From ab85fef55da924a1f27f55329e57bde02d3d0972 Mon Sep 17 00:00:00 2001
From: RENOVATE_BOT
<group_3988_bot_6690300925770a391b8033731fdaab32@noreply.repo1.dso.mil>
Date: Fri, 21 Feb 2025 20:07:18 +0000
Subject: [PATCH] Renovate Update Istio to 1.23.5
---
CHANGELOG.md | 12 +++++++++
README.md | 10 ++++----
chart/Chart.lock | 6 ++---
chart/Chart.yaml | 24 +++++++++---------
chart/charts/gluon-0.5.14.tgz | Bin 0 -> 4680 bytes
chart/charts/gluon-0.5.4.tgz | Bin 4492 -> 0 bytes
chart/dashboards/Kptfile | 4 +--
chart/values.yaml | 8 +++---
docs/DEVELOPMENT_MAINTENANCE.md | 2 +-
.../istio-testing-local-keycloak.yaml | 9 +++++++
docs/dev-overrides/istio-testing.yaml | 9 +++++++
tests/images.txt | 8 +++---
12 files changed, 61 insertions(+), 31 deletions(-)
create mode 100644 chart/charts/gluon-0.5.14.tgz
delete mode 100644 chart/charts/gluon-0.5.4.tgz
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3137211b..daefe4c2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,18 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
+
+## [1.23.5-bb.0] - 2025-02-19
+### Changed
+- ironbank/opensource/istio/install-cni updated from 1.23.4 to 1.23.5
+- ironbank/opensource/istio/pilot updated from 1.23.4 to 1.23.5
+- ironbank/opensource/istio/proxyv2 updated from 1.23.4 to 1.23.5
+- ironbank/opensource/kubernetes/kubectl updated from v1.30.8 to v1.30.10
+- ironbank/tetrate/istio/install-cni updated from 1.23.4 to 1.23.5
+- ironbank/tetrate/istio/pilot updated from 1.23.4 to 1.23.5
+- ironbank/tetrate/istio/proxyv2 updated from 1.23.4 to 1.23.5
+- Updated Gluon to v0.5.14
+
## [1.23.4-bb.0] - 2025-01-13
### Changed
- ironbank/opensource/istio/install-cni updated from 1.23.3 to 1.23.4
diff --git a/README.md b/README.md
index fede976a..56e6d590 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# istio
-  
+  
Configurable Deployment of Istio Custom Resources Wrapped Inside a Helm Chart.
@@ -45,10 +45,10 @@ helm install istio chart/
|-----|------|---------|-------------|
| profile | string | `"default"` | The istio profile to use |
| hub | string | `"registry1.dso.mil/ironbank/opensource/istio"` | The hub to use for all images, images are built as ".Values.hub/COMPONENT_NAME:.Values.tag" |
-| tag | string | `"1.23.4"` | The tag to use for all images |
+| tag | string | `"1.23.5"` | The tag to use for all images |
| enterprise | bool | `false` | Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support, validated through the FIPs Boring Crypto module. Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription |
| tidHub | string | `"registry1.dso.mil/ironbank/tetrate/istio"` | |
-| tidTag | string | `"1.23.4-tetratefips-v0"` | |
+| tidTag | string | `"1.23.5-tetratefips-v0"` | |
| domain | string | `"dev.bigbang.mil"` | The domain to use for the default gateway |
| mtls.mode | string | `"STRICT"` | STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic |
| revision | string | `""` | Revision of the Istio control plane |
@@ -94,7 +94,7 @@ helm install istio chart/
| tracing.sampling | int | `10` | percent of traces to send to jaeger |
| cni.image.hub | string | `"registry1.dso.mil/ironbank/opensource/istio"` | |
| cni.image.name | string | `"install-cni"` | |
-| cni.image.tag | string | `"1.23.4"` | |
+| cni.image.tag | string | `"1.23.5"` | |
| cni.podAnnotations | object | `{}` | k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
| cni.nodeSelector | object | `{}` | k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
| cni.affinity | object | `{}` | k8s affinity / anti-affinity. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity |
@@ -120,7 +120,7 @@ helm install istio chart/
| hardened.customAuthorizationPolicies | list | `[]` | |
| hardened.ingressGateway.authzRules[0] | object | `{}` | |
| waitJob.enabled | bool | `true` | |
-| waitJob.scripts.image | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.8"` | |
+| waitJob.scripts.image | string | `"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.10"` | |
| waitJob.permissions.resources[0] | string | `"istio-controlplane"` | |
| defaultSecurityHeaders.enabled | bool | `true` | |
diff --git a/chart/Chart.lock b/chart/Chart.lock
index 213d9200..c8ab3aa9 100644
--- a/chart/Chart.lock
+++ b/chart/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: gluon
repository: oci://registry1.dso.mil/bigbang
- version: 0.5.4
-digest: sha256:33c77cf1fe529ee2f45a5fdf596ce2ff4adbbb5188ab9282b0179c217603968d
-generated: "2024-09-16T10:47:18.274586-06:00"
+ version: 0.5.14
+digest: sha256:ca97065348736cfb1457f4d0e53021d2329c81bd34d3a489fd122493be4fa875
+generated: "2025-02-19T15:59:06.572683-05:00"
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index c60ffc99..b3fde7a0 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -3,44 +3,44 @@ name: istio
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.23.4-bb.0
+version: 1.23.5-bb.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 1.23.4
+appVersion: 1.23.5
kubeVersion: ">=1.28.0-0"
description: Configurable Deployment of Istio Custom Resources Wrapped Inside a Helm Chart.
sources:
- https://github.com/istio/istio/tree/master/pilot
dependencies:
- name: gluon
- version: "0.5.4"
+ version: "0.5.14"
repository: "oci://registry1.dso.mil/bigbang"
annotations:
bigbang.dev/maintenanceTrack: bb_integrated
bigbang.dev/applicationVersions: |
- - Istio: 1.23.4
- - Tetrate Istio Distro: 1.23.4
+ - Istio: 1.23.5
+ - Tetrate Istio Distro: 1.23.5
helm.sh/images: |
- name: pilot
- image: registry1.dso.mil/ironbank/opensource/istio/pilot:1.23.4
+ image: registry1.dso.mil/ironbank/opensource/istio/pilot:1.23.5
- name: proxyv2
- image: registry1.dso.mil/ironbank/opensource/istio/proxyv2:1.23.4
+ image: registry1.dso.mil/ironbank/opensource/istio/proxyv2:1.23.5
- name: install-cni
condition: openshift
- image: registry1.dso.mil/ironbank/opensource/istio/install-cni:1.23.4
+ image: registry1.dso.mil/ironbank/opensource/istio/install-cni:1.23.5
- name: install-cni-fips
condition: enterprise
- image: registry1.dso.mil/ironbank/tetrate/istio/install-cni:1.23.4-tetratefips-v0
+ image: registry1.dso.mil/ironbank/tetrate/istio/install-cni:1.23.5-tetratefips-v0
- name: proxyv2-fips
condition: enterprise
- image: registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.23.4-tetratefips-v0
+ image: registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.23.5-tetratefips-v0
- name: pilot-fips
condition: enterprise
- image: registry1.dso.mil/ironbank/tetrate/istio/pilot:1.23.4-tetratefips-v0
+ image: registry1.dso.mil/ironbank/tetrate/istio/pilot:1.23.5-tetratefips-v0
- name: base
image: registry1.dso.mil/ironbank/big-bang/base:2.1.0
- name: kubectl
- image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.8
+ image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.10
bigbang.dev/upstreamReleaseNotesMarkdown: |
- [Find upstream chart's release notes and CHANGELOG here](https://istio.io/latest/news/releases/)
diff --git a/chart/charts/gluon-0.5.14.tgz b/chart/charts/gluon-0.5.14.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..c99d9e0f44b4d35311fda2b49ee005cbbea4fb67
GIT binary patch
literal 4680
zcmV-O61VLiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<!bK5wU`K({@mT_e)Z%9h=)vKxAt#p#kWY$SsNhaG<sV)~p
zLK0$<U<05Wx0C(tTL2G%H+A@!tXLICBp)7t2fPFCkY-*)1N-?LF=1UJ-+Ocm*I+Oh
zoE#mg{|AFX@&Cc_==9O>==5kb7z_ueCyxfh(cx(D2nM$?nBo<2f!L$L#(fnh_b+mx
zkbJ_76B>+RG3vRPJB)-v-9LjfGGT~a!{4yygCjQyOeuq3$m|ys%z6Rx@fg$=>WS+R
zkHL!@^cE@3fpu&Rk9zk#&D~XV#r!X@A9_e&ZeK)#cw3ePZTx?Fcv9g1qr=nV9sl3O
zb#r5aeb7_ez*1}PV>ZKZMLZAUkK&5LKcBrhgKU=o3S6L(2qOVvj)7qwdBW;_oD&WL
zT`CAbjG=3wQxJ28F)WZ5VLtAes)?W>I5ZIWt4N<D*g;B_xEThzz>E<WbJ%w=7bHMZ
zH1(UBOc2Mg&uPRQ-0vOO-@o_dBwaiu0S2QuQv(u!JvpTD&oCv73$U`s%OS{@jQamX
zz6bjxaJ<OH@`H=Nf(66ALeYnBvM&^Q0`^_v2<R_+2)!00qgEt>#!ch3(MBh+XHYnB
z<;V8*FY^CnVhYR!w=bOQkYUap8cfN|N8$QHp@sj4ho{3l|BnX8!^0i_-^EpC4YmAM
zvijz7`6XXv%tEGMeNqf<O(v>E{TmAhXyReDA#>)&uy;uUcMQ)}A8%0D^RYlK5@_55
zh>Z*5<_4_TJbf#f{QGw^KQyBUfP#PuB^kJE31G~z=UaSk&ndk$#vsRG^2l*8=Vbu%
z3X|Df7-KNZV?({?#KjI`7U6<Wi%^>cU$7&_U`&z6u>|ta1baz;5}V?iF(i{sCcs1F
z;4#QayvH6!9II)l$C4iDWN&U@-};q!m|L$rIsqeQ!epv89%1{y=v&WtOe^>XffN~m
zfKh?vt3OtVz`AwLB+61U#-dw_uKh$h_O<0sUf1u3Y5;v(D8NJ(R!Hc56ozslR;N8$
z6oS<s@0;-+$ki(U!-eA^;%{OSw#fg{$?<Vf{*Q*ko&3Lxt4%J13&#?nx3S=_fk?V(
zhp-S6WQv@|{!-Xbsu(VC5DVGv(E5l?)2vok=PA7SM7_wz&n17Xrn<s~V|3II4^zAG
z5IeEn>P%WLC_^(zEzT2q^Z<%aV@j-zP809|NKxbsb#XEg6W(Lw{tqJpzY84P19@^$
z2ZaQH;XfkTV|<s5Zq-43Ab;XcN@$gjttwoy>b)uNTEH@gHv?8OdP|dPe(&C>$o89=
zBdN&jXREfYJ#Y*1zg7RUC<rjy$RpIO|3|~q<HMr<ADo=-^#5I4Z9*kk{(=b*U{IO@
z_V)|y)lXaYb*4%bCv}S&btSDSJGc+EnP|<#RTgW87qNGSk6|uE$j7!lBVry+EQk8G
z(yPheiAN{4kGR0h_EA8l@xe|`kjEhM{300jk~^1hM~d-lJCR?K^&X!co{Y@1!;}92
zH2~$-N(XgC#Js!`v3BoUiL&oonXUt^tyJDl7*#y7Qe~LFGfHMd$mrMW=jZ=0;)TdH
z`UZbQRLHe}$0@bOFdPj0tfNd(=lk`DPrCGaCgD`qdb8?&M}vlrE5_ktpR()fr(Fs2
zMnNaEDK@Pk&*&$gw2!MBiQ@j3R4TTvTcOcW{TS+QJDQ6eI}sz|`g!d6O^mK6c*g(1
zF;m-PuzdE4(J0g&P76=!&m(PyX%`p^e+?;1@o~%+#KF%Them-|TB_BOild?}T7M(C
zACUmF%t#Gdu*+el25J>S<>jCdO^8PX!F>4?z-2Vl?@f4ic9z{UjNEsDcm1AHp}bMo
zTws3;f<-t1Y9f05`#j<0Mf^6yT0v-zaD(9);euTcEtgZvC!Reavk3}jrbAL!*?4$p
z4Nt9skspz^Zz~?Cp3WoBJEtCTuE+3t`j(1whB*#WN;}l|QQ)SuGr_PYB(Nul&yD3X
z(^=kp%g8Di3gItK#5^!Ln7_gKyAL0g;uzbuM;+wNDHr46@nA5p|A>f4|G~F!iuQkj
zm+#+a=;DnDFMoUe@#6Wr7cYMvWUn|DVB+kyWrw?jOa4rF|6_h3RZq^Gf|0z3c%|oP
zfnkDi07-M#$n}S%U68}#gkW>#*awz#ZGGWjOGLVFGv8ic8IZ&O{25FaY$xJ^`tbYj
ze+4neL7{{AZG9h*!B0sA@)G!yCtwC(?CpCM$g*xm|7p8;VF!`t^^K~bUCrc*oEK2Y
z%|wIDbYM87xlL`#T`i@!8#%%bk#mV=nA@?jZrTi8r6xs;$xe1Bx4v+#^Zg+F3MuEY
zC;-!(FnYx?182^tkHIwO7`dK&|Kv$|W9|J{Uv9yQ=UOjq5@8jo&|%Z&#Im-Km(c_}
z!UIY0%p)w<u+BzIDPyJ>pDY)%w2qMBcd>^BUat!cp|%T`xE+Sky12nKr;PgMlz2E<
zF>V*gTHvi!AKu|A=ez*9b(RcU&6pmYar>a1CsVmLrBUE!{2^Pb(5#9ghg1`5^71cT
z!oZZ0M(?iS0HU>BRFAY9Dt!^9aIKh0Knv4QGpn0SZtFEtlsgRLfX}JefUp{pmFTN?
zz8;zL!(R#UYDCXXaZ9vc5Es)8$R4*}iQ-9@>k&H}Z&!4ykvN@Bcj|5=@H9*t*ln80
zMg;8LWEwQ>XrUqqZ{(RmGt<)}K&;$d!nCpa680R4`MA=iDB+MW9Wm&ZST+Rh%)x7r
zaORY|^}~i<{jjzpDZjc5HV2m?(fF_njw<jJRlMK2U@1VR2pT3br#`j=>SEgpLcgoE
z9$UE5O4s&jMn3gYKN=Q0jUkGrwuY)*!*|#3>uC4lPRM}jCKSUp9Ui(r+UCTSKdyG_
zu1f@=0rEa+ykC|_BJ^NCN%pe(u&1Sb{IuQ_bB}PaD9fAQUc9<^{_gFsuU}pK?cJM~
z+K7}ZatwxKU88QrF4XztBFX(N%x6!%OnkpE{uzvcb!;6O<(V@S%y8=ac!5JKXYCNo
ziz+Bt75oRpE|S=RZ4|+(`u`cM^kW6mZdxOy$<0jx`S<U}mYpRD9A)*VqF}*mUvlg)
zEM7{G9Lku|dzVjPZy}eY5qSlt-rT5dx_1eCm841EFVyx;y^T$7nFg6rH;Ejhw6?9~
zq;@Y+`-4I>xphh<k33Ywpg}n}qDEI)hA49|E2n;m=JJZ2z^kH59O4xiV{h_$qmA2c
zX{-sdx{+4-rfO+zjEst57)P&&(Khk+rn!B?Fc*l4)bscjFR(P5V#BcD60S1FoHTiI
zIgk}HCu<Bg?1$p|1z}^j`JNv^!6K~%%$uF{_{vsaEo|9Zs|C%OWVKLDop!dx((P1l
zh&8WJmkyTk$EC&AtXjG$mX)ovqyY-tPPtbrrCgN=Sz`u<Rq0n+;6vWN?U;a7B^TQI
zmq$Kjfo5HX${saRgVca({jl=wHkNlKTeL~D<`w7B8k5SREFY9MF37f!kp&XiOoKe@
zW<ezh3tP!n-#lwkb5>U*6%|H4L5>j@o}@`gHS=#qqh)MZof3??()0&NE?a#)(kYf#
zrAW>7Gsd(f>vtMjmX)iGZoTZW*8DFy4Zc}HU|at8QK|m-^mMqZ|GSf`jrBQF%wCxY
z{UMhVQIX5lk|1#(>CY>PJ?i1o?4?w&P$cG*kw4Y2tjnLcMW~(8<vsQAO4N`Y-4i`n
z<i$mqC?qPohL7R1Vf>!UjfT%g7Lw%Z-2$^o{9HvWji+GDu#o?GgscDKFsbqT$`qfF
zz$L+KUBdqoH(#0lNw@d44AjH#@l;|;7ouUtJpgT|b=+S(ntZ{IP>Ws3zgy(mmDXIT
z*)Cd7%A%Zk)U3W0_pSz??Y*Mmbl+n7)~<T}AAb?V7RrBH>wixUOZ8uehohbTzl*Dm
zJLA<~tNgdhI}oEQd#Kwh#FCatHsF>@h;y_1p(}_J@@-Z<+(n$1Hq7=<i*jStobS^8
zwdsMfwA<D@*i~~+x5DJR)jDnRe+%V5E%JXj8Vp9o^WVwI$xi;?#nr;jId7Wz0HptB
zl|;#`?yHb!I9Q>y_Eu^o=7|3{zD~&uhSE++#Jqk1v-?<?Y0H+x)=4mvHuNhb@D;jN
z0^XzaG77<13=J@nlZKIWXvTE~*=^E%7B@HgYNw^BXCDL-k<uE4ek>lpS(XT>ugcNe
zo>Aoff;<#Bn8g?pbe5;TX~6J0?lNht<Fk^{XszYpH`n@CrRK7471Hq4b(yTdezH;-
z4ugb7zr-JkesSYD<>Hw~5RapVCXg^mPDoH#B+Oz-5?Jm2aptE_(k`kxuq3z^95B<!
zzO@Ye-*l^XxmmCDMPuA#40m7ovaDE9Q*V@1T0TUV;*u-ME=e#`0Z2O+I?NTFRF|C;
z3QzK-CtEK*Db<+hRTP{#`N9cR_R%GSHLDRxlIygWrKHXWP;8LQH>(`b=bYx=cba#c
zgj+5Th$*r}RguuYy=2!?CbHFK=u^rd-t|BNIQT2Lw2*g|5o+%y2K-))3F0WZAVGxx
zT6mM2r2?G$)P;Zlx<pz4h*O76(=;kyypMu_1hZvx%d)B=D^OT=b+0ZBaNW{uo<H22
zC9KKDE*ZMp&URdldy3KZ^3K=CU3|M{vg5K_DQKIsp*N>fYVCH(3Qe`f1IY@l&ofL1
zTA62<zN|{o(-KX)q#Wk@xv!MNrunp`9G2T|kaE~Hp)l=q<AlNzqRkQt8_;bdp|Fg8
zgM`9bWZOw799Cup4!a~2wl-Zmp|C=AtddVya--f!T3SJ?G;5Ul=@j6N)pN9}l}g7{
z!j{Pvl*q~o<Uyu#nVNgE>2sTtxtxz={(p5b>khhpX9DY=@7n{pyYBO<@c&;SBJ2zK
zcN@XqF7e-^VbTA8e7gJo&pWxwl2$If`eS~flMVr33Ho<BsR;ojZ%ZM7^m%;<pwM!=
z0bn)17;~raZ%DZ?Nx%j2yr=3W3TF(t_%>p}De<=!3RWC_ixJ?uEwgC|xO!_<1J&v0
z`i<6%XMO$L$UqM*2HYtBztG7xehQ=|{(E>hEXx0r-S2<g(RFjv#LM-8-+Pt%6C|AZ
zGVSy4bW)P~?P1+!-SCA@Zc#A|<rXn2K;o=fGgOCnV+`t{3N2$7yH6*0N*OlQQ<Zs3
zXz(-!nj)e{k5i70N3Bx_K*2y3M=O7^T?0`}j*O*qs>;y-P<K9TJR@eu^;|?yJ7gyV
z$S{?^K(2Q0<eIdE;tIhyiE|lR+(I~R%fT`wtm`5VyQoe#6st#dN{(5m^xq{Oyn%I`
z5BeoOyy57lH##AzyoW2Hs11q(AkU*$=Zq|fhiCXDcaVqTpLtU@sP1&E37{t-bogvM
zJ3CWV0LyW=2G1c)RC!AS30D2GklCWW(Xv^V-{e;v7i)_4<l{Y(c>tiQ<??*MYnv~l
zYB}d>^9XeJpw@Lu#}#f&X!6YJ=NrghD_NhWX-b2?(cb6iftm^33zgax-j-6uHakad
z*;YW2plUzo>GP3Z;vnJAZSNIEJ^Vm-%ld^~O}j@`q5Poxr=oVOR}rd6sUKqI6E2C(
zt*nLqLw72B&WMl5kOnT2m_<2YQ4D%5^>L>WEJLNG5rov`2COrTq%5xM7!-K9{~4A-
zJFcVyFs|fjXAP>{2Ja>XQvcd4TwfyC#>r`Y*bmCkol69_qc63h$BJ^sE>g8it>nsV
z(B|OWJnr}d_%%0)IHu*8Ek@;z%$jk%KBZept!%O#v2)hx?QLvbi|&YCWmfFc81C?j
z<3E<PBgibE4BtW@E%E=sak2h;I65Bf>i_QKdJN}C2+RTwf<n9n;A)Nom_)>rObO}F
zPguRjpnl<<M`4_S$LHAdVCK;Y`0|iKg4t7G*h7LWu=-jw?KukE-eU;xOj&2JA2K{8
zU$Gk>lm4x5!Mnh_1{$cAa!3$j1|A8p)w5oFxcDF_!@bAwJpS>FPtQMqOBnB2Ga_vD
zHy(b^n*7OZ^*4PmpV{(HddnAqy+kxY&SezBlz5o;4lI5Z_71EGy6hcT!k3>ZBeUMY
z|MnikC&UPiIJ|!GlJ~5TQE4vsEaGBh$KZ^9=~)ZzP#4=fnY6oh*Y0}A*Z&0o0RR6v
KeLEuniU0uMmp>~2
literal 0
HcmV?d00001
diff --git a/chart/charts/gluon-0.5.4.tgz b/chart/charts/gluon-0.5.4.tgz
deleted file mode 100644
index 02d39224f49e24a94e6a24e0f268ace2f9115217..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 4492
zcmV;75p(VziwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<$lhe4C^Etobtm)!*da<3PAIxTIc8dXq%iRXLfXmJ;YKl^9
zB@t~~9!XA<Y1rSsCHWEg?L7K1Y*a;vE$K))Ixn4bl%9DJ4eY0L#Duj(zW2iol)+#y
zI6FB}{|^R(;{Su;$=MIXle4q4;qdX`^zjda;pq7I_y-u=#AJ#k;sUWB23wC+T-;xz
zppbmPj1wA+VKM5tm^+MwLOnl$b24FwE#dFj^TCls0#nN17c%<=1+!j&d^`q4LOrnz
z@ff_gLvNA799XB;N$;*#xi57k=6`|x&_e=q`%@%{w_{1r#{Z9xi~N6bG92#t|2E3?
zwF&l7PmzJ8_TI;AhT)2M9>ib86@`C2d36pMl>iD{ppgh80b-7UVIFzH>b;*64gy`O
z7JwK-OQ2H_bA~Z2kQZS-?wP8KpdmOk5crEo-z3mMN|m@92D-qE5f^hfbTJnsKvFdI
zo4QO8$8gAL#2no39ogT$_2eR5JS71JqqtH7k_HEIO5>klN*EVlWv^FLkd=)3|3bb8
zha_;k$i?!Di@$&c!@dI1hp%!h6nO#;UE&DnuSN*H79gWmAcDqS<Gs;lC!uGpaNx?X
z?fYNk|H;G@m<w)ya+V>(oI5m_l9`Xf&4oe>{|}EJ5A*y#8k~+E@A>~WN|`m(_FKvB
zo2%`Ye3dZ^nS%8}F|;+As2=q-77ozF!-^nt=EkshNdk8aPt_Q&P}uXaKrRw!+yjV>
z3*-74tk^t#Et&k=H#0vqqX&S3fC?oUxa<jF%(3TNd~VMvy)?!k=V9{5aWLoQ2Idte
zv$-(FV3?<ds^`ST4q_JJf>4W4n*^V+BgSA%k;k!Y<e>@nlJO)o#W!O}7Mm=9hseQW
zkc)VWJ&ZV3%TTW+KGMZrU&EpGEAcS5UU+l@M$ClCQf)lK_L0%Ip70n~@D&0nG6Dgk
z0?Su_tq_5A`<zLXm1K-Xw-jB6iFE91+nrR`(?fLwoh($tL>5*^=tC5Sav@eH8Z8RJ
z>aTarc=x2V%KvcTc!>Dhn1n6ze{^<wT9p5z(dl0P-$rSZ3*o}CMCffT_-k4u!?d@s
z5EEpIoW}9ewxLupT;L!UvfW$jGd4}LT3ubF?ZpS`MLvEi`C~oR6)qg3qlUPj+Kq?U
ziS<@z)N(-?nn`SNp5UVgP<$I>Vq<WcfCoSdBd@57lZBY@79;n67!mkQ;NTv}lZ!ei
zBn=q;Ba$P=Puc9&ozy$>C+?(#*7@41!X>NTnewh}SmyBNhLw!o(xsZ;yLT$G{dVR^
zDl+@ouI-8jZb1IG>VFmm0cKlygqrpLXfPNY7xn+(>};?9Z=<vcm1O%1CP08eX$m+z
zEU;HU?b+9vDp8!&Eo#)Yw5A;3F4ShCH4|4^tQnrg-WfiIxey^A+xCozc{H&c>f1`M
zCZ7|JPHZ1>ftl^2fK20qom?P~o5=HvVAM;VT*4hG#+P;?za;BDI6pocndir6{{d<O
z%B_`7>WYYYc_(7+-nSBE-?uVd2U=gLyqz$rcx9!^Fs(C6W<$v6m*vxoe;V;d<T`zY
zKO!pRUciGCTVogw27WeBrl|Addc-GPMm?A9)X;jj>T#uzsU5gt9zOOdTUNjAikMfb
zb%L8>*BbPUe)LKEyt<(%9)E?UV(+>g8lBY7q3*GxxyZ2-F(Q^vW6y75bVb1v{!fmX
zB9Fo9-3vyeP<uHoys1Brv>B#d+F1BYNLdPxW40g;e&RSZ3dG7%t(H_A6>ZV_2g&`2
z1ej$;YS02*PBS%7s}L%SgF-YR9uWld)ms3U(NKRj;mP@V_RKJH-vr+BEu}(vqn2D?
ze++^}IBC>`^!oZd;$<Ozn_;b5XpV4$;ThqAEr*uNspS*To{-rD1vAqjsjF-}Jhq0%
z*2u`uNTb_|7iy%7$n!3!N1WvtUQS<AaltUhL5gXI`aTNW6n7>V_JjoX1o64CdS^PT
zhp!o01w$eH&54)?CI|C3xOnsKy;2-w+xDn~ygB7!JUkr?2KFBj5$Qkp`c>inZ}9x>
z+YDSxnDG3!m+wD4ee>-3&x5RrV*w`49$P5fC0z1n!u#*@8>vQe<`j&i9^##zqXmWu
z#sMVVT_ZOhmUcl7iW7p(nPVSW&eHnK!Ipq@-)6qQzB3@F|M4T3F4#`Q1@+<g-+uxz
z$3bC$xVC-_$l6ay1@KbyhY!IFz&JScDu89fjQ-Ph@xl%w&+8jiQ@fhU9l0ogki<lT
z%yeKlq&cECB~?o)?naKVL*!hd8Rm9uteZANSE)%6L$VX<<kn}d4SpDeUm)c?76o9M
z6GpE%X5h>j^)Z;{93$70^$#DG3G3j$`jP}I-fN?@NrZKzLI<MFiDhjgFQW-|ga;Dg
znMYXeVV#YbV#Z7%K3r{PX&)hj?_v)Nyx9;MK#dAlupNfcrm(>@r;PgMlz2GVF>V*o
zTHvj9U*6&_=ez*9eU=Pc&6wO_7zcb#1-FmdSrfp&bO{4fN{<Q<4QC4t#G-K$YXP?F
z$fI%93*utB@q&}yo2@k)x+}Qa6>deG8l)|BtfpRxfP?Ey+NA?6l(+YlwEr}dDmB+)
zLF^Ky&DED}FOZmzE9HL)hHTRjg03~QDQNZ~uK~iDQy$h28%FiRQiph#yG*mtG6kS<
zLl-Dj%~Mbwoz=mZQy<#_b+K&)q2JXgiVX>A3~3~mp;%Sw7I<;cxJA*T(Ll8e((Yn(
z6CqlpmaI|Tg5q{fHd^;ryIi<(d(<x7b%`J}K;8$9ZOfuWgdQ9wIW<-v4z$SnkDDzq
z_X-D#vZ(m&*^5t4-@N|y<%>^$fAi|OHY4Tn8G|9Y&e-vRD``hry=4_Fcx@%e4#VQP
zY?1@XP%y)AaQO%h7BK#~8F&R5USF#{IJks^{O%;UNb47BZ&Hs%)6uShA?g;9qk`7H
zwPezM(rkZGh)A_AspQpziZ~XiLsHau+|B@HPAcUXEa6<1*paj@xWuVe0WtPSZ8qDu
z?~dl00IQp6)%ms-*T%@Gn1*rkf*5TJZ||C;8-}?+Or+k6*LZ=YI*$#Of?KJ|NN~~w
ztkp!;$iAvEB(NWf<uk&@aQ!VmgMy`0+c0kq)i%r77`3g+HbiYx&7>%`>1;ftBvNlV
zG-JKX0IRsf%EV|^7u}S_+Ga)40R?WSoQ$<nF-nN6v0K8bv<%H5Dj#2WOw6d_^|tZl
z@j{tQ*^r?!pp4XlGN4-Kul=}-?On@wYSNZ@Wq7i|qB8I6JEdU@@+xFxfdn>F=kKQ3
z5lJ9(Ct0l9XESL|tcqlV!ptYgG2(>uG&!MW{mo#sNUpV;jFSZ9caU_l{(huOEbmGY
zo115nXj|6rG_@>SPn+FcWR>j8U!}C>|44G>+g%82%l|z&d0e>v_4x7e{{Gjklr|C1
zkrL{aiLmc-G4YCAo|XXlU8KLRrQWEAORJaC-$Id?Q%3$&)3Ppq<QAcJhL^Y0!)swf
z4s=KOV38MJ%0nSh*%f>Y9}VO8Ty89UG_sHsS9J@_Ch>a}u`(WkF~dUs=Mk>{kHcif
z?`vaxLIRfrvrQ5IOWb{J{3pZS)izKMzr|AtDcy*M754x%O6y2pJeqvQj!>Ij$-g_~
z+O_svnNwY?8!3x&W^l8arnq;#_8ILJ4dlBP(>GS?^?&?B06Vz;*?Rx;?6`FQ=lEow
z|9dN?jyvPs-{|^hl@}-mSB@^U-w;ZACfQ&+x<Z;;-FJP1G(q2Xw@15(^Af@A-YXyp
ztL7Y^($}_*gA%oEc7U(uo^BUYZ&&NI$^RW(|7el_!_i<cDxLoZqrLpUjncx-Ij^aC
z52XKgH%XFJ-PJ{s;b4ucl{b<rKS%t(@iIj-7)m=OxzhC;m_5hJOxw1&*8vG;(uRJ4
z1inH`CEz_uFQX8Q#n1pFIcXTlfM%Rmo;@brXK{C<uP7}AJ$omRh?LeSjAQY*W|bnY
zekw)pdrp!23-VClU=~A2z*(MN(*WURJY>>Yhi4_T(R$0nZ?5;RO3h`zDx<-x8#38}
z!(^v27zPQAeu+O6{^HJa%Ec3pARb42O(0>+11SiLgjvi`HdfR>&f+m~B1h!_mTayC
zfy^{3!&)V6Tz9+eaJ|{p2aR!)Io$ruht-V*we&_wrRB18xm<8X*(C{PD$s1_Ld3aC
z2i4aO3KtLZR}Xf6`Ji;iK+mG*%*iLttF-?vnW@<wfh6@$t1Kmo-h*WGWW8DDxW48z
z_j-+t+;Vz&jFA<niiGanCD4{KjIAzHpHc=f)dLCO=qGS#u3kgb!FAm5TQwwzvmpct
zBK%XKCbvq}aPCtV{{71eXrV!TX~i^6qq5>{6a*xgt-4#5Ro$`zgk@Kc>e2w$ZO!&M
z$<3L^nr!Tn^?Qr?rxn~&%%Uh$zCQ0_?Z&yM>9A7JHfLCGkEhhy?UJsVYK?o6u3DcX
znohJbM>MUhO0U#1V7sJ?=Ek|JbkU~uw55xd`)-jg+BF$89dzqt&=R2Sl0h55?IIbp
z41SAb&{|--Nd_HOW^@j_B!jkg-8dPvLUpW@3tDoc-b(smL8~-tl=|fq+8gWV;#Dh^
zjwz!pi!CUTwH3&{OxZIv_h!@gHYamA@67!F>SER%bp6f<*1zAi2XbHTvQ+s0uMiRT
zC;7RH;BS}s@5!*}|34e-fB*4TN?Fp%jaMJ$XFBN+0G3VvK_@jKfTXq*0!ZK2hX4va
zcN+j!>x&_G3jc<b3zGy~AkTZG9-?r@kc)337Mvn~XQ5!l(Ki?Yt|OUkL%`LfRo$pg
zKi3mlGn~!!b0Y)Yw-|7v{QpcRyZBQOE%D#u!C5i>dv-EB*~|aiDA(6byj&mny;G?_
zLBg4@(mww|Cnc%h9@cHv4WH@c1{K3ll88~!B+i;OLv?sJ#-LuR&@y(h`)Govlwni7
zRhhSh29M%KQ$+OWamvy0taa=Fs5X$r(aJw;)_@d~BV*;9s&X^{)SV9-&xqM^Jr@zw
z4%x{BGDzhg5UZt~T$h$mTp<`IVXi`pI|#?^I9R5HbzS6PAJypwV*RL2$uSF+{=3A3
zH?U6gLBGU@Hyr)=N=HPM_i!x`wL$Uvuy_&}hmXdS^K+HkznV>JNF37ilh-tm&8jO4
z`6^nCmZP%zeYWaoS5pipAH|U@0RUA!S5`l-?Y@eY<y@xCGtixW+R!ZnS2!o3$=|A<
zS|DH6vMEi|lxBRR70=N<RsP+tAGNEo9VLKmcRJj$1%M(!6+P$i^PXPfAmPtl(+Z;=
zzNgf(`E{)(>QQ$~zEk?CxDnQ?2tcIR4>9uzm&oQ;)<ggEWhy7mh!4Jyh9i<lL^%vm
z3}vmfY^NEl0-&WCgw*8*Y%-1PvRmPb+m$?q<Zrm`jGdC3NPlgvs=tfZ#$4$|tnZY^
zI^V_HjSACl7gpRG>>}v8TuNM<4ca`3+Xwi*0|(+Zp}q9pV~d@)N3&+{ZjR|zR4X%S
zkL;YmcyolUYtcQ@tIUdhzQDf3@gGZ?H)Ix2hHqeumiYhRw0Qq}I66Jq-~YRn@&GQ7
z5SRrV1cjIc;A)Nom_)>rvI5dSKVbD9fcgvHJPP9sJU+*s2Q!aOz?Wws63iX}!yXc3
zfz{97Y41_s_8vfhXUb@V!;s-A`GVc}Q1@?r3*H3Y5@?`$$|*sJ8F(bXR?m9&?$bL#
z8SXuRr|}<8`0(@{xP<YZH6y}SpYim2*5prStIzbsd}hm!^pP(Ddj)8MoXaSLDe*Ax
z9a;P;>>XJXblE$ygfG8SMrOUE|Lr}14~P*Oad`RcIqz8^qtc4+S;WQ2j+-<3xo0i7
eLtSj|MdiNi%f8&_@_zvU0RR7@&5$<$hyVZ(2-Cm-
diff --git a/chart/dashboards/Kptfile b/chart/dashboards/Kptfile
index 9d73c054..1b3f635c 100644
--- a/chart/dashboards/Kptfile
+++ b/chart/dashboards/Kptfile
@@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
- commit: e0508c3e94a50a41e33f39362e0825913b6d0521
+ commit: 9c05c4ae29323b549c0f3b5308a16f59602f0ab3
repo: https://github.com/istio/istio
directory: /manifests/addons/dashboards
- ref: 1.23.4
+ ref: 1.23.5
diff --git a/chart/values.yaml b/chart/values.yaml
index 69c31797..7217bb61 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -4,14 +4,14 @@ profile: default
# -- The hub to use for all images, images are built as ".Values.hub/COMPONENT_NAME:.Values.tag"
hub: registry1.dso.mil/ironbank/opensource/istio
# -- The tag to use for all images
-tag: 1.23.4
+tag: 1.23.5
# -- Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support,
# validated through the FIPs Boring Crypto module.
# Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription
enterprise: false
tidHub: registry1.dso.mil/ironbank/tetrate/istio
-tidTag: 1.23.4-tetratefips-v0
+tidTag: 1.23.5-tetratefips-v0
# -- The domain to use for the default gateway
domain: dev.bigbang.mil
@@ -205,7 +205,7 @@ cni:
image:
hub: registry1.dso.mil/ironbank/opensource/istio
name: install-cni
- tag: 1.23.4
+ tag: 1.23.5
# -- k8s pod annotations. https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# -- k8s nodeSelector. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
@@ -347,7 +347,7 @@ hardened:
waitJob:
enabled: true
scripts:
- image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.8
+ image: registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.10
permissions:
resources:
- istio-controlplane
diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
index b90321d7..e13c858d 100644
--- a/docs/DEVELOPMENT_MAINTENANCE.md
+++ b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -2,7 +2,7 @@
1. Checkout the branch that renovate created. This branch will have the image tag updates and typically some other necessary version changes that you will want. You can either work off of this branch or branch off of it.
1. Update the dashboards via `kpt`. You should be able to run `kpt pkg update chart/dashboards@<version> --strategy force-delete-replace` (ex: `kpt pkg update chart/dashboards@1.14.3 --strategy force-delete-replace`).
-1. Update version references for the Chart. `version` should be `<version>-bb.0` (ex: `1.14.3-bb.0`) and `appVersion` should be `<version>` (ex: `1.14.3`). Also validate that the BB annotation for the main Istio version is updated (leave the Tetrate version as-is unless you are updating those images).
+1. Update version references for the Chart in `chart/Chart.yaml. `version` should be `<version>-bb.0` (ex: `1.14.3-bb.0`) and `appVersion` should be `<version>` (ex: `1.14.3`). Also validate that the BB annotation for the main Istio version is updated (leave the Tetrate version as-is unless you are updating those images).
1. Verify that chart/values.yaml `tag` and `tidTAG` have been updated to the new version.
1. Add a changelog entry for the update. At minimum mention updating the image versions.
1. Update the readme following the [steps in Gluon](https://repo1.dso.mil/platform-one/big-bang/apps/library-charts/gluon/-/blob/master/docs/bb-package-readme.md).
diff --git a/docs/dev-overrides/istio-testing-local-keycloak.yaml b/docs/dev-overrides/istio-testing-local-keycloak.yaml
index af1ad936..13b3796a 100644
--- a/docs/dev-overrides/istio-testing-local-keycloak.yaml
+++ b/docs/dev-overrides/istio-testing-local-keycloak.yaml
@@ -26,6 +26,15 @@ istioOperator:
# tag: null
# branch: "renovate/ironbank"
+kyverno:
+ enabled: true
+
+kyvernoPolicies:
+ enabled: true
+
+kyvernoReporter:
+ enabled: true
+
jaeger:
enabled: true
sso:
diff --git a/docs/dev-overrides/istio-testing.yaml b/docs/dev-overrides/istio-testing.yaml
index 4e963ceb..d8263601 100644
--- a/docs/dev-overrides/istio-testing.yaml
+++ b/docs/dev-overrides/istio-testing.yaml
@@ -37,6 +37,15 @@ istioOperator:
# tag: null
# branch: "renovate/ironbank"
+kyverno:
+ enabled: true
+
+kyvernoPolicies:
+ enabled: true
+
+kyvernoReporter:
+ enabled: true
+
jaeger:
enabled: true
diff --git a/tests/images.txt b/tests/images.txt
index 2c1b2d60..b0b8336e 100644
--- a/tests/images.txt
+++ b/tests/images.txt
@@ -1,5 +1,5 @@
-registry1.dso.mil/ironbank/opensource/istio/install-cni:1.23.4
-registry1.dso.mil/ironbank/tetrate/istio/install-cni:1.23.4-tetratefips-v0
-registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.23.4-tetratefips-v0
-registry1.dso.mil/ironbank/tetrate/istio/pilot:1.23.4-tetratefips-v0
+registry1.dso.mil/ironbank/opensource/istio/install-cni:1.23.5
+registry1.dso.mil/ironbank/tetrate/istio/install-cni:1.23.5-tetratefips-v0
+registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.23.5-tetratefips-v0
+registry1.dso.mil/ironbank/tetrate/istio/pilot:1.23.5-tetratefips-v0
registry1.dso.mil/ironbank/big-bang/base:2.1.0
--
GitLab