Update istio to v1.14.1 #6271
Update istio to v1.14.1 #6271
Conversation
gardener-prow
bot
added
area/networking
|
/hold |
gardener-prow
bot
added
the
do-not-merge/hold
ScheererJ
force-pushed
the
istio/update-1.14.1
branch
from
8010428
to
00c9f61
Compare
gardener-prow
bot
removed
the
do-not-merge/hold
ScheererJ
force-pushed
the
istio/update-1.14.1
branch
3 times, most recently
from
56fec0c
to
de247bf
Compare
ScheererJ
force-pushed
the
istio/update-1.14.1
branch
3 times, most recently
from
4958e92
to
17f01a5
Compare
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| package istio |
There was a problem hiding this comment.
| package istio | |
| package istio_test |
Since these methods appear to only be used in the istio_test package and so that they do not get imported every time the istio package is inported
There was a problem hiding this comment.
Actually, they are not used in istio_test at all, but in kubeapiserverexposure_test, vpnauthzserver_test and vpnseedserver_test. This is why I added them simply to istio package to have them in a common place where they fit.
Feel free to suggest a different place, but istio_test does not work as the functions need to be imported in three different locations.
There was a problem hiding this comment.
Ah sorry. You could move the BeComparableToMatcher matcher to pkg/utils/test/matchers.
Not sure what would be the best place for the CmpOptsFor... helper functions though.
There was a problem hiding this comment.
Any reason why CmpOptsFor... should not be in pkg/utils/test/matchers as well? Those functions only make sense for the BeComparableToMatcher (or if go-cmp would be used separately).
There was a problem hiding this comment.
My reasoning would be that BeComparableToMatcher is pretty generic and can be used for other tests as well, whereas the current CmpOptsFor... functions are particularly related to istio.
I dug a bit in our folders and I think you could place the helper functions in e.g. pkg/botanist/component/test/istiocomponent.go
There was a problem hiding this comment.
Split the content into pkg/utils/test/matchers and pkg/botanist/component/test/istiocomponent.go as suggested.
Let me know in case further changes are required.
pkg/operation/botanist/component/vpnseedserver/vpn_seed_server.go
Outdated
Show resolved
Hide resolved
| @@ -35,12 +41,16 @@ spec: | |||
| image: {{ .Values.image }} | |||
| imagePullPolicy: IfNotPresent | |||
| securityContext: | |||
| allowPrivilegeEscalation: false | |||
| # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 | |||
There was a problem hiding this comment.
Hmm here's the same comment, but no check if k8s version is higher than 1.22. Is that ok?
There was a problem hiding this comment.
Indeed in the original (https://github.com/istio/istio/blob/1.14.1/manifests/charts/gateway/templates/deployment.yaml#L52), there is a corresponding check for the kubernetes version surrounding the block. However, we already used this configuration before, which means it already worked. I added the comment to reduce the diff while retaining the same behaviour as before.
Apparently, with kubernetes versions below 1.22 we could not use privileged ports in istio, which was never a loss for us.
ScheererJ
force-pushed
the
istio/update-1.14.1
branch
from
17f01a5
to
d1e35d9
Compare
|
/retest |
1 similar comment
|
/retest |
ScheererJ
force-pushed
the
istio/update-1.14.1
branch
from
d1e35d9
to
2898c1a
Compare
gardener-prow
bot
added
the
needs-rebase
ScheererJ
force-pushed
the
istio/update-1.14.1
branch
from
2898c1a
to
0937c58
Compare
gardener-prow
bot
removed
the
needs-rebase
|
The managedseed test seems to fail with: "proxyconfigs.networking.istio.io", which was added with the update of the istio crds, should be added to the gardenlet clusterrole: |
ScheererJ
force-pushed
the
istio/update-1.14.1
branch
from
0937c58
to
973439b
Compare
Thanks for pointing this out. I added it in the latest commit (together with the version labels suggested by @DockToFuture). |
Addressed with latest commit. |
ScheererJ
force-pushed
the
istio/update-1.14.1
branch
from
973439b
to
b378c04
Compare
|
@ScheererJ: The following test failed, say
Full PR test history. Your PR dashboard. Command help for this repository. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: plkokanov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
gardener-prow
bot
added
the
approved
|
I am curious how you tested this change in local setup guys? |
PTAL #6330 |
I tested this in the "old" local setup, meaning I used a shooted seed. |
|
I ran it in the entirely local setup, newly created seed, newly created shoot. Then I also tried creating a seed before the istio update, then checking out the change with the istio update and restarting gardenlet, to see if updates to already existing seeds would cause errors, but didn't encounter any problems. |
* 'master' of github.com:gardener/gardener: (51 commits) Switch extension controller to `logr` and streamline/cleanup logs (gardener#6332) Switch `./test/...` packages to `logr` and drop `github.com/sirupsen/logrus` dependency (gardener#6316) Only check shoot conditions during hibernation integration test (gardener#6325) Add dashboard for monitoring conntrack race failures. (gardener#6329) Reconcile quota before rbac (gardener#6326) Update istio to v1.14.1 (gardener#6271) Update gardenlet's base image to alpine:3.16.0 (gardener#6321) Update envoy proxy to v1.21.4 (gardener#6320) Deploy the metrics server to the kind cluster (gardener#6301) Fix tools download for aarch64 (arm64) (gardener#6314) update with latest CA releases (gardener#6295) Add missing unit tests for the predicates provided by the extensions library (gardener#6249) [GEP-19] Monitoring Stack - Migrating to the `prometheus-operator` (gardener#6151) Revert "Recreate DWD deployment if needed" (gardener#6307) Update to golang 1.18.4 (gardener#6300) Cleaned up imports in vpn-seed-server (gardener#6315) Prepare next Dev Cycle v1.52.0-dev Release v1.51.0 Add pre/post reconciliation/deletion hooks for the Worker resource (gardener#6290) Update the supported values in the usage text of the `--leader-election-resource-lock` flag (gardener#6304) ...
How to categorize this PR?
/area networking
/kind enhancement
What this PR does / why we need it:
Update istio to v1.14.1.
Which issue(s) this PR fixes:
None
Special notes for your reviewer:
The istio go library is updated only to v1.14.0 as there is no corresponding release, yet. However, this should be sufficient for now.
Release note:
/cc @DockToFuture