diff --git a/api/v1alpha1/istio_types.go b/api/v1alpha1/istio_types.go index 663a3aafa..e8b808acc 100644 --- a/api/v1alpha1/istio_types.go +++ b/api/v1alpha1/istio_types.go @@ -37,10 +37,10 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.22.1. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.22.1"} - // +kubebuilder:validation:Enum=v1.22.1 - // +kubebuilder:default=v1.22.1 + // Must be one of: v1.22.3. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.22.3"} + // +kubebuilder:validation:Enum=v1.22.3 + // +kubebuilder:default=v1.22.3 Version string `json:"version"` // Defines the update strategy to use when the version in the Istio CR is updated. @@ -253,7 +253,7 @@ type Istio struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - // +kubebuilder:default={version: "v1.22.1", namespace: "istio-system", updateStrategy: {type:"InPlace"}} + // +kubebuilder:default={version: "v1.22.3", namespace: "istio-system", updateStrategy: {type:"InPlace"}} Spec IstioSpec `json:"spec,omitempty"` Status IstioStatus `json:"status,omitempty"` diff --git a/api/v1alpha1/istiocni_types.go b/api/v1alpha1/istiocni_types.go index 0d6415653..939572de5 100644 --- a/api/v1alpha1/istiocni_types.go +++ b/api/v1alpha1/istiocni_types.go @@ -28,10 +28,10 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.22.1. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.22.1"} - // +kubebuilder:validation:Enum=v1.22.1 - // +kubebuilder:default=v1.22.1 + // Must be one of: v1.22.3. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.22.3"} + // +kubebuilder:validation:Enum=v1.22.3 + // +kubebuilder:default=v1.22.3 Version string `json:"version"` // +sail:profile @@ -177,7 +177,7 @@ type IstioCNI struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - // +kubebuilder:default={version: "v1.22.1", namespace: "istio-cni"} + // +kubebuilder:default={version: "v1.22.3", namespace: "istio-cni"} Spec IstioCNISpec `json:"spec,omitempty"` Status IstioCNIStatus `json:"status,omitempty"` diff --git a/api/v1alpha1/istiorevision_types.go b/api/v1alpha1/istiorevision_types.go index dfb57dba1..d63711880 100644 --- a/api/v1alpha1/istiorevision_types.go +++ b/api/v1alpha1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.22.1. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.22.1"} - // +kubebuilder:validation:Enum=v1.22.1 + // Must be one of: v1.22.3. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.22.3"} + // +kubebuilder:validation:Enum=v1.22.3 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/bundle/manifests/operator.istio.io_istiocnis.yaml b/bundle/manifests/operator.istio.io_istiocnis.yaml index 43d3b7926..39495cb6a 100644 --- a/bundle/manifests/operator.istio.io_istiocnis.yaml +++ b/bundle/manifests/operator.istio.io_istiocnis.yaml @@ -58,7 +58,7 @@ spec: spec: default: namespace: istio-cni - version: v1.22.1 + version: v1.22.3 description: IstioCNISpec defines the desired state of IstioCNI properties: namespace: @@ -1405,12 +1405,12 @@ spec: type: object type: object version: - default: v1.22.1 + default: v1.22.3 description: |- Defines the version of Istio to install. - Must be one of: v1.22.1. + Must be one of: v1.22.3. enum: - - v1.22.1 + - v1.22.3 type: string required: - namespace diff --git a/bundle/manifests/operator.istio.io_istiorevisions.yaml b/bundle/manifests/operator.istio.io_istiorevisions.yaml index 25c431e76..278903d41 100644 --- a/bundle/manifests/operator.istio.io_istiorevisions.yaml +++ b/bundle/manifests/operator.istio.io_istiorevisions.yaml @@ -8056,9 +8056,9 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.22.1. + Must be one of: v1.22.3. enum: - - v1.22.1 + - v1.22.3 type: string required: - namespace diff --git a/bundle/manifests/operator.istio.io_istios.yaml b/bundle/manifests/operator.istio.io_istios.yaml index d80b3fb9f..d5cab7041 100644 --- a/bundle/manifests/operator.istio.io_istios.yaml +++ b/bundle/manifests/operator.istio.io_istios.yaml @@ -76,7 +76,7 @@ spec: namespace: istio-system updateStrategy: type: InPlace - version: v1.22.1 + version: v1.22.3 description: IstioSpec defines the desired state of Istio properties: namespace: @@ -8123,12 +8123,12 @@ spec: type: object type: object version: - default: v1.22.1 + default: v1.22.3 description: |- Defines the version of Istio to install. - Must be one of: v1.22.1. + Must be one of: v1.22.3. enum: - - v1.22.1 + - v1.22.3 type: string required: - namespace diff --git a/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml b/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml index c19c01f58..a1c678c52 100644 --- a/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml +++ b/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml @@ -16,7 +16,7 @@ metadata: "inactiveRevisionDeletionGracePeriodSeconds": 30, "type": "InPlace" }, - "version": "v1.22.1" + "version": "v1.22.3" } }, { @@ -27,14 +27,14 @@ metadata: }, "spec": { "namespace": "istio-cni", - "version": "v1.22.1" + "version": "v1.22.3" } } ] capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/maistra-dev/sail-operator:3.0.0-tp-latest - createdAt: "2024-07-11T11:01:04Z" + createdAt: "2024-07-17T09:48:18Z" description: The OpenShift Service Mesh Operator enables you to install, configure, and manage an instance of Red Hat OpenShift Service Mesh. OpenShift Service Mesh is based on the open source Istio project. @@ -162,12 +162,12 @@ spec: kind: IstioCNI name: istiocnis.operator.istio.io specDescriptors: - - description: 'Defines the version of Istio to install. Must be one of: v1.22.1.' + - description: 'Defines the version of Istio to install. Must be one of: v1.22.3.' displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General - - urn:alm:descriptor:com.tectonic.ui:select:v1.22.1 + - urn:alm:descriptor:com.tectonic.ui:select:v1.22.3 - description: Namespace to which the Istio CNI component should be installed. displayName: Namespace path: namespace @@ -194,12 +194,12 @@ spec: kind: IstioRevision name: istiorevisions.operator.istio.io specDescriptors: - - description: 'Defines the version of Istio to install. Must be one of: v1.22.1.' + - description: 'Defines the version of Istio to install. Must be one of: v1.22.3.' displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General - - urn:alm:descriptor:com.tectonic.ui:select:v1.22.1 + - urn:alm:descriptor:com.tectonic.ui:select:v1.22.3 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -234,12 +234,12 @@ spec: x-descriptors: - urn:alm:descriptor:com.tectonic.ui:select:InPlace - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - - description: 'Defines the version of Istio to install. Must be one of: v1.22.1.' + - description: 'Defines the version of Istio to install. Must be one of: v1.22.3.' displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General - - urn:alm:descriptor:com.tectonic.ui:select:v1.22.1 + - urn:alm:descriptor:com.tectonic.ui:select:v1.22.3 - description: Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. The minimum and the @@ -476,11 +476,11 @@ spec: template: metadata: annotations: - images.v1_22_1.cni: registry.redhat.io/openshift-service-mesh/istio-cni-rhel9:1.22.1.tp.1 - images.v1_22_1.istiod: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.22.1.tp.1 - images.v1_22_1.must-gather: registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9:3.0.0.tp.1 - images.v1_22_1.proxy: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9:3.0.0.tp.1 - images.v1_22_1.ztunnel: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.22.1.tp.1 + images.v1_22_3.cni: registry.redhat.io/openshift-service-mesh/istio-cni-rhel9:1.22.3.tp.1 + images.v1_22_3.istiod: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.22.3.tp.1 + images.v1_22_3.must-gather: registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9:3.0.0.tp.1 + images.v1_22_3.proxy: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9:3.0.0.tp.1 + images.v1_22_3.ztunnel: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.22.3.tp.1 kubectl.kubernetes.io/default-container: manager labels: app.kubernetes.io/created-by: servicemeshoperator3 diff --git a/chart/crds/operator.istio.io_istiocnis.yaml b/chart/crds/operator.istio.io_istiocnis.yaml index 0e05fdc93..05b38d518 100644 --- a/chart/crds/operator.istio.io_istiocnis.yaml +++ b/chart/crds/operator.istio.io_istiocnis.yaml @@ -58,7 +58,7 @@ spec: spec: default: namespace: istio-cni - version: v1.22.1 + version: v1.22.3 description: IstioCNISpec defines the desired state of IstioCNI properties: namespace: @@ -1405,12 +1405,12 @@ spec: type: object type: object version: - default: v1.22.1 + default: v1.22.3 description: |- Defines the version of Istio to install. - Must be one of: v1.22.1. + Must be one of: v1.22.3. enum: - - v1.22.1 + - v1.22.3 type: string required: - namespace diff --git a/chart/crds/operator.istio.io_istiorevisions.yaml b/chart/crds/operator.istio.io_istiorevisions.yaml index a87f8a3c8..1cc87b7e4 100644 --- a/chart/crds/operator.istio.io_istiorevisions.yaml +++ b/chart/crds/operator.istio.io_istiorevisions.yaml @@ -8056,9 +8056,9 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.22.1. + Must be one of: v1.22.3. enum: - - v1.22.1 + - v1.22.3 type: string required: - namespace diff --git a/chart/crds/operator.istio.io_istios.yaml b/chart/crds/operator.istio.io_istios.yaml index c76c8d4d1..4a732fea9 100644 --- a/chart/crds/operator.istio.io_istios.yaml +++ b/chart/crds/operator.istio.io_istios.yaml @@ -76,7 +76,7 @@ spec: namespace: istio-system updateStrategy: type: InPlace - version: v1.22.1 + version: v1.22.3 description: IstioSpec defines the desired state of Istio properties: namespace: @@ -8123,12 +8123,12 @@ spec: type: object type: object version: - default: v1.22.1 + default: v1.22.3 description: |- Defines the version of Istio to install. - Must be one of: v1.22.1. + Must be one of: v1.22.3. enum: - - v1.22.1 + - v1.22.3 type: string required: - namespace diff --git a/chart/samples/istio-sample-kubernetes.yaml b/chart/samples/istio-sample-kubernetes.yaml index 4346c9e9a..da9421815 100644 --- a/chart/samples/istio-sample-kubernetes.yaml +++ b/chart/samples/istio-sample-kubernetes.yaml @@ -3,7 +3,7 @@ kind: Istio metadata: name: default spec: - version: v1.22.1 + version: v1.22.3 namespace: istio-system updateStrategy: type: InPlace diff --git a/chart/samples/istio-sample-openshift.yaml b/chart/samples/istio-sample-openshift.yaml index 0d61ed9b1..b08f1b5dc 100644 --- a/chart/samples/istio-sample-openshift.yaml +++ b/chart/samples/istio-sample-openshift.yaml @@ -3,7 +3,7 @@ kind: Istio metadata: name: default spec: - version: v1.22.1 + version: v1.22.3 namespace: istio-system updateStrategy: type: InPlace diff --git a/chart/samples/istiocni-sample.yaml b/chart/samples/istiocni-sample.yaml index 01a675068..026cd489b 100644 --- a/chart/samples/istiocni-sample.yaml +++ b/chart/samples/istiocni-sample.yaml @@ -3,5 +3,5 @@ kind: IstioCNI metadata: name: default spec: - version: v1.22.1 + version: v1.22.3 namespace: istio-cni diff --git a/ossm/values.yaml b/ossm/values.yaml index 7afb0c408..e02fadb0c 100644 --- a/ossm/values.yaml +++ b/ossm/values.yaml @@ -2,12 +2,12 @@ name: servicemeshoperator3 deployment: name: servicemesh-operator3 annotations: - images.v1_22_1.istiod: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.22.1.tp.1 - images.v1_22_1.proxy: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9:3.0.0.tp.1 - images.v1_22_1.cni: registry.redhat.io/openshift-service-mesh/istio-cni-rhel9:1.22.1.tp.1 + images.v1_22_3.istiod: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.22.3.tp.1 + images.v1_22_3.proxy: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9:3.0.0.tp.1 + images.v1_22_3.cni: registry.redhat.io/openshift-service-mesh/istio-cni-rhel9:1.22.3.tp.1 # TODO insert ztunnel image name once we're shipping ztunnel - images.v1_22_1.ztunnel: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.22.1.tp.1 - images.v1_22_1.must-gather: registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9:3.0.0.tp.1 + images.v1_22_3.ztunnel: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.22.3.tp.1 + images.v1_22_3.must-gather: registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9:3.0.0.tp.1 service: port: 8443 serviceAccountName: servicemesh-operator3 diff --git a/ossm/versions.yaml b/ossm/versions.yaml index b7f6a2b56..518b88c47 100644 --- a/ossm/versions.yaml +++ b/ossm/versions.yaml @@ -4,19 +4,19 @@ # versions specified below can be the source of the CRDs. Because CRDs are # typically backwards-compatible, the following field should point to the # most recent version. -crdSourceVersion: v1.22.1 +crdSourceVersion: v1.22.3 # The list of versions to support. Each item specifies the name of the version, # the Git repository and commit hash for retrieving the profiles, and # a list of URLs for retrieving the charts. # The first item in the list is the default version. versions: - - name: v1.22.1 - version: 1.22.1 + - name: v1.22.3 + version: 1.22.3 repo: https://github.com/istio/istio - commit: 1.22.1 + commit: 1.22.3 charts: - - https://istio-release.storage.googleapis.com/charts/base-1.22.1.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.22.1.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.22.1.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.22.1.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.22.1.tgz + - https://istio-release.storage.googleapis.com/charts/base-1.22.3.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.22.3.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.22.3.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.22.3.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.22.3.tgz diff --git a/resources/v1.22.1/charts/ztunnel/files/profile-compatibility-version-1.20.yaml b/resources/v1.22.1/charts/ztunnel/files/profile-compatibility-version-1.20.yaml deleted file mode 100644 index e602ba86b..000000000 --- a/resources/v1.22.1/charts/ztunnel/files/profile-compatibility-version-1.20.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.21 behavioral changes - ENABLE_EXTERNAL_NAME_ALIAS: "false" - PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true" - VERIFY_CERTIFICATE_AT_CLIENT: "false" - ENABLE_AUTO_SNI: "false" - - # 1.22 behavioral changes - ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" - -meshConfig: - # 1.22 behavioral changes - defaultConfig: - proxyMetadata: - ISTIO_DELTA_XDS: "false" - tracing: - zipkin: - address: zipkin.istio-system:9411 diff --git a/resources/v1.22.1/charts/ztunnel/files/profile-compatibility-version-1.21.yaml b/resources/v1.22.1/charts/ztunnel/files/profile-compatibility-version-1.21.yaml deleted file mode 100644 index 0c0fbfa4e..000000000 --- a/resources/v1.22.1/charts/ztunnel/files/profile-compatibility-version-1.21.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.22 behavioral changes - ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" -meshConfig: - # 1.22 behavioral changes - proxyMetadata: - ISTIO_DELTA_XDS: "false" - defaultConfig: - tracing: - zipkin: - address: zipkin.istio-system:9411 diff --git a/resources/v1.22.1/charts/base/Chart.yaml b/resources/v1.22.3/charts/base/Chart.yaml similarity index 86% rename from resources/v1.22.1/charts/base/Chart.yaml rename to resources/v1.22.3/charts/base/Chart.yaml index ae5e99455..bf0eebf6f 100644 --- a/resources/v1.22.1/charts/base/Chart.yaml +++ b/resources/v1.22.3/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22.1 +appVersion: 1.22.3 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.22.1 +version: 1.22.3 diff --git a/resources/v1.22.1/charts/base/README.md b/resources/v1.22.3/charts/base/README.md similarity index 100% rename from resources/v1.22.1/charts/base/README.md rename to resources/v1.22.3/charts/base/README.md diff --git a/resources/v1.22.1/charts/base/crds/crd-all.gen.yaml b/resources/v1.22.3/charts/base/crds/crd-all.gen.yaml similarity index 100% rename from resources/v1.22.1/charts/base/crds/crd-all.gen.yaml rename to resources/v1.22.3/charts/base/crds/crd-all.gen.yaml diff --git a/resources/v1.22.1/charts/base/files/profile-ambient.yaml b/resources/v1.22.3/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.22.1/charts/base/files/profile-ambient.yaml rename to resources/v1.22.3/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.22.1/charts/cni/files/profile-compatibility-version-1.20.yaml b/resources/v1.22.3/charts/base/files/profile-compatibility-version-1.20.yaml similarity index 93% rename from resources/v1.22.1/charts/cni/files/profile-compatibility-version-1.20.yaml rename to resources/v1.22.3/charts/base/files/profile-compatibility-version-1.20.yaml index e602ba86b..480718f1c 100644 --- a/resources/v1.22.1/charts/cni/files/profile-compatibility-version-1.20.yaml +++ b/resources/v1.22.3/charts/base/files/profile-compatibility-version-1.20.yaml @@ -11,6 +11,7 @@ pilot: ENABLE_AUTO_SNI: "false" # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" meshConfig: diff --git a/resources/v1.22.1/charts/gateway/files/profile-compatibility-version-1.21.yaml b/resources/v1.22.3/charts/base/files/profile-compatibility-version-1.21.yaml similarity index 91% rename from resources/v1.22.1/charts/gateway/files/profile-compatibility-version-1.21.yaml rename to resources/v1.22.3/charts/base/files/profile-compatibility-version-1.21.yaml index 0c0fbfa4e..808d224ed 100644 --- a/resources/v1.22.1/charts/gateway/files/profile-compatibility-version-1.21.yaml +++ b/resources/v1.22.3/charts/base/files/profile-compatibility-version-1.21.yaml @@ -5,6 +5,7 @@ pilot: env: # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" meshConfig: # 1.22 behavioral changes diff --git a/resources/v1.22.1/charts/base/files/profile-demo.yaml b/resources/v1.22.3/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.22.1/charts/base/files/profile-demo.yaml rename to resources/v1.22.3/charts/base/files/profile-demo.yaml diff --git a/resources/v1.22.1/charts/base/files/profile-openshift-ambient.yaml b/resources/v1.22.3/charts/base/files/profile-openshift-ambient.yaml similarity index 100% rename from resources/v1.22.1/charts/base/files/profile-openshift-ambient.yaml rename to resources/v1.22.3/charts/base/files/profile-openshift-ambient.yaml diff --git a/resources/v1.22.1/charts/base/files/profile-openshift.yaml b/resources/v1.22.3/charts/base/files/profile-openshift.yaml similarity index 100% rename from resources/v1.22.1/charts/base/files/profile-openshift.yaml rename to resources/v1.22.3/charts/base/files/profile-openshift.yaml diff --git a/resources/v1.22.1/charts/base/files/profile-preview.yaml b/resources/v1.22.3/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.22.1/charts/base/files/profile-preview.yaml rename to resources/v1.22.3/charts/base/files/profile-preview.yaml diff --git a/resources/v1.22.1/charts/base/files/profile-stable.yaml b/resources/v1.22.3/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.22.1/charts/base/files/profile-stable.yaml rename to resources/v1.22.3/charts/base/files/profile-stable.yaml diff --git a/resources/v1.22.1/charts/base/templates/NOTES.txt b/resources/v1.22.3/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.22.1/charts/base/templates/NOTES.txt rename to resources/v1.22.3/charts/base/templates/NOTES.txt diff --git a/resources/v1.22.1/charts/base/templates/crds.yaml b/resources/v1.22.3/charts/base/templates/crds.yaml similarity index 100% rename from resources/v1.22.1/charts/base/templates/crds.yaml rename to resources/v1.22.3/charts/base/templates/crds.yaml diff --git a/resources/v1.22.1/charts/base/templates/default.yaml b/resources/v1.22.3/charts/base/templates/default.yaml similarity index 100% rename from resources/v1.22.1/charts/base/templates/default.yaml rename to resources/v1.22.3/charts/base/templates/default.yaml diff --git a/resources/v1.22.1/charts/base/templates/endpoints.yaml b/resources/v1.22.3/charts/base/templates/endpoints.yaml similarity index 100% rename from resources/v1.22.1/charts/base/templates/endpoints.yaml rename to resources/v1.22.3/charts/base/templates/endpoints.yaml diff --git a/resources/v1.22.1/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.22.3/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.22.1/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.22.3/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.22.1/charts/base/templates/services.yaml b/resources/v1.22.3/charts/base/templates/services.yaml similarity index 100% rename from resources/v1.22.1/charts/base/templates/services.yaml rename to resources/v1.22.3/charts/base/templates/services.yaml diff --git a/resources/v1.22.1/charts/base/templates/validatingadmissionpolicy.yaml b/resources/v1.22.3/charts/base/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.22.1/charts/base/templates/validatingadmissionpolicy.yaml rename to resources/v1.22.3/charts/base/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.22.1/charts/base/templates/zzz_profile.yaml b/resources/v1.22.3/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.22.1/charts/base/templates/zzz_profile.yaml rename to resources/v1.22.3/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.22.1/charts/base/values.yaml b/resources/v1.22.3/charts/base/values.yaml similarity index 100% rename from resources/v1.22.1/charts/base/values.yaml rename to resources/v1.22.3/charts/base/values.yaml diff --git a/resources/v1.22.1/charts/cni/Chart.yaml b/resources/v1.22.3/charts/cni/Chart.yaml similarity index 85% rename from resources/v1.22.1/charts/cni/Chart.yaml rename to resources/v1.22.3/charts/cni/Chart.yaml index 0ae71a696..990f1e4e3 100644 --- a/resources/v1.22.1/charts/cni/Chart.yaml +++ b/resources/v1.22.3/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22.1 +appVersion: 1.22.3 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.22.1 +version: 1.22.3 diff --git a/resources/v1.22.1/charts/cni/README.md b/resources/v1.22.3/charts/cni/README.md similarity index 100% rename from resources/v1.22.1/charts/cni/README.md rename to resources/v1.22.3/charts/cni/README.md diff --git a/resources/v1.22.1/charts/cni/files/profile-ambient.yaml b/resources/v1.22.3/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/files/profile-ambient.yaml rename to resources/v1.22.3/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.22.1/charts/base/files/profile-compatibility-version-1.20.yaml b/resources/v1.22.3/charts/cni/files/profile-compatibility-version-1.20.yaml similarity index 93% rename from resources/v1.22.1/charts/base/files/profile-compatibility-version-1.20.yaml rename to resources/v1.22.3/charts/cni/files/profile-compatibility-version-1.20.yaml index e602ba86b..480718f1c 100644 --- a/resources/v1.22.1/charts/base/files/profile-compatibility-version-1.20.yaml +++ b/resources/v1.22.3/charts/cni/files/profile-compatibility-version-1.20.yaml @@ -11,6 +11,7 @@ pilot: ENABLE_AUTO_SNI: "false" # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" meshConfig: diff --git a/resources/v1.22.1/charts/istiod/files/profile-compatibility-version-1.21.yaml b/resources/v1.22.3/charts/cni/files/profile-compatibility-version-1.21.yaml similarity index 91% rename from resources/v1.22.1/charts/istiod/files/profile-compatibility-version-1.21.yaml rename to resources/v1.22.3/charts/cni/files/profile-compatibility-version-1.21.yaml index 0c0fbfa4e..808d224ed 100644 --- a/resources/v1.22.1/charts/istiod/files/profile-compatibility-version-1.21.yaml +++ b/resources/v1.22.3/charts/cni/files/profile-compatibility-version-1.21.yaml @@ -5,6 +5,7 @@ pilot: env: # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" meshConfig: # 1.22 behavioral changes diff --git a/resources/v1.22.1/charts/cni/files/profile-demo.yaml b/resources/v1.22.3/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/files/profile-demo.yaml rename to resources/v1.22.3/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.22.1/charts/cni/files/profile-openshift-ambient.yaml b/resources/v1.22.3/charts/cni/files/profile-openshift-ambient.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/files/profile-openshift-ambient.yaml rename to resources/v1.22.3/charts/cni/files/profile-openshift-ambient.yaml diff --git a/resources/v1.22.1/charts/cni/files/profile-openshift.yaml b/resources/v1.22.3/charts/cni/files/profile-openshift.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/files/profile-openshift.yaml rename to resources/v1.22.3/charts/cni/files/profile-openshift.yaml diff --git a/resources/v1.22.1/charts/cni/files/profile-preview.yaml b/resources/v1.22.3/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/files/profile-preview.yaml rename to resources/v1.22.3/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.22.1/charts/cni/files/profile-stable.yaml b/resources/v1.22.3/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/files/profile-stable.yaml rename to resources/v1.22.3/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.22.1/charts/cni/templates/NOTES.txt b/resources/v1.22.3/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.22.1/charts/cni/templates/NOTES.txt rename to resources/v1.22.3/charts/cni/templates/NOTES.txt diff --git a/resources/v1.22.1/charts/cni/templates/clusterrole.yaml b/resources/v1.22.3/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/templates/clusterrole.yaml rename to resources/v1.22.3/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.22.1/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.22.3/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.22.3/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.22.1/charts/cni/templates/configmap-cni.yaml b/resources/v1.22.3/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/templates/configmap-cni.yaml rename to resources/v1.22.3/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.22.1/charts/cni/templates/daemonset.yaml b/resources/v1.22.3/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/templates/daemonset.yaml rename to resources/v1.22.3/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.22.1/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.22.3/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.22.3/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.22.1/charts/cni/templates/resourcequota.yaml b/resources/v1.22.3/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/templates/resourcequota.yaml rename to resources/v1.22.3/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.22.1/charts/cni/templates/serviceaccount.yaml b/resources/v1.22.3/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/templates/serviceaccount.yaml rename to resources/v1.22.3/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.22.1/charts/cni/templates/zzz_profile.yaml b/resources/v1.22.3/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.22.1/charts/cni/templates/zzz_profile.yaml rename to resources/v1.22.3/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.22.1/charts/cni/values.yaml b/resources/v1.22.3/charts/cni/values.yaml similarity index 99% rename from resources/v1.22.1/charts/cni/values.yaml rename to resources/v1.22.3/charts/cni/values.yaml index e6974490a..f40a5f801 100644 --- a/resources/v1.22.1/charts/cni/values.yaml +++ b/resources/v1.22.3/charts/cni/values.yaml @@ -110,7 +110,7 @@ defaults: hub: docker.io/istio # Default tag for Istio images. - tag: 1.22.1 + tag: 1.22.3 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.22.1/charts/gateway/Chart.yaml b/resources/v1.22.3/charts/gateway/Chart.yaml similarity index 86% rename from resources/v1.22.1/charts/gateway/Chart.yaml rename to resources/v1.22.3/charts/gateway/Chart.yaml index 12ae4ce06..626ba6957 100644 --- a/resources/v1.22.1/charts/gateway/Chart.yaml +++ b/resources/v1.22.3/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.22.1 +appVersion: 1.22.3 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.22.1 +version: 1.22.3 diff --git a/resources/v1.22.1/charts/gateway/README.md b/resources/v1.22.3/charts/gateway/README.md similarity index 100% rename from resources/v1.22.1/charts/gateway/README.md rename to resources/v1.22.3/charts/gateway/README.md diff --git a/resources/v1.22.1/charts/gateway/files/profile-ambient.yaml b/resources/v1.22.3/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/files/profile-ambient.yaml rename to resources/v1.22.3/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.22.1/charts/gateway/files/profile-compatibility-version-1.20.yaml b/resources/v1.22.3/charts/gateway/files/profile-compatibility-version-1.20.yaml similarity index 93% rename from resources/v1.22.1/charts/gateway/files/profile-compatibility-version-1.20.yaml rename to resources/v1.22.3/charts/gateway/files/profile-compatibility-version-1.20.yaml index e602ba86b..480718f1c 100644 --- a/resources/v1.22.1/charts/gateway/files/profile-compatibility-version-1.20.yaml +++ b/resources/v1.22.3/charts/gateway/files/profile-compatibility-version-1.20.yaml @@ -11,6 +11,7 @@ pilot: ENABLE_AUTO_SNI: "false" # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" meshConfig: diff --git a/resources/v1.22.1/charts/base/files/profile-compatibility-version-1.21.yaml b/resources/v1.22.3/charts/gateway/files/profile-compatibility-version-1.21.yaml similarity index 91% rename from resources/v1.22.1/charts/base/files/profile-compatibility-version-1.21.yaml rename to resources/v1.22.3/charts/gateway/files/profile-compatibility-version-1.21.yaml index 0c0fbfa4e..808d224ed 100644 --- a/resources/v1.22.1/charts/base/files/profile-compatibility-version-1.21.yaml +++ b/resources/v1.22.3/charts/gateway/files/profile-compatibility-version-1.21.yaml @@ -5,6 +5,7 @@ pilot: env: # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" meshConfig: # 1.22 behavioral changes diff --git a/resources/v1.22.1/charts/gateway/files/profile-demo.yaml b/resources/v1.22.3/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/files/profile-demo.yaml rename to resources/v1.22.3/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.22.1/charts/gateway/files/profile-openshift-ambient.yaml b/resources/v1.22.3/charts/gateway/files/profile-openshift-ambient.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/files/profile-openshift-ambient.yaml rename to resources/v1.22.3/charts/gateway/files/profile-openshift-ambient.yaml diff --git a/resources/v1.22.1/charts/gateway/files/profile-openshift.yaml b/resources/v1.22.3/charts/gateway/files/profile-openshift.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/files/profile-openshift.yaml rename to resources/v1.22.3/charts/gateway/files/profile-openshift.yaml diff --git a/resources/v1.22.1/charts/gateway/files/profile-preview.yaml b/resources/v1.22.3/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/files/profile-preview.yaml rename to resources/v1.22.3/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.22.1/charts/gateway/files/profile-stable.yaml b/resources/v1.22.3/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/files/profile-stable.yaml rename to resources/v1.22.3/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.22.1/charts/gateway/templates/NOTES.txt b/resources/v1.22.3/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.22.1/charts/gateway/templates/NOTES.txt rename to resources/v1.22.3/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.22.1/charts/gateway/templates/_helpers.tpl b/resources/v1.22.3/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.22.1/charts/gateway/templates/_helpers.tpl rename to resources/v1.22.3/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.22.1/charts/gateway/templates/deployment.yaml b/resources/v1.22.3/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/templates/deployment.yaml rename to resources/v1.22.3/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.22.1/charts/gateway/templates/hpa.yaml b/resources/v1.22.3/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/templates/hpa.yaml rename to resources/v1.22.3/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.22.1/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.22.3/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.22.3/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.22.1/charts/gateway/templates/role.yaml b/resources/v1.22.3/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/templates/role.yaml rename to resources/v1.22.3/charts/gateway/templates/role.yaml diff --git a/resources/v1.22.1/charts/gateway/templates/service.yaml b/resources/v1.22.3/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/templates/service.yaml rename to resources/v1.22.3/charts/gateway/templates/service.yaml diff --git a/resources/v1.22.1/charts/gateway/templates/serviceaccount.yaml b/resources/v1.22.3/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.22.3/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.22.1/charts/gateway/templates/zzz_profile.yaml b/resources/v1.22.3/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.22.1/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.22.3/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.22.1/charts/gateway/values.schema.json b/resources/v1.22.3/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.22.1/charts/gateway/values.schema.json rename to resources/v1.22.3/charts/gateway/values.schema.json diff --git a/resources/v1.22.1/charts/gateway/values.yaml b/resources/v1.22.3/charts/gateway/values.yaml similarity index 98% rename from resources/v1.22.1/charts/gateway/values.yaml rename to resources/v1.22.3/charts/gateway/values.yaml index a74a3ab7e..1432f4d7b 100644 --- a/resources/v1.22.1/charts/gateway/values.yaml +++ b/resources/v1.22.3/charts/gateway/values.yaml @@ -34,8 +34,8 @@ defaults: # Define the security context for the pod. # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: ~ - containerSecurityContext: ~ + securityContext: {} + containerSecurityContext: {} service: # Type of service. Set to "None" to disable the service entirely diff --git a/resources/v1.22.1/charts/istiod/Chart.yaml b/resources/v1.22.3/charts/istiod/Chart.yaml similarity index 86% rename from resources/v1.22.1/charts/istiod/Chart.yaml rename to resources/v1.22.3/charts/istiod/Chart.yaml index 43b74256e..3cf7bd630 100644 --- a/resources/v1.22.1/charts/istiod/Chart.yaml +++ b/resources/v1.22.3/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22.1 +appVersion: 1.22.3 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.22.1 +version: 1.22.3 diff --git a/resources/v1.22.1/charts/istiod/README.md b/resources/v1.22.3/charts/istiod/README.md similarity index 100% rename from resources/v1.22.1/charts/istiod/README.md rename to resources/v1.22.3/charts/istiod/README.md diff --git a/resources/v1.22.1/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.22.3/charts/istiod/files/gateway-injection-template.yaml similarity index 98% rename from resources/v1.22.1/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.22.3/charts/istiod/files/gateway-injection-template.yaml index 97f47888f..90a6841ea 100644 --- a/resources/v1.22.1/charts/istiod/files/gateway-injection-template.yaml +++ b/resources/v1.22.3/charts/istiod/files/gateway-injection-template.yaml @@ -13,9 +13,13 @@ metadata: } spec: securityContext: + {{- if .Values.gateways.securityContext }} + {{- toYaml .Values.gateways.securityContext | nindent 4 }} + {{- else }} sysctls: - name: net.ipv4.ip_unprivileged_port_start value: "0" + {{- end }} containers: - name: istio-proxy {{- if contains "/" .Values.global.proxy.image }} diff --git a/resources/v1.22.1/charts/istiod/files/grpc-agent.yaml b/resources/v1.22.3/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/files/grpc-agent.yaml rename to resources/v1.22.3/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.22.1/charts/istiod/files/grpc-simple.yaml b/resources/v1.22.3/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/files/grpc-simple.yaml rename to resources/v1.22.3/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.22.1/charts/istiod/files/injection-template.yaml b/resources/v1.22.3/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/files/injection-template.yaml rename to resources/v1.22.3/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.22.1/charts/istiod/files/kube-gateway.yaml b/resources/v1.22.3/charts/istiod/files/kube-gateway.yaml similarity index 98% rename from resources/v1.22.1/charts/istiod/files/kube-gateway.yaml rename to resources/v1.22.3/charts/istiod/files/kube-gateway.yaml index 8d1dc5de9..c121cb652 100644 --- a/resources/v1.22.1/charts/istiod/files/kube-gateway.yaml +++ b/resources/v1.22.3/charts/istiod/files/kube-gateway.yaml @@ -71,10 +71,14 @@ spec: {{- if ge .KubeVersion 122 }} {{/* safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326. */}} securityContext: + {{- if .Values.gateways.securityContext }} + {{- toYaml .Values.gateways.securityContext | nindent 8 }} + {{- else }} sysctls: - name: net.ipv4.ip_unprivileged_port_start value: "0" {{- end }} + {{- end }} serviceAccountName: {{.ServiceAccount | quote}} containers: - name: istio-proxy diff --git a/resources/v1.22.1/charts/istiod/files/profile-ambient.yaml b/resources/v1.22.3/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/files/profile-ambient.yaml rename to resources/v1.22.3/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.22.1/charts/istiod/files/profile-compatibility-version-1.20.yaml b/resources/v1.22.3/charts/istiod/files/profile-compatibility-version-1.20.yaml similarity index 93% rename from resources/v1.22.1/charts/istiod/files/profile-compatibility-version-1.20.yaml rename to resources/v1.22.3/charts/istiod/files/profile-compatibility-version-1.20.yaml index e602ba86b..480718f1c 100644 --- a/resources/v1.22.1/charts/istiod/files/profile-compatibility-version-1.20.yaml +++ b/resources/v1.22.3/charts/istiod/files/profile-compatibility-version-1.20.yaml @@ -11,6 +11,7 @@ pilot: ENABLE_AUTO_SNI: "false" # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" meshConfig: diff --git a/resources/v1.22.1/charts/cni/files/profile-compatibility-version-1.21.yaml b/resources/v1.22.3/charts/istiod/files/profile-compatibility-version-1.21.yaml similarity index 91% rename from resources/v1.22.1/charts/cni/files/profile-compatibility-version-1.21.yaml rename to resources/v1.22.3/charts/istiod/files/profile-compatibility-version-1.21.yaml index 0c0fbfa4e..808d224ed 100644 --- a/resources/v1.22.1/charts/cni/files/profile-compatibility-version-1.21.yaml +++ b/resources/v1.22.3/charts/istiod/files/profile-compatibility-version-1.21.yaml @@ -5,6 +5,7 @@ pilot: env: # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" meshConfig: # 1.22 behavioral changes diff --git a/resources/v1.22.1/charts/istiod/files/profile-demo.yaml b/resources/v1.22.3/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/files/profile-demo.yaml rename to resources/v1.22.3/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.22.1/charts/istiod/files/profile-openshift-ambient.yaml b/resources/v1.22.3/charts/istiod/files/profile-openshift-ambient.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/files/profile-openshift-ambient.yaml rename to resources/v1.22.3/charts/istiod/files/profile-openshift-ambient.yaml diff --git a/resources/v1.22.1/charts/istiod/files/profile-openshift.yaml b/resources/v1.22.3/charts/istiod/files/profile-openshift.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/files/profile-openshift.yaml rename to resources/v1.22.3/charts/istiod/files/profile-openshift.yaml diff --git a/resources/v1.22.1/charts/istiod/files/profile-preview.yaml b/resources/v1.22.3/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/files/profile-preview.yaml rename to resources/v1.22.3/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.22.1/charts/istiod/files/profile-stable.yaml b/resources/v1.22.3/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/files/profile-stable.yaml rename to resources/v1.22.3/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.22.1/charts/istiod/files/waypoint.yaml b/resources/v1.22.3/charts/istiod/files/waypoint.yaml similarity index 98% rename from resources/v1.22.1/charts/istiod/files/waypoint.yaml rename to resources/v1.22.3/charts/istiod/files/waypoint.yaml index 0787767fb..8613330c3 100644 --- a/resources/v1.22.1/charts/istiod/files/waypoint.yaml +++ b/resources/v1.22.3/charts/istiod/files/waypoint.yaml @@ -212,7 +212,10 @@ spec: securityContext: privileged: false runAsGroup: 1337 - runAsUser: 0 + runAsUser: 1337 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true capabilities: drop: - ALL diff --git a/resources/v1.22.1/charts/istiod/templates/NOTES.txt b/resources/v1.22.3/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/NOTES.txt rename to resources/v1.22.3/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.22.1/charts/istiod/templates/_helpers.tpl b/resources/v1.22.3/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/_helpers.tpl rename to resources/v1.22.3/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.22.1/charts/istiod/templates/autoscale.yaml b/resources/v1.22.3/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/autoscale.yaml rename to resources/v1.22.3/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/clusterrole.yaml b/resources/v1.22.3/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/clusterrole.yaml rename to resources/v1.22.3/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.22.3/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.22.3/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.22.3/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.22.3/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/configmap.yaml b/resources/v1.22.3/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/configmap.yaml rename to resources/v1.22.3/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/deployment.yaml b/resources/v1.22.3/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/deployment.yaml rename to resources/v1.22.3/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.22.3/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 96% rename from resources/v1.22.1/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.22.3/charts/istiod/templates/istiod-injector-configmap.yaml index 30e471497..24416c488 100644 --- a/resources/v1.22.1/charts/istiod/templates/istiod-injector-configmap.yaml +++ b/resources/v1.22.3/charts/istiod/templates/istiod-injector-configmap.yaml @@ -15,6 +15,8 @@ data: {{ $vals := pick .Values "global" "istio_cni" "sidecarInjectorWebhook" "revision" -}} {{ $pilotVals := pick .Values.pilot "cni" -}} {{ $vals = set $vals "pilot" $pilotVals -}} +{{ $gatewayVals := pick .Values.gateways "securityContext" -}} +{{ $vals = set $vals "gateways" $gatewayVals -}} {{ $vals | toPrettyJson | indent 4 }} # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching diff --git a/resources/v1.22.1/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.22.3/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.22.3/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.22.3/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.22.3/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.22.3/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.22.3/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.22.3/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.22.3/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/revision-tags.yaml b/resources/v1.22.3/charts/istiod/templates/revision-tags.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/revision-tags.yaml rename to resources/v1.22.3/charts/istiod/templates/revision-tags.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/role.yaml b/resources/v1.22.3/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/role.yaml rename to resources/v1.22.3/charts/istiod/templates/role.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/rolebinding.yaml b/resources/v1.22.3/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/rolebinding.yaml rename to resources/v1.22.3/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/service.yaml b/resources/v1.22.3/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/service.yaml rename to resources/v1.22.3/charts/istiod/templates/service.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/serviceaccount.yaml b/resources/v1.22.3/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.22.3/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.22.3/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.22.3/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.22.3/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.22.3/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.22.1/charts/istiod/templates/zzz_profile.yaml b/resources/v1.22.3/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.22.1/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.22.3/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.22.1/charts/istiod/values.yaml b/resources/v1.22.3/charts/istiod/values.yaml similarity index 98% rename from resources/v1.22.1/charts/istiod/values.yaml rename to resources/v1.22.3/charts/istiod/values.yaml index e87b1bf37..cde10002b 100644 --- a/resources/v1.22.1/charts/istiod/values.yaml +++ b/resources/v1.22.3/charts/istiod/values.yaml @@ -234,7 +234,7 @@ defaults: # Dev builds from prow are on gcr.io hub: docker.io/istio # Default tag for Istio images. - tag: 1.22.1 + tag: 1.22.3 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" @@ -505,3 +505,10 @@ defaults: # `chained` has been deprecated and will be removed in a future release. use `provider` instead chained: true provider: default + + # Gateway Settings + gateways: + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} diff --git a/resources/v1.22.1/charts/ztunnel/Chart.yaml b/resources/v1.22.3/charts/ztunnel/Chart.yaml similarity index 86% rename from resources/v1.22.1/charts/ztunnel/Chart.yaml rename to resources/v1.22.3/charts/ztunnel/Chart.yaml index ff0fc19de..8bc58b9bd 100644 --- a/resources/v1.22.1/charts/ztunnel/Chart.yaml +++ b/resources/v1.22.3/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.22.1 +appVersion: 1.22.3 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.22.1 +version: 1.22.3 diff --git a/resources/v1.22.1/charts/ztunnel/README.md b/resources/v1.22.3/charts/ztunnel/README.md similarity index 100% rename from resources/v1.22.1/charts/ztunnel/README.md rename to resources/v1.22.3/charts/ztunnel/README.md diff --git a/resources/v1.22.1/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.22.3/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.22.1/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.22.3/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.22.3/charts/ztunnel/files/profile-compatibility-version-1.20.yaml b/resources/v1.22.3/charts/ztunnel/files/profile-compatibility-version-1.20.yaml new file mode 100644 index 000000000..480718f1c --- /dev/null +++ b/resources/v1.22.3/charts/ztunnel/files/profile-compatibility-version-1.20.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.21 behavioral changes + ENABLE_EXTERNAL_NAME_ALIAS: "false" + PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING: "true" + VERIFY_CERTIFICATE_AT_CLIENT: "false" + ENABLE_AUTO_SNI: "false" + + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" + +meshConfig: + # 1.22 behavioral changes + defaultConfig: + proxyMetadata: + ISTIO_DELTA_XDS: "false" + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.22.3/charts/ztunnel/files/profile-compatibility-version-1.21.yaml b/resources/v1.22.3/charts/ztunnel/files/profile-compatibility-version-1.21.yaml new file mode 100644 index 000000000..808d224ed --- /dev/null +++ b/resources/v1.22.3/charts/ztunnel/files/profile-compatibility-version-1.21.yaml @@ -0,0 +1,17 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.22 behavioral changes + ENABLE_ENHANCED_RESOURCE_SCOPING: "false" + ENABLE_RESOLUTION_NONE_TARGET_PORT: "false" +meshConfig: + # 1.22 behavioral changes + proxyMetadata: + ISTIO_DELTA_XDS: "false" + defaultConfig: + tracing: + zipkin: + address: zipkin.istio-system:9411 diff --git a/resources/v1.22.1/charts/ztunnel/files/profile-demo.yaml b/resources/v1.22.3/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.22.1/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.22.3/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.22.1/charts/ztunnel/files/profile-openshift-ambient.yaml b/resources/v1.22.3/charts/ztunnel/files/profile-openshift-ambient.yaml similarity index 100% rename from resources/v1.22.1/charts/ztunnel/files/profile-openshift-ambient.yaml rename to resources/v1.22.3/charts/ztunnel/files/profile-openshift-ambient.yaml diff --git a/resources/v1.22.1/charts/ztunnel/files/profile-openshift.yaml b/resources/v1.22.3/charts/ztunnel/files/profile-openshift.yaml similarity index 100% rename from resources/v1.22.1/charts/ztunnel/files/profile-openshift.yaml rename to resources/v1.22.3/charts/ztunnel/files/profile-openshift.yaml diff --git a/resources/v1.22.1/charts/ztunnel/files/profile-preview.yaml b/resources/v1.22.3/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.22.1/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.22.3/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.22.1/charts/ztunnel/files/profile-stable.yaml b/resources/v1.22.3/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.22.1/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.22.3/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.22.1/charts/ztunnel/templates/NOTES.txt b/resources/v1.22.3/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.22.1/charts/ztunnel/templates/NOTES.txt rename to resources/v1.22.3/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.22.1/charts/ztunnel/templates/daemonset.yaml b/resources/v1.22.3/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.22.1/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.22.3/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.22.1/charts/ztunnel/templates/rbac.yaml b/resources/v1.22.3/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.22.1/charts/ztunnel/templates/rbac.yaml rename to resources/v1.22.3/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.22.1/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.22.3/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.22.1/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.22.3/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.22.1/charts/ztunnel/values.yaml b/resources/v1.22.3/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.22.1/charts/ztunnel/values.yaml rename to resources/v1.22.3/charts/ztunnel/values.yaml index 2a0a2e368..1e51bdb60 100644 --- a/resources/v1.22.1/charts/ztunnel/values.yaml +++ b/resources/v1.22.3/charts/ztunnel/values.yaml @@ -2,7 +2,7 @@ defaults: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: docker.io/istio # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.22.1 + tag: 1.22.3 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.22.1/profiles/ambient.yaml b/resources/v1.22.3/profiles/ambient.yaml similarity index 100% rename from resources/v1.22.1/profiles/ambient.yaml rename to resources/v1.22.3/profiles/ambient.yaml diff --git a/resources/v1.22.1/profiles/default.yaml b/resources/v1.22.3/profiles/default.yaml similarity index 100% rename from resources/v1.22.1/profiles/default.yaml rename to resources/v1.22.3/profiles/default.yaml diff --git a/resources/v1.22.1/profiles/demo.yaml b/resources/v1.22.3/profiles/demo.yaml similarity index 100% rename from resources/v1.22.1/profiles/demo.yaml rename to resources/v1.22.3/profiles/demo.yaml diff --git a/resources/v1.22.1/profiles/empty.yaml b/resources/v1.22.3/profiles/empty.yaml similarity index 100% rename from resources/v1.22.1/profiles/empty.yaml rename to resources/v1.22.3/profiles/empty.yaml diff --git a/resources/v1.22.1/profiles/minimal.yaml b/resources/v1.22.3/profiles/minimal.yaml similarity index 100% rename from resources/v1.22.1/profiles/minimal.yaml rename to resources/v1.22.3/profiles/minimal.yaml diff --git a/resources/v1.22.1/profiles/openshift-ambient.yaml b/resources/v1.22.3/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.22.1/profiles/openshift-ambient.yaml rename to resources/v1.22.3/profiles/openshift-ambient.yaml diff --git a/resources/v1.22.1/profiles/openshift.yaml b/resources/v1.22.3/profiles/openshift.yaml similarity index 100% rename from resources/v1.22.1/profiles/openshift.yaml rename to resources/v1.22.3/profiles/openshift.yaml diff --git a/resources/v1.22.1/profiles/preview.yaml b/resources/v1.22.3/profiles/preview.yaml similarity index 100% rename from resources/v1.22.1/profiles/preview.yaml rename to resources/v1.22.3/profiles/preview.yaml diff --git a/resources/v1.22.1/profiles/remote.yaml b/resources/v1.22.3/profiles/remote.yaml similarity index 100% rename from resources/v1.22.1/profiles/remote.yaml rename to resources/v1.22.3/profiles/remote.yaml diff --git a/resources/v1.22.1/profiles/stable.yaml b/resources/v1.22.3/profiles/stable.yaml similarity index 100% rename from resources/v1.22.1/profiles/stable.yaml rename to resources/v1.22.3/profiles/stable.yaml