Skip to content

Commit

Permalink
bump istio to v1.20.2 (#1237)
Browse files Browse the repository at this point in the history
  • Loading branch information
dprotaso authored Jan 15, 2024
1 parent 04509ce commit fac811c
Show file tree
Hide file tree
Showing 17 changed files with 424 additions and 116 deletions.
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ require (
go.uber.org/zap v1.26.0
golang.org/x/sync v0.6.0
google.golang.org/protobuf v1.32.0
istio.io/api v1.20.0
istio.io/client-go v1.20.0
istio.io/api v1.20.2
istio.io/client-go v1.20.2
k8s.io/api v0.28.5
k8s.io/apimachinery v0.28.5
k8s.io/client-go v0.28.5
Expand Down
8 changes: 4 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -666,10 +666,10 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
istio.io/api v1.20.0 h1:heE1eQoMsuZlwWOf7Xm8TKqKLNKVs11G/zMe5QyR1u4=
istio.io/api v1.20.0/go.mod h1:hm1PE/mGdIAsjCDkTIAplP53H7TjO5LUQCiVvF26SVg=
istio.io/client-go v1.20.0 h1:TSSv6A4sYvuBtoKOwyuRmBmPwSb4s++lWlh7RB7+7gY=
istio.io/client-go v1.20.0/go.mod h1:6D76gZsdjz8JtVeIarUYdOn3WA8Zh+j8fIv2+2K3M+Q=
istio.io/api v1.20.2 h1:VjkJB1EfrZt77bcavr1P/3PrO8AP3lOSQsYiYOnGGBU=
istio.io/api v1.20.2/go.mod h1:hm1PE/mGdIAsjCDkTIAplP53H7TjO5LUQCiVvF26SVg=
istio.io/client-go v1.20.2 h1:FL99qw5f5W+QFPHutLpGOoPmoKgLwNFrGCEemAvLm00=
istio.io/client-go v1.20.2/go.mod h1:mub0nwPDAj98cjns7KYLzbvDk0Fg9rx0k2o+KZ4UIUY=
k8s.io/api v0.28.5 h1:XIPNr3nBgTEaCdEiwZ+dXaO9SB4NeTOZ2pNDRrFgfb4=
k8s.io/api v0.28.5/go.mod h1:98zkTCc60iSnqqCIyCB1GI7PYDiRDYTSfL0PRIxpM4c=
k8s.io/apiextensions-apiserver v0.28.5 h1:YKW9O9T/0Gkyl6LTFDLIhCbouSRh+pHt2vMLB38Snfc=
Expand Down
1 change: 0 additions & 1 deletion hack/update-k8s-deps.sh

This file was deleted.

2 changes: 1 addition & 1 deletion third_party/istio-latest/generate-manifests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@

source "$(dirname $0)/../library.sh"

generate "1.20.0" "$(dirname $0)"
generate "1.20.2" "$(dirname $0)"
115 changes: 91 additions & 24 deletions third_party/istio-latest/istio-ci-ambient/istio.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -85,31 +85,48 @@ metadata:
istio.io/rev: default
operator.istio.io/component: Cni
release: istio
name: istio-cni-repair-role
name: istio-cni-ambient
rules:
- apiGroups:
- ""
resources:
- pods
- pods/status
verbs:
- get
- list
- watch
- delete
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: istio-cni
install.operator.istio.io/owning-resource: unknown
istio.io/rev: default
operator.istio.io/component: Cni
release: istio
name: istio-cni-repair-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- watch
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- patch
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand Down Expand Up @@ -466,6 +483,24 @@ subjects:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
install.operator.istio.io/owning-resource: unknown
istio.io/rev: default
k8s-app: istio-cni-repair
operator.istio.io/component: Cni
name: istio-cni-ambient
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: istio-cni-ambient
subjects:
- kind: ServiceAccount
name: istio-cni
namespace: istio-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
install.operator.istio.io/owning-resource: unknown
Expand Down Expand Up @@ -828,14 +863,19 @@ spec:
type: object
type: object
targetRef:
description: Optional.
properties:
group:
description: group is the group of the target resource.
type: string
kind:
description: kind is kind of the target resource.
type: string
name:
description: name is the name of the target resource.
type: string
namespace:
description: namespace is the namespace of the referent.
type: string
type: object
type: object
Expand Down Expand Up @@ -1023,14 +1063,19 @@ spec:
type: object
type: object
targetRef:
description: Optional.
properties:
group:
description: group is the group of the target resource.
type: string
kind:
description: kind is kind of the target resource.
type: string
name:
description: name is the name of the target resource.
type: string
namespace:
description: namespace is the namespace of the referent.
type: string
type: object
type: object
Expand Down Expand Up @@ -1607,7 +1652,7 @@ spec:
description: The name of the secret that holds the TLS certs for the client including the CA certificates.
type: string
insecureSkipVerify:
description: InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
description: '`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.'
nullable: true
type: boolean
mode:
Expand Down Expand Up @@ -1645,7 +1690,7 @@ spec:
description: The name of the secret that holds the TLS certs for the client including the CA certificates.
type: string
insecureSkipVerify:
description: InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
description: '`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.'
nullable: true
type: boolean
mode:
Expand Down Expand Up @@ -2191,7 +2236,7 @@ spec:
description: The name of the secret that holds the TLS certs for the client including the CA certificates.
type: string
insecureSkipVerify:
description: InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
description: '`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.'
nullable: true
type: boolean
mode:
Expand Down Expand Up @@ -2229,7 +2274,7 @@ spec:
description: The name of the secret that holds the TLS certs for the client including the CA certificates.
type: string
insecureSkipVerify:
description: InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
description: '`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.'
nullable: true
type: boolean
mode:
Expand Down Expand Up @@ -2827,7 +2872,7 @@ spec:
description: The name of the secret that holds the TLS certs for the client including the CA certificates.
type: string
insecureSkipVerify:
description: InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
description: '`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.'
nullable: true
type: boolean
mode:
Expand Down Expand Up @@ -2865,7 +2910,7 @@ spec:
description: The name of the secret that holds the TLS certs for the client including the CA certificates.
type: string
insecureSkipVerify:
description: InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
description: '`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.'
nullable: true
type: boolean
mode:
Expand Down Expand Up @@ -3411,7 +3456,7 @@ spec:
description: The name of the secret that holds the TLS certs for the client including the CA certificates.
type: string
insecureSkipVerify:
description: InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
description: '`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.'
nullable: true
type: boolean
mode:
Expand Down Expand Up @@ -3449,7 +3494,7 @@ spec:
description: The name of the secret that holds the TLS certs for the client including the CA certificates.
type: string
insecureSkipVerify:
description: InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
description: '`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.'
nullable: true
type: boolean
mode:
Expand Down Expand Up @@ -4344,14 +4389,19 @@ spec:
type: object
type: object
targetRef:
description: Optional.
properties:
group:
description: group is the group of the target resource.
type: string
kind:
description: kind is kind of the target resource.
type: string
name:
description: name is the name of the target resource.
type: string
namespace:
description: namespace is the namespace of the referent.
type: string
type: object
type: object
Expand Down Expand Up @@ -4442,14 +4492,19 @@ spec:
type: object
type: object
targetRef:
description: Optional.
properties:
group:
description: group is the group of the target resource.
type: string
kind:
description: kind is kind of the target resource.
type: string
name:
description: name is the name of the target resource.
type: string
namespace:
description: namespace is the namespace of the referent.
type: string
type: object
type: object
Expand Down Expand Up @@ -5587,14 +5642,19 @@ spec:
type: object
type: object
targetRef:
description: Optional.
properties:
group:
description: group is the group of the target resource.
type: string
kind:
description: kind is kind of the target resource.
type: string
name:
description: name is the name of the target resource.
type: string
namespace:
description: namespace is the namespace of the referent.
type: string
type: object
tracing:
Expand Down Expand Up @@ -7467,14 +7527,19 @@ spec:
pattern: (^$|^[a-f0-9]{64}$)
type: string
targetRef:
description: Optional.
properties:
group:
description: group is the group of the target resource.
type: string
kind:
description: kind is kind of the target resource.
type: string
name:
description: name is the name of the target resource.
type: string
namespace:
description: namespace is the namespace of the referent.
type: string
type: object
type:
Expand Down Expand Up @@ -9911,7 +9976,7 @@ data:
"sts": {
"servicePort": 0
},
"tag": "1.20.0",
"tag": "1.20.2",
"tracer": {
"datadog": {},
"lightstep": {},
Expand Down Expand Up @@ -10061,7 +10126,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
image: docker.io/istio/proxyv2:1.20.0
image: docker.io/istio/proxyv2:1.20.2
name: istio-proxy
ports:
- containerPort: 15021
Expand Down Expand Up @@ -10265,7 +10330,7 @@ spec:
resource: limits.cpu
- name: PLATFORM
value: ""
image: docker.io/istio/pilot:1.20.0-distroless
image: docker.io/istio/pilot:1.20.2-distroless
name: discovery
ports:
- containerPort: 8080
Expand Down Expand Up @@ -10713,9 +10778,11 @@ spec:
fieldRef:
fieldPath: spec.nodeName
- name: REPAIR_LABEL_PODS
value: "true"
value: "false"
- name: REPAIR_DELETE_PODS
value: "true"
- name: REPAIR_REPAIR_PODS
value: "false"
- name: REPAIR_RUN_AS_DAEMON
value: "true"
- name: REPAIR_SIDECAR_ANNOTATION
Expand Down Expand Up @@ -10743,7 +10810,7 @@ spec:
valueFrom:
resourceFieldRef:
resource: limits.cpu
image: docker.io/istio/install-cni:1.20.0
image: docker.io/istio/install-cni:1.20.2
name: install-cni
readinessProbe:
httpGet:
Expand Down Expand Up @@ -10859,7 +10926,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
image: docker.io/istio/ztunnel:1.20.0-distroless
image: docker.io/istio/ztunnel:1.20.2-distroless
name: istio-proxy
ports:
- containerPort: 15020
Expand Down
Loading

0 comments on commit fac811c

Please sign in to comment.