diff --git a/third_party/istio-latest/generate-manifests.sh b/third_party/istio-latest/generate-manifests.sh index 01171008c5..861cb4fe8d 100755 --- a/third_party/istio-latest/generate-manifests.sh +++ b/third_party/istio-latest/generate-manifests.sh @@ -16,4 +16,4 @@ source "$(dirname $0)/../library.sh" -generate "1.19.3" "$(dirname $0)" +generate "1.19.7" "$(dirname $0)" diff --git a/third_party/istio-latest/istio-ci-ambient/istio.yaml b/third_party/istio-latest/istio-ci-ambient/istio.yaml index 398cb2fbea..deda7161a5 100644 --- a/third_party/istio-latest/istio-ci-ambient/istio.yaml +++ b/third_party/istio-latest/istio-ci-ambient/istio.yaml @@ -85,31 +85,48 @@ metadata: istio.io/rev: default operator.istio.io/component: Cni release: istio - name: istio-cni-repair-role + name: istio-cni-ambient rules: - apiGroups: - "" resources: - - pods + - pods/status verbs: - - get - - list - - watch - - delete - patch - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: istio-cni + install.operator.istio.io/owning-resource: unknown + istio.io/rev: default + operator.istio.io/component: Cni + release: istio + name: istio-cni-repair-role +rules: - apiGroups: - "" resources: - events verbs: + - create + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - watch - get - list - - watch + - apiGroups: + - "" + resources: + - pods + verbs: - delete - - patch - - update - - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -466,6 +483,24 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + labels: + install.operator.istio.io/owning-resource: unknown + istio.io/rev: default + k8s-app: istio-cni-repair + operator.istio.io/component: Cni + name: istio-cni-ambient +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-cni-ambient +subjects: + - kind: ServiceAccount + name: istio-cni + namespace: istio-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: labels: install.operator.istio.io/owning-resource: unknown @@ -9385,7 +9420,7 @@ data: "sts": { "servicePort": 0 }, - "tag": "1.19.3", + "tag": "1.19.7", "tracer": { "datadog": {}, "lightstep": {}, @@ -9535,7 +9570,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: docker.io/istio/proxyv2:1.19.3 + image: docker.io/istio/proxyv2:1.19.7 name: istio-proxy ports: - containerPort: 15021 @@ -9742,7 +9777,7 @@ spec: resource: limits.cpu - name: PLATFORM value: "" - image: docker.io/istio/pilot:1.19.3 + image: docker.io/istio/pilot:1.19.7 name: discovery ports: - containerPort: 8080 @@ -10194,9 +10229,11 @@ spec: fieldRef: fieldPath: spec.nodeName - name: REPAIR_LABEL_PODS - value: "true" + value: "false" - name: REPAIR_DELETE_PODS value: "true" + - name: REPAIR_REPAIR_PODS + value: "false" - name: REPAIR_RUN_AS_DAEMON value: "true" - name: REPAIR_SIDECAR_ANNOTATION @@ -10224,7 +10261,7 @@ spec: valueFrom: resourceFieldRef: resource: limits.cpu - image: docker.io/istio/install-cni:1.19.3 + image: docker.io/istio/install-cni:1.19.7 name: install-cni readinessProbe: httpGet: @@ -10335,7 +10372,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.serviceAccountName - image: docker.io/istio/ztunnel:1.19.3 + image: docker.io/istio/ztunnel:1.19.7 name: istio-proxy ports: - containerPort: 15020 diff --git a/third_party/istio-latest/istio-ci-mesh/istio.yaml b/third_party/istio-latest/istio-ci-mesh/istio.yaml index aa5c8fe91d..299fae617c 100644 --- a/third_party/istio-latest/istio-ci-mesh/istio.yaml +++ b/third_party/istio-latest/istio-ci-mesh/istio.yaml @@ -9241,7 +9241,7 @@ data: "sts": { "servicePort": 0 }, - "tag": "1.19.3", + "tag": "1.19.7", "tracer": { "datadog": {}, "lightstep": {}, @@ -9389,7 +9389,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: docker.io/istio/proxyv2:1.19.3 + image: docker.io/istio/proxyv2:1.19.7 name: istio-proxy ports: - containerPort: 15021 @@ -9586,7 +9586,7 @@ spec: resource: limits.cpu - name: PLATFORM value: "" - image: docker.io/istio/pilot:1.19.3 + image: docker.io/istio/pilot:1.19.7 name: discovery ports: - containerPort: 8080 diff --git a/third_party/istio-latest/istio-ci-no-mesh/istio.yaml b/third_party/istio-latest/istio-ci-no-mesh/istio.yaml index fc05f8c611..dcef732676 100644 --- a/third_party/istio-latest/istio-ci-no-mesh/istio.yaml +++ b/third_party/istio-latest/istio-ci-no-mesh/istio.yaml @@ -9241,7 +9241,7 @@ data: "sts": { "servicePort": 0 }, - "tag": "1.19.3", + "tag": "1.19.7", "tracer": { "datadog": {}, "lightstep": {}, @@ -9389,7 +9389,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: docker.io/istio/proxyv2:1.19.3 + image: docker.io/istio/proxyv2:1.19.7 name: istio-proxy ports: - containerPort: 15021 @@ -9586,7 +9586,7 @@ spec: resource: limits.cpu - name: PLATFORM value: "" - image: docker.io/istio/pilot:1.19.3 + image: docker.io/istio/pilot:1.19.7 name: discovery ports: - containerPort: 8080 diff --git a/third_party/istio-latest/istio-kind-ambient/istio.yaml b/third_party/istio-latest/istio-kind-ambient/istio.yaml index 4b23deb2f5..99d529283f 100644 --- a/third_party/istio-latest/istio-kind-ambient/istio.yaml +++ b/third_party/istio-latest/istio-kind-ambient/istio.yaml @@ -85,31 +85,48 @@ metadata: istio.io/rev: default operator.istio.io/component: Cni release: istio - name: istio-cni-repair-role + name: istio-cni-ambient rules: - apiGroups: - "" resources: - - pods + - pods/status verbs: - - get - - list - - watch - - delete - patch - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: istio-cni + install.operator.istio.io/owning-resource: unknown + istio.io/rev: default + operator.istio.io/component: Cni + release: istio + name: istio-cni-repair-role +rules: - apiGroups: - "" resources: - events verbs: + - create + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - watch - get - list - - watch + - apiGroups: + - "" + resources: + - pods + verbs: - delete - - patch - - update - - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -466,6 +483,24 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + labels: + install.operator.istio.io/owning-resource: unknown + istio.io/rev: default + k8s-app: istio-cni-repair + operator.istio.io/component: Cni + name: istio-cni-ambient +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-cni-ambient +subjects: + - kind: ServiceAccount + name: istio-cni + namespace: istio-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: labels: install.operator.istio.io/owning-resource: unknown @@ -9385,7 +9420,7 @@ data: "sts": { "servicePort": 0 }, - "tag": "1.19.3", + "tag": "1.19.7", "tracer": { "datadog": {}, "lightstep": {}, @@ -9535,7 +9570,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: docker.io/istio/proxyv2:1.19.3 + image: docker.io/istio/proxyv2:1.19.7 name: istio-proxy ports: - containerPort: 15021 @@ -9742,7 +9777,7 @@ spec: resource: limits.cpu - name: PLATFORM value: "" - image: docker.io/istio/pilot:1.19.3 + image: docker.io/istio/pilot:1.19.7 name: discovery ports: - containerPort: 8080 @@ -10194,9 +10229,11 @@ spec: fieldRef: fieldPath: spec.nodeName - name: REPAIR_LABEL_PODS - value: "true" + value: "false" - name: REPAIR_DELETE_PODS value: "true" + - name: REPAIR_REPAIR_PODS + value: "false" - name: REPAIR_RUN_AS_DAEMON value: "true" - name: REPAIR_SIDECAR_ANNOTATION @@ -10224,7 +10261,7 @@ spec: valueFrom: resourceFieldRef: resource: limits.cpu - image: docker.io/istio/install-cni:1.19.3 + image: docker.io/istio/install-cni:1.19.7 name: install-cni readinessProbe: httpGet: @@ -10335,7 +10372,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.serviceAccountName - image: docker.io/istio/ztunnel:1.19.3 + image: docker.io/istio/ztunnel:1.19.7 name: istio-proxy ports: - containerPort: 15020 diff --git a/third_party/istio-latest/istio-kind-no-mesh/istio.yaml b/third_party/istio-latest/istio-kind-no-mesh/istio.yaml index 2535bce5ed..42c82501ca 100644 --- a/third_party/istio-latest/istio-kind-no-mesh/istio.yaml +++ b/third_party/istio-latest/istio-kind-no-mesh/istio.yaml @@ -9241,7 +9241,7 @@ data: "sts": { "servicePort": 0 }, - "tag": "1.19.3", + "tag": "1.19.7", "tracer": { "datadog": {}, "lightstep": {}, @@ -9389,7 +9389,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: docker.io/istio/proxyv2:1.19.3 + image: docker.io/istio/proxyv2:1.19.7 name: istio-proxy ports: - containerPort: 15021 @@ -9586,7 +9586,7 @@ spec: resource: limits.cpu - name: PLATFORM value: "" - image: docker.io/istio/pilot:1.19.3 + image: docker.io/istio/pilot:1.19.7 name: discovery ports: - containerPort: 8080