feat(helm): update istio helm charts group ( 1.23.3 → 1.24.0 ) (minor) #5808
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![lumiere-bot[bot]](https://avatars.githubusercontent.com/in/165833?s=60&v=4){kind=small}
lumiere-bot
bot
added
renovate/helm
type/minor
area/kubernetes
--- kubernetes/sol/apps/istio-system/base/app Kustomization: flux-system/istio-base HelmRelease: istio-system/istio-base
+++ kubernetes/sol/apps/istio-system/base/app Kustomization: flux-system/istio-base HelmRelease: istio-system/istio-base
@@ -13,13 +13,13 @@
spec:
chart: base
sourceRef:
kind: HelmRepository
name: istio
namespace: flux-system
- version: 1.23.3
+ version: 1.24.0
install:
remediation:
retries: 5
interval: 15m
upgrade:
remediation:
--- kubernetes/sol/apps/istio-system/istiod/app Kustomization: flux-system/istiod HelmRelease: istio-system/istiod
+++ kubernetes/sol/apps/istio-system/istiod/app Kustomization: flux-system/istiod HelmRelease: istio-system/istiod
@@ -13,13 +13,13 @@
spec:
chart: istiod
sourceRef:
kind: HelmRepository
name: istio
namespace: flux-system
- version: 1.23.3
+ version: 1.24.0
install:
remediation:
retries: 5
interval: 15m
upgrade:
remediation: |
--- HelmRelease: istio-system/istio-base ServiceAccount: istio-system/istio-reader-service-account
+++ HelmRelease: istio-system/istio-base ServiceAccount: istio-system/istio-reader-service-account
@@ -4,7 +4,11 @@
metadata:
name: istio-reader-service-account
namespace: istio-system
labels:
app: istio-reader
release: istio-base
+ app.kubernetes.io/name: istio-reader
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istio-base
+ app.kubernetes.io/part-of: istio
--- HelmRelease: istio-system/istio-base ValidatingWebhookConfiguration: istio-system/istiod-default-validator
+++ HelmRelease: istio-system/istio-base ValidatingWebhookConfiguration: istio-system/istiod-default-validator
@@ -5,12 +5,16 @@
name: istiod-default-validator
labels:
app: istiod
release: istio-base
istio: istiod
istio.io/rev: default
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istio-base
+ app.kubernetes.io/part-of: istio
webhooks:
- name: validation.istio.io
clientConfig:
service:
name: istiod
namespace: istio-system
--- HelmRelease: istio-system/istiod ServiceAccount: istio-system/istiod
+++ HelmRelease: istio-system/istiod ServiceAccount: istio-system/istiod
@@ -4,7 +4,11 @@
metadata:
name: istiod
namespace: istio-system
labels:
app: istiod
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
--- HelmRelease: istio-system/istiod ConfigMap: istio-system/istio
+++ HelmRelease: istio-system/istiod ConfigMap: istio-system/istio
@@ -6,12 +6,16 @@
namespace: istio-system
labels:
istio.io/rev: default
install.operator.istio.io/owning-resource: unknown
operator.istio.io/component: Pilot
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
data:
meshNetworks: 'networks: {}'
mesh: |-
accessLogFile: /dev/stdout
defaultConfig:
discoveryAddress: istiod.istio-system.svc:15012
--- HelmRelease: istio-system/istiod ConfigMap: istio-system/istio-sidecar-injector
+++ HelmRelease: istio-system/istiod ConfigMap: istio-system/istio-sidecar-injector
@@ -6,21 +6,24 @@
namespace: istio-system
labels:
istio.io/rev: default
install.operator.istio.io/owning-resource: unknown
operator.istio.io/component: Pilot
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
data:
values: |-
{
"gateways": {
"seccompProfile": {},
"securityContext": {}
},
"global": {
- "autoscalingv2API": true,
"caAddress": "",
"caName": "",
"certSigners": [],
"configCluster": false,
"configValidation": true,
"defaultPodDisruptionBudget": {
@@ -56,13 +59,12 @@
"pilotCertProvider": "istiod",
"priorityClassName": "",
"proxy": {
"autoInject": "enabled",
"clusterDomain": "cluster.local",
"componentLogLevel": "misc:error",
- "enableCoreDump": false,
"excludeIPRanges": "",
"excludeInboundPorts": "",
"excludeOutboundPorts": "",
"image": "proxyv2",
"includeIPRanges": "*",
"includeInboundPorts": "*",
@@ -88,12 +90,13 @@
"failureThreshold": 600
},
"statusPort": 15020,
"tracer": "none"
},
"proxy_init": {
+ "forceApplyIptables": false,
"image": "proxyv2",
"resources": {
"limits": {
"cpu": "200m",
"memory": "256Mi"
},
@@ -109,18 +112,30 @@
"aud": "istio-ca"
}
},
"sts": {
"servicePort": 0
},
- "tag": "1.23.3",
- "variant": "distroless"
- },
- "istio_cni": {
- "chained": true,
- "provider": "default"
+ "tag": "1.24.0",
+ "variant": "distroless",
+ "waypoint": {
+ "affinity": {},
+ "nodeSelector": {},
+ "resources": {
+ "limits": {
+ "cpu": "2",
+ "memory": "1Gi"
+ },
+ "requests": {
+ "cpu": "100m",
+ "memory": "128Mi"
+ }
+ },
+ "tolerations": [],
+ "topologySpreadConstraints": []
+ }
},
"pilot": {
"cni": {
"enabled": false,
"provider": "default"
}
@@ -158,14 +173,16 @@
\ -}}\n cpu: \"{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`\
\ }}\"\n {{ end }}\n {{ if (isset .ObjectMeta.Annotations\
\ `sidecar.istio.io/proxyMemoryLimit`) -}}\n memory: \"{{ index .ObjectMeta.Annotations\
\ `sidecar.istio.io/proxyMemoryLimit` }}\"\n {{ end }}\n {{-\
\ end }}\n {{- else }}\n {{- if .Values.global.proxy.resources }}\n\
\ {{ toYaml .Values.global.proxy.resources | indent 6 }}\n {{-\
- \ end }}\n {{- end }}\n {{- end }}\n {{ $nativeSidecar := (eq (env\
- \ \"ENABLE_NATIVE_SIDECARS\" \"false\") \"true\") }}\n {{- $containers := list\
+ \ end }}\n {{- end }}\n {{- end }}\n {{ $nativeSidecar := (or (and\
+ \ (not (isset .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`)) (eq (env\
+ \ \"ENABLE_NATIVE_SIDECARS\" \"false\") \"true\")) (eq (index .ObjectMeta.Annotations\
+ \ `sidecar.istio.io/nativeSidecar`) \"true\")) }}\n {{- $containers := list\
\ }}\n {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name\
\ \"istio-proxy\") }}{{ $containers = append $containers $container.Name }}{{end}}{{-\
\ end}}\n metadata:\n labels:\n security.istio.io/tlsMode: {{ index\
\ .ObjectMeta.Labels `security.istio.io/tlsMode` | default \"istio\" | quote\
\ }}\n {{- if eq (index .ProxyConfig.ProxyMetadata \"ISTIO_META_ENABLE_HBONE\"\
) \"true\" }}\n networking.istio.io/tunnel: {{ index .ObjectMeta.Labels\
@@ -180,18 +197,17 @@
\ | quote }},\n {{- if ge (len $containers) 1 }}\n {{- if not (isset\
\ .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }}\n\
\ kubectl.kubernetes.io/default-logs-container: \"{{ index $containers\
\ 0 }}\",\n {{- end }}\n {{- if not (isset .ObjectMeta.Annotations\
\ `kubectl.kubernetes.io/default-container`) }}\n kubectl.kubernetes.io/default-container:\
\ \"{{ index $containers 0 }}\",\n {{- end }}\n {{- end }}\n \
- \ {{- if or .Values.pilot.cni.enabled .Values.istio_cni.enabled }}\n {{-\
- \ if or (eq .Values.pilot.cni.provider \"multus\") (eq .Values.istio_cni.provider\
- \ \"multus\") (not .Values.istio_cni.chained)}}\n k8s.v1.cni.cncf.io/networks:\
- \ '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`)\
- \ `default/istio-cni` }}',\n {{- end }}\n sidecar.istio.io/interceptionMode:\
- \ \"{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode\
+ \ {{- if .Values.pilot.cni.enabled }}\n {{- if eq .Values.pilot.cni.provider\
+ \ \"multus\" }}\n k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork\
+ \ (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni`\
+ \ }}',\n {{- end }}\n sidecar.istio.io/interceptionMode: \"{{ annotation\
+ \ .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode\
\ }}\",\n {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges`\
\ .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges:\
\ \"{{.}}\",{{ end }}\n {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges`\
\ .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges:\
\ \"{{.}}\",{{ end }}\n {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts`\
\ .Values.global.proxy.includeInboundPorts }}traffic.sidecar.istio.io/includeInboundPorts:\
@@ -210,21 +226,20 @@
\ }}traffic.sidecar.istio.io/kubevirtInterfaces: \"{{.}}\",{{ end }}\n \
\ {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`\
\ }}traffic.sidecar.istio.io/excludeInterfaces: \"{{.}}\",{{ end }}\n {{- end\
\ }}\n }\n spec:\n {{- $holdProxy := and\n (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue\
\ .Values.global.proxy.holdApplicationUntilProxyStarts)\n (not $nativeSidecar)\
\ }}\n initContainers:\n {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode`\
- \ .ProxyConfig.InterceptionMode) `NONE` }}\n {{ if or .Values.pilot.cni.enabled\
- \ .Values.istio_cni.enabled -}}\n - name: istio-validation\n {{ else\
- \ -}}\n - name: istio-init\n {{ end -}}\n {{- if contains \"/\"\
- \ (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image)\
- \ }}\n image: \"{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage`\
- \ .Values.global.proxy_init.image }}\"\n {{- else }}\n image: \"{{\
- \ .ProxyImage }}\"\n {{- end }}\n args:\n - istio-iptables\n\
- \ - \"-p\"\n - {{ .MeshConfig.ProxyListenPort | default \"15001\"\
- \ | quote }}\n - \"-z\"\n - {{ .MeshConfig.ProxyInboundListenPort\
+ \ .ProxyConfig.InterceptionMode) `NONE` }}\n {{ if .Values.pilot.cni.enabled\
+ \ -}}\n - name: istio-validation\n {{ else -}}\n - name: istio-init\n\
+ \ {{ end -}}\n {{- if contains \"/\" (annotation .ObjectMeta `sidecar.istio.io/proxyImage`\
+ \ .Values.global.proxy_init.image) }}\n image: \"{{ annotation .ObjectMeta\
+ \ `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}\"\n {{-\
+ \ else }}\n image: \"{{ .ProxyImage }}\"\n {{- end }}\n args:\n\
+ \ - istio-iptables\n - \"-p\"\n - {{ .MeshConfig.ProxyListenPort\
+ \ | default \"15001\" | quote }}\n - \"-z\"\n - {{ .MeshConfig.ProxyInboundListenPort\
\ | default \"15006\" | quote }}\n - \"-u\"\n - {{ .ProxyUID | default\
\ \"1337\" | quote }}\n - \"-m\"\n - \"{{ annotation .ObjectMeta\
\ `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}\"\n \
\ - \"-i\"\n - \"{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges`\
\ .Values.global.proxy.includeIPRanges }}\"\n - \"-x\"\n - \"{{\
\ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges\
@@ -247,44 +262,30 @@
\ -}}\n - \"-k\"\n - \"{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`\
\ }}\"\n {{ end -}}\n {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`)\
\ -}}\n - \"-c\"\n - \"{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`\
\ }}\"\n {{ end -}}\n - \"--log_output_level={{ annotation .ObjectMeta\
\ `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}\"\n \
\ {{ if .Values.global.logAsJson -}}\n - \"--log_as_json\"\n {{\
- \ end -}}\n {{ if or .Values.pilot.cni.enabled .Values.istio_cni.enabled\
- \ -}}\n - \"--run-validation\"\n - \"--skip-rule-apply\"\n \
- \ {{ end -}}\n {{with .Values.global.imagePullPolicy }}imagePullPolicy:\
- \ \"{{.}}\"{{end}}\n {{- if .ProxyConfig.ProxyMetadata }}\n env:\n\
[Diff truncated by flux-local]
--- HelmRelease: istio-system/istiod ClusterRole: istio-system/istiod-clusterrole-istio-system
+++ HelmRelease: istio-system/istiod ClusterRole: istio-system/istiod-clusterrole-istio-system
@@ -3,12 +3,16 @@
kind: ClusterRole
metadata:
name: istiod-clusterrole-istio-system
labels:
app: istiod
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
@@ -61,22 +65,37 @@
- update
- patch
- create
- delete
resources:
- workloadentries/status
-- apiGroups:
- - networking.istio.io
- verbs:
- - get
- - watch
- - list
- - update
- - patch
- resources:
- serviceentries/status
+- apiGroups:
+ - security.istio.io
+ verbs:
+ - get
+ - watch
+ - list
+ - update
+ - patch
+ - create
+ - delete
+ resources:
+ - authorizationpolicies/status
+- apiGroups:
+ - ''
+ verbs:
+ - get
+ - watch
+ - list
+ - update
+ - patch
+ - create
+ - delete
+ resources:
+ - services/status
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
@@ -137,25 +156,31 @@
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- - networking.x-k8s.io
- gateway.networking.k8s.io
resources:
- '*'
verbs:
- get
- watch
- list
- apiGroups:
- - networking.x-k8s.io
- gateway.networking.k8s.io
resources:
- - '*'
+ - backendtlspolicies/status
+ - gatewayclasses/status
+ - gateways/status
+ - grpcroutes/status
+ - httproutes/status
+ - referencegrants/status
+ - tcproutes/status
+ - tlsroutes/status
+ - udproutes/status
verbs:
- update
- patch
- apiGroups:
- gateway.networking.k8s.io
resources:
--- HelmRelease: istio-system/istiod ClusterRole: istio-system/istiod-gateway-controller-istio-system
+++ HelmRelease: istio-system/istiod ClusterRole: istio-system/istiod-gateway-controller-istio-system
@@ -3,12 +3,16 @@
kind: ClusterRole
metadata:
name: istiod-gateway-controller-istio-system
labels:
app: istiod
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
rules:
- apiGroups:
- apps
verbs:
- get
- watch
--- HelmRelease: istio-system/istiod ClusterRole: istio-system/istio-reader-clusterrole-istio-system
+++ HelmRelease: istio-system/istiod ClusterRole: istio-system/istio-reader-clusterrole-istio-system
@@ -3,12 +3,16 @@
kind: ClusterRole
metadata:
name: istio-reader-clusterrole-istio-system
labels:
app: istio-reader
release: istiod
+ app.kubernetes.io/name: istio-reader
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
rules:
- apiGroups:
- config.istio.io
- security.istio.io
- networking.istio.io
- authentication.istio.io
--- HelmRelease: istio-system/istiod ClusterRoleBinding: istio-system/istiod-clusterrole-istio-system
+++ HelmRelease: istio-system/istiod ClusterRoleBinding: istio-system/istiod-clusterrole-istio-system
@@ -3,12 +3,16 @@
kind: ClusterRoleBinding
metadata:
name: istiod-clusterrole-istio-system
labels:
app: istiod
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: istiod-clusterrole-istio-system
subjects:
- kind: ServiceAccount
--- HelmRelease: istio-system/istiod ClusterRoleBinding: istio-system/istiod-gateway-controller-istio-system
+++ HelmRelease: istio-system/istiod ClusterRoleBinding: istio-system/istiod-gateway-controller-istio-system
@@ -3,12 +3,16 @@
kind: ClusterRoleBinding
metadata:
name: istiod-gateway-controller-istio-system
labels:
app: istiod
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: istiod-gateway-controller-istio-system
subjects:
- kind: ServiceAccount
--- HelmRelease: istio-system/istiod ClusterRoleBinding: istio-system/istio-reader-clusterrole-istio-system
+++ HelmRelease: istio-system/istiod ClusterRoleBinding: istio-system/istio-reader-clusterrole-istio-system
@@ -3,12 +3,16 @@
kind: ClusterRoleBinding
metadata:
name: istio-reader-clusterrole-istio-system
labels:
app: istio-reader
release: istiod
+ app.kubernetes.io/name: istio-reader
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: istio-reader-clusterrole-istio-system
subjects:
- kind: ServiceAccount
--- HelmRelease: istio-system/istiod Role: istio-system/istiod
+++ HelmRelease: istio-system/istiod Role: istio-system/istiod
@@ -4,12 +4,16 @@
metadata:
name: istiod
namespace: istio-system
labels:
app: istiod
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
rules:
- apiGroups:
- networking.istio.io
verbs:
- create
resources:
--- HelmRelease: istio-system/istiod RoleBinding: istio-system/istiod
+++ HelmRelease: istio-system/istiod RoleBinding: istio-system/istiod
@@ -4,12 +4,16 @@
metadata:
name: istiod
namespace: istio-system
labels:
app: istiod
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: istiod
subjects:
- kind: ServiceAccount
--- HelmRelease: istio-system/istiod Service: istio-system/istiod
+++ HelmRelease: istio-system/istiod Service: istio-system/istiod
@@ -8,12 +8,16 @@
istio.io/rev: default
install.operator.istio.io/owning-resource: unknown
operator.istio.io/component: Pilot
app: istiod
istio: pilot
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
spec:
ports:
- port: 15010
name: grpc-xds
protocol: TCP
- port: 15012
--- HelmRelease: istio-system/istiod Deployment: istio-system/istiod
+++ HelmRelease: istio-system/istiod Deployment: istio-system/istiod
@@ -8,12 +8,16 @@
app: istiod
istio.io/rev: default
install.operator.istio.io/owning-resource: unknown
operator.istio.io/component: Pilot
istio: pilot
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
spec:
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
selector:
@@ -26,39 +30,52 @@
istio.io/rev: default
install.operator.istio.io/owning-resource: unknown
sidecar.istio.io/inject: 'false'
operator.istio.io/component: Pilot
istio: pilot
istio.io/dataplane-mode: none
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
annotations:
prometheus.io/port: '15014'
prometheus.io/scrape: 'true'
sidecar.istio.io/inject: 'false'
spec:
tolerations:
- key: cni.istio.io/not-ready
operator: Exists
serviceAccountName: istiod
containers:
- name: discovery
- image: docker.io/istio/pilot:1.23.3-distroless
+ image: docker.io/istio/pilot:1.24.0-distroless
args:
- discovery
- --monitoringAddr=:15014
- --log_output_level=default:info
- --domain
- cluster.local
- --keepaliveMaxServerConnectionAge
- 30m
ports:
- containerPort: 8080
protocol: TCP
+ name: http-debug
- containerPort: 15010
protocol: TCP
+ name: grpc-xds
+ - containerPort: 15012
+ protocol: TCP
+ name: tls-xds
- containerPort: 15017
protocol: TCP
+ name: https-webhooks
+ - containerPort: 15014
+ protocol: TCP
+ name: http-monitoring
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 1
periodSeconds: 3
@@ -102,12 +119,13 @@
resourceFieldRef:
resource: limits.memory
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
resource: limits.cpu
+ divisor: '1'
- name: PLATFORM
value: ''
resources:
requests:
cpu: 500m
memory: 2048Mi
--- HelmRelease: istio-system/istiod HorizontalPodAutoscaler: istio-system/istiod
+++ HelmRelease: istio-system/istiod HorizontalPodAutoscaler: istio-system/istiod
@@ -7,12 +7,16 @@
labels:
app: istiod
release: istiod
istio.io/rev: default
install.operator.istio.io/owning-resource: unknown
operator.istio.io/component: Pilot
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
spec:
maxReplicas: 3
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
--- HelmRelease: istio-system/istiod MutatingWebhookConfiguration: istio-system/istio-sidecar-injector
+++ HelmRelease: istio-system/istiod MutatingWebhookConfiguration: istio-system/istio-sidecar-injector
@@ -6,12 +6,16 @@
labels:
istio.io/rev: default
install.operator.istio.io/owning-resource: unknown
operator.istio.io/component: Pilot
app: sidecar-injector
release: istiod
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
webhooks:
- name: rev.namespace.sidecar-injector.istio.io
clientConfig:
service:
name: istiod
namespace: istio-system
--- HelmRelease: istio-system/istiod ValidatingWebhookConfiguration: istio-system/istio-validator-istio-system
+++ HelmRelease: istio-system/istiod ValidatingWebhookConfiguration: istio-system/istio-validator-istio-system
@@ -5,12 +5,16 @@
name: istio-validator-istio-system
labels:
app: istiod
release: istiod
istio: istiod
istio.io/rev: default
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: istiod
+ app.kubernetes.io/part-of: istio
webhooks:
- name: rev.validation.istio.io
clientConfig:
service:
name: istiod
namespace: istio-system |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.23.3->1.24.01.23.3->1.24.0Release Notes
istio/istio (base)
v1.24.0: Istio 1.24.0Compare Source
Artifacts
Release Notes
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Renovate Bot.