Renovate Update Istio to 1.23.5

CHANGELOG.md

@@ -3,6 +3,18 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+
+## [1.23.5-bb.0] - 2025-02-19
+### Changed
+- ironbank/opensource/istio/install-cni updated from 1.23.4 to 1.23.5
+- ironbank/opensource/istio/pilot updated from 1.23.4 to 1.23.5
+- ironbank/opensource/istio/proxyv2 updated from 1.23.4 to 1.23.5
+- ironbank/opensource/kubernetes/kubectl updated from v1.30.8 to v1.30.10
+- ironbank/tetrate/istio/install-cni updated from 1.23.4 to 1.23.5
+- ironbank/tetrate/istio/pilot updated from 1.23.4 to 1.23.5
+- ironbank/tetrate/istio/proxyv2 updated from 1.23.4 to 1.23.5
+- Updated Gluon to v0.5.14
+
 ## [1.23.4-bb.0] - 2025-01-13
 ### Changed
 - ironbank/opensource/istio/install-cni updated from 1.23.3 to 1.23.4

README.md

 <!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
 # istio
 
-![Version: 1.23.4-bb.0](https://img.shields.io/badge/Version-1.23.4--bb.0-informational?style=flat-square) ![AppVersion: 1.23.4](https://img.shields.io/badge/AppVersion-1.23.4-informational?style=flat-square) ![Maintenance Track: bb_integrated](https://img.shields.io/badge/Maintenance_Track-bb_integrated-green?style=flat-square)
+![Version: 1.23.5-bb.0](https://img.shields.io/badge/Version-1.23.5--bb.0-informational?style=flat-square) ![AppVersion: 1.23.5](https://img.shields.io/badge/AppVersion-1.23.5-informational?style=flat-square) ![Maintenance Track: bb_integrated](https://img.shields.io/badge/Maintenance_Track-bb_integrated-green?style=flat-square)
 
 Configurable Deployment of Istio Custom Resources Wrapped Inside a Helm Chart.
 
@@ -45,10 +45,10 @@ helm install istio chart/
 |-----|------|---------|-------------|
 | profile | string | `"default"` | The istio profile to use |
 | hub | string | `"registry1.dso.mil/ironbank/opensource/istio"` | The hub to use for all images, images are built as ".Values.hub/COMPONENT_NAME:.Values.tag" |
-| tag | string | `"1.23.4"` | The tag to use for all images |
+| tag | string | `"1.23.5"` | The tag to use for all images |
 | enterprise | bool | `false` | Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support, validated through the FIPs Boring Crypto module. Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription |
 | tidHub | string | `"registry1.dso.mil/ironbank/tetrate/istio"` |  |
-| tidTag | string | `"1.23.4-tetratefips-v0"` |  |
+| tidTag | string | `"1.23.5-tetratefips-v0"` |  |
 | domain | string | `"dev.bigbang.mil"` | The domain to use for the default gateway |
 | mtls.mode | string | `"STRICT"` | STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic |
 | revision | string | `""` | Revision of the Istio control plane |
@@ -94,7 +94,7 @@ helm install istio chart/
 | tracing.sampling | int | `10` | percent of traces to send to jaeger |
 | cni.image.hub | string | `"registry1.dso.mil/ironbank/opensource/istio"` |  |
 | cni.image.name | string | `"install-cni"` |  |
-| cni.image.tag | string | `"1.23.4"` |  |
+| cni.image.tag | string | `"1.23.5"` |  |
 | cni.podAnnotations | object | `{}` | k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
 | cni.nodeSelector | object | `{}` | k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
 | cni.affinity | object | `{}` | k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
@@ -120,7 +120,7 @@ helm install istio chart/
 | hardened.customAuthorizationPolicies | list | `[]` |  |
 | hardened.ingressGateway.authzRules[0] | object | `{}` |  |
 | waitJob.enabled | bool | `true` |  |
-| waitJob.scripts.image | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.8"` |  |
+| waitJob.scripts.image | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.10"` |  |
 | waitJob.permissions.resources[0] | string | `"istio-controlplane"` |  |
 | defaultSecurityHeaders.enabled | bool | `true` |  |
 

chart/Chart.lock

 dependencies:
 - name: gluon
   repository: oci://registry1.dso.mil/bigbang
-  version: 0.5.4
-digest: sha256:33c77cf1fe529ee2f45a5fdf596ce2ff4adbbb5188ab9282b0179c217603968d
-generated: "2024-09-16T10:47:18.274586-06:00"
+  version: 0.5.14
+digest: sha256:ca97065348736cfb1457f4d0e53021d2329c81bd34d3a489fd122493be4fa875
+generated: "2025-02-19T15:59:06.572683-05:00"

chart/Chart.yaml

@@ -3,44 +3,44 @@ name: istio
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.23.4-bb.0
+version: 1.23.5-bb.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 1.23.4
+appVersion: 1.23.5
 kubeVersion: ">=1.28.0-0"
 description: Configurable Deployment of Istio Custom Resources Wrapped Inside a Helm Chart.
 sources:
   - https://github.com/istio/istio/tree/master/pilot
 dependencies:
   - name: gluon
-    version: "0.5.4"
+    version: "0.5.14"
     repository: "oci://registry1.dso.mil/bigbang"
 annotations:
   bigbang.dev/maintenanceTrack: bb_integrated
   bigbang.dev/applicationVersions: |
-    - Istio: 1.23.4
-    - Tetrate Istio Distro: 1.23.4
+    - Istio: 1.23.5
+    - Tetrate Istio Distro: 1.23.5
   helm.sh/images: |
     - name: pilot
-      image: registry1.dso.mil/ironbank/opensource/istio/pilot:1.23.4
+      image: registry1.dso.mil/ironbank/opensource/istio/pilot:1.23.5
     - name: proxyv2
-      image: registry1.dso.mil/ironbank/opensource/istio/proxyv2:1.23.4
+      image: registry1.dso.mil/ironbank/opensource/istio/proxyv2:1.23.5
     - name: install-cni
       condition: openshift
-      image: registry1.dso.mil/ironbank/opensource/istio/install-cni:1.23.4
+      image: registry1.dso.mil/ironbank/opensource/istio/install-cni:1.23.5
     - name: install-cni-fips
       condition: enterprise
-      image: registry1.dso.mil/ironbank/tetrate/istio/install-cni:1.23.4-tetratefips-v0
+      image: registry1.dso.mil/ironbank/tetrate/istio/install-cni:1.23.5-tetratefips-v0
     - name: proxyv2-fips
       condition: enterprise
-      image: registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.23.4-tetratefips-v0
+      image: registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.23.5-tetratefips-v0
     - name: pilot-fips
       condition: enterprise
-      image: registry1.dso.mil/ironbank/tetrate/istio/pilot:1.23.4-tetratefips-v0
+      image: registry1.dso.mil/ironbank/tetrate/istio/pilot:1.23.5-tetratefips-v0
     - name: base
       image: registry1.dso.mil/ironbank/big-bang/base:2.1.0
     - name: kubectl
-      image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.8
+      image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.10
   bigbang.dev/upstreamReleaseNotesMarkdown: |
     - [Find upstream chart's release notes and CHANGELOG here](https://istio.io/latest/news/releases/)

chart/dashboards/Kptfile

@@ -5,7 +5,7 @@ metadata:
 upstream:
   type: git
   git:
-    commit: e0508c3e94a50a41e33f39362e0825913b6d0521
+    commit: 9c05c4ae29323b549c0f3b5308a16f59602f0ab3
     repo: https://github.com/istio/istio
     directory: /manifests/addons/dashboards
-    ref: 1.23.4
+    ref: 1.23.5

chart/values.yaml

@@ -4,14 +4,14 @@ profile: default
 # -- The hub to use for all images, images are built as ".Values.hub/COMPONENT_NAME:.Values.tag"
 hub: registry1.dso.mil/ironbank/opensource/istio
 # -- The tag to use for all images
-tag: 1.23.4
+tag: 1.23.5
 
 # -- Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support,
 # validated through the FIPs Boring Crypto module.
 # Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription
 enterprise: false
 tidHub: registry1.dso.mil/ironbank/tetrate/istio
-tidTag: 1.23.4-tetratefips-v0
+tidTag: 1.23.5-tetratefips-v0
 
 # -- The domain to use for the default gateway
 domain: dev.bigbang.mil
@@ -205,7 +205,7 @@ cni:
   image:
     hub: registry1.dso.mil/ironbank/opensource/istio
     name: install-cni
-    tag: 1.23.4
+    tag: 1.23.5
   # -- k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
   podAnnotations: {}
   # -- k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
@@ -347,7 +347,7 @@ hardened:
 waitJob:
   enabled: true
   scripts:
-    image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.8
+    image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.10
   permissions:
     resources:
      - istio-controlplane

docs/DEVELOPMENT_MAINTENANCE.md

@@ -2,7 +2,7 @@
 
 1. Checkout the branch that renovate created. This branch will have the image tag updates and typically some other necessary version changes that you will want. You can either work off of this branch or branch off of it.
 1. Update the dashboards via `kpt`. You should be able to run `kpt pkg update chart/dashboards@<version> --strategy force-delete-replace` (ex: `kpt pkg update chart/dashboards@1.14.3 --strategy force-delete-replace`).
-1. Update version references for the Chart. `version` should be `<version>-bb.0` (ex: `1.14.3-bb.0`) and `appVersion` should be `<version>` (ex: `1.14.3`). Also validate that the BB annotation for the main Istio version is updated (leave the Tetrate version as-is unless you are updating those images).
+1. Update version references for the Chart in `chart/Chart.yaml. `version` should be `<version>-bb.0` (ex: `1.14.3-bb.0`) and `appVersion` should be `<version>` (ex: `1.14.3`). Also validate that the BB annotation for the main Istio version is updated (leave the Tetrate version as-is unless you are updating those images).
 1. Verify that chart/values.yaml `tag` and `tidTAG` have been updated to the new version.
 1. Add a changelog entry for the update. At minimum mention updating the image versions.
 1. Update the readme following the [steps in Gluon](https://repo1.dso.mil/platform-one/big-bang/apps/library-charts/gluon/-/blob/master/docs/bb-package-readme.md).

docs/dev-overrides/istio-testing-local-keycloak.yaml

@@ -26,6 +26,15 @@ istioOperator:
   #   tag: null
   #   branch: "renovate/ironbank"
 
+kyverno:
+  enabled: true
+
+kyvernoPolicies:
+  enabled: true
+
+kyvernoReporter:
+  enabled: true
+
 jaeger:
   enabled: true
   sso:

docs/dev-overrides/istio-testing.yaml

@@ -37,6 +37,15 @@ istioOperator:
   #   tag: null
   #   branch: "renovate/ironbank"
 
+kyverno:
+  enabled: true
+
+kyvernoPolicies:
+  enabled: true
+
+kyvernoReporter:
+  enabled: true
+
 jaeger:
   enabled: true
 

tests/images.txt

-registry1.dso.mil/ironbank/opensource/istio/install-cni:1.23.4
-registry1.dso.mil/ironbank/tetrate/istio/install-cni:1.23.4-tetratefips-v0
-registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.23.4-tetratefips-v0
-registry1.dso.mil/ironbank/tetrate/istio/pilot:1.23.4-tetratefips-v0
+registry1.dso.mil/ironbank/opensource/istio/install-cni:1.23.5
+registry1.dso.mil/ironbank/tetrate/istio/install-cni:1.23.5-tetratefips-v0
+registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.23.5-tetratefips-v0
+registry1.dso.mil/ironbank/tetrate/istio/pilot:1.23.5-tetratefips-v0
 registry1.dso.mil/ironbank/big-bang/base:2.1.0