Migrate Istio images from DockerHub to GCR (#3022)
* switch to gcr from dockerhub Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * update scripts Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * update scritps and readmes Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * run synchronize scripts Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * add patches to update busybox image Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * update cluster-specific note Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * revert typo in synchronize script and rerun them Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * keep newer knative versions Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * Enable native sidecars in Istio CNI Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * Update istio CNI docs Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * use image transformation insted of patches Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * run istio-cni sync script Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> * Update kustomization.yaml Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update istio-ingressgateway-deployment.yaml Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update istio-ingressgateway-deployment.yaml Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update kustomization.yaml Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update profile.yaml Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update install.yaml Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update kustomization.yaml Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> * Update kustomization.yaml Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> --------- Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com> Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
This commit is contained in:
Harshvir Potpose
GitHub
parent
8d69c8db9d
commit
194b54302a
|
|
@ -11,4 +11,6 @@ rules:
|
|||
line-length:
|
||||
max: 400
|
||||
truthy:
|
||||
allowed-values: ['on', 'off', 'true', 'false']
|
||||
allowed-values: ['on', 'off', 'true', 'false']
|
||||
empty-lines:
|
||||
level: warning
|
||||
|
|
@ -74,7 +74,7 @@ The following matrix shows the versions of common components used across differe
|
|||
|
||||
| Component | Local Manifests Path | Upstream Revision |
|
||||
| - | - | - |
|
||||
| Istio | common/istio-1-24 | [1.24.2](https://github.com/istio/istio/releases/tag/1.24.2) |
|
||||
| Istio | common/istio-1-24 | [1.24.3](https://github.com/istio/istio/releases/tag/1.24.3) |
|
||||
| Knative | common/knative/knative-serving <br /> common/knative/knative-eventing | [v1.16.2](https://github.com/knative/serving/releases/tag/knative-v1.16.2) <br /> [v1.16.4](https://github.com/knative/eventing/releases/tag/knative-v1.16.4) |
|
||||
| Cert Manager | common/cert-manager | [1.16.1](https://github.com/cert-manager/cert-manager/releases/tag/v1.16.1) |
|
||||
|
||||
|
|
|
|||
|
|
@ -8,49 +8,35 @@ In this section, we explain how to upgrade our istio kustomize packages
|
|||
by leveraging `istioctl`. Assuming the new version is `X.Y.Z` and the
|
||||
old version is `X1.Y1.Z1`:
|
||||
|
||||
1. Make a copy of the old istio manifests tree, which will become the
|
||||
1. Make a copy of the old istio manifests tree, which will become the
|
||||
kustomization for the new Istio version:
|
||||
|
||||
$ export MANIFESTS_SRC=<path/to/manifests/repo>
|
||||
$ export ISTIO_OLD=$MANIFESTS_SRC/common/istio-X1-Y1
|
||||
$ export ISTIO_NEW=$MANIFESTS_SRC/common/istio-X-Y
|
||||
$ cp -a $ISTIO_OLD $ISTIO_NEW
|
||||
export MANIFESTS_SRC=<path/to/manifests/repo>
|
||||
export ISTIO_OLD=$MANIFESTS_SRC/common/istio-X1-Y1
|
||||
export ISTIO_NEW=$MANIFESTS_SRC/common/istio-X-Y
|
||||
cp -a $ISTIO_OLD $ISTIO_NEW
|
||||
|
||||
2. Download `istioctl` for version `X.Y.Z`:
|
||||
2. Download `istioctl` for version `X.Y.Z`:
|
||||
|
||||
$ ISTIO_VERSION="X.Y.Z"
|
||||
$ wget "https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz"
|
||||
$ tar xvfz istio-${ISTIO_VERSION}-linux-amd64.tar.gz
|
||||
# sudo mv istio-${ISTIO_VERSION}/bin/istioctl /usr/local/bin/istioctl
|
||||
|
||||
3. Use `istioctl` to generate an `IstioOperator` resource, the
|
||||
CustomResource used to describe the Istio Control Plane:
|
||||
|
||||
$ cd $ISTIO_NEW
|
||||
$ istioctl profile dump default > profile.yaml
|
||||
|
||||
---
|
||||
**NOTE**
|
||||
|
||||
`istioctl` comes with a bunch of [predefined profiles](https://istio.io/latest/docs/setup/additional-setup/config-profiles/)
|
||||
(`default`, `demo`, `minimal`, etc.). The `default` profile is installed by default.
|
||||
|
||||
---
|
||||
|
||||
4. Generate manifests and add them to their respective packages. We
|
||||
3. Generate manifests and add them to their respective packages. We
|
||||
will generate manifests using `istioctl`, the
|
||||
`profile.yaml` file from upstream and the
|
||||
`profile-overlay.yaml` file that contains our desired
|
||||
changes:
|
||||
|
||||
$ export PATH="$MANIFESTS_SRC/scripts:$PATH"
|
||||
$ cd $ISTIO_NEW
|
||||
$ istioctl manifest generate --cluster-specific -f profile.yaml -f profile-overlay.yaml > dump.yaml
|
||||
$ ./split-istio-packages -f dump.yaml
|
||||
$ mv $ISTIO_NEW/crd.yaml $ISTIO_NEW/istio-crds/base
|
||||
$ mv $ISTIO_NEW/install.yaml $ISTIO_NEW/istio-install/base
|
||||
$ mv $ISTIO_NEW/cluster-local-gateway.yaml $ISTIO_NEW/cluster-local-gateway/base
|
||||
$ rm dump.yaml
|
||||
export PATH="$MANIFESTS_SRC/scripts:$PATH"
|
||||
cd $ISTIO_NEW
|
||||
istioctl manifest generate --cluster-specific -f profile.yaml -f profile-overlay.yaml > dump.yaml
|
||||
./split-istio-packages -f dump.yaml
|
||||
mv $ISTIO_NEW/crd.yaml $ISTIO_NEW/istio-crds/base
|
||||
mv $ISTIO_NEW/install.yaml $ISTIO_NEW/istio-install/base
|
||||
mv $ISTIO_NEW/cluster-local-gateway.yaml $ISTIO_NEW/cluster-local-gateway/base
|
||||
rm dump.yaml
|
||||
|
||||
---
|
||||
**NOTE**
|
||||
|
|
@ -58,11 +44,9 @@ old version is `X1.Y1.Z1`:
|
|||
`split-istio-packages` is a python script in the same folder as this file.
|
||||
The `ruamel.yaml` version used is 0.16.12.
|
||||
|
||||
`--cluster-specific` is a flag that determines if a current K8s cluster context will be used to dynamically
|
||||
detect default settings. Ensure you have a target cluster ready before running the above commands.
|
||||
We set this flag because `istioctl manifest generate` generates manifest files with resources that are no
|
||||
longer supported in Kubernetes 1.25 (`policy/v1beta1`). See: https://github.com/istio/istio/issues/41220
|
||||
|
||||
`--cluster-specific` is a flag that determines if a current K8s cluster context will be used to dynamically detect default settings. Ensure you have a target cluster ready before running the above commands.
|
||||
We target Kubernetes 1.32+ for compatibility. The `--cluster-specific` flag helps ensure generated resources are compatible with your cluster version and configuration.
|
||||
|
||||
---
|
||||
|
||||
## Changes to Istio's upstream manifests
|
||||
|
|
@ -71,24 +55,23 @@ old version is `X1.Y1.Z1`:
|
|||
|
||||
Changes to Istio's upstream profile `default` are the following:
|
||||
|
||||
- Add a `cluster-local-gateway` component for Kserve. Knative-local-gateway is now obsolete https://github.com/kubeflow/manifests/pull/2355/commits/adc00b804404ea08685a044ae595be0bed9adb59.
|
||||
- Disable the EgressGateway component. We do not use it and it adds unnecessary complexity.
|
||||
- Add a `cluster-local-gateway` component for Kserve. Knative-local-gateway is now obsolete <https://github.com/kubeflow/manifests/pull/2355/commits/adc00b804404ea08685a044ae595be0bed9adb59>.
|
||||
- Disable the EgressGateway component. We do not use it and it adds unnecessary complexity.
|
||||
|
||||
Those changes are captured in the [profile-overlay.yaml](profile-overlay.yaml)
|
||||
file.
|
||||
These changes are captured in the [profile-overlay.yaml](profile-overlay.yaml) file.
|
||||
|
||||
### Changes to the upstream manifests using kustomize
|
||||
|
||||
The Istio kustomizations make the following changes:
|
||||
|
||||
- Remove PodDisruptionBudget from `istio-install` and `cluster-local-gateway` kustomizations. See:
|
||||
- https://github.com/istio/istio/issues/12602
|
||||
- https://github.com/istio/istio/issues/24000
|
||||
- <https://github.com/istio/istio/issues/12602>
|
||||
- <https://github.com/istio/istio/issues/24000>
|
||||
- Add Istio AuthorizationPolicy to allow all requests to the Istio Ingressgateway and the Istio cluster-local gateway.
|
||||
- Add Istio AuthorizationPolicy in Istio's root namespace, so that sidecars deny traffic by default (explicit deny-by-default authorization model).
|
||||
- Add Gateway CRs for the Istio Ingressgateway and the Istio cluster-local gateway, as `istioctl` stopped generating them in later versions.
|
||||
- Add the istio-system namespace object to `istio-namespace`, as `istioctl` stopped generating it in later versions.
|
||||
- Configure TCP KeepAlives.
|
||||
- Disable tracing as it causes DNS breakdown. See:
|
||||
https://github.com/istio/istio/issues/29898
|
||||
- Set ENABLE_DEBUG_ON_HTTP=false according to https://istio.io/latest/docs/ops/best-practices/security/#control-plane
|
||||
<https://github.com/istio/istio/issues/29898>
|
||||
- Set ENABLE_DEBUG_ON_HTTP=false according to <https://istio.io/latest/docs/ops/best-practices/security/#control-plane>
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
istio.io/rev: default
|
||||
|
|
@ -26,8 +26,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
istio.io/rev: default
|
||||
|
|
@ -58,9 +58,9 @@ spec:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
chart: gateways
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
heritage: Tiller
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
|
|
@ -127,8 +127,7 @@ spec:
|
|||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: cluster-local-gateway
|
||||
- name: ISTIO_META_OWNER
|
||||
value:
|
||||
kubernetes://apis/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway
|
||||
value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
|
|
@ -141,7 +140,7 @@ spec:
|
|||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
image: docker.io/istio/proxyv2:1.24.2
|
||||
image: gcr.io/istio-release/proxyv2:1.24.2
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
|
|
@ -258,8 +257,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
istio.io/rev: default
|
||||
|
|
@ -282,8 +281,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: IngressGateways
|
||||
|
|
@ -308,8 +307,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: IngressGateways
|
||||
|
|
@ -333,8 +332,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
istio.io/rev: default
|
||||
|
|
@ -367,8 +366,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
istio.io/rev: default
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: authorizationpolicies.security.istio.io
|
||||
spec:
|
||||
group: security.istio.io
|
||||
|
|
@ -258,8 +258,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -293,8 +293,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
type: object
|
||||
|
|
@ -611,8 +611,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -646,8 +646,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
type: object
|
||||
|
|
@ -741,8 +741,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: destinationrules.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -1039,9 +1039,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -1159,7 +1157,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -1411,9 +1409,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing,
|
||||
this is DestinationRule-level and will override
|
||||
mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -1535,7 +1531,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled
|
||||
as long as the associated load balancing pool
|
||||
has at least min_health_percent hosts in healthy
|
||||
has at least `minHealthPercent` hosts in healthy
|
||||
mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -1932,8 +1928,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this is DestinationRule-level
|
||||
and will override mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -2047,7 +2042,7 @@ spec:
|
|||
type: integer
|
||||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long as
|
||||
the associated load balancing pool has at least min_health_percent
|
||||
the associated load balancing pool has at least `minHealthPercent`
|
||||
hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -2294,9 +2289,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -2414,7 +2407,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -2956,9 +2949,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -3076,7 +3067,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -3328,9 +3319,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing,
|
||||
this is DestinationRule-level and will override
|
||||
mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -3452,7 +3441,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled
|
||||
as long as the associated load balancing pool
|
||||
has at least min_health_percent hosts in healthy
|
||||
has at least `minHealthPercent` hosts in healthy
|
||||
mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -3849,8 +3838,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this is DestinationRule-level
|
||||
and will override mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -3964,7 +3952,7 @@ spec:
|
|||
type: integer
|
||||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long as
|
||||
the associated load balancing pool has at least min_health_percent
|
||||
the associated load balancing pool has at least `minHealthPercent`
|
||||
hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -4211,9 +4199,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -4331,7 +4317,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -4873,9 +4859,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -4993,7 +4977,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -5245,9 +5229,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing,
|
||||
this is DestinationRule-level and will override
|
||||
mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -5369,7 +5351,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled
|
||||
as long as the associated load balancing pool
|
||||
has at least min_health_percent hosts in healthy
|
||||
has at least `minHealthPercent` hosts in healthy
|
||||
mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -5766,8 +5748,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this is DestinationRule-level
|
||||
and will override mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -5881,7 +5862,7 @@ spec:
|
|||
type: integer
|
||||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long as
|
||||
the associated load balancing pool has at least min_health_percent
|
||||
the associated load balancing pool has at least `minHealthPercent`
|
||||
hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -6128,9 +6109,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -6248,7 +6227,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -6520,8 +6499,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: envoyfilters.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -6679,7 +6658,7 @@ spec:
|
|||
additionalProperties:
|
||||
type: string
|
||||
description: Match on the node metadata supplied by
|
||||
a proxy when connecting to Istio Pilot.
|
||||
a proxy when connecting to istiod.
|
||||
type: object
|
||||
proxyVersion:
|
||||
description: A regular expression in golang regex format
|
||||
|
|
@ -6815,8 +6794,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
workloadSelector:
|
||||
|
|
@ -6926,8 +6905,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: gateways.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -7641,8 +7620,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: peerauthentications.security.istio.io
|
||||
spec:
|
||||
group: security.istio.io
|
||||
|
|
@ -7987,8 +7966,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: proxyconfigs.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -8137,8 +8116,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: requestauthentications.security.istio.io
|
||||
spec:
|
||||
group: security.istio.io
|
||||
|
|
@ -8322,8 +8301,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -8357,8 +8336,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
type: object
|
||||
|
|
@ -8609,8 +8588,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -8644,8 +8623,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
type: object
|
||||
|
|
@ -8739,8 +8718,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: serviceentries.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -8804,11 +8783,11 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :
|
||||
true"
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :\
|
||||
\ true"
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
|
@ -8853,8 +8832,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
maxItems: 4096
|
||||
type: array
|
||||
exportTo:
|
||||
|
|
@ -8962,15 +8941,15 @@ spec:
|
|||
rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1
|
||||
- message: CIDR addresses are allowed only for NONE/STATIC resolution
|
||||
types
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))
|
||||
&& (has(self.resolution) && self.resolution != 'STATIC' && self.resolution
|
||||
!= 'NONE'))"
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))\
|
||||
\ && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution\
|
||||
\ != 'NONE'))"
|
||||
- message: NONE mode cannot set endpoints
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)
|
||||
: true"
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)\
|
||||
\ : true"
|
||||
- message: DNS_ROUND_ROBIN mode cannot have multiple endpoints
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')
|
||||
? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')\
|
||||
\ ? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -9097,11 +9076,11 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :
|
||||
true"
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :\
|
||||
\ true"
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
|
@ -9146,8 +9125,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
maxItems: 4096
|
||||
type: array
|
||||
exportTo:
|
||||
|
|
@ -9255,15 +9234,15 @@ spec:
|
|||
rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1
|
||||
- message: CIDR addresses are allowed only for NONE/STATIC resolution
|
||||
types
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))
|
||||
&& (has(self.resolution) && self.resolution != 'STATIC' && self.resolution
|
||||
!= 'NONE'))"
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))\
|
||||
\ && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution\
|
||||
\ != 'NONE'))"
|
||||
- message: NONE mode cannot set endpoints
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)
|
||||
: true"
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)\
|
||||
\ : true"
|
||||
- message: DNS_ROUND_ROBIN mode cannot have multiple endpoints
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')
|
||||
? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')\
|
||||
\ ? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -9390,11 +9369,11 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :
|
||||
true"
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :\
|
||||
\ true"
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
|
@ -9439,8 +9418,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
maxItems: 4096
|
||||
type: array
|
||||
exportTo:
|
||||
|
|
@ -9548,15 +9527,15 @@ spec:
|
|||
rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1
|
||||
- message: CIDR addresses are allowed only for NONE/STATIC resolution
|
||||
types
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))
|
||||
&& (has(self.resolution) && self.resolution != 'STATIC' && self.resolution
|
||||
!= 'NONE'))"
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))\
|
||||
\ && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution\
|
||||
\ != 'NONE'))"
|
||||
- message: NONE mode cannot set endpoints
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)
|
||||
: true"
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)\
|
||||
\ : true"
|
||||
- message: DNS_ROUND_ROBIN mode cannot have multiple endpoints
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')
|
||||
? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')\
|
||||
\ ? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -9646,8 +9625,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: sidecars.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -11286,8 +11265,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: telemetries.telemetry.istio.io
|
||||
spec:
|
||||
group: telemetry.istio.io
|
||||
|
|
@ -11443,11 +11422,11 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: value must be set when operation is UPSERT
|
||||
rule: "((has(self.operation) ? self.operation : '')
|
||||
== 'UPSERT') ? self.value != '' : true"
|
||||
rule: "((has(self.operation) ? self.operation : '')\
|
||||
\ == 'UPSERT') ? self.value != '' : true"
|
||||
- message: value must not be set when operation is REMOVE
|
||||
rule: "((has(self.operation) ? self.operation : '')
|
||||
== 'REMOVE') ? !has(self.value) : true"
|
||||
rule: "((has(self.operation) ? self.operation : '')\
|
||||
\ == 'REMOVE') ? !has(self.value) : true"
|
||||
description: Optional.
|
||||
type: object
|
||||
type: object
|
||||
|
|
@ -11523,8 +11502,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -11558,8 +11537,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
tracing:
|
||||
|
|
@ -11891,11 +11870,11 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: value must be set when operation is UPSERT
|
||||
rule: "((has(self.operation) ? self.operation : '')
|
||||
== 'UPSERT') ? self.value != '' : true"
|
||||
rule: "((has(self.operation) ? self.operation : '')\
|
||||
\ == 'UPSERT') ? self.value != '' : true"
|
||||
- message: value must not be set when operation is REMOVE
|
||||
rule: "((has(self.operation) ? self.operation : '')
|
||||
== 'REMOVE') ? !has(self.value) : true"
|
||||
rule: "((has(self.operation) ? self.operation : '')\
|
||||
\ == 'REMOVE') ? !has(self.value) : true"
|
||||
description: Optional.
|
||||
type: object
|
||||
type: object
|
||||
|
|
@ -11971,8 +11950,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -12006,8 +11985,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
tracing:
|
||||
|
|
@ -12210,8 +12189,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: virtualservices.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -15346,8 +15325,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: wasmplugins.extensions.istio.io
|
||||
spec:
|
||||
group: extensions.istio.io
|
||||
|
|
@ -15519,8 +15498,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -15554,8 +15533,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
type:
|
||||
|
|
@ -15574,9 +15553,9 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: url must have schema one of [http, https, file, oci]
|
||||
rule: "isURL(self) ? (url(self).getScheme() in ['', 'http', 'https',
|
||||
'oci', 'file']) : (isURL('http://' + self) && url('http://' +self).getScheme()
|
||||
in ['', 'http', 'https', 'oci', 'file'])"
|
||||
rule: "isURL(self) ? (url(self).getScheme() in ['', 'http', 'https',\
|
||||
\ 'oci', 'file']) : (isURL('http://' + self) && url('http://'\
|
||||
\ +self).getScheme() in ['', 'http', 'https', 'oci', 'file'])"
|
||||
verificationKey:
|
||||
type: string
|
||||
vmConfig:
|
||||
|
|
@ -15610,8 +15589,8 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: value may only be set when valueFrom is INLINE
|
||||
rule: "(has(self.valueFrom) ? self.valueFrom : '') != 'HOST'
|
||||
|| !has(self.value)"
|
||||
rule: "(has(self.valueFrom) ? self.valueFrom : '') != 'HOST'\
|
||||
\ || !has(self.value)"
|
||||
maxItems: 256
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
|
|
@ -15713,8 +15692,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: workloadentries.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -15758,8 +15737,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'
|
||||
|| self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'\
|
||||
\ || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -15806,8 +15785,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)
|
||||
: true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)\
|
||||
\ : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -15914,8 +15893,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'
|
||||
|| self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'\
|
||||
\ || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -15962,8 +15941,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)
|
||||
: true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)\
|
||||
\ : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -16070,8 +16049,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'
|
||||
|| self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'\
|
||||
\ || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -16118,8 +16097,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)
|
||||
: true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)\
|
||||
\ : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -16207,8 +16186,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: workloadgroups.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -16380,8 +16359,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -16426,8 +16405,8 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
required:
|
||||
- template
|
||||
type: object
|
||||
|
|
@ -16665,8 +16644,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -16711,8 +16690,8 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
required:
|
||||
- template
|
||||
type: object
|
||||
|
|
@ -16950,8 +16929,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -16996,8 +16975,8 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
required:
|
||||
- template
|
||||
type: object
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-reader
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
release: istio
|
||||
name: istio-reader-service-account
|
||||
namespace: istio-system
|
||||
|
|
@ -22,8 +22,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod
|
||||
namespace: istio-system
|
||||
|
|
@ -37,8 +37,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-reader
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istio-reader-clusterrole-istio-system
|
||||
rules:
|
||||
|
|
@ -151,8 +151,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod-clusterrole-istio-system
|
||||
rules:
|
||||
|
|
@ -371,8 +371,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod-gateway-controller-istio-system
|
||||
rules:
|
||||
|
|
@ -422,8 +422,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-reader
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istio-reader-clusterrole-istio-system
|
||||
roleRef:
|
||||
|
|
@ -444,8 +444,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod-clusterrole-istio-system
|
||||
roleRef:
|
||||
|
|
@ -466,8 +466,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod-gateway-controller-istio-system
|
||||
roleRef:
|
||||
|
|
@ -488,8 +488,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
istio: istiod
|
||||
istio.io/rev: default
|
||||
release: istio
|
||||
|
|
@ -548,8 +548,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Pilot
|
||||
|
|
@ -1832,6 +1832,9 @@ data:
|
|||
{{- if .Values.global.logAsJson }}
|
||||
- --log_as_json
|
||||
{{- end }}
|
||||
{{- if .Values.global.proxy.outlierLogPath }}
|
||||
- --outlierLogPath={{ .Values.global.proxy.outlierLogPath }}
|
||||
{{- end}}
|
||||
env:
|
||||
- name: ISTIO_META_SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
|
|
@ -2410,7 +2413,7 @@ data:
|
|||
}
|
||||
},
|
||||
"externalIstiod": false,
|
||||
"hub": "docker.io/istio",
|
||||
"hub": "gcr.io/istio-release",
|
||||
"imagePullPolicy": "",
|
||||
"imagePullSecrets": [],
|
||||
"istioNamespace": "istio-system",
|
||||
|
|
@ -2524,8 +2527,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Pilot
|
||||
|
|
@ -2542,8 +2545,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Pilot
|
||||
|
|
@ -2700,8 +2703,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: pilot
|
||||
istio.io/rev: default
|
||||
|
|
@ -2729,8 +2732,8 @@ spec:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: pilot
|
||||
istio.io/dataplane-mode: none
|
||||
|
|
@ -2748,6 +2751,8 @@ spec:
|
|||
- --keepaliveMaxServerConnectionAge
|
||||
- 30m
|
||||
env:
|
||||
- name: ENABLE_NATIVE_SIDECARS
|
||||
value: 'true'
|
||||
- name: REVISION
|
||||
value: default
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
|
|
@ -2788,7 +2793,7 @@ spec:
|
|||
resource: limits.cpu
|
||||
- name: PLATFORM
|
||||
value: ''
|
||||
image: docker.io/istio/pilot:1.24.2
|
||||
image: gcr.io/istio-release/pilot:1.24.2
|
||||
name: discovery
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
|
|
@ -2884,8 +2889,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: pilot
|
||||
istio.io/rev: default
|
||||
|
|
@ -2909,8 +2914,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod
|
||||
namespace: istio-system
|
||||
|
|
@ -2957,8 +2962,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod
|
||||
namespace: istio-system
|
||||
|
|
@ -2980,8 +2985,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Pilot
|
||||
|
|
@ -3012,8 +3017,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: pilot
|
||||
istio.io/rev: default
|
||||
|
|
|
|||
|
|
@ -107,7 +107,7 @@ spec:
|
|||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
image: docker.io/istio/proxyv2:1.24.2
|
||||
image: gcr.io/istio-release/proxyv2:1.24.3
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15021
|
||||
|
|
|
|||
|
|
@ -17,5 +17,9 @@ patches:
|
|||
- path: patches/disable-debugging.yaml
|
||||
# - path: patches/istio-ingressgateway-remove-pdb.yaml
|
||||
- path: patches/istiod-remove-pdb.yaml
|
||||
# - path: patches/seccomp-istio-ingressgateway.yaml
|
||||
- path: patches/seccomp-istio-ingressgateway.yaml
|
||||
- path: patches/seccomp-istiod.yaml
|
||||
|
||||
images:
|
||||
- name: busybox
|
||||
newName: registry.k8s.io/busybox
|
||||
|
|
|
|||
|
|
@ -12,7 +12,11 @@ spec:
|
|||
name: istio-ingressgateway
|
||||
pilot:
|
||||
enabled: true
|
||||
hub: docker.io/istio
|
||||
k8s:
|
||||
env:
|
||||
- name: ENABLE_NATIVE_SIDECARS
|
||||
value: "true"
|
||||
hub: gcr.io/istio-release
|
||||
profile: default
|
||||
tag: 1.24.2
|
||||
values:
|
||||
|
|
@ -23,4 +27,3 @@ spec:
|
|||
global:
|
||||
configValidation: true
|
||||
istioNamespace: istio-system
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,13 @@
|
|||
# Istio-CNI
|
||||
|
||||
This uses istio-cni as described here https://istio.io/latest/docs/setup/additional-setup/cni/.
|
||||
Please be aware of Kserve and initcontainers https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers. Either use runasuser : 1337 xor add the annotation traffic.sidecar.istio.io/excludeOutboundIPRanges: 0.0.0.0/0 for kserve inferenceservices.
|
||||
This uses istio-cni as described here <https://istio.io/latest/docs/setup/additional-setup/cni/>.
|
||||
|
||||
This configuration also enables native sidecars for Istio through the `ENABLE_NATIVE_SIDECARS=true` environment variable in istiod. Native sidecars (introduced in Kubernetes 1.28 as an alpha feature) help address issues with init containers and application lifecycle management. Learn more about native sidecars at <https://istio.io/latest/blog/2023/native-sidecars/>.
|
||||
|
||||
With native sidecars enabled, init containers should be able to access the network through the Istio proxy. However, if you still encounter issues with KServe and init containers, you can refer to <https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers> and either:
|
||||
|
||||
1. Use `runAsUser: 1337` in your init containers, OR
|
||||
2. Add the annotation `traffic.sidecar.istio.io/excludeOutboundIPRanges: 0.0.0.0/0` to your KServe inferenceservices.
|
||||
|
||||
## Upgrade Istio Manifests
|
||||
|
||||
|
|
@ -11,49 +17,35 @@ In this section, we explain how to upgrade our istio kustomize packages
|
|||
by leveraging `istioctl`. Assuming the new version is `X.Y.Z` and the
|
||||
old version is `X1.Y1.Z1`:
|
||||
|
||||
1. Make a copy of the old istio manifests tree, which will become the
|
||||
1. Make a copy of the old istio manifests tree, which will become the
|
||||
kustomization for the new Istio version:
|
||||
|
||||
$ export MANIFESTS_SRC=<path/to/manifests/repo>
|
||||
$ export ISTIO_OLD=$MANIFESTS_SRC/common/istio-cni-X1-Y1
|
||||
$ export ISTIO_NEW=$MANIFESTS_SRC/common/istio-cni-X-Y
|
||||
$ cp -a $ISTIO_OLD $ISTIO_NEW
|
||||
export MANIFESTS_SRC=<path/to/manifests/repo>
|
||||
export ISTIO_OLD=$MANIFESTS_SRC/common/istio-cni-X1-Y1
|
||||
export ISTIO_NEW=$MANIFESTS_SRC/common/istio-cni-X-Y
|
||||
cp -a $ISTIO_OLD $ISTIO_NEW
|
||||
|
||||
2. Download `istioctl` for version `X.Y.Z`:
|
||||
2. Download `istioctl` for version `X.Y.Z`:
|
||||
|
||||
$ ISTIO_VERSION="X.Y.Z"
|
||||
$ wget "https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz"
|
||||
$ tar xvfz istio-${ISTIO_VERSION}-linux-amd64.tar.gz
|
||||
# sudo mv istio-${ISTIO_VERSION}/bin/istioctl /usr/local/bin/istioctl
|
||||
|
||||
3. Use `istioctl` to generate an `IstioOperator` resource, the
|
||||
CustomResource used to describe the Istio Control Plane:
|
||||
|
||||
$ cd $ISTIO_NEW
|
||||
$ istioctl profile dump default > profile.yaml
|
||||
|
||||
---
|
||||
**NOTE**
|
||||
|
||||
`istioctl` comes with a bunch of [predefined profiles](https://istio.io/latest/docs/setup/additional-setup/config-profiles/)
|
||||
(`default`, `demo`, `minimal`, etc.). The `default` profile is installed by default.
|
||||
|
||||
---
|
||||
|
||||
4. Generate manifests and add them to their respective packages. We
|
||||
3. Generate manifests and add them to their respective packages. We
|
||||
will generate manifests using `istioctl`, the
|
||||
`profile.yaml` file from upstream and the
|
||||
`profile-overlay.yaml` file that contains our desired
|
||||
changes:
|
||||
|
||||
$ export PATH="$MANIFESTS_SRC/scripts:$PATH"
|
||||
$ cd $ISTIO_NEW
|
||||
$ istioctl manifest generate --cluster-specific -f profile.yaml -f profile-overlay.yaml --set components.cni.enabled=true --set components.cni.namespace=kube-system > dump.yaml
|
||||
$ ./split-istio-packages -f dump.yaml
|
||||
$ mv $ISTIO_NEW/crd.yaml $ISTIO_NEW/istio-crds/base
|
||||
$ mv $ISTIO_NEW/install.yaml $ISTIO_NEW/istio-install/base
|
||||
$ mv $ISTIO_NEW/cluster-local-gateway.yaml $ISTIO_NEW/cluster-local-gateway/base
|
||||
$ rm dump.yaml
|
||||
export PATH="$MANIFESTS_SRC/scripts:$PATH"
|
||||
cd $ISTIO_NEW
|
||||
istioctl manifest generate --cluster-specific -f profile.yaml -f profile-overlay.yaml --set components.cni.enabled=true --set components.cni.namespace=kube-system > dump.yaml
|
||||
./split-istio-packages -f dump.yaml
|
||||
mv $ISTIO_NEW/crd.yaml $ISTIO_NEW/istio-crds/base
|
||||
mv $ISTIO_NEW/install.yaml $ISTIO_NEW/istio-install/base
|
||||
mv $ISTIO_NEW/cluster-local-gateway.yaml $ISTIO_NEW/cluster-local-gateway/base
|
||||
rm dump.yaml
|
||||
|
||||
---
|
||||
**NOTE**
|
||||
|
|
@ -61,11 +53,9 @@ old version is `X1.Y1.Z1`:
|
|||
`split-istio-packages` is a python script in the same folder as this file.
|
||||
The `ruamel.yaml` version used is 0.16.12.
|
||||
|
||||
`--cluster-specific` is a flag that determines if a current K8s cluster context will be used to dynamically
|
||||
detect default settings. Ensure you have a target cluster ready before running the above commands.
|
||||
We set this flag because `istioctl manifest generate` generates manifest files with resources that are no
|
||||
longer supported in Kubernetes 1.25 (`policy/v1beta1`). See: https://github.com/istio/istio/issues/41220
|
||||
|
||||
`--cluster-specific` is a flag that determines if a current K8s cluster context will be used to dynamically detect default settings. Ensure you have a target cluster ready before running the above commands.
|
||||
We target Kubernetes 1.32+ for compatibility. The `--cluster-specific` flag helps ensure generated resources are compatible with your cluster version and configuration.
|
||||
|
||||
---
|
||||
|
||||
## Changes to Istio's upstream manifests
|
||||
|
|
@ -74,8 +64,8 @@ old version is `X1.Y1.Z1`:
|
|||
|
||||
Changes to Istio's upstream profile `default` are the following:
|
||||
|
||||
- Add a `cluster-local-gateway` component for Kserve. Knative-local-gateway is now obsolete https://github.com/kubeflow/manifests/pull/2355/commits/adc00b804404ea08685a044ae595be0bed9adb59.
|
||||
- Disable the EgressGateway component. We do not use it and it adds unnecessary complexity.
|
||||
- Add a `cluster-local-gateway` component for Kserve. Knative-local-gateway is now obsolete <https://github.com/kubeflow/manifests/pull/2355/commits/adc00b804404ea08685a044ae595be0bed9adb59>.
|
||||
- Disable the EgressGateway component. We do not use it and it adds unnecessary complexity.
|
||||
|
||||
Those changes are captured in the [profile-overlay.yaml](profile-overlay.yaml)
|
||||
file.
|
||||
|
|
@ -85,13 +75,13 @@ file.
|
|||
The Istio kustomizations make the following changes:
|
||||
|
||||
- Remove PodDisruptionBudget from `istio-install` and `cluster-local-gateway` kustomizations. See:
|
||||
- https://github.com/istio/istio/issues/12602
|
||||
- https://github.com/istio/istio/issues/24000
|
||||
- <https://github.com/istio/istio/issues/12602>
|
||||
- <https://github.com/istio/istio/issues/24000>
|
||||
- Add Istio AuthorizationPolicy to allow all requests to the Istio Ingressgateway and the Istio cluster-local gateway.
|
||||
- Add Istio AuthorizationPolicy in Istio's root namespace, so that sidecars deny traffic by default (explicit deny-by-default authorization model).
|
||||
- Add Gateway CRs for the Istio Ingressgateway and the Istio cluster-local gateway, as `istioctl` stopped generating them in later versions.
|
||||
- Add the istio-system namespace object to `istio-namespace`, as `istioctl` stopped generating it in later versions.
|
||||
- Configure TCP KeepAlives.
|
||||
- Disable tracing as it causes DNS breakdown. See:
|
||||
https://github.com/istio/istio/issues/29898
|
||||
- Set ENABLE_DEBUG_ON_HTTP=false according to https://istio.io/latest/docs/ops/best-practices/security/#control-plane
|
||||
<https://github.com/istio/istio/issues/29898>
|
||||
- Set ENABLE_DEBUG_ON_HTTP=false according to <https://istio.io/latest/docs/ops/best-practices/security/#control-plane>
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
istio.io/rev: default
|
||||
|
|
@ -26,8 +26,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
istio.io/rev: default
|
||||
|
|
@ -58,9 +58,9 @@ spec:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
chart: gateways
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
heritage: Tiller
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
|
|
@ -127,8 +127,7 @@ spec:
|
|||
- name: ISTIO_META_WORKLOAD_NAME
|
||||
value: cluster-local-gateway
|
||||
- name: ISTIO_META_OWNER
|
||||
value:
|
||||
kubernetes://apis/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway
|
||||
value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway
|
||||
- name: ISTIO_META_MESH_ID
|
||||
value: cluster.local
|
||||
- name: TRUST_DOMAIN
|
||||
|
|
@ -141,7 +140,7 @@ spec:
|
|||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
image: docker.io/istio/proxyv2:1.24.2
|
||||
image: gcr.io/istio-release/proxyv2:1.24.2
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15020
|
||||
|
|
@ -258,8 +257,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
istio.io/rev: default
|
||||
|
|
@ -282,8 +281,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: IngressGateways
|
||||
|
|
@ -308,8 +307,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: IngressGateways
|
||||
|
|
@ -333,8 +332,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
istio.io/rev: default
|
||||
|
|
@ -367,8 +366,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-ingressgateway
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istio-ingress-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istio-ingress-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: cluster-local-gateway
|
||||
istio.io/rev: default
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: authorizationpolicies.security.istio.io
|
||||
spec:
|
||||
group: security.istio.io
|
||||
|
|
@ -258,8 +258,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -293,8 +293,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
type: object
|
||||
|
|
@ -611,8 +611,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -646,8 +646,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
type: object
|
||||
|
|
@ -741,8 +741,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: destinationrules.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -1039,9 +1039,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -1159,7 +1157,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -1411,9 +1409,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing,
|
||||
this is DestinationRule-level and will override
|
||||
mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -1535,7 +1531,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled
|
||||
as long as the associated load balancing pool
|
||||
has at least min_health_percent hosts in healthy
|
||||
has at least `minHealthPercent` hosts in healthy
|
||||
mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -1932,8 +1928,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this is DestinationRule-level
|
||||
and will override mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -2047,7 +2042,7 @@ spec:
|
|||
type: integer
|
||||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long as
|
||||
the associated load balancing pool has at least min_health_percent
|
||||
the associated load balancing pool has at least `minHealthPercent`
|
||||
hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -2294,9 +2289,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -2414,7 +2407,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -2956,9 +2949,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -3076,7 +3067,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -3328,9 +3319,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing,
|
||||
this is DestinationRule-level and will override
|
||||
mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -3452,7 +3441,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled
|
||||
as long as the associated load balancing pool
|
||||
has at least min_health_percent hosts in healthy
|
||||
has at least `minHealthPercent` hosts in healthy
|
||||
mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -3849,8 +3838,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this is DestinationRule-level
|
||||
and will override mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -3964,7 +3952,7 @@ spec:
|
|||
type: integer
|
||||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long as
|
||||
the associated load balancing pool has at least min_health_percent
|
||||
the associated load balancing pool has at least `minHealthPercent`
|
||||
hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -4211,9 +4199,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -4331,7 +4317,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -4873,9 +4859,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -4993,7 +4977,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -5245,9 +5229,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing,
|
||||
this is DestinationRule-level and will override
|
||||
mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -5369,7 +5351,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled
|
||||
as long as the associated load balancing pool
|
||||
has at least min_health_percent hosts in healthy
|
||||
has at least `minHealthPercent` hosts in healthy
|
||||
mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -5766,8 +5748,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this is DestinationRule-level
|
||||
and will override mesh wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -5881,7 +5862,7 @@ spec:
|
|||
type: integer
|
||||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long as
|
||||
the associated load balancing pool has at least min_health_percent
|
||||
the associated load balancing pool has at least `minHealthPercent`
|
||||
hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
|
|
@ -6128,9 +6109,7 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
enabled:
|
||||
description: enable locality load balancing, this
|
||||
is DestinationRule-level and will override mesh
|
||||
wide settings in entirety.
|
||||
description: Enable locality load balancing.
|
||||
nullable: true
|
||||
type: boolean
|
||||
failover:
|
||||
|
|
@ -6248,7 +6227,7 @@ spec:
|
|||
minHealthPercent:
|
||||
description: Outlier detection will be enabled as long
|
||||
as the associated load balancing pool has at least
|
||||
min_health_percent hosts in healthy mode.
|
||||
`minHealthPercent` hosts in healthy mode.
|
||||
format: int32
|
||||
type: integer
|
||||
splitExternalLocalOriginErrors:
|
||||
|
|
@ -6520,8 +6499,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: envoyfilters.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -6679,7 +6658,7 @@ spec:
|
|||
additionalProperties:
|
||||
type: string
|
||||
description: Match on the node metadata supplied by
|
||||
a proxy when connecting to Istio Pilot.
|
||||
a proxy when connecting to istiod.
|
||||
type: object
|
||||
proxyVersion:
|
||||
description: A regular expression in golang regex format
|
||||
|
|
@ -6815,8 +6794,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
workloadSelector:
|
||||
|
|
@ -6926,8 +6905,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: gateways.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -7641,8 +7620,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: peerauthentications.security.istio.io
|
||||
spec:
|
||||
group: security.istio.io
|
||||
|
|
@ -7987,8 +7966,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: proxyconfigs.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -8137,8 +8116,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: requestauthentications.security.istio.io
|
||||
spec:
|
||||
group: security.istio.io
|
||||
|
|
@ -8322,8 +8301,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -8357,8 +8336,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
type: object
|
||||
|
|
@ -8609,8 +8588,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -8644,8 +8623,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
type: object
|
||||
|
|
@ -8739,8 +8718,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: serviceentries.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -8804,11 +8783,11 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :
|
||||
true"
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :\
|
||||
\ true"
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
|
@ -8853,8 +8832,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
maxItems: 4096
|
||||
type: array
|
||||
exportTo:
|
||||
|
|
@ -8962,15 +8941,15 @@ spec:
|
|||
rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1
|
||||
- message: CIDR addresses are allowed only for NONE/STATIC resolution
|
||||
types
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))
|
||||
&& (has(self.resolution) && self.resolution != 'STATIC' && self.resolution
|
||||
!= 'NONE'))"
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))\
|
||||
\ && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution\
|
||||
\ != 'NONE'))"
|
||||
- message: NONE mode cannot set endpoints
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)
|
||||
: true"
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)\
|
||||
\ : true"
|
||||
- message: DNS_ROUND_ROBIN mode cannot have multiple endpoints
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')
|
||||
? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')\
|
||||
\ ? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -9097,11 +9076,11 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :
|
||||
true"
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :\
|
||||
\ true"
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
|
@ -9146,8 +9125,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
maxItems: 4096
|
||||
type: array
|
||||
exportTo:
|
||||
|
|
@ -9255,15 +9234,15 @@ spec:
|
|||
rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1
|
||||
- message: CIDR addresses are allowed only for NONE/STATIC resolution
|
||||
types
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))
|
||||
&& (has(self.resolution) && self.resolution != 'STATIC' && self.resolution
|
||||
!= 'NONE'))"
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))\
|
||||
\ && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution\
|
||||
\ != 'NONE'))"
|
||||
- message: NONE mode cannot set endpoints
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)
|
||||
: true"
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)\
|
||||
\ : true"
|
||||
- message: DNS_ROUND_ROBIN mode cannot have multiple endpoints
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')
|
||||
? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')\
|
||||
\ ? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -9390,11 +9369,11 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :
|
||||
true"
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') :\
|
||||
\ true"
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
|
@ -9439,8 +9418,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
maxItems: 4096
|
||||
type: array
|
||||
exportTo:
|
||||
|
|
@ -9548,15 +9527,15 @@ spec:
|
|||
rule: (has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1
|
||||
- message: CIDR addresses are allowed only for NONE/STATIC resolution
|
||||
types
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))
|
||||
&& (has(self.resolution) && self.resolution != 'STATIC' && self.resolution
|
||||
!= 'NONE'))"
|
||||
rule: "!(has(self.addresses) && self.addresses.exists(k, k.contains('/'))\
|
||||
\ && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution\
|
||||
\ != 'NONE'))"
|
||||
- message: NONE mode cannot set endpoints
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)
|
||||
: true"
|
||||
rule: "(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints)\
|
||||
\ : true"
|
||||
- message: DNS_ROUND_ROBIN mode cannot have multiple endpoints
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')
|
||||
? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
rule: "(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN')\
|
||||
\ ? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -9646,8 +9625,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: sidecars.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -11286,8 +11265,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: telemetries.telemetry.istio.io
|
||||
spec:
|
||||
group: telemetry.istio.io
|
||||
|
|
@ -11443,11 +11422,11 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: value must be set when operation is UPSERT
|
||||
rule: "((has(self.operation) ? self.operation : '')
|
||||
== 'UPSERT') ? self.value != '' : true"
|
||||
rule: "((has(self.operation) ? self.operation : '')\
|
||||
\ == 'UPSERT') ? self.value != '' : true"
|
||||
- message: value must not be set when operation is REMOVE
|
||||
rule: "((has(self.operation) ? self.operation : '')
|
||||
== 'REMOVE') ? !has(self.value) : true"
|
||||
rule: "((has(self.operation) ? self.operation : '')\
|
||||
\ == 'REMOVE') ? !has(self.value) : true"
|
||||
description: Optional.
|
||||
type: object
|
||||
type: object
|
||||
|
|
@ -11523,8 +11502,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -11558,8 +11537,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
tracing:
|
||||
|
|
@ -11891,11 +11870,11 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: value must be set when operation is UPSERT
|
||||
rule: "((has(self.operation) ? self.operation : '')
|
||||
== 'UPSERT') ? self.value != '' : true"
|
||||
rule: "((has(self.operation) ? self.operation : '')\
|
||||
\ == 'UPSERT') ? self.value != '' : true"
|
||||
- message: value must not be set when operation is REMOVE
|
||||
rule: "((has(self.operation) ? self.operation : '')
|
||||
== 'REMOVE') ? !has(self.value) : true"
|
||||
rule: "((has(self.operation) ? self.operation : '')\
|
||||
\ == 'REMOVE') ? !has(self.value) : true"
|
||||
description: Optional.
|
||||
type: object
|
||||
type: object
|
||||
|
|
@ -11971,8 +11950,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -12006,8 +11985,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
tracing:
|
||||
|
|
@ -12210,8 +12189,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: virtualservices.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -15346,8 +15325,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: wasmplugins.extensions.istio.io
|
||||
spec:
|
||||
group: extensions.istio.io
|
||||
|
|
@ -15519,8 +15498,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
targetRefs:
|
||||
description: Optional.
|
||||
items:
|
||||
|
|
@ -15554,8 +15533,8 @@ spec:
|
|||
x-kubernetes-validations:
|
||||
- message: Support kinds are core/Service, networking.istio.io/ServiceEntry,
|
||||
gateway.networking.k8s.io/Gateway
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],
|
||||
['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
rule: "[self.group, self.kind] in [['core','Service'], ['','Service'],\
|
||||
\ ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
maxItems: 16
|
||||
type: array
|
||||
type:
|
||||
|
|
@ -15574,9 +15553,9 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: url must have schema one of [http, https, file, oci]
|
||||
rule: "isURL(self) ? (url(self).getScheme() in ['', 'http', 'https',
|
||||
'oci', 'file']) : (isURL('http://' + self) && url('http://' +self).getScheme()
|
||||
in ['', 'http', 'https', 'oci', 'file'])"
|
||||
rule: "isURL(self) ? (url(self).getScheme() in ['', 'http', 'https',\
|
||||
\ 'oci', 'file']) : (isURL('http://' + self) && url('http://'\
|
||||
\ +self).getScheme() in ['', 'http', 'https', 'oci', 'file'])"
|
||||
verificationKey:
|
||||
type: string
|
||||
vmConfig:
|
||||
|
|
@ -15610,8 +15589,8 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: value may only be set when valueFrom is INLINE
|
||||
rule: "(has(self.valueFrom) ? self.valueFrom : '') != 'HOST'
|
||||
|| !has(self.value)"
|
||||
rule: "(has(self.valueFrom) ? self.valueFrom : '') != 'HOST'\
|
||||
\ || !has(self.value)"
|
||||
maxItems: 256
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
|
|
@ -15713,8 +15692,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: workloadentries.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -15758,8 +15737,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'
|
||||
|| self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'\
|
||||
\ || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -15806,8 +15785,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)
|
||||
: true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)\
|
||||
\ : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -15914,8 +15893,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'
|
||||
|| self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'\
|
||||
\ || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -15962,8 +15941,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)
|
||||
: true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)\
|
||||
\ : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -16070,8 +16049,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'
|
||||
|| self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) == '/'\
|
||||
\ || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -16118,8 +16097,8 @@ spec:
|
|||
- message: Address is required
|
||||
rule: has(self.address) || has(self.network)
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)
|
||||
: true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports)\
|
||||
\ : true"
|
||||
status:
|
||||
properties:
|
||||
conditions:
|
||||
|
|
@ -16207,8 +16186,8 @@ metadata:
|
|||
app.kubernetes.io/instance: istio
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
name: workloadgroups.networking.istio.io
|
||||
spec:
|
||||
group: networking.istio.io
|
||||
|
|
@ -16380,8 +16359,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -16426,8 +16405,8 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
required:
|
||||
- template
|
||||
type: object
|
||||
|
|
@ -16665,8 +16644,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -16711,8 +16690,8 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
required:
|
||||
- template
|
||||
type: object
|
||||
|
|
@ -16950,8 +16929,8 @@ spec:
|
|||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: UDS must be an absolute path or abstract socket
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==
|
||||
'/' || self.substring(7,8) == '@') : true"
|
||||
rule: "self.startsWith('unix://') ? (self.substring(7,8) ==\
|
||||
\ '/' || self.substring(7,8) == '@') : true"
|
||||
- message: UDS may not be a dir
|
||||
rule: "self.startsWith('unix://') ? !self.endsWith('/') : true"
|
||||
labels:
|
||||
|
|
@ -16996,8 +16975,8 @@ spec:
|
|||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: UDS may not include ports
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))
|
||||
? !has(self.ports) : true"
|
||||
rule: "(has(self.address) && self.address.startsWith('unix://'))\
|
||||
\ ? !has(self.ports) : true"
|
||||
required:
|
||||
- template
|
||||
type: object
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-cni
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: cni-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: cni-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Cni
|
||||
|
|
@ -25,8 +25,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-reader
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: base-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: base-1.24.3
|
||||
release: istio
|
||||
name: istio-reader-service-account
|
||||
namespace: istio-system
|
||||
|
|
@ -40,8 +40,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod
|
||||
namespace: istio-system
|
||||
|
|
@ -55,8 +55,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-cni
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: cni-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: cni-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Cni
|
||||
|
|
@ -83,8 +83,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-cni
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: cni-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: cni-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Cni
|
||||
|
|
@ -116,8 +116,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-reader
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istio-reader-clusterrole-istio-system
|
||||
rules:
|
||||
|
|
@ -230,8 +230,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod-clusterrole-istio-system
|
||||
rules:
|
||||
|
|
@ -450,8 +450,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod-gateway-controller-istio-system
|
||||
rules:
|
||||
|
|
@ -501,8 +501,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-cni
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: cni-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: cni-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Cni
|
||||
|
|
@ -525,8 +525,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-cni
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: cni-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: cni-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
k8s-app: istio-cni-repair
|
||||
|
|
@ -551,8 +551,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-reader
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istio-reader-clusterrole-istio-system
|
||||
roleRef:
|
||||
|
|
@ -573,8 +573,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod-clusterrole-istio-system
|
||||
roleRef:
|
||||
|
|
@ -595,8 +595,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod-gateway-controller-istio-system
|
||||
roleRef:
|
||||
|
|
@ -617,8 +617,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
istio: istiod
|
||||
istio.io/rev: default
|
||||
release: istio
|
||||
|
|
@ -677,8 +677,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Pilot
|
||||
|
|
@ -709,8 +709,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-cni
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: cni-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: cni-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Cni
|
||||
|
|
@ -1993,6 +1993,9 @@ data:
|
|||
{{- if .Values.global.logAsJson }}
|
||||
- --log_as_json
|
||||
{{- end }}
|
||||
{{- if .Values.global.proxy.outlierLogPath }}
|
||||
- --outlierLogPath={{ .Values.global.proxy.outlierLogPath }}
|
||||
{{- end}}
|
||||
env:
|
||||
- name: ISTIO_META_SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
|
|
@ -2571,7 +2574,7 @@ data:
|
|||
}
|
||||
},
|
||||
"externalIstiod": false,
|
||||
"hub": "docker.io/istio",
|
||||
"hub": "gcr.io/istio-release",
|
||||
"imagePullPolicy": "",
|
||||
"imagePullSecrets": [],
|
||||
"istioNamespace": "istio-system",
|
||||
|
|
@ -2685,8 +2688,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Pilot
|
||||
|
|
@ -2703,8 +2706,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Pilot
|
||||
|
|
@ -2860,8 +2863,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-cni
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: cni-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: cni-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
k8s-app: istio-cni-node
|
||||
|
|
@ -2886,8 +2889,8 @@ spec:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istio-cni
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: cni-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: cni-1.24.3
|
||||
istio.io/dataplane-mode: none
|
||||
k8s-app: istio-cni-node
|
||||
sidecar.istio.io/inject: 'false'
|
||||
|
|
@ -2930,7 +2933,7 @@ spec:
|
|||
envFrom:
|
||||
- configMapRef:
|
||||
name: istio-cni-config
|
||||
image: docker.io/istio/install-cni:1.24.2
|
||||
image: gcr.io/istio-release/install-cni:1.24.2
|
||||
name: install-cni
|
||||
ports:
|
||||
- containerPort: 15014
|
||||
|
|
@ -3012,8 +3015,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: pilot
|
||||
istio.io/rev: default
|
||||
|
|
@ -3041,8 +3044,8 @@ spec:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: pilot
|
||||
istio.io/dataplane-mode: none
|
||||
|
|
@ -3060,6 +3063,8 @@ spec:
|
|||
- --keepaliveMaxServerConnectionAge
|
||||
- 30m
|
||||
env:
|
||||
- name: ENABLE_NATIVE_SIDECARS
|
||||
value: 'true'
|
||||
- name: REVISION
|
||||
value: default
|
||||
- name: PILOT_CERT_PROVIDER
|
||||
|
|
@ -3100,7 +3105,7 @@ spec:
|
|||
resource: limits.cpu
|
||||
- name: PLATFORM
|
||||
value: ''
|
||||
image: docker.io/istio/pilot:1.24.2
|
||||
image: gcr.io/istio-release/pilot:1.24.2
|
||||
name: discovery
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
|
|
@ -3196,8 +3201,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: pilot
|
||||
istio.io/rev: default
|
||||
|
|
@ -3221,8 +3226,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod
|
||||
namespace: istio-system
|
||||
|
|
@ -3269,8 +3274,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
release: istio
|
||||
name: istiod
|
||||
namespace: istio-system
|
||||
|
|
@ -3292,8 +3297,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio.io/rev: default
|
||||
operator.istio.io/component: Pilot
|
||||
|
|
@ -3324,8 +3329,8 @@ metadata:
|
|||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: istiod
|
||||
app.kubernetes.io/part-of: istio
|
||||
app.kubernetes.io/version: 1.24.2
|
||||
helm.sh/chart: istiod-1.24.2
|
||||
app.kubernetes.io/version: 1.24.3
|
||||
helm.sh/chart: istiod-1.24.3
|
||||
install.operator.istio.io/owning-resource: unknown
|
||||
istio: pilot
|
||||
istio.io/rev: default
|
||||
|
|
|
|||
|
|
@ -107,7 +107,7 @@ spec:
|
|||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
image: docker.io/istio/proxyv2:1.24.2
|
||||
image: gcr.io/istio-release/proxyv2:1.24.3
|
||||
name: istio-proxy
|
||||
ports:
|
||||
- containerPort: 15021
|
||||
|
|
|
|||
|
|
@ -15,5 +15,9 @@ patches:
|
|||
- path: patches/disable-debugging.yaml
|
||||
# - path: patches/istio-ingressgateway-remove-pdb.yaml
|
||||
- path: patches/istiod-remove-pdb.yaml
|
||||
# - path: patches/seccomp-istio-ingressgateway.yaml
|
||||
- path: patches/seccomp-istio-ingressgateway.yaml
|
||||
- path: patches/seccomp-istiod.yaml
|
||||
|
||||
images:
|
||||
- name: busybox
|
||||
newName: registry.k8s.io/busybox
|
||||
|
|
|
|||
|
|
@ -12,7 +12,11 @@ spec:
|
|||
name: istio-ingressgateway
|
||||
pilot:
|
||||
enabled: true
|
||||
hub: docker.io/istio
|
||||
k8s:
|
||||
env:
|
||||
- name: ENABLE_NATIVE_SIDECARS
|
||||
value: "true"
|
||||
hub: gcr.io/istio-release
|
||||
profile: default
|
||||
tag: 1.24.2
|
||||
values:
|
||||
|
|
@ -23,4 +27,3 @@ spec:
|
|||
global:
|
||||
configValidation: true
|
||||
istioNamespace: istio-system
|
||||
|
||||
|
|
|
|||
|
|
@ -16,9 +16,9 @@
|
|||
set -euxo pipefail
|
||||
IFS=$'\n\t'
|
||||
|
||||
COMMIT="1.23.2"
|
||||
CURRENT_VERSION="1-22"
|
||||
NEW_VERSION="1-23" # Must be a release
|
||||
COMMIT="1.24.3"
|
||||
CURRENT_VERSION="1-24"
|
||||
NEW_VERSION="1-24" # Must be a release
|
||||
|
||||
SRC_DIR=${SRC_DIR:=/tmp/istio-cni}
|
||||
BRANCH=${BRANCH:=istio-cni-${COMMIT?}}
|
||||
|
|
@ -63,10 +63,7 @@ fi
|
|||
|
||||
ISTIOCTL=$SRC_DIR/istio-${COMMIT}/bin/istioctl
|
||||
cd $ISTIO_NEW
|
||||
$ISTIOCTL profile dump default > profile.yaml
|
||||
|
||||
# cd $ISTIO_NEW
|
||||
# export PATH="$MANIFESTS_DIR/scripts:$PATH"
|
||||
$ISTIOCTL manifest generate -f profile.yaml -f profile-overlay.yaml --set components.cni.enabled=true --set components.cni.namespace=kube-system > dump.yaml
|
||||
./split-istio-packages -f dump.yaml
|
||||
mv $ISTIO_NEW/crd.yaml $ISTIO_NEW/istio-crds/base
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@
|
|||
set -euxo pipefail
|
||||
IFS=$'\n\t'
|
||||
|
||||
COMMIT="1.23.2"
|
||||
CURRENT_VERSION="1-22"
|
||||
NEW_VERSION="1-23" # Must be a release
|
||||
COMMIT="1.24.3"
|
||||
CURRENT_VERSION="1-24"
|
||||
NEW_VERSION="1-24" # Must be a release
|
||||
|
||||
SRC_DIR=${SRC_DIR:=/tmp/istio} # Must be a release
|
||||
BRANCH=${BRANCH:=istio-${COMMIT?}}
|
||||
|
|
@ -62,10 +62,7 @@ fi
|
|||
|
||||
ISTIOCTL=$SRC_DIR/istio-${COMMIT}/bin/istioctl
|
||||
cd $ISTIO_NEW
|
||||
$ISTIOCTL profile dump default > profile.yaml
|
||||
|
||||
# cd $ISTIO_NEW
|
||||
# export PATH="$MANIFESTS_DIR/scripts:$PATH"
|
||||
$ISTIOCTL manifest generate -f profile.yaml -f profile-overlay.yaml > dump.yaml
|
||||
./split-istio-packages -f dump.yaml
|
||||
mv $ISTIO_NEW/crd.yaml $ISTIO_NEW/istio-crds/base
|
||||
|
|
|
|||
Loading…
Reference in New Issue