Update Istio Operator to v1.9.7

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.9.7-bb.0]
+### Changed
+- Updated Istio to 1.9.7
+
 ## [1.8.4-bb.2]
 ### Added
 - Added network policies for istio operator

chart/Chart.yaml

 apiVersion: v1
 name: istio-operator
-version: 1.8.4-bb.2
+version: 1.9.7-bb.0
 tillerVersion: ">=2.7.2"
 description: Helm chart for deploying Istio operator
 keywords:
@@ -9,4 +9,4 @@ keywords:
 sources:
   - https://github.com/istio/istio/tree/master/operator
 engine: gotpl
-icon: https://istio.io/latest/favicons/android-192x192.png
\ No newline at end of file
+icon: https://istio.io/latest/favicons/android-192x192.png

chart/Kptfile

@@ -5,7 +5,7 @@ metadata:
 upstream:
   type: git
   git:
-    commit: 97e10d79b8b5b32be0f92175586a4e11c466e640
-    repo: git@github.com:istio/istio
+    commit: 501c07f3ca45400cd42fa276c4c14a66518956a8
+    repo: https://github.com/istio/istio
     directory: /manifests/charts/istio-operator
-    ref: 1.8.4
+    ref: 1.9.7

chart/crds/crd-all.gen.yaml → chart/crds/customresourcedefinitions.gen.yaml

+# Synced with https://github.com/istio/api/blob/1.9.7/kubernetes/customresourcedefinitions.gen.yaml
 # DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs.
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
@@ -1287,6 +1288,10 @@ spec:
                                 description: Applies only to sidecars.
                                 format: string
                                 type: string
+                              destinationPort:
+                                description: The destination_port value used by a
+                                  filter chain's match condition.
+                                type: integer
                               filter:
                                 description: The name of a specific filter to apply
                                   the patch to.
@@ -2469,7 +2474,8 @@ spec:
                         format: int32
                         type: integer
                       perTryTimeout:
-                        description: Timeout per retry attempt for a given request.
+                        description: Timeout per attempt for a given request, including
+                          the initial call and any retries.
                         type: string
                       retryOn:
                         description: Specifies the conditions under which retry takes
@@ -2889,11 +2895,11 @@ spec:
                 - exec
               properties:
                 exec:
-                  description: health is determined by how the command that is executed
+                  description: Health is determined by how the command that is executed
                     exited.
                   properties:
                     command:
-                      description: command to run.
+                      description: Command to run.
                       items:
                         format: string
                         type: string
@@ -2911,7 +2917,7 @@ spec:
                       format: string
                       type: string
                     httpHeaders:
-                      description: headers the proxy will pass on to make the request.
+                      description: Headers the proxy will pass on to make the request.
                       items:
                         properties:
                           name:
@@ -2927,7 +2933,7 @@ spec:
                       format: string
                       type: string
                     port:
-                      description: port on which the endpoint lives.
+                      description: Port on which the endpoint lives.
                       type: integer
                     scheme:
                       format: string
@@ -2948,7 +2954,7 @@ spec:
                   format: int32
                   type: integer
                 tcpSocket:
-                  description: health is determined by if the proxy is able to connect.
+                  description: Health is determined by if the proxy is able to connect.
                   properties:
                     host:
                       format: string
@@ -3053,6 +3059,7 @@ spec:
               - CUSTOM
               type: string
             provider:
+              description: Specifies detailed configuration of the CUSTOM action.
               properties:
                 name:
                   description: Specifies the name of the extension provider.
@@ -3248,6 +3255,19 @@ metadata:
     release: istio
   name: peerauthentications.security.istio.io
 spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.mtls.mode
+    description: Defines the mTLS mode used for peer authentication.
+    name: Mode
+    type: string
+  - JSONPath: .metadata.creationTimestamp
+    description: 'CreationTimestamp is a timestamp representing the server time when
+      this object was created. It is not guaranteed to be set in happens-before order
+      across separate operations. Clients may not set this value. It is represented
+      in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
+      lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
+    name: Age
+    type: date
   group: security.istio.io
   names:
     categories:

chart/files/gen-operator.yaml

@@ -75,9 +75,7 @@ rules:
   - daemonsets
   - deployments
   - deployments/finalizers
-  - ingresses
   - replicasets
-  - statefulsets
   verbs:
   - '*'
 - apiGroups:
@@ -183,7 +181,7 @@ spec:
       serviceAccountName: istio-operator
       containers:
         - name: istio-operator
-          image: gcr.io/istio-testing/operator:1.8-dev
+          image: gcr.io/istio-testing/operator:1.9-dev
           command:
           - operator
           - server

chart/templates/clusterrole.yaml

@@ -57,9 +57,7 @@ rules:
   - daemonsets
   - deployments
   - deployments/finalizers
-  - ingresses
   - replicasets
-  - statefulsets
   verbs:
   - '*'
 - apiGroups:

chart/templates/deployment.yaml

@@ -48,12 +48,7 @@ spec:
               value: {{.Values.waitForResourcesTimeout | quote}}
             - name: REVISION
               value: {{.Values.revision | quote}}
-
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8}}
-      {{- end }}
-
+      {{- /* Big Bang Additions below */ -}}
       {{- with .Values.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}

chart/templates/service_account.yaml

@@ -3,4 +3,10 @@ kind: ServiceAccount
 metadata:
   namespace: {{.Values.operatorNamespace}}
   name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+- name: {{ . }}
+{{- end }}
+{{- end }}
 ---

chart/values.yaml

-hub: registry1.dso.mil/ironbank/opensource/istio-1.8
-tag: 1.8.4
+hub: registry1.dso.mil/ironbank/opensource/istio
+tag: 1.9.7
+
+# ImagePullSecrets for operator ServiceAccount, list of secrets in the same namespace
+# used to pull operator image. Must be set for any cluster configured with private docker registry.
+imagePullSecrets: []
 
 operatorNamespace: istio-operator
 
@@ -23,11 +27,9 @@ operator:
       cpu: 50m
       memory: 128Mi
 
-# Additions from upstream
+## Big Bang Additions below this line ##
 createNamespace: true
 
-imagePullSecrets: [ ]
-
 nodeSelector: {}
 
 affinity: {}

tests/test-values.yml

@@ -2,7 +2,7 @@ istio:
   enabled: false
 createNamespace: false
 imagePullSecrets:
-- name: private-registry
+- private-registry
 networkPolicies:
   enabled: true
   controlPlaneCidr: 172.16.0.0/12