209,8 @@ spec: destinationPort: description: The destination_port value used by a filter chain's match condition. + maximum: 4294967295 + minimum: 0 type: integer filter: description: The name of a specific filter to apply @@ -5065,6 +5250,8 @@ spec: portNumber: description: The service port/gateway port to which traffic is being sent/received. + maximum: 4294967295 + minimum: 0 type: integer type: object proxy: @@ -5099,6 +5286,8 @@ spec: description: The service port number or gateway server port number for which this route configuration was generated. + maximum: 4294967295 + minimum: 0 type: integer vhost: description: Match a specific virtual host in a route @@ -5281,11 +5470,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -5438,11 +5631,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -5595,11 +5792,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -5744,6 +5945,7 @@ spec: properties: concurrency: description: The number of worker threads to run. + format: int32 nullable: true type: integer environmentVariables: @@ -5860,6 +6062,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -5869,6 +6073,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -5900,6 +6106,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -5907,6 +6115,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -6008,6 +6218,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -6017,6 +6229,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -6048,6 +6262,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -6055,6 +6271,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -6156,6 +6374,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -6165,6 +6385,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -6196,6 +6418,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -6203,6 +6427,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -6313,11 +6539,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -6401,6 +6631,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -6509,6 +6741,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -6530,11 +6764,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -6645,6 +6883,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -6725,11 +6965,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -6813,6 +7057,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -6921,6 +7167,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -6942,11 +7190,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -7057,6 +7309,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -7137,11 +7391,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -7225,6 +7483,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -7333,6 +7593,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -7354,11 +7616,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -7469,6 +7735,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -7681,6 +7949,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -7906,6 +8176,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -8051,6 +8323,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8060,9 +8334,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -8091,6 +8369,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8145,10 +8425,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -8224,6 +8508,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8303,6 +8589,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -8337,6 +8625,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8381,6 +8671,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -8420,6 +8712,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8598,6 +8892,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -8823,6 +9119,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -8968,6 +9266,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8977,9 +9277,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -9008,6 +9312,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9062,10 +9368,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -9141,6 +9451,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9220,6 +9532,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -9254,6 +9568,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9298,6 +9614,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -9337,6 +9655,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9515,6 +9835,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -9740,6 +10062,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -9885,6 +10209,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9894,9 +10220,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -9925,6 +10255,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9979,10 +10311,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -10058,6 +10394,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -10137,6 +10475,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -10171,6 +10511,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -10215,6 +10557,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -10254,6 +10598,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -10349,6 +10695,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10358,6 +10706,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -10407,6 +10757,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10416,6 +10768,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -10465,6 +10819,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10474,6 +10830,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -10596,6 +10954,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -10622,6 +10982,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -10653,6 +11015,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10662,6 +11026,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -10761,6 +11127,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -10787,6 +11155,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -10818,6 +11188,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10827,6 +11199,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -10928,6 +11302,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -10954,6 +11330,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -10985,6 +11363,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10994,6 +11374,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -12321,6 +12703,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true @@ -12647,6 +13030,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true diff --git a/resources/latest/charts/base/files/profile-stable.yaml b/resources/latest/charts/base/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/base/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/latest/charts/base/templates/validatingadmissionpolicy.yaml b/resources/latest/charts/base/templates/validatingadmissionpolicy.yaml new file mode 100644 index 000000000..0b90a4798 --- /dev/null +++ b/resources/latest/charts/base/templates/validatingadmissionpolicy.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-default-policy.istio.io" + labels: + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.defaultRevision }} +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-default-policy-binding.istio.io" +spec: + policyName: "stable-channel-default-policy.istio.io" + validationActions: [Deny] +{{- end }} diff --git a/resources/latest/charts/base/values.yaml b/resources/latest/charts/base/values.yaml index ced14b091..88bca4329 100644 --- a/resources/latest/charts/base/values.yaml +++ b/resources/latest/charts/base/values.yaml @@ -36,3 +36,5 @@ defaults: enableIstioConfigCRDs: true defaultRevision: "default" + experimental: + stableValidationPolicy: false diff --git a/resources/latest/charts/cni/Chart.yaml b/resources/latest/charts/cni/Chart.yaml index 5caa528ed..f1c439a50 100644 --- a/resources/latest/charts/cni/Chart.yaml +++ b/resources/latest/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d +appVersion: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,5 +7,5 @@ keywords: - istio name: cni sources: -- https://github.com/istio/istio/tree/master/cni -version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d +- https://github.com/istio/istio +version: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 diff --git a/resources/latest/charts/cni/files/profile-stable.yaml b/resources/latest/charts/cni/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/cni/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/latest/charts/cni/values.yaml b/resources/latest/charts/cni/values.yaml index 7209c9411..9c2ee6f0a 100644 --- a/resources/latest/charts/cni/values.yaml +++ b/resources/latest/charts/cni/values.yaml @@ -110,7 +110,7 @@ defaults: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d + tag: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/latest/charts/gateway/Chart.yaml b/resources/latest/charts/gateway/Chart.yaml index 6241b3071..3ce748ed4 100644 --- a/resources/latest/charts/gateway/Chart.yaml +++ b/resources/latest/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d +appVersion: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d +version: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 diff --git a/resources/latest/charts/gateway/files/profile-stable.yaml b/resources/latest/charts/gateway/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/gateway/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/latest/charts/istiod/Chart.yaml b/resources/latest/charts/istiod/Chart.yaml index 60dd5a678..1df811ad7 100644 --- a/resources/latest/charts/istiod/Chart.yaml +++ b/resources/latest/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d +appVersion: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d +version: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 diff --git a/resources/latest/charts/istiod/files/profile-stable.yaml b/resources/latest/charts/istiod/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/istiod/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/latest/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/latest/charts/istiod/templates/validatingadmissionpolicy.yaml new file mode 100644 index 000000000..f4d9479c6 --- /dev/null +++ b/resources/latest/charts/istiod/templates/validatingadmissionpolicy.yaml @@ -0,0 +1,54 @@ +{{- if .Values.experimental.stableValidationPolicy }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + objectSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" +spec: + policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" + validationActions: [Deny] +{{- end }} diff --git a/resources/latest/charts/istiod/values.yaml b/resources/latest/charts/istiod/values.yaml index bbc802294..9eb6cba57 100644 --- a/resources/latest/charts/istiod/values.yaml +++ b/resources/latest/charts/istiod/values.yaml @@ -199,6 +199,9 @@ defaults: meshConfig: enablePrometheusMerge: true + experimental: + stableValidationPolicy: false + global: # Used to locate istiod. istioNamespace: istio-system @@ -231,7 +234,7 @@ defaults: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d + tag: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/ztunnel/Chart.yaml b/resources/latest/charts/ztunnel/Chart.yaml index aaa68dae5..f45452cb4 100644 --- a/resources/latest/charts/ztunnel/Chart.yaml +++ b/resources/latest/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d +appVersion: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d +version: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 diff --git a/resources/latest/charts/ztunnel/files/profile-stable.yaml b/resources/latest/charts/ztunnel/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/ztunnel/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/latest/charts/ztunnel/values.yaml b/resources/latest/charts/ztunnel/values.yaml index 1668ed15c..6e9aab85b 100644 --- a/resources/latest/charts/ztunnel/values.yaml +++ b/resources/latest/charts/ztunnel/values.yaml @@ -2,7 +2,7 @@ defaults: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.22-alpha.3112392b96748f15315150044244f0052a2f730d + tag: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/latest/profiles/stable.yaml b/resources/latest/profiles/stable.yaml new file mode 100644 index 000000000..f1612aa60 --- /dev/null +++ b/resources/latest/profiles/stable.yaml @@ -0,0 +1,5 @@ +apiVersion: operator.istio.io/v1alpha1 +kind: Istio +spec: + values: + profile: stable diff --git a/versions.yaml b/versions.yaml index 1750fb0a1..b7fc39edc 100644 --- a/versions.yaml +++ b/versions.yaml @@ -21,13 +21,13 @@ versions: - https://istio-release.storage.googleapis.com/charts/cni-1.21.0.tgz - https://istio-release.storage.googleapis.com/charts/ztunnel-1.21.0.tgz - name: latest - version: 1.22-alpha + version: 1.23-alpha repo: https://github.com/istio/istio branch: master - commit: 3112392b96748f15315150044244f0052a2f730d + commit: 713cd5d19404bad19669540656f4fa31b4641a08 charts: - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.3112392b96748f15315150044244f0052a2f730d/helm/base-1.22-alpha.3112392b96748f15315150044244f0052a2f730d.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.3112392b96748f15315150044244f0052a2f730d/helm/cni-1.22-alpha.3112392b96748f15315150044244f0052a2f730d.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.3112392b96748f15315150044244f0052a2f730d/helm/gateway-1.22-alpha.3112392b96748f15315150044244f0052a2f730d.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.3112392b96748f15315150044244f0052a2f730d/helm/istiod-1.22-alpha.3112392b96748f15315150044244f0052a2f730d.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.3112392b96748f15315150044244f0052a2f730d/helm/ztunnel-1.22-alpha.3112392b96748f15315150044244f0052a2f730d.tgz + - https://storage.googleapis.com/istio-build/dev/1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08/helm/base-1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08.tgz + - https://storage.googleapis.com/istio-build/dev/1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08/helm/cni-1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08.tgz + - https://storage.googleapis.com/istio-build/dev/1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08/helm/gateway-1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08.tgz + - https://storage.googleapis.com/istio-build/dev/1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08/helm/istiod-1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08.tgz + - https://storage.googleapis.com/istio-build/dev/1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08/helm/ztunnel-1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08.tgz