From fa1cd1f5f5dff21d5918ab3b39d3b178ea5fb574 Mon Sep 17 00:00:00 2001 From: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com> Date: Thu, 4 Sep 2025 00:51:13 +0000 Subject: [PATCH] chore(chart-deps): update base to version 1.27.1 --- chart/chart-index/Chart.yaml | 2 +- charts/istio-base/Chart.yaml | 4 +- charts/istio-base/files/crd-all.gen.yaml | 215 +++++++++++++----- charts/istio-base/files/profile-ambient.yaml | 7 + .../profile-compatibility-version-1.23.yaml | 25 -- .../profile-compatibility-version-1.24.yaml | 2 + .../profile-compatibility-version-1.25.yaml | 4 + .../profile-compatibility-version-1.26.yaml | 8 + 8 files changed, 187 insertions(+), 80 deletions(-) delete mode 100644 charts/istio-base/files/profile-compatibility-version-1.23.yaml create mode 100644 charts/istio-base/files/profile-compatibility-version-1.26.yaml diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index 6e4413805f..a81e9623df 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -34,7 +34,7 @@ dependencies: repository: https://kubernetes.github.io/ingress-nginx - name: base alias: istio-base - version: 1.26.3 + version: 1.27.1 repository: https://istio-release.storage.googleapis.com/charts - name: gateway alias: istio-gateway diff --git a/charts/istio-base/Chart.yaml b/charts/istio-base/Chart.yaml index 40c0089217..90ccae188f 100644 --- a/charts/istio-base/Chart.yaml +++ b/charts/istio-base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.26.3 +appVersion: 1.27.1 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.26.3 +version: 1.27.1 diff --git a/charts/istio-base/files/crd-all.gen.yaml b/charts/istio-base/files/crd-all.gen.yaml index fe5eca3557..d76ca2be83 100644 --- a/charts/istio-base/files/crd-all.gen.yaml +++ b/charts/istio-base/files/crd-all.gen.yaml @@ -43,10 +43,11 @@ spec: description: |- Specifies the failure behavior for the plugin due to fatal errors. - Valid Options: FAIL_CLOSE, FAIL_OPEN + Valid Options: FAIL_CLOSE, FAIL_OPEN, FAIL_RELOAD enum: - FAIL_CLOSE - FAIL_OPEN + - FAIL_RELOAD type: string imagePullPolicy: description: |- @@ -389,11 +390,11 @@ spec: jsonPath: .spec.host name: Host type: string - - description: 'CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in happens-before + - description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + lists. For more information, see [Kubernetes API Conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata) jsonPath: .metadata.creationTimestamp name: Age type: date @@ -1238,6 +1239,26 @@ spec: - V2 type: string type: object + retryBudget: + description: Specifies a limit on concurrent retries in + relation to the number of active requests. + properties: + minRetryConcurrency: + description: Specifies the minimum retry concurrency + allowed for the retry budget. + maximum: 4294967295 + minimum: 0 + type: integer + percent: + description: Specifies the limit on concurrent retries + as a percentage of the sum of active requests and + active pending requests. + format: double + maximum: 100 + minimum: 0 + nullable: true + type: number + type: object tls: description: TLS related settings for connections to the upstream service. @@ -2104,6 +2125,26 @@ spec: - V2 type: string type: object + retryBudget: + description: Specifies a limit on concurrent retries in relation + to the number of active requests. + properties: + minRetryConcurrency: + description: Specifies the minimum retry concurrency allowed + for the retry budget. + maximum: 4294967295 + minimum: 0 + type: integer + percent: + description: Specifies the limit on concurrent retries as + a percentage of the sum of active requests and active pending + requests. + format: double + maximum: 100 + minimum: 0 + nullable: true + type: number + type: object tls: description: TLS related settings for connections to the upstream service. @@ -2280,7 +2321,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} - additionalPrinterColumns: @@ -2288,11 +2329,11 @@ spec: jsonPath: .spec.host name: Host type: string - - description: 'CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in happens-before + - description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + lists. For more information, see [Kubernetes API Conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata) jsonPath: .metadata.creationTimestamp name: Age type: date @@ -3137,6 +3178,26 @@ spec: - V2 type: string type: object + retryBudget: + description: Specifies a limit on concurrent retries in + relation to the number of active requests. + properties: + minRetryConcurrency: + description: Specifies the minimum retry concurrency + allowed for the retry budget. + maximum: 4294967295 + minimum: 0 + type: integer + percent: + description: Specifies the limit on concurrent retries + as a percentage of the sum of active requests and + active pending requests. + format: double + maximum: 100 + minimum: 0 + nullable: true + type: number + type: object tls: description: TLS related settings for connections to the upstream service. @@ -4003,6 +4064,26 @@ spec: - V2 type: string type: object + retryBudget: + description: Specifies a limit on concurrent retries in relation + to the number of active requests. + properties: + minRetryConcurrency: + description: Specifies the minimum retry concurrency allowed + for the retry budget. + maximum: 4294967295 + minimum: 0 + type: integer + percent: + description: Specifies the limit on concurrent retries as + a percentage of the sum of active requests and active pending + requests. + format: double + maximum: 100 + minimum: 0 + nullable: true + type: number + type: object tls: description: TLS related settings for connections to the upstream service. @@ -4187,11 +4268,11 @@ spec: jsonPath: .spec.host name: Host type: string - - description: 'CreationTimestamp is a timestamp representing the server time - when this object was created. It is not guaranteed to be set in happens-before + - description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + lists. For more information, see [Kubernetes API Conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata) jsonPath: .metadata.creationTimestamp name: Age type: date @@ -5036,6 +5117,26 @@ spec: - V2 type: string type: object + retryBudget: + description: Specifies a limit on concurrent retries in + relation to the number of active requests. + properties: + minRetryConcurrency: + description: Specifies the minimum retry concurrency + allowed for the retry budget. + maximum: 4294967295 + minimum: 0 + type: integer + percent: + description: Specifies the limit on concurrent retries + as a percentage of the sum of active requests and + active pending requests. + format: double + maximum: 100 + minimum: 0 + nullable: true + type: number + type: object tls: description: TLS related settings for connections to the upstream service. @@ -5902,6 +6003,26 @@ spec: - V2 type: string type: object + retryBudget: + description: Specifies a limit on concurrent retries in relation + to the number of active requests. + properties: + minRetryConcurrency: + description: Specifies the minimum retry concurrency allowed + for the retry budget. + maximum: 4294967295 + minimum: 0 + type: integer + percent: + description: Specifies the limit on concurrent retries as + a percentage of the sum of active requests and active pending + requests. + format: double + maximum: 100 + minimum: 0 + nullable: true + type: number + type: object tls: description: TLS related settings for connections to the upstream service. @@ -6078,7 +6199,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} --- @@ -6656,13 +6777,12 @@ spec: type: string type: array tlsCertificates: - description: Only one of `server_certificate`, `private_key`, - `ca_certificates` or `credential_name` or `credential_names` - or `tls_certificates` should be specified. + description: Only one of `server_certificate`, `private_key` + or `credential_name` or `credential_names` or `tls_certificates` + should be specified. items: properties: caCertificates: - description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. type: string privateKey: description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. @@ -6783,7 +6903,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} - name: v1alpha3 @@ -6928,13 +7048,12 @@ spec: type: string type: array tlsCertificates: - description: Only one of `server_certificate`, `private_key`, - `ca_certificates` or `credential_name` or `credential_names` - or `tls_certificates` should be specified. + description: Only one of `server_certificate`, `private_key` + or `credential_name` or `credential_names` or `tls_certificates` + should be specified. items: properties: caCertificates: - description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. type: string privateKey: description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. @@ -7200,13 +7319,12 @@ spec: type: string type: array tlsCertificates: - description: Only one of `server_certificate`, `private_key`, - `ca_certificates` or `credential_name` or `credential_names` - or `tls_certificates` should be specified. + description: Only one of `server_certificate`, `private_key` + or `credential_name` or `credential_names` or `tls_certificates` + should be specified. items: properties: caCertificates: - description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. type: string privateKey: description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. @@ -7327,7 +7445,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} --- @@ -7803,7 +7921,7 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: status: {} - additionalPrinterColumns: @@ -8399,7 +8517,7 @@ spec: - spec type: object served: true - storage: true + storage: false subresources: status: {} --- @@ -8822,13 +8940,12 @@ spec: type: string type: array tlsCertificates: - description: Only one of `server_certificate`, `private_key`, - `ca_certificates` or `credential_name` or `credential_names` - or `tls_certificates` should be specified. + description: Only one of `server_certificate`, `private_key` + or `credential_name` or `credential_names` or `tls_certificates` + should be specified. items: properties: caCertificates: - description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. type: string privateKey: description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. @@ -8998,7 +9115,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} - name: v1alpha3 @@ -9397,13 +9514,12 @@ spec: type: string type: array tlsCertificates: - description: Only one of `server_certificate`, `private_key`, - `ca_certificates` or `credential_name` or `credential_names` - or `tls_certificates` should be specified. + description: Only one of `server_certificate`, `private_key` + or `credential_name` or `credential_names` or `tls_certificates` + should be specified. items: properties: caCertificates: - description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. type: string privateKey: description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. @@ -9972,13 +10088,12 @@ spec: type: string type: array tlsCertificates: - description: Only one of `server_certificate`, `private_key`, - `ca_certificates` or `credential_name` or `credential_names` - or `tls_certificates` should be specified. + description: Only one of `server_certificate`, `private_key` + or `credential_name` or `credential_names` or `tls_certificates` + should be specified. items: properties: caCertificates: - description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. type: string privateKey: description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. @@ -10148,7 +10263,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} --- @@ -11226,7 +11341,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} - additionalPrinterColumns: @@ -13330,7 +13445,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} --- @@ -13516,7 +13631,7 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: status: {} - additionalPrinterColumns: @@ -13836,7 +13951,7 @@ spec: - spec type: object served: true - storage: true + storage: false subresources: status: {} --- @@ -14168,7 +14283,7 @@ spec: - spec type: object served: true - storage: false + storage: true subresources: status: {} - additionalPrinterColumns: @@ -14784,7 +14899,7 @@ spec: - spec type: object served: true - storage: true + storage: false subresources: status: {} --- @@ -16043,8 +16158,6 @@ spec: x-kubernetes-validations: - message: must be a valid duration greater than 1ms rule: duration(self) >= duration('1ms') - required: - - issuer type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set @@ -16326,8 +16439,6 @@ spec: x-kubernetes-validations: - message: must be a valid duration greater than 1ms rule: duration(self) >= duration('1ms') - required: - - issuer type: object x-kubernetes-validations: - message: only one of jwks or jwksUri can be set diff --git a/charts/istio-base/files/profile-ambient.yaml b/charts/istio-base/files/profile-ambient.yaml index 2805fe46bf..495fbcd434 100644 --- a/charts/istio-base/files/profile-ambient.yaml +++ b/charts/istio-base/files/profile-ambient.yaml @@ -7,6 +7,13 @@ meshConfig: defaultConfig: proxyMetadata: ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL global: variant: distroless pilot: diff --git a/charts/istio-base/files/profile-compatibility-version-1.23.yaml b/charts/istio-base/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5b..0000000000 --- a/charts/istio-base/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/charts/istio-base/files/profile-compatibility-version-1.24.yaml b/charts/istio-base/files/profile-compatibility-version-1.24.yaml index b211c82666..4f3dbef7ea 100644 --- a/charts/istio-base/files/profile-compatibility-version-1.24.yaml +++ b/charts/istio-base/files/profile-compatibility-version-1.24.yaml @@ -6,6 +6,8 @@ pilot: env: # 1.24 behavioral changes PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" ambient: dnsCapture: false reconcileIptablesOnStartup: false diff --git a/charts/istio-base/files/profile-compatibility-version-1.25.yaml b/charts/istio-base/files/profile-compatibility-version-1.25.yaml index eb8827cd50..b2f45948c2 100644 --- a/charts/istio-base/files/profile-compatibility-version-1.25.yaml +++ b/charts/istio-base/files/profile-compatibility-version-1.25.yaml @@ -2,6 +2,10 @@ # The original version of this file is located at /manifests/helm-profiles directory. # If you want to make a change in this file, edit the original one and run "make gen". +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" ambient: # 1.26 behavioral changes shareHostNetworkNamespace: true diff --git a/charts/istio-base/files/profile-compatibility-version-1.26.yaml b/charts/istio-base/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 0000000000..af10697326 --- /dev/null +++ b/charts/istio-base/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file