UNCLASSIFIED - NO CUI

Skip to content

Renovate Istiod 1.27.1

RENOVATE_TOKENrequested to merge
renovate/istiod-1.x into main

This MR contains the following updates:

Package Update Change
istiod patch 1.27.0 -> 1.27.1

Complete MR checklist

Assignee

  • Followed upgrade instructions outlined in docs/DEVELOPMENT_MAINTENANCE.md
  • Update Docs with new/updated steps as needed
    • Added missing overrides, and updated dev maintenance docs
  • Tested and Validated Changes made with supporting info like logs or screenshots from test pipelines
    • Istio 1.27.1 Clean Install
    • Upgrade Istio 1.27.0 to 1.27.1
    • Istio 1.27.1 with local Keycloak
    • Clean install with Istio-CNI enabled
    • BB Test Pipeline

Add supporting info below

Clean install

~ % vers="1.27.1"                                                                       
kubectl get helmrelease -A | grep -E "NAME|$vers" ; \
kubectl get pods -l app.kubernetes.io/version="$vers" -A -o custom-columns='NAMESPACE:.metadata.namespace,POD:.metadata.name,IMAGES:.spec.containers[*].image'
NAMESPACE   NAME                         AGE     READY   STATUS
bigbang     istio-crds                   6m14s   True    Helm install succeeded for release istio-system/istio-crds.v1 with chart istio-crds@1.27.1-bb.0
bigbang     istiod                       6m14s   True    Helm install succeeded for release istio-system/istiod.v1 with chart istiod@1.27.1-bb.0
bigbang     passthrough-ingressgateway   6m14s   True    Helm install succeeded for release istio-gateway/passthrough-ingressgateway.v1 with chart gateway@1.27.1-bb.0
bigbang     public-ingressgateway        6m14s   True    Helm install succeeded for release istio-gateway/public-ingressgateway.v1 with chart gateway@1.27.1-bb.0
NAMESPACE       POD                                           IMAGES
istio-gateway   passthrough-ingressgateway-754cbbc4b5-nkl8j   registry1.dso.mil/ironbank/opensource/istio/proxyv2:1.27.1
istio-gateway   public-ingressgateway-6684f95544-f468q        registry1.dso.mil/ironbank/opensource/istio/proxyv2:1.27.1
istio-system    istiod-5c785fdf56-hk4cm                       registry1.dso.mil/ironbank/opensource/istio/pilot:1.27.1

Istio packges upgrade test from 1.27.0 to 1.27.1

~ % helm history -n bigbang istio-crds && helm history -n bigbang istiod && helm history -n bigbang public-ingressgateway
REVISION	UPDATED                 	STATUS    	CHART                 	APP VERSION	DESCRIPTION     
1       	Mon Sep  8 18:27:43 2025	superseded	istio-crds-1.27.0-bb.0	1.27.0     	Install complete
2       	Mon Sep  8 18:34:41 2025	deployed  	istio-crds-1.27.1-bb.0	1.27.1     	Upgrade complete
REVISION	UPDATED                 	STATUS    	CHART             	APP VERSION	DESCRIPTION     
1       	Mon Sep  8 18:27:53 2025	superseded	istiod-1.27.0-bb.0	1.27.0     	Install complete
2       	Mon Sep  8 18:34:51 2025	deployed  	istiod-1.27.1-bb.0	1.27.1     	Upgrade complete
REVISION	UPDATED                 	STATUS    	CHART              	APP VERSION	DESCRIPTION     
1       	Mon Sep  8 18:28:03 2025	superseded	gateway-1.27.0-bb.0	1.27.0     	Install complete
2       	Mon Sep  8 18:34:41 2025	deployed  	gateway-1.27.1-bb.0	1.27.1     	Upgrade complete

Istio 1.27.1 packages with local keycloak

Screenshot_2025-09-08_at_4.21.05_PM

Istio-CNI 1.27.1 test

~ % kubectl get helmrelease -A | grep "1.27.1"
bigbang     istio-cni                    27m   True    Helm install succeeded for release kube-system/istio-cni.v1 with chart istio-cni@1.27.1-bb.0
bigbang     istio-crds                   27m   True    Helm install succeeded for release istio-system/istio-crds.v1 with chart istio-crds@1.27.1-bb.0
bigbang     istiod                       27m   True    Helm install succeeded for release istio-system/istiod.v1 with chart istiod@1.27.1-bb.0
bigbang     passthrough-ingressgateway   27m   True    Helm install succeeded for release istio-gateway/passthrough-ingressgateway.v1 with chart gateway@1.27.1-bb.0
bigbang     public-ingressgateway        27m   True    Helm install succeeded for release istio-gateway/public-ingressgateway.v1 with chart gateway@1.27.1-bb.0
~ % echo -e "NAMESPACE\tPOD\tINITCONTAINER"
kubectl get pods -A -o json | jq -r '.items[] | . as $pod | .spec.initContainers[]? | select(.name=="istio-init" or .name=="istio-validation")
  | [$pod.metadata.namespace, $pod.metadata.name, .name] | @tsv' | column -t

NAMESPACE	POD	INITCONTAINER
authservice       authservice-6476bf5598-6m6dk                               istio-validation
authservice       authservice-6476bf5598-7zkcv                               istio-validation
authservice       authservice-authservice-redis-bb-master-0                  istio-validation
kiali             kiali-6b69f45f8b-7dd6h                                     istio-validation
kiali             kiali-kiali-kiali-operator-658479f757-4ddb4                istio-validation
kyverno-reporter  policy-reporter-7c474df5d9-jc9kv                           istio-validation
kyverno-reporter  policy-reporter-kyverno-plugin-776456744-wdm4j             istio-validation
kyverno-reporter  policy-reporter-ui-5b459d568-kt2xv                         istio-validation
monitoring        alertmanager-monitoring-monitoring-kube-alertmanager-0     istio-validation
monitoring        monitoring-grafana-6bcf784b94-fntr4                        istio-validation
monitoring        monitoring-monitoring-kube-operator-8558847699-s4hnn       istio-validation
monitoring        monitoring-monitoring-kube-state-metrics-78d78b6995-6hvnp  istio-validation
monitoring        monitoring-monitoring-prometheus-node-exporter-2jrnm       istio-validation
monitoring        monitoring-monitoring-prometheus-node-exporter-h6hn6       istio-validation
monitoring        monitoring-monitoring-prometheus-node-exporter-phjnf       istio-validation
monitoring        monitoring-monitoring-prometheus-node-exporter-vthz8       istio-validation
monitoring        prometheus-monitoring-monitoring-kube-prometheus-0         istio-validation
tempo             tempo-tempo-0                                              istio-validation

Reviewer only

  • Tested and Validated changes

Important

Release Notes retrieval for this MR were skipped because no github.com credentials were available. If you are self-hosted, please see this instruction.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

  • If you want to rebase/retry this MR, check this box

This MR was automatically generated by Renovate Bot.

Upgrade Notices

"N/A"

Edited by Luis Gomez

Merge request reports

UNCLASSIFIED - NO CUI