diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index e6ccff8c8..508c2685e 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "istio build-tools", - "image": "gcr.io/istio-testing/build-tools:master-f24be7b713480aab44d862ac839ead0b5324d593", + "image": "gcr.io/istio-testing/build-tools:master-8fb9ce88f6ad4cdd35c1660cd0ad0ab67eff4c6c", "privileged": true, "remoteEnv": { "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", diff --git a/Makefile.core.mk b/Makefile.core.mk index 94acbf9fa..20cdb8b1a 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -403,7 +403,7 @@ OPM ?= $(LOCALBIN)/opm ## Tool Versions OPERATOR_SDK_VERSION ?= v1.34.1 HELM_VERSION ?= v3.14.4 -CONTROLLER_TOOLS_VERSION ?= v0.14.0 +CONTROLLER_TOOLS_VERSION ?= v0.15.0 OPM_VERSION ?= v1.39.0 GITLEAKS_VERSION ?= v8.18.2 @@ -461,7 +461,7 @@ bundle: gen helm operator-sdk ## Generate bundle manifests and metadata, then va if (git ls-files --error-unmatch "$$csvPath" &>/dev/null); then \ if ! (git diff "$$csvPath" | grep '^[+-][^+-][^+-]' | grep -v "createdAt:" >/dev/null); then \ echo "reverting timestamp change in $$csvPath"; \ - git checkout "$$csvPath"; \ + git checkout "$$csvPath" || echo "failed to revert timestamp change. assuming we're in the middle of a merge"; \ fi \ fi $(OPERATOR_SDK) bundle validate ./bundle diff --git a/api/v1alpha1/istio_types.go b/api/v1alpha1/istio_types.go index 47d2126a8..de49eb7f5 100644 --- a/api/v1alpha1/istio_types.go +++ b/api/v1alpha1/istio_types.go @@ -51,10 +51,10 @@ type IstioSpec struct { // +sail:profile // The built-in installation configuration profile to use. // The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - // Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + // Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. // +++PROFILES-DROPDOWN-HIDDEN-UNTIL-WE-FULLY-IMPLEMENT-THEM+++operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Profile",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:ambient", "urn:alm:descriptor:com.tectonic.ui:select:default", "urn:alm:descriptor:com.tectonic.ui:select:demo", "urn:alm:descriptor:com.tectonic.ui:select:empty", "urn:alm:descriptor:com.tectonic.ui:select:external", "urn:alm:descriptor:com.tectonic.ui:select:minimal", "urn:alm:descriptor:com.tectonic.ui:select:preview", "urn:alm:descriptor:com.tectonic.ui:select:remote"} // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:hidden"} - // +kubebuilder:validation:Enum=ambient;default;demo;empty;external;minimal;openshift-ambient;openshift;preview;remote + // +kubebuilder:validation:Enum=ambient;default;demo;empty;external;minimal;openshift-ambient;openshift;preview;remote;stable Profile string `json:"profile,omitempty"` // Namespace to which the Istio components should be installed. diff --git a/api/v1alpha1/istiocni_types.go b/api/v1alpha1/istiocni_types.go index 11dca1d03..b4437f23f 100644 --- a/api/v1alpha1/istiocni_types.go +++ b/api/v1alpha1/istiocni_types.go @@ -37,10 +37,10 @@ type IstioCNISpec struct { // +sail:profile // The built-in installation configuration profile to use. // The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - // Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + // Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. // +++PROFILES-DROPDOWN-HIDDEN-UNTIL-WE-FULLY-IMPLEMENT-THEM+++operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Profile",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:ambient", "urn:alm:descriptor:com.tectonic.ui:select:default", "urn:alm:descriptor:com.tectonic.ui:select:demo", "urn:alm:descriptor:com.tectonic.ui:select:empty", "urn:alm:descriptor:com.tectonic.ui:select:external", "urn:alm:descriptor:com.tectonic.ui:select:minimal", "urn:alm:descriptor:com.tectonic.ui:select:preview", "urn:alm:descriptor:com.tectonic.ui:select:remote"} // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:hidden"} - // +kubebuilder:validation:Enum=ambient;default;demo;empty;external;minimal;openshift-ambient;openshift;preview;remote + // +kubebuilder:validation:Enum=ambient;default;demo;empty;external;minimal;openshift-ambient;openshift;preview;remote;stable Profile string `json:"profile,omitempty"` // Namespace to which the Istio CNI component should be installed. diff --git a/bundle/manifests/extensions.istio.io_wasmplugins.yaml b/bundle/manifests/extensions.istio.io_wasmplugins.yaml index 2a8108f71..e1a8532a5 100644 --- a/bundle/manifests/extensions.istio.io_wasmplugins.yaml +++ b/bundle/manifests/extensions.istio.io_wasmplugins.yaml @@ -120,6 +120,7 @@ spec: type: string priority: description: Determines ordering of `WasmPlugins` in the same `phase`. + format: int32 nullable: true type: integer selector: diff --git a/bundle/manifests/networking.istio.io_destinationrules.yaml b/bundle/manifests/networking.istio.io_destinationrules.yaml index c7f58b46e..39bda7540 100644 --- a/bundle/manifests/networking.istio.io_destinationrules.yaml +++ b/bundle/manifests/networking.istio.io_destinationrules.yaml @@ -152,6 +152,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -236,10 +238,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -248,6 +252,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -267,6 +272,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -327,6 +334,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -335,11 +344,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -448,6 +461,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -535,10 +550,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -548,6 +565,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -567,6 +585,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -628,6 +648,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -636,11 +658,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -670,6 +696,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -809,6 +837,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -901,6 +931,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -984,10 +1016,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -996,6 +1030,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1015,6 +1050,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1073,6 +1110,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1081,11 +1120,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1192,6 +1235,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -1276,10 +1321,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -1288,6 +1335,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1307,6 +1355,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1367,6 +1417,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1375,11 +1427,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1406,6 +1462,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1543,6 +1601,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -1699,6 +1759,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -1783,10 +1845,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -1795,6 +1859,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1814,6 +1879,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1874,6 +1941,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1882,11 +1951,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1995,6 +2068,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2082,10 +2157,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2095,6 +2172,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2114,6 +2192,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2175,6 +2255,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2183,11 +2265,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2217,6 +2303,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -2356,6 +2444,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -2448,6 +2538,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -2531,10 +2623,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -2543,6 +2637,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2562,6 +2657,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2620,6 +2717,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2628,11 +2727,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2739,6 +2842,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2823,10 +2928,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2835,6 +2942,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2854,6 +2962,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2914,6 +3024,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2922,11 +3034,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2953,6 +3069,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -3090,6 +3208,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -3246,6 +3366,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3330,10 +3452,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3342,6 +3466,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3361,6 +3486,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3421,6 +3548,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3429,11 +3558,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3542,6 +3675,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3629,10 +3764,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3642,6 +3779,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3661,6 +3799,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3722,6 +3862,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3730,11 +3872,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3764,6 +3910,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -3903,6 +4051,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -3995,6 +4145,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -4078,10 +4230,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -4090,6 +4244,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4109,6 +4264,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4167,6 +4324,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4175,11 +4334,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4286,6 +4449,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -4370,10 +4535,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -4382,6 +4549,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4401,6 +4569,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4461,6 +4631,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4469,11 +4641,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4500,6 +4676,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -4637,6 +4815,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost diff --git a/bundle/manifests/networking.istio.io_envoyfilters.yaml b/bundle/manifests/networking.istio.io_envoyfilters.yaml index cccef7eb3..4f50dc899 100644 --- a/bundle/manifests/networking.istio.io_envoyfilters.yaml +++ b/bundle/manifests/networking.istio.io_envoyfilters.yaml @@ -80,6 +80,8 @@ spec: portNumber: description: The service port for which this cluster was generated. + maximum: 4294967295 + minimum: 0 type: integer service: description: The fully qualified service name for this @@ -112,6 +114,8 @@ spec: destinationPort: description: The destination_port value used by a filter chain's match condition. + maximum: 4294967295 + minimum: 0 type: integer filter: description: The name of a specific filter to apply @@ -151,6 +155,8 @@ spec: portNumber: description: The service port/gateway port to which traffic is being sent/received. + maximum: 4294967295 + minimum: 0 type: integer type: object proxy: @@ -185,6 +191,8 @@ spec: description: The service port number or gateway server port number for which this route configuration was generated. + maximum: 4294967295 + minimum: 0 type: integer vhost: description: Match a specific virtual host in a route diff --git a/bundle/manifests/networking.istio.io_gateways.yaml b/bundle/manifests/networking.istio.io_gateways.yaml index 2034b6b7e..a5d29e784 100644 --- a/bundle/manifests/networking.istio.io_gateways.yaml +++ b/bundle/manifests/networking.istio.io_gateways.yaml @@ -66,11 +66,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -223,11 +227,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -380,11 +388,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number diff --git a/bundle/manifests/networking.istio.io_proxyconfigs.yaml b/bundle/manifests/networking.istio.io_proxyconfigs.yaml index edccbcb6f..38d1c488a 100644 --- a/bundle/manifests/networking.istio.io_proxyconfigs.yaml +++ b/bundle/manifests/networking.istio.io_proxyconfigs.yaml @@ -32,6 +32,7 @@ spec: properties: concurrency: description: The number of worker threads to run. + format: int32 nullable: true type: integer environmentVariables: diff --git a/bundle/manifests/networking.istio.io_serviceentries.yaml b/bundle/manifests/networking.istio.io_serviceentries.yaml index 81f47cbff..b6d7dec08 100644 --- a/bundle/manifests/networking.istio.io_serviceentries.yaml +++ b/bundle/manifests/networking.istio.io_serviceentries.yaml @@ -81,6 +81,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -90,6 +92,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -121,6 +125,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -128,6 +134,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -229,6 +237,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -238,6 +248,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -269,6 +281,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -276,6 +290,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -377,6 +393,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -386,6 +404,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -417,6 +437,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -424,6 +446,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number diff --git a/bundle/manifests/networking.istio.io_sidecars.yaml b/bundle/manifests/networking.istio.io_sidecars.yaml index dee309986..c078f97aa 100644 --- a/bundle/manifests/networking.istio.io_sidecars.yaml +++ b/bundle/manifests/networking.istio.io_sidecars.yaml @@ -64,11 +64,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -152,6 +156,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -260,6 +266,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -281,11 +289,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -396,6 +408,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -476,11 +490,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -564,6 +582,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -672,6 +692,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -693,11 +715,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -808,6 +834,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -888,11 +916,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -976,6 +1008,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -1084,6 +1118,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -1105,11 +1141,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1220,6 +1260,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: diff --git a/bundle/manifests/networking.istio.io_virtualservices.yaml b/bundle/manifests/networking.istio.io_virtualservices.yaml index 94bdd1790..ef165bd13 100644 --- a/bundle/manifests/networking.istio.io_virtualservices.yaml +++ b/bundle/manifests/networking.istio.io_virtualservices.yaml @@ -172,6 +172,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -397,6 +399,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -542,6 +546,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -551,9 +557,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -582,6 +592,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -636,10 +648,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -715,6 +731,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -794,6 +812,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -828,6 +848,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -872,6 +894,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -911,6 +935,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1089,6 +1115,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -1314,6 +1342,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -1459,6 +1489,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1468,9 +1500,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -1499,6 +1535,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1553,10 +1591,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -1632,6 +1674,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1711,6 +1755,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -1745,6 +1791,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1789,6 +1837,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -1828,6 +1878,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2006,6 +2058,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -2231,6 +2285,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -2376,6 +2432,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2385,9 +2443,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -2416,6 +2478,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2470,10 +2534,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -2549,6 +2617,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2628,6 +2698,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -2662,6 +2734,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2706,6 +2780,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -2745,6 +2821,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: diff --git a/bundle/manifests/networking.istio.io_workloadentries.yaml b/bundle/manifests/networking.istio.io_workloadentries.yaml index 455aa2221..05df3ba66 100644 --- a/bundle/manifests/networking.istio.io_workloadentries.yaml +++ b/bundle/manifests/networking.istio.io_workloadentries.yaml @@ -63,6 +63,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -72,6 +74,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -121,6 +125,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -130,6 +136,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -179,6 +187,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -188,6 +198,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: diff --git a/bundle/manifests/networking.istio.io_workloadgroups.yaml b/bundle/manifests/networking.istio.io_workloadgroups.yaml index 07040f3eb..508a309fa 100644 --- a/bundle/manifests/networking.istio.io_workloadgroups.yaml +++ b/bundle/manifests/networking.istio.io_workloadgroups.yaml @@ -110,6 +110,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -136,6 +138,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -167,6 +171,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -176,6 +182,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -275,6 +283,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -301,6 +311,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -332,6 +344,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -341,6 +355,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -442,6 +458,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -468,6 +486,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -499,6 +519,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -508,6 +530,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: diff --git a/bundle/manifests/operator.istio.io_istiocnis.yaml b/bundle/manifests/operator.istio.io_istiocnis.yaml index d4bf63b68..42d53e59b 100644 --- a/bundle/manifests/operator.istio.io_istiocnis.yaml +++ b/bundle/manifests/operator.istio.io_istiocnis.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: istiocnis.operator.istio.io spec: @@ -70,7 +70,7 @@ spec: description: |- The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. enum: - ambient - default @@ -82,6 +82,7 @@ spec: - openshift - preview - remote + - stable type: string values: description: Defines the values to be passed to the Helm charts when diff --git a/bundle/manifests/operator.istio.io_istiorevisions.yaml b/bundle/manifests/operator.istio.io_istiorevisions.yaml index 47c2df93f..f8f50ed6e 100644 --- a/bundle/manifests/operator.istio.io_istiorevisions.yaml +++ b/bundle/manifests/operator.istio.io_istiorevisions.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: istiorevisions.operator.istio.io spec: diff --git a/bundle/manifests/operator.istio.io_istios.yaml b/bundle/manifests/operator.istio.io_istios.yaml index 9a51f32b0..89aab8fa0 100644 --- a/bundle/manifests/operator.istio.io_istios.yaml +++ b/bundle/manifests/operator.istio.io_istios.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: istios.operator.istio.io spec: @@ -87,7 +87,7 @@ spec: description: |- The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. enum: - ambient - default @@ -99,6 +99,7 @@ spec: - openshift - preview - remote + - stable type: string updateStrategy: default: diff --git a/bundle/manifests/sail-operator-metrics-service_v1_service.yaml b/bundle/manifests/sail-operator-metrics-service_v1_service.yaml deleted file mode 100644 index a9c8664cd..000000000 --- a/bundle/manifests/sail-operator-metrics-service_v1_service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: sailoperator - app.kubernetes.io/instance: sail-operator-metrics-service - app.kubernetes.io/managed-by: helm - app.kubernetes.io/name: service - app.kubernetes.io/part-of: sailoperator - control-plane: sail-operator - name: sail-operator-metrics-service -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/created-by: sailoperator - app.kubernetes.io/part-of: sailoperator - control-plane: sail-operator -status: - loadBalancer: {} diff --git a/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml b/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml index b75662dd7..cf42d90ca 100644 --- a/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml +++ b/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml @@ -34,7 +34,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/maistra-dev/sail-operator:3.0-latest - createdAt: "2024-04-19T07:45:59Z" + createdAt: "2024-04-24T12:00:15Z" description: The OpenShift Service Mesh Operator enables you to install, configure, and manage an instance of Red Hat OpenShift Service Mesh. OpenShift Service Mesh is based on the open source Istio project. @@ -178,7 +178,8 @@ spec: - description: 'The built-in installation configuration profile to use. The ''default'' profile is always applied. On OpenShift, the ''openshift'' profile is also applied on top of ''default''. Must be one of: ambient, default, - demo, empty, external, minimal, openshift-ambient, openshift, preview, remote.' + demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, + stable.' displayName: Profile path: profile x-descriptors: @@ -272,7 +273,8 @@ spec: - description: 'The built-in installation configuration profile to use. The ''default'' profile is always applied. On OpenShift, the ''openshift'' profile is also applied on top of ''default''. Must be one of: ambient, default, - demo, empty, external, minimal, openshift-ambient, openshift, preview, remote.' + demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, + stable.' displayName: Profile path: profile x-descriptors: diff --git a/bundle/manifests/telemetry.istio.io_telemetries.yaml b/bundle/manifests/telemetry.istio.io_telemetries.yaml index a71a2f7af..2999b6bd9 100644 --- a/bundle/manifests/telemetry.istio.io_telemetries.yaml +++ b/bundle/manifests/telemetry.istio.io_telemetries.yaml @@ -333,6 +333,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true @@ -659,6 +660,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true diff --git a/chart/crds/extensions.istio.io_wasmplugins.yaml b/chart/crds/extensions.istio.io_wasmplugins.yaml index 70f8dfc5b..6f241cce2 100644 --- a/chart/crds/extensions.istio.io_wasmplugins.yaml +++ b/chart/crds/extensions.istio.io_wasmplugins.yaml @@ -120,6 +120,7 @@ spec: type: string priority: description: Determines ordering of `WasmPlugins` in the same `phase`. + format: int32 nullable: true type: integer selector: diff --git a/chart/crds/networking.istio.io_destinationrules.yaml b/chart/crds/networking.istio.io_destinationrules.yaml index 8e3fe2283..f27661cdd 100644 --- a/chart/crds/networking.istio.io_destinationrules.yaml +++ b/chart/crds/networking.istio.io_destinationrules.yaml @@ -151,6 +151,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -235,10 +237,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -247,6 +251,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -266,6 +271,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -326,6 +333,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -334,11 +343,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -447,6 +460,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -534,10 +549,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -547,6 +564,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -566,6 +584,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -627,6 +647,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -635,11 +657,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -669,6 +695,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -808,6 +836,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -900,6 +930,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -983,10 +1015,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -995,6 +1029,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1014,6 +1049,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1072,6 +1109,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1080,11 +1119,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1191,6 +1234,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -1275,10 +1320,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -1287,6 +1334,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1306,6 +1354,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1366,6 +1416,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1374,11 +1426,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1405,6 +1461,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1542,6 +1600,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -1698,6 +1758,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -1782,10 +1844,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -1794,6 +1858,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1813,6 +1878,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1873,6 +1940,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1881,11 +1950,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1994,6 +2067,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2081,10 +2156,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2094,6 +2171,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2113,6 +2191,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2174,6 +2254,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2182,11 +2264,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2216,6 +2302,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -2355,6 +2443,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -2447,6 +2537,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -2530,10 +2622,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -2542,6 +2636,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2561,6 +2656,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2619,6 +2716,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2627,11 +2726,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2738,6 +2841,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2822,10 +2927,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2834,6 +2941,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2853,6 +2961,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2913,6 +3023,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2921,11 +3033,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2952,6 +3068,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -3089,6 +3207,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -3245,6 +3365,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3329,10 +3451,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3341,6 +3465,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3360,6 +3485,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3420,6 +3547,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3428,11 +3557,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3541,6 +3674,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3628,10 +3763,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3641,6 +3778,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3660,6 +3798,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3721,6 +3861,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3729,11 +3871,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3763,6 +3909,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -3902,6 +4050,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -3994,6 +4144,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -4077,10 +4229,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -4089,6 +4243,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4108,6 +4263,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4166,6 +4323,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4174,11 +4333,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4285,6 +4448,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -4369,10 +4534,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -4381,6 +4548,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4400,6 +4568,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4460,6 +4630,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4468,11 +4640,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4499,6 +4675,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -4636,6 +4814,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost diff --git a/chart/crds/networking.istio.io_envoyfilters.yaml b/chart/crds/networking.istio.io_envoyfilters.yaml index 6166addaf..43cf891ab 100644 --- a/chart/crds/networking.istio.io_envoyfilters.yaml +++ b/chart/crds/networking.istio.io_envoyfilters.yaml @@ -79,6 +79,8 @@ spec: portNumber: description: The service port for which this cluster was generated. + maximum: 4294967295 + minimum: 0 type: integer service: description: The fully qualified service name for this @@ -111,6 +113,8 @@ spec: destinationPort: description: The destination_port value used by a filter chain's match condition. + maximum: 4294967295 + minimum: 0 type: integer filter: description: The name of a specific filter to apply @@ -150,6 +154,8 @@ spec: portNumber: description: The service port/gateway port to which traffic is being sent/received. + maximum: 4294967295 + minimum: 0 type: integer type: object proxy: @@ -184,6 +190,8 @@ spec: description: The service port number or gateway server port number for which this route configuration was generated. + maximum: 4294967295 + minimum: 0 type: integer vhost: description: Match a specific virtual host in a route diff --git a/chart/crds/networking.istio.io_gateways.yaml b/chart/crds/networking.istio.io_gateways.yaml index 6ea0bf907..987789ffe 100644 --- a/chart/crds/networking.istio.io_gateways.yaml +++ b/chart/crds/networking.istio.io_gateways.yaml @@ -65,11 +65,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -222,11 +226,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -379,11 +387,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number diff --git a/chart/crds/networking.istio.io_proxyconfigs.yaml b/chart/crds/networking.istio.io_proxyconfigs.yaml index 8763a7dd7..73644c1bc 100644 --- a/chart/crds/networking.istio.io_proxyconfigs.yaml +++ b/chart/crds/networking.istio.io_proxyconfigs.yaml @@ -31,6 +31,7 @@ spec: properties: concurrency: description: The number of worker threads to run. + format: int32 nullable: true type: integer environmentVariables: diff --git a/chart/crds/networking.istio.io_serviceentries.yaml b/chart/crds/networking.istio.io_serviceentries.yaml index 1ebaf3d10..90c3dddae 100644 --- a/chart/crds/networking.istio.io_serviceentries.yaml +++ b/chart/crds/networking.istio.io_serviceentries.yaml @@ -80,6 +80,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -89,6 +91,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -120,6 +124,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -127,6 +133,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -228,6 +236,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -237,6 +247,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -268,6 +280,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -275,6 +289,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -376,6 +392,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -385,6 +403,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -416,6 +436,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -423,6 +445,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number diff --git a/chart/crds/networking.istio.io_sidecars.yaml b/chart/crds/networking.istio.io_sidecars.yaml index 8bf57e6e5..52bae793f 100644 --- a/chart/crds/networking.istio.io_sidecars.yaml +++ b/chart/crds/networking.istio.io_sidecars.yaml @@ -63,11 +63,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -151,6 +155,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -259,6 +265,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -280,11 +288,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -395,6 +407,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -475,11 +489,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -563,6 +581,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -671,6 +691,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -692,11 +714,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -807,6 +833,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -887,11 +915,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -975,6 +1007,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -1083,6 +1117,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -1104,11 +1140,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1219,6 +1259,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: diff --git a/chart/crds/networking.istio.io_virtualservices.yaml b/chart/crds/networking.istio.io_virtualservices.yaml index ce2bf0fca..70416a985 100644 --- a/chart/crds/networking.istio.io_virtualservices.yaml +++ b/chart/crds/networking.istio.io_virtualservices.yaml @@ -171,6 +171,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -396,6 +398,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -541,6 +545,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -550,9 +556,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -581,6 +591,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -635,10 +647,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -714,6 +730,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -793,6 +811,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -827,6 +847,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -871,6 +893,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -910,6 +934,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1088,6 +1114,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -1313,6 +1341,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -1458,6 +1488,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1467,9 +1499,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -1498,6 +1534,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1552,10 +1590,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -1631,6 +1673,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1710,6 +1754,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -1744,6 +1790,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -1788,6 +1836,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -1827,6 +1877,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2005,6 +2057,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -2230,6 +2284,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -2375,6 +2431,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2384,9 +2442,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -2415,6 +2477,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2469,10 +2533,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -2548,6 +2616,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2627,6 +2697,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -2661,6 +2733,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -2705,6 +2779,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -2744,6 +2820,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: diff --git a/chart/crds/networking.istio.io_workloadentries.yaml b/chart/crds/networking.istio.io_workloadentries.yaml index 14cb96292..0e5613a0c 100644 --- a/chart/crds/networking.istio.io_workloadentries.yaml +++ b/chart/crds/networking.istio.io_workloadentries.yaml @@ -62,6 +62,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -71,6 +73,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -120,6 +124,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -129,6 +135,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -178,6 +186,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -187,6 +197,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: diff --git a/chart/crds/networking.istio.io_workloadgroups.yaml b/chart/crds/networking.istio.io_workloadgroups.yaml index 57530cc33..ff5d1b3b6 100644 --- a/chart/crds/networking.istio.io_workloadgroups.yaml +++ b/chart/crds/networking.istio.io_workloadgroups.yaml @@ -109,6 +109,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -135,6 +137,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -166,6 +170,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -175,6 +181,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -274,6 +282,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -300,6 +310,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -331,6 +343,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -340,6 +354,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -441,6 +457,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -467,6 +485,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -498,6 +518,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -507,6 +529,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: diff --git a/chart/crds/operator.istio.io_istiocnis.yaml b/chart/crds/operator.istio.io_istiocnis.yaml index b947f710b..e64b1b7f3 100644 --- a/chart/crds/operator.istio.io_istiocnis.yaml +++ b/chart/crds/operator.istio.io_istiocnis.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: istiocnis.operator.istio.io spec: group: operator.istio.io @@ -70,7 +70,7 @@ spec: description: |- The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. enum: - ambient - default @@ -82,6 +82,7 @@ spec: - openshift - preview - remote + - stable type: string values: description: Defines the values to be passed to the Helm charts when diff --git a/chart/crds/operator.istio.io_istiorevisions.yaml b/chart/crds/operator.istio.io_istiorevisions.yaml index f2ed71bf4..aa225caf9 100644 --- a/chart/crds/operator.istio.io_istiorevisions.yaml +++ b/chart/crds/operator.istio.io_istiorevisions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: istiorevisions.operator.istio.io spec: group: operator.istio.io diff --git a/chart/crds/operator.istio.io_istios.yaml b/chart/crds/operator.istio.io_istios.yaml index 349a94566..91212cb41 100644 --- a/chart/crds/operator.istio.io_istios.yaml +++ b/chart/crds/operator.istio.io_istios.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: istios.operator.istio.io spec: group: operator.istio.io @@ -87,7 +87,7 @@ spec: description: |- The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. - Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote. + Must be one of: ambient, default, demo, empty, external, minimal, openshift-ambient, openshift, preview, remote, stable. enum: - ambient - default @@ -99,6 +99,7 @@ spec: - openshift - preview - remote + - stable type: string updateStrategy: default: diff --git a/chart/crds/telemetry.istio.io_telemetries.yaml b/chart/crds/telemetry.istio.io_telemetries.yaml index 7f5578823..3ea0d3000 100644 --- a/chart/crds/telemetry.istio.io_telemetries.yaml +++ b/chart/crds/telemetry.istio.io_telemetries.yaml @@ -332,6 +332,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true @@ -658,6 +659,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true diff --git a/chart/values.yaml b/chart/values.yaml index 2fa051c0b..3451969d5 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -17,7 +17,7 @@ csv: This version of the operator supports the following Istio versions: - v1.21.0 - - latest (bf9fd612) + - latest (713cd5d1) [See this page](https://github.com/istio-ecosystem/sail-operator/blob/pre-main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha index cea32550f..e8b9cef8d 100644 --- a/common/.commonfiles.sha +++ b/common/.commonfiles.sha @@ -1 +1 @@ -9088296b1343d1a3b2e3f822f6d7942ff2de7a15 +e815dd568ad11e92eb49f05df6e5218dc89e159f diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh index 50866ae13..f0b871340 100755 --- a/common/scripts/setup_env.sh +++ b/common/scripts/setup_env.sh @@ -75,7 +75,7 @@ fi TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io} PROJECT_ID=${PROJECT_ID:-istio-testing} if [[ "${IMAGE_VERSION:-}" == "" ]]; then - IMAGE_VERSION=master-f24be7b713480aab44d862ac839ead0b5324d593 + IMAGE_VERSION=master-8fb9ce88f6ad4cdd35c1660cd0ad0ab67eff4c6c fi if [[ "${IMAGE_NAME:-}" == "" ]]; then IMAGE_NAME=build-tools diff --git a/controllers/istio/istio_controller.go b/controllers/istio/istio_controller.go index 7ebbaecbf..1e5f44617 100644 --- a/controllers/istio/istio_controller.go +++ b/controllers/istio/istio_controller.go @@ -85,11 +85,8 @@ func (r *Reconciler) Reconcile(ctx context.Context, istio *v1alpha1.Istio) (ctrl // doReconcile is the function that actually reconciles the Istio object. Any error reported by this // function should get reported in the status of the Istio object by the caller. func (r *Reconciler) doReconcile(ctx context.Context, istio *v1alpha1.Istio) (result ctrl.Result, err error) { - if istio.Spec.Version == "" { - return ctrl.Result{}, reconciler.NewValidationError("no spec.version set") - } - if istio.Spec.Namespace == "" { - return ctrl.Result{}, reconciler.NewValidationError("no spec.namespace set") + if err := validateIstio(istio); err != nil { + return ctrl.Result{}, err } var values *v1alpha1.Values @@ -104,6 +101,16 @@ func (r *Reconciler) doReconcile(ctx context.Context, istio *v1alpha1.Istio) (re return r.pruneInactiveRevisions(ctx, istio) } +func validateIstio(istio *v1alpha1.Istio) error { + if istio.Spec.Version == "" { + return reconciler.NewValidationError("no spec.version set") + } + if istio.Spec.Namespace == "" { + return reconciler.NewValidationError("no spec.namespace set") + } + return nil +} + func (r *Reconciler) reconcileActiveRevision(ctx context.Context, istio *v1alpha1.Istio, values *v1alpha1.Values) error { log := logf.FromContext(ctx) @@ -116,7 +123,9 @@ func (r *Reconciler) reconcileActiveRevision(ctx context.Context, istio *v1alpha rev.Spec.Version = istio.Spec.Version rev.Spec.Values = values log.Info("Updating IstioRevision") - err = r.Client.Update(ctx, &rev) + if err = r.Client.Update(ctx, &rev); err != nil { + return fmt.Errorf("failed to update IstioRevision %q: %w", rev.Name, err) + } } else if apierrors.IsNotFound(err) { // create new rev = v1alpha1.IstioRevision{ @@ -140,16 +149,21 @@ func (r *Reconciler) reconcileActiveRevision(ctx context.Context, istio *v1alpha }, } log.Info("Creating IstioRevision") - err = r.Client.Create(ctx, &rev) + if err = r.Client.Create(ctx, &rev); err != nil { + return fmt.Errorf("failed to create IstioRevision %q: %w", rev.Name, err) + } } - return err + if err != nil { + return fmt.Errorf("failed to get active IstioRevision: %w", err) + } + return nil } func (r *Reconciler) pruneInactiveRevisions(ctx context.Context, istio *v1alpha1.Istio) (ctrl.Result, error) { log := logf.FromContext(ctx) revisions, err := r.getRevisions(ctx, istio) if err != nil { - return ctrl.Result{}, err + return ctrl.Result{}, fmt.Errorf("failed to get revisions: %w", err) } // the following code does two things: @@ -174,7 +188,7 @@ func (r *Reconciler) pruneInactiveRevisions(ctx context.Context, istio *v1alpha1 log.Info("Deleting expired IstioRevision", "IstioRevision", rev.Name) err = r.Client.Delete(ctx, &rev) if err != nil { - return ctrl.Result{}, err + return ctrl.Result{}, fmt.Errorf("delete failed: %w", err) } } else { log.V(2).Info("IstioRevision is not in use, but hasn't yet expired", "IstioRevision", rev.Name, "InUseLastTransitionTime", inUseCondition.LastTransitionTime) @@ -210,13 +224,16 @@ func getPruningGracePeriod(istio *v1alpha1.Istio) time.Duration { func (r *Reconciler) getActiveRevision(ctx context.Context, istio *v1alpha1.Istio) (v1alpha1.IstioRevision, error) { rev := v1alpha1.IstioRevision{} err := r.Client.Get(ctx, getActiveRevisionKey(istio), &rev) - return rev, err + if err != nil { + return rev, fmt.Errorf("get failed: %w", err) + } + return rev, nil } func (r *Reconciler) getRevisions(ctx context.Context, istio *v1alpha1.Istio) ([]v1alpha1.IstioRevision, error) { revList := v1alpha1.IstioRevisionList{} if err := r.Client.List(ctx, &revList); err != nil { - return nil, err + return nil, fmt.Errorf("list failed: %w", err) } var revisions []v1alpha1.IstioRevision @@ -276,12 +293,12 @@ func computeIstioRevisionValues(istio *v1alpha1.Istio, defaultProfile string, re // apply userValues on top of defaultValues from profiles mergedHelmValues, err := profiles.Apply(getProfilesDir(resourceDir, istio), defaultProfile, istio.Spec.Profile, helm.FromValues(userValues)) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to apply profile: %w", err) } values, err := helm.ToValues(mergedHelmValues, &v1alpha1.Values{}) if err != nil { - return nil, err + return nil, fmt.Errorf("conversion to Helm values failed: %w", err) } // override values that are not configurable by the user @@ -423,7 +440,7 @@ func (r *Reconciler) determineStatus(ctx context.Context, istio *v1alpha1.Istio, status.SetCondition(activeRevisionGetFailed(v1alpha1.IstioConditionReconciled)) status.SetCondition(activeRevisionGetFailed(v1alpha1.IstioConditionReady)) status.State = v1alpha1.IstioReasonFailedToGetActiveRevision - errs.Add(err) + errs.Add(fmt.Errorf("failed to get active IstioRevision: %w", err)) } } @@ -452,10 +469,14 @@ func (r *Reconciler) determineStatus(ctx context.Context, istio *v1alpha1.Istio, func (r *Reconciler) updateStatus(ctx context.Context, istio *v1alpha1.Istio, reconcileErr error) error { var errs errlist.Builder status, err := r.determineStatus(ctx, istio, reconcileErr) - errs.Add(err) + if err != nil { + errs.Add(fmt.Errorf("failed to determine status: %w", err)) + } if !reflect.DeepEqual(istio.Status, status) { - errs.Add(r.Client.Status().Patch(ctx, istio, kube.NewStatusPatch(status))) + if err := r.Client.Status().Patch(ctx, istio, kube.NewStatusPatch(status)); err != nil { + errs.Add(fmt.Errorf("failed to patch status: %w", err)) + } } return errs.Error() } diff --git a/controllers/istio/istio_controller_test.go b/controllers/istio/istio_controller_test.go index bd10e2aff..a0109a126 100644 --- a/controllers/istio/istio_controller_test.go +++ b/controllers/istio/istio_controller_test.go @@ -391,13 +391,13 @@ func TestDetermineStatus(t *testing.T) { Type: v1alpha1.IstioConditionReconciled, Status: metav1.ConditionUnknown, Reason: v1alpha1.IstioReasonFailedToGetActiveRevision, - Message: "failed to get active IstioRevision: simulated error", + Message: "failed to get active IstioRevision: get failed: simulated error", }, { Type: v1alpha1.IstioConditionReady, Status: metav1.ConditionUnknown, Reason: v1alpha1.IstioReasonFailedToGetActiveRevision, - Message: "failed to get active IstioRevision: simulated error", + Message: "failed to get active IstioRevision: get failed: simulated error", }, }, Revisions: v1alpha1.RevisionSummary{}, diff --git a/controllers/istiocni/istiocni_controller.go b/controllers/istiocni/istiocni_controller.go index 747b33ea8..acbf17c8b 100644 --- a/controllers/istiocni/istiocni_controller.go +++ b/controllers/istiocni/istiocni_controller.go @@ -36,6 +36,7 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -46,7 +47,10 @@ import ( "istio.io/istio/pkg/ptr" ) -const cniReleaseName = "istio-cni" +const ( + cniReleaseName = "istio-cni" + cniChartName = "cni" +) // Reconciler reconciles an IstioCNI object type Reconciler struct { @@ -92,12 +96,7 @@ func NewReconciler( func (r *Reconciler) Reconcile(ctx context.Context, cni *v1alpha1.IstioCNI) (ctrl.Result, error) { log := logf.FromContext(ctx) - if err := validateIstioCNI(cni); err != nil { - return ctrl.Result{}, err - } - - log.Info("Installing components") - reconcileErr := r.installHelmChart(ctx, cni) + reconcileErr := r.doReconcile(ctx, cni) log.Info("Reconciliation done. Updating status.") statusErr := r.updateStatus(ctx, cni, reconcileErr) @@ -109,13 +108,30 @@ func (r *Reconciler) Finalize(ctx context.Context, cni *v1alpha1.IstioCNI) error return r.uninstallHelmChart(ctx, cni) } -func validateIstioCNI(cni *v1alpha1.IstioCNI) error { +func (r *Reconciler) doReconcile(ctx context.Context, cni *v1alpha1.IstioCNI) error { + log := logf.FromContext(ctx) + if err := r.validateIstioCNI(ctx, cni); err != nil { + return err + } + + log.Info("Installing Helm chart") + return r.installHelmChart(ctx, cni) +} + +func (r *Reconciler) validateIstioCNI(ctx context.Context, cni *v1alpha1.IstioCNI) error { if cni.Spec.Version == "" { return reconciler.NewValidationError("spec.version not set") } if cni.Spec.Namespace == "" { return reconciler.NewValidationError("spec.namespace not set") } + + if err := r.Client.Get(ctx, types.NamespacedName{Name: cni.Spec.Namespace}, &corev1.Namespace{}); err != nil { + if apierrors.IsNotFound(err) { + return reconciler.NewValidationError(fmt.Sprintf("namespace %q doesn't exist", cni.Spec.Namespace)) + } + return fmt.Errorf("get failed: %w", err) + } return nil } @@ -138,15 +154,18 @@ func (r *Reconciler) installHelmChart(ctx context.Context, cni *v1alpha1.IstioCN // apply userValues on top of defaultValues from profiles mergedHelmValues, err := profiles.Apply(getProfilesDir(r.ResourceDirectory, cni), r.DefaultProfile, cni.Spec.Profile, helm.FromValues(userValues)) if err != nil { - return err + return fmt.Errorf("failed to apply profile: %w", err) } _, err = r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(cni), mergedHelmValues, cni.Spec.Namespace, cniReleaseName, ownerReference) - return err + if err != nil { + return fmt.Errorf("failed to install/update Helm chart %q: %w", cniChartName, err) + } + return nil } func (r *Reconciler) getChartDir(cni *v1alpha1.IstioCNI) string { - return path.Join(r.ResourceDirectory, cni.Spec.Version, "charts", "cni") + return path.Join(r.ResourceDirectory, cni.Spec.Version, "charts", cniChartName) } func getProfilesDir(resourceDir string, cni *v1alpha1.IstioCNI) string { @@ -176,7 +195,10 @@ func applyImageDigests(cni *v1alpha1.IstioCNI, values *v1alpha1.CNIValues, confi func (r *Reconciler) uninstallHelmChart(ctx context.Context, cni *v1alpha1.IstioCNI) error { _, err := r.ChartManager.UninstallChart(ctx, cniReleaseName, cni.Spec.Namespace) - return err + if err != nil { + return fmt.Errorf("failed to uninstall Helm chart %q: %w", cniChartName, err) + } + return nil } // SetupWithManager sets up the controller with the Manager. @@ -230,10 +252,14 @@ func (r *Reconciler) updateStatus(ctx context.Context, cni *v1alpha1.IstioCNI, r var errs errlist.Builder status, err := r.determineStatus(ctx, cni, reconcileErr) - errs.Add(err) + if err != nil { + errs.Add(fmt.Errorf("failed to determine status: %w", err)) + } if !reflect.DeepEqual(cni.Status, status) { - errs.Add(r.Client.Status().Patch(ctx, cni, kube.NewStatusPatch(status))) + if err := r.Client.Status().Patch(ctx, cni, kube.NewStatusPatch(status)); err != nil { + errs.Add(fmt.Errorf("failed to patch status: %w", err)) + } } return errs.Error() } @@ -284,7 +310,7 @@ func (r *Reconciler) determineReadyCondition(ctx context.Context, cni *v1alpha1. c.Status = metav1.ConditionUnknown c.Reason = v1alpha1.IstioCNIReasonReadinessCheckFailed c.Message = fmt.Sprintf("failed to get readiness: %v", err) - return c, err + return c, fmt.Errorf("get failed: %w", err) } return c, nil } diff --git a/controllers/istiorevision/istiorevision_controller.go b/controllers/istiorevision/istiorevision_controller.go index bbb2a2e50..ccd3263fb 100644 --- a/controllers/istiorevision/istiorevision_controller.go +++ b/controllers/istiorevision/istiorevision_controller.go @@ -58,6 +58,8 @@ const ( IstioInjectionEnabledValue = "enabled" IstioRevLabel = "istio.io/rev" IstioSidecarInjectLabel = "sidecar.istio.io/inject" + + istiodChartName = "istiod" ) // Reconciler reconciles an IstioRevision object @@ -100,12 +102,7 @@ func NewReconciler(client client.Client, scheme *runtime.Scheme, resourceDir str func (r *Reconciler) Reconcile(ctx context.Context, rev *v1alpha1.IstioRevision) (ctrl.Result, error) { log := logf.FromContext(ctx) - if err := validateIstioRevision(rev); err != nil { - return ctrl.Result{}, err - } - - log.Info("Installing components") - reconcileErr := r.installHelmCharts(ctx, rev) + reconcileErr := r.doReconcile(ctx, rev) log.Info("Reconciliation done. Updating status.") statusErr := r.updateStatus(ctx, rev, reconcileErr) @@ -113,17 +110,34 @@ func (r *Reconciler) Reconcile(ctx context.Context, rev *v1alpha1.IstioRevision) return ctrl.Result{}, errors.Join(reconcileErr, statusErr) } +func (r *Reconciler) doReconcile(ctx context.Context, rev *v1alpha1.IstioRevision) error { + log := logf.FromContext(ctx) + if err := r.validateIstioRevision(ctx, rev); err != nil { + return err + } + + log.Info("Installing Helm chart") + return r.installHelmCharts(ctx, rev) +} + func (r *Reconciler) Finalize(ctx context.Context, rev *v1alpha1.IstioRevision) error { return r.uninstallHelmCharts(ctx, rev) } -func validateIstioRevision(rev *v1alpha1.IstioRevision) error { +func (r *Reconciler) validateIstioRevision(ctx context.Context, rev *v1alpha1.IstioRevision) error { if rev.Spec.Version == "" { return reconciler.NewValidationError("spec.version not set") } if rev.Spec.Namespace == "" { return reconciler.NewValidationError("spec.namespace not set") } + if err := r.Client.Get(ctx, types.NamespacedName{Name: rev.Spec.Namespace}, &corev1.Namespace{}); err != nil { + if apierrors.IsNotFound(err) { + return reconciler.NewValidationError(fmt.Sprintf("namespace %q doesn't exist", rev.Spec.Namespace)) + } + return fmt.Errorf("get failed: %w", err) + } + if rev.Spec.Values == nil { return reconciler.NewValidationError("spec.values not set") } @@ -151,21 +165,25 @@ func (r *Reconciler) installHelmCharts(ctx context.Context, rev *v1alpha1.IstioR } values := helm.FromValues(rev.Spec.Values) - _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(rev, "istiod"), values, rev.Spec.Namespace, getReleaseName(rev, "istiod"), ownerReference) - return err + _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(rev), + values, rev.Spec.Namespace, getReleaseName(rev, istiodChartName), ownerReference) + if err != nil { + return fmt.Errorf("failed to install/update Helm chart %q: %w", istiodChartName, err) + } + return nil } func getReleaseName(rev *v1alpha1.IstioRevision, chartName string) string { return fmt.Sprintf("%s-%s", rev.Name, chartName) } -func (r *Reconciler) getChartDir(rev *v1alpha1.IstioRevision, chartName string) string { - return path.Join(r.ResourceDirectory, rev.Spec.Version, "charts", chartName) +func (r *Reconciler) getChartDir(rev *v1alpha1.IstioRevision) string { + return path.Join(r.ResourceDirectory, rev.Spec.Version, "charts", istiodChartName) } func (r *Reconciler) uninstallHelmCharts(ctx context.Context, rev *v1alpha1.IstioRevision) error { - if _, err := r.ChartManager.UninstallChart(ctx, getReleaseName(rev, "istiod"), rev.Spec.Namespace); err != nil { - return err + if _, err := r.ChartManager.UninstallChart(ctx, getReleaseName(rev, istiodChartName), rev.Spec.Namespace); err != nil { + return fmt.Errorf("failed to uninstall Helm chart %q: %w", istiodChartName, err) } return nil } @@ -175,8 +193,12 @@ func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error { // ownedResourceHandler handles resources that are owned by the IstioRevision CR ownedResourceHandler := handler.EnqueueRequestForOwner(r.Scheme, r.RESTMapper(), &v1alpha1.IstioRevision{}, handler.OnlyControllerOwner()) - // nsHandler handles namespaces that reference the IstioRevision CR via the istio.io/rev or istio-injection labels. - // The handler triggers the reconciliation of the referenced IstioRevision CR so that its InUse condition is updated. + // nsHandler triggers reconciliation in two cases: + // - when a namespace that is referenced in IstioRevision.spec.namespace is + // created, so that the control plane is installed immediately. + // - when a namespace that references the IstioRevision CR via the istio.io/rev + // or istio-injection labels is updated, so that the InUse condition of + // the IstioRevision CR is updated. nsHandler := handler.EnqueueRequestsFromMapFunc(r.mapNamespaceToReconcileRequest) // podHandler handles pods that reference the IstioRevision CR via the istio.io/rev or sidecar.istio.io/inject labels. @@ -220,6 +242,8 @@ func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error { ownedResourceHandler, builder.WithPredicates(validatingWebhookConfigPredicate{})). + // +lint-watches:ignore: ValidatingAdmissionPolicy (TODO: fix this when CI supports golang 1.22 and k8s 1.30) + // +lint-watches:ignore: ValidatingAdmissionPolicyBinding (TODO: fix this when CI supports golang 1.22 and k8s 1.30) // +lint-watches:ignore: CustomResourceDefinition (prevents `make lint-watches` from bugging us about CRDs) Complete(reconciler.NewStandardReconcilerWithFinalizer(r.Client, &v1alpha1.IstioRevision{}, r.Reconcile, r.Finalize, constants.FinalizerName)) } @@ -246,10 +270,14 @@ func (r *Reconciler) updateStatus(ctx context.Context, rev *v1alpha1.IstioRevisi var errs errlist.Builder status, err := r.determineStatus(ctx, rev, reconcileErr) - errs.Add(err) + if err != nil { + errs.Add(fmt.Errorf("failed to determine status: %w", err)) + } if !reflect.DeepEqual(rev.Status, status) { - errs.Add(r.Client.Status().Patch(ctx, rev, kube.NewStatusPatch(status))) + if err := r.Client.Status().Patch(ctx, rev, kube.NewStatusPatch(status)); err != nil { + errs.Add(fmt.Errorf("failed to patch status: %w", err)) + } } return errs.Error() } @@ -300,7 +328,7 @@ func (r *Reconciler) determineReadyCondition(ctx context.Context, rev *v1alpha1. c.Status = metav1.ConditionUnknown c.Reason = v1alpha1.IstioRevisionReasonReadinessCheckFailed c.Message = fmt.Sprintf("failed to get readiness: %v", err) - return c, err + return c, fmt.Errorf("get failed: %w", err) } return c, nil } @@ -319,12 +347,12 @@ func (r *Reconciler) determineInUseCondition(ctx context.Context, rev *v1alpha1. c.Reason = v1alpha1.IstioRevisionReasonNotReferenced c.Message = "Not referenced by any pod or namespace" } - } else { - c.Status = metav1.ConditionUnknown - c.Reason = v1alpha1.IstioRevisionReasonUsageCheckFailed - c.Message = fmt.Sprintf("failed to determine if revision is in use: %v", err) + return c, nil } - return c, err + c.Status = metav1.ConditionUnknown + c.Reason = v1alpha1.IstioRevisionReasonUsageCheckFailed + c.Message = fmt.Sprintf("failed to determine if revision is in use: %v", err) + return c, fmt.Errorf("failed to determine if IstioRevision is in use: %w", err) } func (r *Reconciler) isRevisionReferencedByWorkloads(ctx context.Context, rev *v1alpha1.IstioRevision) (bool, error) { @@ -332,7 +360,7 @@ func (r *Reconciler) isRevisionReferencedByWorkloads(ctx context.Context, rev *v nsList := corev1.NamespaceList{} nsMap := map[string]corev1.Namespace{} if err := r.Client.List(ctx, &nsList); err != nil { // TODO: can we optimize this by specifying a label selector - return false, err + return false, fmt.Errorf("failed to list namespaces: %w", err) } for _, ns := range nsList.Items { if namespaceReferencesRevision(ns, rev) { @@ -344,7 +372,7 @@ func (r *Reconciler) isRevisionReferencedByWorkloads(ctx context.Context, rev *v podList := corev1.PodList{} if err := r.Client.List(ctx, &podList); err != nil { // TODO: can we optimize this by specifying a label selector - return false, err + return false, fmt.Errorf("failed to list pods: %w", err) } for _, pod := range podList.Items { if ns, found := nsMap[pod.Namespace]; found && podReferencesRevision(pod, ns, rev) { @@ -421,11 +449,27 @@ func istiodDeploymentKey(rev *v1alpha1.IstioRevision) client.ObjectKey { } func (r *Reconciler) mapNamespaceToReconcileRequest(ctx context.Context, ns client.Object) []reconcile.Request { + log := logf.FromContext(ctx) + var requests []reconcile.Request + + // Check if any IstioRevision references this namespace in .spec.namespace + revList := v1alpha1.IstioRevisionList{} + if err := r.Client.List(ctx, &revList); err != nil { + log.Error(err, "failed to list IstioRevisions") + return nil + } + for _, rev := range revList.Items { + if rev.Spec.Namespace == ns.GetName() { + requests = append(requests, reconcile.Request{NamespacedName: types.NamespacedName{Name: rev.Name}}) + } + } + + // Check if the namespace references an IstioRevision in its labels revision := getReferencedRevisionFromNamespace(ns.GetLabels()) if revision != "" { - return []reconcile.Request{{NamespacedName: types.NamespacedName{Name: revision}}} + requests = append(requests, reconcile.Request{NamespacedName: types.NamespacedName{Name: revision}}) } - return nil + return requests } func (r *Reconciler) mapPodToReconcileRequest(ctx context.Context, pod client.Object) []reconcile.Request { diff --git a/hack/lint-watches.sh b/hack/lint-watches.sh index cd90a922d..2e6bc1808 100755 --- a/hack/lint-watches.sh +++ b/hack/lint-watches.sh @@ -47,7 +47,7 @@ check_watches() { # Print missing lines, if any if [[ ${#missing_kinds[@]} -gt 0 ]]; then - printf "The following kinds aren't watched in %s:\n" "$controllerPath" + printf "FAIL: The following kinds aren't watched in %s:\n" "$controllerPath" for line in "${missing_kinds[@]}"; do printf " - %s\n" "$line" done diff --git a/hack/update-istio.sh b/hack/update-istio.sh index 11b8a26a6..9c9f4aa47 100755 --- a/hack/update-istio.sh +++ b/hack/update-istio.sh @@ -40,8 +40,12 @@ echo FULL_VERSION=$(curl -sSfL "${URL}") echo Full version: "${FULL_VERSION}" -yq -i '(.versions[] | select(.name == "latest") | .commit) = "'"${COMMIT}"'"' "${VERSIONS_YAML_FILE}" +PARTIAL_VERSION="${FULL_VERSION%.*}" +echo Partial version: "${PARTIAL_VERSION}" + yq -i ' + (.versions[] | select(.name == "latest") | .version) = "'"${PARTIAL_VERSION}"'" | + (.versions[] | select(.name == "latest") | .commit) = "'"${COMMIT}"'" | (.versions[] | select(.name == "latest") | .charts) = [ "https://storage.googleapis.com/istio-build/dev/'"${FULL_VERSION}"'/helm/base-'"${FULL_VERSION}"'.tgz", "https://storage.googleapis.com/istio-build/dev/'"${FULL_VERSION}"'/helm/cni-'"${FULL_VERSION}"'.tgz", diff --git a/pkg/helm/values.go b/pkg/helm/values.go index 326aed6b6..1538e9031 100644 --- a/pkg/helm/values.go +++ b/pkg/helm/values.go @@ -61,7 +61,7 @@ func FromValues(values any) Values { func ToValues[V any](helmValues Values, values V) (V, error) { data, err := json.Marshal(helmValues) if err != nil { - return values, err + return values, fmt.Errorf("failed to marshal Values struct: %w", err) } decoder := json.NewDecoder(strings.NewReader(string(data))) diff --git a/pkg/kube/key.go b/pkg/kube/key.go new file mode 100644 index 000000000..116359fd3 --- /dev/null +++ b/pkg/kube/key.go @@ -0,0 +1,27 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package kube + +import "sigs.k8s.io/controller-runtime/pkg/client" + +// key returns the client.ObjectKey for the given name and namespace. If no namespace is provided, it returns a key cluster scoped +func Key(name string, namespace ...string) client.ObjectKey { + if len(namespace) > 1 { + panic("you can only provide one namespace") + } else if len(namespace) == 1 { + return client.ObjectKey{Name: name, Namespace: namespace[0]} + } + return client.ObjectKey{Name: name} +} diff --git a/pkg/profiles/profiles.go b/pkg/profiles/profiles.go index ba3d1508d..4476b5bf1 100644 --- a/pkg/profiles/profiles.go +++ b/pkg/profiles/profiles.go @@ -28,9 +28,10 @@ import ( ) func Apply(profilesDir string, defaultProfile, userProfile string, userValues helm.Values) (helm.Values, error) { - defaultValues, err := getValuesFromProfiles(profilesDir, resolve(defaultProfile, userProfile)) + profile := resolve(defaultProfile, userProfile) + defaultValues, err := getValuesFromProfiles(profilesDir, profile) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to get values from profile %q: %w", profile, err) } return mergeOverwrite(defaultValues, userValues), nil } diff --git a/pkg/reconciler/errors.go b/pkg/reconciler/errors.go index fa632bfbb..3fd452990 100644 --- a/pkg/reconciler/errors.go +++ b/pkg/reconciler/errors.go @@ -21,7 +21,7 @@ type ValidationError struct { } func (v ValidationError) Error() string { - return v.message + return "validation error: " + v.message } func NewValidationError(message string) error { diff --git a/pkg/reconciler/reconciler.go b/pkg/reconciler/reconciler.go index 2524b1114..af517de19 100644 --- a/pkg/reconciler/reconciler.go +++ b/pkg/reconciler/reconciler.go @@ -79,36 +79,33 @@ func (r *StandardReconciler[T]) Reconcile(ctx context.Context, req ctrl.Request) } if !obj.GetDeletionTimestamp().IsZero() { - if r.finalizationEnabled() { - if kube.HasFinalizer(obj, r.finalizer) { - if err := r.finalize(ctx, obj); err != nil { - return ctrl.Result{}, err - } - return kube.RemoveFinalizer(ctx, r.client, obj, r.finalizer) + if r.finalizationEnabled() && kube.HasFinalizer(obj, r.finalizer) { + if err := r.finalize(ctx, obj); err != nil { + return ctrl.Result{}, err } + return kube.RemoveFinalizer(ctx, r.client, obj, r.finalizer) } return ctrl.Result{}, nil } - if r.finalizationEnabled() { - if !kube.HasFinalizer(obj, r.finalizer) { - return kube.AddFinalizer(ctx, r.client, obj, r.finalizer) - } + if r.finalizationEnabled() && !kube.HasFinalizer(obj, r.finalizer) { + return kube.AddFinalizer(ctx, r.client, obj, r.finalizer) } result, err := r.reconcile(ctx, obj) - - if errors.IsForbidden(err) && strings.Contains(err.Error(), "RESTMapping") { + switch { + case errors.IsForbidden(err) && strings.Contains(err.Error(), "RESTMapping"): log.Info("APIServer seems to be not ready - RESTMapper of gc admission plugin is not up to date. Retrying...", "error", err) return ctrl.Result{Requeue: true}, nil - } else if errors.IsConflict(err) { + case errors.IsConflict(err): log.Info("Conflict detected. Retrying...") return ctrl.Result{Requeue: true}, nil - } else if IsValidationError(err) { + case IsValidationError(err): log.Info("Validation failed", "error", err) return ctrl.Result{}, nil + default: + return result, err } - return result, err } func (r *StandardReconciler[T]) finalizationEnabled() bool { diff --git a/resources/latest/charts/base/Chart.yaml b/resources/latest/charts/base/Chart.yaml index 05701b759..435195b18 100644 --- a/resources/latest/charts/base/Chart.yaml +++ b/resources/latest/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +appVersion: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +version: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 diff --git a/resources/latest/charts/base/crds/crd-all.gen.yaml b/resources/latest/charts/base/crds/crd-all.gen.yaml index 85aab80fe..1625d85f9 100644 --- a/resources/latest/charts/base/crds/crd-all.gen.yaml +++ b/resources/latest/charts/base/crds/crd-all.gen.yaml @@ -120,6 +120,7 @@ spec: type: string priority: description: Determines ordering of `WasmPlugins` in the same `phase`. + format: int32 nullable: true type: integer selector: @@ -399,6 +400,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -483,10 +486,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -495,6 +500,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -514,6 +520,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -574,6 +582,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -582,11 +592,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -695,6 +709,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -782,10 +798,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -795,6 +813,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -814,6 +833,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -875,6 +896,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -883,11 +906,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -917,6 +944,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1056,6 +1085,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -1148,6 +1179,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -1231,10 +1264,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -1243,6 +1278,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1262,6 +1298,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1320,6 +1358,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1328,11 +1368,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1439,6 +1483,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -1523,10 +1569,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -1535,6 +1583,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -1554,6 +1603,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -1614,6 +1665,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -1622,11 +1675,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -1653,6 +1710,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -1790,6 +1849,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -1946,6 +2007,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2030,10 +2093,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2042,6 +2107,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2061,6 +2127,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2121,6 +2189,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2129,11 +2199,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2242,6 +2316,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -2329,10 +2405,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -2342,6 +2420,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2361,6 +2440,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2422,6 +2503,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2430,11 +2513,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2464,6 +2551,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -2603,6 +2692,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -2695,6 +2786,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -2778,10 +2871,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -2790,6 +2885,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -2809,6 +2905,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -2867,6 +2965,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -2875,11 +2975,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -2986,6 +3090,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3070,10 +3176,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3082,6 +3190,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3101,6 +3210,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3161,6 +3272,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3169,11 +3282,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3200,6 +3317,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -3337,6 +3456,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -3493,6 +3614,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3577,10 +3700,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3589,6 +3714,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3608,6 +3734,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3668,6 +3796,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3676,11 +3806,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -3789,6 +3923,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -3876,10 +4012,12 @@ spec: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -3889,6 +4027,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -3908,6 +4047,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -3969,6 +4110,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -3977,11 +4120,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4011,6 +4158,8 @@ spec: applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -4150,6 +4299,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -4242,6 +4393,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -4325,10 +4478,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer implements @@ -4337,6 +4492,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4356,6 +4512,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4414,6 +4572,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4422,11 +4582,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4533,6 +4697,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection @@ -4617,10 +4783,12 @@ spec: properties: tableSize: description: The table size for Maglev hashing. + minimum: 0 type: integer type: object minimumRingSize: description: Deprecated. + minimum: 0 type: integer ringHash: description: The ring/modulo hash load balancer @@ -4629,6 +4797,7 @@ spec: minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. + minimum: 0 type: integer type: object useSourceIp: @@ -4648,6 +4817,8 @@ spec: type: string to: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Map of upstream localities to traffic distribution weights. @@ -4708,6 +4879,8 @@ spec: consecutive5xxErrors: description: Number of 5xx errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveErrors: @@ -4716,11 +4889,15 @@ spec: consecutiveGatewayErrors: description: Number of gateway errors before a host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 nullable: true type: integer consecutiveLocalOriginFailures: description: The number of consecutive locally originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 nullable: true type: integer interval: @@ -4747,6 +4924,8 @@ spec: service on which this policy is being applied. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -4884,6 +5063,8 @@ spec: targetPort: description: Specifies a port to which the downstream connection is tunneled. + maximum: 4294967295 + minimum: 0 type: integer required: - targetHost @@ -4994,6 +5175,8 @@ spec: portNumber: description: The service port for which this cluster was generated. + maximum: 4294967295 + minimum: 0 type: integer service: description: The fully qualified service name for this @@ -5026,6 +5209,8 @@ spec: destinationPort: description: The destination_port value used by a filter chain's match condition. + maximum: 4294967295 + minimum: 0 type: integer filter: description: The name of a specific filter to apply @@ -5065,6 +5250,8 @@ spec: portNumber: description: The service port/gateway port to which traffic is being sent/received. + maximum: 4294967295 + minimum: 0 type: integer type: object proxy: @@ -5099,6 +5286,8 @@ spec: description: The service port number or gateway server port number for which this route configuration was generated. + maximum: 4294967295 + minimum: 0 type: integer vhost: description: Match a specific virtual host in a route @@ -5281,11 +5470,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -5438,11 +5631,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -5595,11 +5792,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -5744,6 +5945,7 @@ spec: properties: concurrency: description: The number of worker threads to run. + format: int32 nullable: true type: integer environmentVariables: @@ -5860,6 +6062,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -5869,6 +6073,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -5900,6 +6106,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -5907,6 +6115,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -6008,6 +6218,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -6017,6 +6229,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -6048,6 +6262,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -6055,6 +6271,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -6156,6 +6374,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -6165,6 +6385,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object type: array @@ -6196,6 +6418,8 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. @@ -6203,6 +6427,8 @@ spec: targetPort: description: The port number on the endpoint where the traffic will be received. + maximum: 4294967295 + minimum: 0 type: integer required: - number @@ -6313,11 +6539,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -6401,6 +6631,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -6509,6 +6741,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -6530,11 +6764,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -6645,6 +6883,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -6725,11 +6965,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -6813,6 +7057,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -6921,6 +7167,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -6942,11 +7190,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -7057,6 +7309,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -7137,11 +7391,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -7225,6 +7483,8 @@ spec: probes: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs to be @@ -7333,6 +7593,8 @@ spec: description: Maximum number of keepalive probes to send without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 type: integer time: description: The time duration a connection needs @@ -7354,11 +7616,15 @@ spec: type: string number: description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 type: integer protocol: description: The protocol exposed on the port. type: string targetPort: + maximum: 4294967295 + minimum: 0 type: integer type: object tls: @@ -7469,6 +7735,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -7681,6 +7949,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -7906,6 +8176,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -8051,6 +8323,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8060,9 +8334,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -8091,6 +8369,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8145,10 +8425,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -8224,6 +8508,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8303,6 +8589,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -8337,6 +8625,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8381,6 +8671,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -8420,6 +8712,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8598,6 +8892,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -8823,6 +9119,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -8968,6 +9266,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -8977,9 +9277,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -9008,6 +9312,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9062,10 +9368,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -9141,6 +9451,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9220,6 +9532,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -9254,6 +9568,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9298,6 +9614,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -9337,6 +9655,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9515,6 +9835,8 @@ spec: type: object status: description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 type: integer required: - status @@ -9740,6 +10062,8 @@ spec: port: description: Specifies the ports on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer queryParams: additionalProperties: @@ -9885,6 +10209,8 @@ spec: addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9894,9 +10220,13 @@ spec: - host type: object mirror_percent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercent: + maximum: 4294967295 + minimum: 0 nullable: true type: integer mirrorPercentage: @@ -9925,6 +10255,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -9979,10 +10311,14 @@ spec: port: description: On a redirect, overwrite the port portion of the URL with this value. + maximum: 4294967295 + minimum: 0 type: integer redirectCode: description: On a redirect, Specifies the HTTP status code to use in the redirect response. + maximum: 4294967295 + minimum: 0 type: integer scheme: description: On a redirect, overwrite the scheme portion @@ -10058,6 +10394,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -10137,6 +10475,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sourceLabels: additionalProperties: @@ -10171,6 +10511,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -10215,6 +10557,8 @@ spec: port: description: Specifies the port on the host that is being addressed. + maximum: 4294967295 + minimum: 0 type: integer sniHosts: description: SNI (server name indicator) to match on. @@ -10254,6 +10598,8 @@ spec: being addressed. properties: number: + maximum: 4294967295 + minimum: 0 type: integer type: object subset: @@ -10349,6 +10695,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10358,6 +10706,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -10407,6 +10757,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10416,6 +10768,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -10465,6 +10819,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10474,6 +10830,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object status: @@ -10596,6 +10954,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -10622,6 +10982,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -10653,6 +11015,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10662,6 +11026,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -10761,6 +11127,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -10787,6 +11155,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -10818,6 +11188,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10827,6 +11199,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -10928,6 +11302,8 @@ spec: type: string port: description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 type: integer scheme: type: string @@ -10954,6 +11330,8 @@ spec: host: type: string port: + maximum: 4294967295 + minimum: 0 type: integer required: - port @@ -10985,6 +11363,8 @@ spec: type: string ports: additionalProperties: + maximum: 4294967295 + minimum: 0 type: integer description: Set of ports associated with the endpoint. type: object @@ -10994,6 +11374,8 @@ spec: type: string weight: description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 type: integer type: object required: @@ -12321,6 +12703,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true @@ -12647,6 +13030,7 @@ spec: randomSamplingPercentage: description: Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made. + format: double maximum: 100 minimum: 0 nullable: true diff --git a/resources/latest/charts/base/files/profile-stable.yaml b/resources/latest/charts/base/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/base/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/latest/charts/base/templates/validatingadmissionpolicy.yaml b/resources/latest/charts/base/templates/validatingadmissionpolicy.yaml new file mode 100644 index 000000000..0b90a4798 --- /dev/null +++ b/resources/latest/charts/base/templates/validatingadmissionpolicy.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-default-policy.istio.io" + labels: + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.defaultRevision }} +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-default-policy-binding.istio.io" +spec: + policyName: "stable-channel-default-policy.istio.io" + validationActions: [Deny] +{{- end }} diff --git a/resources/latest/charts/base/values.yaml b/resources/latest/charts/base/values.yaml index ced14b091..88bca4329 100644 --- a/resources/latest/charts/base/values.yaml +++ b/resources/latest/charts/base/values.yaml @@ -36,3 +36,5 @@ defaults: enableIstioConfigCRDs: true defaultRevision: "default" + experimental: + stableValidationPolicy: false diff --git a/resources/latest/charts/cni/Chart.yaml b/resources/latest/charts/cni/Chart.yaml index 5b2ee9711..f1c439a50 100644 --- a/resources/latest/charts/cni/Chart.yaml +++ b/resources/latest/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +appVersion: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,5 +7,5 @@ keywords: - istio name: cni sources: -- https://github.com/istio/istio/tree/master/cni -version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +- https://github.com/istio/istio +version: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 diff --git a/resources/latest/charts/cni/files/profile-stable.yaml b/resources/latest/charts/cni/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/cni/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/latest/charts/cni/values.yaml b/resources/latest/charts/cni/values.yaml index fbbde7c79..9c2ee6f0a 100644 --- a/resources/latest/charts/cni/values.yaml +++ b/resources/latest/charts/cni/values.yaml @@ -110,7 +110,7 @@ defaults: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 + tag: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/latest/charts/gateway/Chart.yaml b/resources/latest/charts/gateway/Chart.yaml index b258a91c5..3ce748ed4 100644 --- a/resources/latest/charts/gateway/Chart.yaml +++ b/resources/latest/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +appVersion: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +version: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 diff --git a/resources/latest/charts/gateway/files/profile-stable.yaml b/resources/latest/charts/gateway/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/gateway/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/latest/charts/istiod/Chart.yaml b/resources/latest/charts/istiod/Chart.yaml index f34043bf7..1df811ad7 100644 --- a/resources/latest/charts/istiod/Chart.yaml +++ b/resources/latest/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +appVersion: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +version: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 diff --git a/resources/latest/charts/istiod/files/kube-gateway.yaml b/resources/latest/charts/istiod/files/kube-gateway.yaml index 512859b04..8d1dc5de9 100644 --- a/resources/latest/charts/istiod/files/kube-gateway.yaml +++ b/resources/latest/charts/istiod/files/kube-gateway.yaml @@ -138,7 +138,7 @@ spec: {{- end }} {{- if .Values.global.proxy.lifecycle }} lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} {{- end }} env: - name: PILOT_CERT_PROVIDER diff --git a/resources/latest/charts/istiod/files/profile-stable.yaml b/resources/latest/charts/istiod/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/istiod/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/latest/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/latest/charts/istiod/templates/validatingadmissionpolicy.yaml new file mode 100644 index 000000000..f4d9479c6 --- /dev/null +++ b/resources/latest/charts/istiod/templates/validatingadmissionpolicy.yaml @@ -0,0 +1,54 @@ +{{- if .Values.experimental.stableValidationPolicy }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + objectSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" +spec: + policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" + validationActions: [Deny] +{{- end }} diff --git a/resources/latest/charts/istiod/values.yaml b/resources/latest/charts/istiod/values.yaml index a4ddd3643..9eb6cba57 100644 --- a/resources/latest/charts/istiod/values.yaml +++ b/resources/latest/charts/istiod/values.yaml @@ -199,6 +199,9 @@ defaults: meshConfig: enablePrometheusMerge: true + experimental: + stableValidationPolicy: false + global: # Used to locate istiod. istioNamespace: istio-system @@ -231,7 +234,7 @@ defaults: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 + tag: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/latest/charts/ztunnel/Chart.yaml b/resources/latest/charts/ztunnel/Chart.yaml index dca74af72..f45452cb4 100644 --- a/resources/latest/charts/ztunnel/Chart.yaml +++ b/resources/latest/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +appVersion: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 +version: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 diff --git a/resources/latest/charts/ztunnel/files/profile-stable.yaml b/resources/latest/charts/ztunnel/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/latest/charts/ztunnel/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/latest/charts/ztunnel/values.yaml b/resources/latest/charts/ztunnel/values.yaml index dd58a35a0..6e9aab85b 100644 --- a/resources/latest/charts/ztunnel/values.yaml +++ b/resources/latest/charts/ztunnel/values.yaml @@ -2,7 +2,7 @@ defaults: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749 + tag: 1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/latest/profiles/stable.yaml b/resources/latest/profiles/stable.yaml new file mode 100644 index 000000000..f1612aa60 --- /dev/null +++ b/resources/latest/profiles/stable.yaml @@ -0,0 +1,5 @@ +apiVersion: operator.istio.io/v1alpha1 +kind: Istio +spec: + values: + profile: stable diff --git a/tests/e2e/controlplane/control_plane_test.go b/tests/e2e/controlplane/control_plane_test.go index 06ad9915b..a6e4236e2 100644 --- a/tests/e2e/controlplane/control_plane_test.go +++ b/tests/e2e/controlplane/control_plane_test.go @@ -24,6 +24,7 @@ import ( "time" "github.com/istio-ecosystem/sail-operator/api/v1alpha1" + "github.com/istio-ecosystem/sail-operator/pkg/kube" . "github.com/istio-ecosystem/sail-operator/pkg/test/util/ginkgo" "github.com/istio-ecosystem/sail-operator/pkg/test/util/supportedversion" common "github.com/istio-ecosystem/sail-operator/tests/e2e/util/common" @@ -42,7 +43,7 @@ import ( var istiodVersionRegex = regexp.MustCompile(`Version:"(\d+\.\d+(\.\d+|-\w+))`) var _ = Describe("Control Plane Installation", Ordered, func() { - SetDefaultEventuallyTimeout(60 * time.Second) + SetDefaultEventuallyTimeout(120 * time.Second) SetDefaultEventuallyPollingInterval(time.Second) debugInfoLogged := false @@ -58,7 +59,7 @@ var _ = Describe("Control Plane Installation", Ordered, func() { Expect(helm.Install("sail-operator", filepath.Join(baseDir, "chart"), "--namespace "+namespace, "--set=image="+image, extraArg)). To(Succeed(), "Operator failed to be deployed") - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(deploymentName, namespace), &appsv1.Deployment{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(deploymentName, namespace), &appsv1.Deployment{}). Should(HaveCondition(appsv1.DeploymentAvailable, metav1.ConditionTrue), "Error getting Istio CRD") Success("Operator is deployed in the namespace and Running") }) @@ -78,12 +79,12 @@ metadata: Success("IstioCNI created") cni := &v1alpha1.IstioCNI{} - Expect(cl.Get(ctx, common.Key("default"), cni)).To(Succeed()) + Expect(cl.Get(ctx, kube.Key("default"), cni)).To(Succeed()) Expect(cni.Spec.Version).To(Equal(supportedversion.Default)) Expect(cni.Spec.Namespace).To(Equal("istio-cni")) Expect(cl.Delete(ctx, cni)).To(Succeed()) - Eventually(cl.Get).WithArguments(ctx, common.Key("default"), cni).Should(ReturnNotFoundError()) + Eventually(cl.Get).WithArguments(ctx, kube.Key("default"), cni).Should(ReturnNotFoundError()) }, ) @@ -102,14 +103,14 @@ metadata: Success("Istio created") istio := &v1alpha1.Istio{} - Expect(cl.Get(ctx, common.Key("default"), istio)).To(Succeed()) + Expect(cl.Get(ctx, kube.Key("default"), istio)).To(Succeed()) Expect(istio.Spec.Version).To(Equal(supportedversion.Default)) Expect(istio.Spec.Namespace).To(Equal("istio-system")) Expect(istio.Spec.UpdateStrategy).ToNot(BeNil()) Expect(istio.Spec.UpdateStrategy.Type).To(Equal(v1alpha1.UpdateStrategyTypeInPlace)) Expect(cl.Delete(ctx, istio)).To(Succeed()) - Eventually(cl.Get).WithArguments(ctx, common.Key("default"), istio).Should(ReturnNotFoundError()) + Eventually(cl.Get).WithArguments(ctx, kube.Key("default"), istio).Should(ReturnNotFoundError()) }, ) }) @@ -144,7 +145,7 @@ spec: It("deploys the CNI DaemonSet", func(ctx SpecContext) { Eventually(func(g Gomega) { daemonset := &appsv1.DaemonSet{} - g.Expect(cl.Get(ctx, common.Key("istio-cni-node", istioCniNamespace), daemonset)).To(Succeed(), "Error getting IstioCNI DaemonSet") + g.Expect(cl.Get(ctx, kube.Key("istio-cni-node", istioCniNamespace), daemonset)).To(Succeed(), "Error getting IstioCNI DaemonSet") g.Expect(daemonset.Status.NumberAvailable). To(Equal(daemonset.Status.CurrentNumberScheduled), "CNI DaemonSet Pods not Available; expected numberAvailable to be equal to currentNumberScheduled") }).Should(Succeed(), "CNI DaemonSet Pods are not Available") @@ -152,13 +153,13 @@ spec: }) It("updates the status to Reconciled", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(istioCniName), &v1alpha1.IstioCNI{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(istioCniName), &v1alpha1.IstioCNI{}). Should(HaveCondition(v1alpha1.IstioCNIConditionReconciled, metav1.ConditionTrue), "IstioCNI is not Reconciled; unexpected Condition") Success("IstioCNI is Reconciled") }) It("updates the status to Ready", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(istioCniName), &v1alpha1.IstioCNI{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(istioCniName), &v1alpha1.IstioCNI{}). Should(HaveCondition(v1alpha1.IstioCNIConditionReady, metav1.ConditionTrue), "IstioCNI is not Ready; unexpected Condition") Success("IstioCNI is Ready") }) @@ -188,19 +189,19 @@ spec: }) It("updates the Istio CR status to Reconciled", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(istioName), &v1alpha1.Istio{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(istioName), &v1alpha1.Istio{}). Should(HaveCondition(v1alpha1.IstioConditionReconciled, metav1.ConditionTrue), "Istio is not Reconciled; unexpected Condition") Success("Istio CR is Reconciled") }) It("updates the Istio CR status to Ready", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(istioName), &v1alpha1.Istio{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(istioName), &v1alpha1.Istio{}). Should(HaveCondition(v1alpha1.IstioConditionReady, metav1.ConditionTrue), "Istio is not Ready; unexpected Condition") Success("Istio CR is Ready") }) It("deploys istiod", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key("istiod", controlPlaneNamespace), &appsv1.Deployment{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key("istiod", controlPlaneNamespace), &appsv1.Deployment{}). Should(HaveCondition(appsv1.DeploymentAvailable, metav1.ConditionTrue), "Istiod is not Available; unexpected Condition") Expect(getVersionFromIstiod()).To(Equal(version.Version), "Unexpected istiod version") Success("Istiod is deployed in the namespace and Running") @@ -220,7 +221,7 @@ spec: }) It("removes everything from the namespace", func(ctx SpecContext) { - Eventually(cl.Get).WithArguments(ctx, common.Key("istiod", controlPlaneNamespace), &appsv1.Deployment{}). + Eventually(cl.Get).WithArguments(ctx, kube.Key("istiod", controlPlaneNamespace), &appsv1.Deployment{}). Should(ReturnNotFoundError(), "Istiod should not exist anymore") common.CheckNamespaceEmpty(ctx, cl, controlPlaneNamespace) Success("Namespace is empty") @@ -235,7 +236,7 @@ spec: It("removes everything from the CNI namespace", func(ctx SpecContext) { daemonset := &appsv1.DaemonSet{} - Eventually(cl.Get).WithArguments(ctx, common.Key("istio-cni-node", istioCniNamespace), daemonset). + Eventually(cl.Get).WithArguments(ctx, kube.Key("istio-cni-node", istioCniNamespace), daemonset). Should(ReturnNotFoundError(), "IstioCNI DaemonSet should not exist anymore") common.CheckNamespaceEmpty(ctx, cl, istioCniNamespace) Success("CNI namespace is empty") diff --git a/tests/e2e/operator/operator_install_test.go b/tests/e2e/operator/operator_install_test.go index 0dfdd96ce..102198917 100644 --- a/tests/e2e/operator/operator_install_test.go +++ b/tests/e2e/operator/operator_install_test.go @@ -20,6 +20,7 @@ import ( "path/filepath" "time" + "github.com/istio-ecosystem/sail-operator/pkg/kube" . "github.com/istio-ecosystem/sail-operator/pkg/test/util/ginkgo" common "github.com/istio-ecosystem/sail-operator/tests/e2e/util/common" . "github.com/istio-ecosystem/sail-operator/tests/e2e/util/gomega" @@ -84,7 +85,7 @@ var _ = Describe("Operator", Ordered, func() { It("updates the CRDs status to Established", func(ctx SpecContext) { for _, crdName := range sailCRDs { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(crdName), &apiextensionsv1.CustomResourceDefinition{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(crdName), &apiextensionsv1.CustomResourceDefinition{}). Should(HaveCondition(apiextensionsv1.Established, metav1.ConditionTrue), "Error getting Istio CRD") } Success("CRDs are Established") @@ -92,13 +93,13 @@ var _ = Describe("Operator", Ordered, func() { Specify("istio crd is present", func(ctx SpecContext) { // When the operator runs in OCP cluster, the CRD is created but not available at the moment - Eventually(cl.Get).WithArguments(ctx, common.Key("istios.operator.istio.io"), &apiextensionsv1.CustomResourceDefinition{}). + Eventually(cl.Get).WithArguments(ctx, kube.Key("istios.operator.istio.io"), &apiextensionsv1.CustomResourceDefinition{}). Should(Succeed(), "Error getting Istio CRD") Success("Istio CRD is present") }) It("starts successfully", func(ctx SpecContext) { - Eventually(common.GetObject).WithArguments(ctx, cl, common.Key(deploymentName, namespace), &appsv1.Deployment{}). + Eventually(common.GetObject).WithArguments(ctx, cl, kube.Key(deploymentName, namespace), &appsv1.Deployment{}). Should(HaveCondition(appsv1.DeploymentAvailable, metav1.ConditionTrue), "Error getting Istio CRD") }) diff --git a/tests/e2e/util/client/client.go b/tests/e2e/util/client/client.go index 70243c83b..9ab45ee74 100644 --- a/tests/e2e/util/client/client.go +++ b/tests/e2e/util/client/client.go @@ -15,7 +15,6 @@ package client import ( - "flag" "fmt" "log" "os" @@ -29,11 +28,8 @@ import ( // getConfig returns the configuration of the kubernetes go-client func getConfig() (*rest.Config, error) { - kubeconfig := flag.String("kubeconfig", os.Getenv("KUBECONFIG"), "(optional) absolute path to the kubeconfig file") - flag.Parse() - // use the current context in kubeconfig - config, err := clientcmd.BuildConfigFromFlags("", *kubeconfig) + config, err := clientcmd.BuildConfigFromFlags("", os.Getenv("KUBECONFIG")) if err != nil { return nil, fmt.Errorf("error building config: %w", err) } diff --git a/tests/e2e/util/common/e2e_utils.go b/tests/e2e/util/common/e2e_utils.go index efa4976fc..49b4c6f62 100644 --- a/tests/e2e/util/common/e2e_utils.go +++ b/tests/e2e/util/common/e2e_utils.go @@ -41,16 +41,6 @@ var ( istioCniNamespace = env.Get("ISTIOCNI_NAMESPACE", "istio-cni") ) -// key returns the client.ObjectKey for the given name and namespace. If no namespace is provided, it returns a key cluster scoped -func Key(name string, namespace ...string) client.ObjectKey { - if len(namespace) > 1 { - panic("you can only provide one namespace") - } else if len(namespace) == 1 { - return client.ObjectKey{Name: name, Namespace: namespace[0]} - } - return client.ObjectKey{Name: name} -} - // getObject returns the object with the given key func GetObject(ctx context.Context, cl client.Client, key client.ObjectKey, obj client.Object) (client.Object, error) { err := cl.Get(ctx, key, obj) diff --git a/tests/integration/api/istiorevision_test.go b/tests/integration/api/istiorevision_test.go index 4d5c88794..46d75dae9 100644 --- a/tests/integration/api/istiorevision_test.go +++ b/tests/integration/api/istiorevision_test.go @@ -21,6 +21,7 @@ import ( "time" "github.com/istio-ecosystem/sail-operator/api/v1alpha1" + "github.com/istio-ecosystem/sail-operator/pkg/kube" . "github.com/istio-ecosystem/sail-operator/pkg/test/util/ginkgo" "github.com/istio-ecosystem/sail-operator/pkg/test/util/supportedversion" . "github.com/onsi/ginkgo/v2" @@ -158,6 +159,71 @@ var _ = Describe("IstioRevision resource", Ordered, func() { }) }) + Describe("reconciles immediately after target namespace is created", func() { + BeforeAll(func() { + Step("Creating the IstioRevision resource without the namespace") + rev = &v1alpha1.IstioRevision{ + ObjectMeta: metav1.ObjectMeta{ + Name: revName, + }, + Spec: v1alpha1.IstioRevisionSpec{ + Version: supportedversion.Default, + Namespace: "nonexistent-namespace", + Values: &v1alpha1.Values{ + Revision: revName, + Global: &v1alpha1.GlobalConfig{ + IstioNamespace: "nonexistent-namespace", + }, + }, + }, + } + Expect(k8sClient.Create(ctx, rev)).To(Succeed()) + }) + + AfterAll(func() { + Expect(k8sClient.Delete(ctx, rev)).To(Succeed()) + Eventually(k8sClient.Get).WithArguments(ctx, kube.Key(revName), rev).Should(ReturnNotFoundError()) + }) + + It("indicates in the status that the namespace doesn't exist", func() { + Eventually(func(g Gomega) { + g.Expect(k8sClient.Get(ctx, revKey, rev)).To(Succeed()) + g.Expect(rev.Status.ObservedGeneration).To(Equal(rev.ObjectMeta.Generation)) + + reconciled := rev.Status.GetCondition(v1alpha1.IstioRevisionConditionReconciled) + g.Expect(reconciled.Status).To(Equal(metav1.ConditionFalse)) + g.Expect(reconciled.Reason).To(Equal(v1alpha1.IstioRevisionReasonReconcileError)) + g.Expect(reconciled.Message).To(ContainSubstring(`namespace "nonexistent-namespace" doesn't exist`)) + }).Should(Succeed()) + }) + + When("the namespace is created", func() { + BeforeAll(func() { + ns := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: "nonexistent-namespace", + }, + } + Expect(k8sClient.Create(ctx, ns)).To(Succeed()) + }) + + It("reconciles immediately", func() { + Step("Checking if istiod is deployed immediately") + istiod := &appsv1.Deployment{} + istiodKey := client.ObjectKey{Name: "istiod-" + revName, Namespace: "nonexistent-namespace"} + Eventually(k8sClient.Get).WithArguments(ctx, istiodKey, istiod).WithTimeout(10 * time.Second).Should(Succeed()) + + Step("Checking if the status is updated") + Eventually(func(g Gomega) { + g.Expect(k8sClient.Get(ctx, revKey, rev)).To(Succeed()) + g.Expect(rev.Status.ObservedGeneration).To(Equal(rev.ObjectMeta.Generation)) + reconciled := rev.Status.GetCondition(v1alpha1.IstioRevisionConditionReconciled) + g.Expect(reconciled.Status).To(Equal(metav1.ConditionTrue)) + }).Should(Succeed()) + }) + }) + }) + It("successfully reconciles the resource", func() { Step("Creating the custom resource") rev = &v1alpha1.IstioRevision{ diff --git a/versions.yaml b/versions.yaml index 7dd909cf8..b7fc39edc 100644 --- a/versions.yaml +++ b/versions.yaml @@ -21,13 +21,13 @@ versions: - https://istio-release.storage.googleapis.com/charts/cni-1.21.0.tgz - https://istio-release.storage.googleapis.com/charts/ztunnel-1.21.0.tgz - name: latest - version: 1.22-alpha + version: 1.23-alpha repo: https://github.com/istio/istio branch: master - commit: bf9fd6127f5bebf2f0024362f3c687849f390749 + commit: 713cd5d19404bad19669540656f4fa31b4641a08 charts: - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749/helm/base-1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749/helm/cni-1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749/helm/gateway-1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749/helm/istiod-1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749.tgz - - https://storage.googleapis.com/istio-build/dev/1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749/helm/ztunnel-1.22-alpha.bf9fd6127f5bebf2f0024362f3c687849f390749.tgz + - https://storage.googleapis.com/istio-build/dev/1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08/helm/base-1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08.tgz + - https://storage.googleapis.com/istio-build/dev/1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08/helm/cni-1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08.tgz + - https://storage.googleapis.com/istio-build/dev/1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08/helm/gateway-1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08.tgz + - https://storage.googleapis.com/istio-build/dev/1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08/helm/istiod-1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08.tgz + - https://storage.googleapis.com/istio-build/dev/1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08/helm/ztunnel-1.23-alpha.713cd5d19404bad19669540656f4fa31b4641a08.tgz