From 8ecd5ffab3f077e41feff43e6467b9fa1866d9c8 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 11 Dec 2024 10:14:49 -0700
Subject: [PATCH] chore(deps): update istio to v1.24.1 (#962)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [base](https://redirect.github.com/istio/istio) | minor | `1.23.2` ->
`1.24.1` |
|
[cgr.dev/du-uds-defenseunicorns/istio-pilot-fips](https://images.chainguard.dev/directory/image/istio-pilot-fips/overview)
([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/istio-fips))
| minor | `1.23.2` -> `1.24.1` |
|
[cgr.dev/du-uds-defenseunicorns/istio-proxy-fips](https://images.chainguard.dev/directory/image/istio-proxy-fips/overview)
([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/istio-fips))
| minor | `1.23.2` -> `1.24.1` |
| docker.io/istio/pilot | minor | `1.23.2-distroless` ->
`1.24.1-distroless` |
| docker.io/istio/proxyv2 | minor | `1.23.2-distroless` ->
`1.24.1-distroless` |
| [gateway](https://redirect.github.com/istio/istio) | minor | `1.23.2`
-> `1.24.1` |
| [istiod](https://redirect.github.com/istio/istio) | minor | `1.23.2`
-> `1.24.1` |
|
[registry1.dso.mil/ironbank/tetrate/istio/pilot](https://cloudsmith.io/~tetrate/repos/getistio-containers/packages/detail/docker/pilot)
([source](https://repo1.dso.mil/dsop/tetrate/istio/1.24/pilot)) | minor
| `1.23.2-tetratefips-v0` -> `1.24.1-tetratefips-v0` |
|
[registry1.dso.mil/ironbank/tetrate/istio/proxyv2](https://cloudsmith.io/~tetrate/repos/getistio-containers/packages/detail/docker/proxyv2)
([source](https://repo1.dso.mil/dsop/tetrate/istio/1.24/proxyv2)) |
minor | `1.23.2-tetratefips-v0` -> `1.24.1-tetratefips-v0` |

---

### Release Notes

<details>
<summary>istio/istio (base)</summary>

###
[`v1.24.1`](https://redirect.github.com/istio/istio/releases/tag/1.24.1):
Istio 1.24.1

[Compare
Source](https://redirect.github.com/istio/istio/compare/1.24.0...1.24.1)

[Artifacts](http://gcsweb.istio.io/gcs/istio-release/releases/1.24.1/)
[Release
Notes](https://istio.io/news/releases/1.24.x/announcing-1.24.1/)

###
[`v1.24.0`](https://redirect.github.com/istio/istio/releases/tag/1.24.0):
Istio 1.24.0

[Compare
Source](https://redirect.github.com/istio/istio/compare/1.23.3...1.24.0)

[Artifacts](http://gcsweb.istio.io/gcs/istio-release/releases/1.24.0/)
[Release Notes](https://istio.io/news/releases/1.24.x/announcing-1.24/)

###
[`v1.23.3`](https://redirect.github.com/istio/istio/releases/tag/1.23.3):
Istio 1.23.3

[Compare
Source](https://redirect.github.com/istio/istio/compare/1.23.2...1.23.3)

[Artifacts](http://gcsweb.istio.io/gcs/istio-release/releases/1.23.3/)
[Release
Notes](https://istio.io/news/releases/1.23.x/announcing-1.23.3/)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/uds-core).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjM5LjU4LjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
---
 src/istio/common/zarf.yaml             | 15 +++++++--------
 src/istio/values/registry1-values.yaml |  6 +++---
 src/istio/values/unicorn-values.yaml   |  6 +++---
 src/istio/values/upstream-values.yaml  |  6 +++---
 src/istio/zarf.yaml                    | 18 +++++++++---------
 5 files changed, 25 insertions(+), 26 deletions(-)

diff --git a/src/istio/common/zarf.yaml b/src/istio/common/zarf.yaml
index 9de933358..9980e23db 100644
--- a/src/istio/common/zarf.yaml
+++ b/src/istio/common/zarf.yaml
@@ -13,11 +13,11 @@ components:
     charts:
       - name: base
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.23.2
+        version: 1.24.1
         namespace: istio-system
       - name: istiod
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.23.2
+        version: 1.24.1
         namespace: istio-system
         valuesFiles:
           - "../values/values.yaml"
@@ -28,14 +28,13 @@ components:
     actions:
       onDeploy:
         before:
-          - description: "Fix helm ownership if necessary for clean helm upgrade"
+          - description: "Add helm ownership if necessary for clean helm upgrade"
             mute: true
             cmd: |
-              ./zarf tools kubectl annotate EnvoyFilter misdirected-request -n istio-system meta.helm.sh/release-name=uds-global-istio-config --overwrite || true
-              ./zarf tools kubectl annotate EnvoyFilter remove-server-header -n istio-system meta.helm.sh/release-name=uds-global-istio-config --overwrite || true
-              ./zarf tools kubectl annotate PeerAuthentication default-istio-system -n istio-system meta.helm.sh/release-name=uds-global-istio-config --overwrite || true
-              ./zarf tools kubectl annotate PeerAuthentication permissive-pepr-webhook -n pepr-system meta.helm.sh/release-name=uds-global-istio-config --overwrite || true
-              ./zarf tools kubectl annotate PeerAuthentication permissive-pepr-webhook-watcher -n pepr-system meta.helm.sh/release-name=uds-global-istio-config --overwrite || true
+              # Commands pulled from https://istio.io/latest/news/releases/1.24.x/announcing-1.24/upgrade-notes/#istio-crds-are-templated-by-default-and-can-be-installed-and-upgraded-via-helm-install-istio-base
+              ./zarf tools kubectl label $(./zarf tools kubectl get crds -l chart=istio -o name && ./zarf tools kubectl get crds -l app.kubernetes.io/part-of=istio -o name) "app.kubernetes.io/managed-by=Helm" --overwrite || true
+              ./zarf tools kubectl annotate $(./zarf tools kubectl get crds -l chart=istio -o name && ./zarf tools kubectl get crds -l app.kubernetes.io/part-of=istio -o name) "meta.helm.sh/release-name=base" --overwrite || true
+              ./zarf tools kubectl annotate $(./zarf tools kubectl get crds -l chart=istio -o name && ./zarf tools kubectl get crds -l app.kubernetes.io/part-of=istio -o name) "meta.helm.sh/release-namespace=istio-system" --overwrite || true
         after:
           - description: "Ensure istio-injection is enabled for Pepr"
             mute: true
diff --git a/src/istio/values/registry1-values.yaml b/src/istio/values/registry1-values.yaml
index 17f229fea..62661f45c 100644
--- a/src/istio/values/registry1-values.yaml
+++ b/src/istio/values/registry1-values.yaml
@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 pilot:
-  image: registry1.dso.mil/ironbank/tetrate/istio/pilot:1.23.2-tetratefips-v0
+  image: registry1.dso.mil/ironbank/tetrate/istio/pilot:1.24.1-tetratefips-v0
 global:
   proxy_init:
     # renovate: image=registry1.dso.mil/ironbank/tetrate/istio/proxyv2
-    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.23.2-tetratefips-v0"
+    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.24.1-tetratefips-v0"
   proxy:
     # renovate: image=registry1.dso.mil/ironbank/tetrate/istio/proxyv2
-    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.23.2-tetratefips-v0"
+    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.24.1-tetratefips-v0"
diff --git a/src/istio/values/unicorn-values.yaml b/src/istio/values/unicorn-values.yaml
index 4d112b8c3..e382763ad 100644
--- a/src/istio/values/unicorn-values.yaml
+++ b/src/istio/values/unicorn-values.yaml
@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 pilot:
-  image: "cgr.dev/du-uds-defenseunicorns/istio-pilot-fips:1.23.2"
+  image: "cgr.dev/du-uds-defenseunicorns/istio-pilot-fips:1.24.1"
 global:
   proxy_init:
     # renovate: image=cgr.dev/du-uds-defenseunicorns/istio-proxy-fips
-    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.23.2"
+    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.24.1"
   proxy:
     # renovate: image=cgr.dev/du-uds-defenseunicorns/istio-proxy-fips
-    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.23.2"
+    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.24.1"
diff --git a/src/istio/values/upstream-values.yaml b/src/istio/values/upstream-values.yaml
index 800d39f62..ff0f5871b 100644
--- a/src/istio/values/upstream-values.yaml
+++ b/src/istio/values/upstream-values.yaml
@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 pilot:
-  image: "docker.io/istio/pilot:1.23.2-distroless"
+  image: "docker.io/istio/pilot:1.24.1-distroless"
 global:
   proxy_init:
     # renovate: image=docker.io/istio/proxyv2
-    image: "###ZARF_REGISTRY###/istio/proxyv2:1.23.2-distroless"
+    image: "###ZARF_REGISTRY###/istio/proxyv2:1.24.1-distroless"
   proxy:
     # renovate: image=docker.io/istio/proxyv2
-    image: "###ZARF_REGISTRY###/istio/proxyv2:1.23.2-distroless"
+    image: "###ZARF_REGISTRY###/istio/proxyv2:1.24.1-distroless"
diff --git a/src/istio/zarf.yaml b/src/istio/zarf.yaml
index 21bae304e..03b88b419 100644
--- a/src/istio/zarf.yaml
+++ b/src/istio/zarf.yaml
@@ -24,8 +24,8 @@ components:
         valuesFiles:
           - "values/upstream-values.yaml"
     images:
-      - "docker.io/istio/pilot:1.23.2-distroless"
-      - "docker.io/istio/proxyv2:1.23.2-distroless"
+      - "docker.io/istio/pilot:1.24.1-distroless"
+      - "docker.io/istio/proxyv2:1.24.1-distroless"
 
   - name: istio-controlplane
     required: true
@@ -38,8 +38,8 @@ components:
         valuesFiles:
           - "values/registry1-values.yaml"
     images:
-      - registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.23.2-tetratefips-v0
-      - registry1.dso.mil/ironbank/tetrate/istio/pilot:1.23.2-tetratefips-v0
+      - registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.24.1-tetratefips-v0
+      - registry1.dso.mil/ironbank/tetrate/istio/pilot:1.24.1-tetratefips-v0
 
   - name: istio-controlplane
     required: true
@@ -52,15 +52,15 @@ components:
         valuesFiles:
           - "values/unicorn-values.yaml"
     images:
-      - cgr.dev/du-uds-defenseunicorns/istio-pilot-fips:1.23.2
-      - cgr.dev/du-uds-defenseunicorns/istio-proxy-fips:1.23.2
+      - cgr.dev/du-uds-defenseunicorns/istio-pilot-fips:1.24.1
+      - cgr.dev/du-uds-defenseunicorns/istio-proxy-fips:1.24.1
 
   - name: istio-admin-gateway
     required: true
     charts:
       - name: gateway
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.23.2
+        version: 1.24.1
         releaseName: admin-ingressgateway
         namespace: istio-admin-gateway
       - name: uds-istio-config
@@ -75,7 +75,7 @@ components:
     charts:
       - name: gateway
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.23.2
+        version: 1.24.1
         releaseName: tenant-ingressgateway
         namespace: istio-tenant-gateway
       - name: uds-istio-config
@@ -90,7 +90,7 @@ components:
     charts:
       - name: gateway
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.23.2
+        version: 1.24.1
         releaseName: passthrough-ingressgateway
         namespace: istio-passthrough-gateway
       - name: uds-istio-config