diff --git a/Makefile b/Makefile index d8bf2324..8cae809c 100644 --- a/Makefile +++ b/Makefile @@ -23,7 +23,7 @@ PROMETHEUS_VERSION := $(call extract-version,github.com/promethe #### VARS #### SKIPERATOR_CONTEXT ?= kind-$(KIND_CLUSTER_NAME) -KUBERNETES_VERSION = 1.29.0 +KUBERNETES_VERSION = 1.30.0 KIND_IMAGE ?= kindest/node:v$(KUBERNETES_VERSION) KIND_CLUSTER_NAME ?= skiperator diff --git a/config/crd/skiperator.kartverket.no_applications.yaml b/config/crd/skiperator.kartverket.no_applications.yaml index e14da360..b2960755 100644 --- a/config/crd/skiperator.kartverket.no_applications.yaml +++ b/config/crd/skiperator.kartverket.no_applications.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.4 name: applications.skiperator.kartverket.no spec: group: skiperator.kartverket.no diff --git a/config/crd/skiperator.kartverket.no_routings.yaml b/config/crd/skiperator.kartverket.no_routings.yaml index c6877df2..d7420550 100644 --- a/config/crd/skiperator.kartverket.no_routings.yaml +++ b/config/crd/skiperator.kartverket.no_routings.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.4 name: routings.skiperator.kartverket.no spec: group: skiperator.kartverket.no diff --git a/config/crd/skiperator.kartverket.no_skipjobs.yaml b/config/crd/skiperator.kartverket.no_skipjobs.yaml index 9cb5b2bf..ab4a0de2 100644 --- a/config/crd/skiperator.kartverket.no_skipjobs.yaml +++ b/config/crd/skiperator.kartverket.no_skipjobs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.4 name: skipjobs.skiperator.kartverket.no spec: group: skiperator.kartverket.no diff --git a/internal/controllers/application.go b/internal/controllers/application.go index 191b8d80..9adcff0c 100644 --- a/internal/controllers/application.go +++ b/internal/controllers/application.go @@ -3,6 +3,8 @@ package controllers import ( "context" "fmt" + "regexp" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/internal/controllers/common" @@ -30,8 +32,8 @@ import ( nais_io_v1 "github.com/nais/liberator/pkg/apis/nais.io/v1" pov1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" "golang.org/x/exp/maps" - networkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" - securityv1beta1 "istio.io/client-go/pkg/apis/security/v1beta1" + istionetworkingv1 "istio.io/client-go/pkg/apis/networking/v1" + securityv1 "istio.io/client-go/pkg/apis/security/v1" telemetryv1 "istio.io/client-go/pkg/apis/telemetry/v1" appsv1 "k8s.io/api/apps/v1" autoscalingv2 "k8s.io/api/autoscaling/v2" @@ -42,7 +44,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" - "regexp" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client" @@ -83,18 +84,18 @@ func (r *ApplicationReconciler) SetupWithManager(mgr ctrl.Manager) error { Owns(&appsv1.Deployment{}). Owns(&corev1.Service{}). Owns(&corev1.ConfigMap{}). - Owns(&networkingv1beta1.ServiceEntry{}). - Owns(&networkingv1beta1.Gateway{}, builder.WithPredicates( - util.MatchesPredicate[*networkingv1beta1.Gateway](isIngressGateway), + Owns(&istionetworkingv1.ServiceEntry{}). + Owns(&istionetworkingv1.Gateway{}, builder.WithPredicates( + util.MatchesPredicate[*istionetworkingv1.Gateway](isIngressGateway), )). Owns(&telemetryv1.Telemetry{}). Owns(&autoscalingv2.HorizontalPodAutoscaler{}). - Owns(&networkingv1beta1.VirtualService{}). - Owns(&securityv1beta1.PeerAuthentication{}). + Owns(&istionetworkingv1.VirtualService{}). + Owns(&securityv1.PeerAuthentication{}). Owns(&corev1.ServiceAccount{}). Owns(&policyv1.PodDisruptionBudget{}). Owns(&networkingv1.NetworkPolicy{}). - Owns(&securityv1beta1.AuthorizationPolicy{}). + Owns(&securityv1.AuthorizationPolicy{}). Owns(&nais_io_v1.MaskinportenClient{}). Owns(&nais_io_v1.IDPortenClient{}). Owns(&pov1.ServiceMonitor{}). @@ -385,7 +386,7 @@ func handleApplicationCertRequest(_ context.Context, obj client.Object) []reconc return requests } -func isIngressGateway(gateway *networkingv1beta1.Gateway) bool { +func isIngressGateway(gateway *istionetworkingv1.Gateway) bool { match, _ := regexp.MatchString("^.*-ingress-.*$", gateway.Name) return match diff --git a/internal/controllers/namespace.go b/internal/controllers/namespace.go index 3435cd84..65caa97f 100644 --- a/internal/controllers/namespace.go +++ b/internal/controllers/namespace.go @@ -3,6 +3,7 @@ package controllers import ( "context" "fmt" + skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/internal/controllers/common" "github.com/kartverket/skiperator/pkg/log" @@ -12,7 +13,7 @@ import ( "github.com/kartverket/skiperator/pkg/resourcegenerator/networkpolicy/defaultdeny" "github.com/kartverket/skiperator/pkg/resourcegenerator/resourceutils" "github.com/kartverket/skiperator/pkg/util" - istionetworkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" + istionetworkingv1 "istio.io/client-go/pkg/apis/networking/v1" corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/api/errors" @@ -37,7 +38,7 @@ func (r *NamespaceReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&corev1.Namespace{}). Owns(&networkingv1.NetworkPolicy{}). - Owns(&istionetworkingv1beta1.Sidecar{}). + Owns(&istionetworkingv1.Sidecar{}). Owns(&corev1.Secret{}, builder.WithPredicates( util.MatchesPredicate[*corev1.Secret](github.IsImagePullSecret), )). diff --git a/internal/controllers/routing.go b/internal/controllers/routing.go index f76195b8..2b4fbffc 100644 --- a/internal/controllers/routing.go +++ b/internal/controllers/routing.go @@ -3,6 +3,7 @@ package controllers import ( "context" "fmt" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/internal/controllers/common" @@ -13,7 +14,7 @@ import ( "github.com/kartverket/skiperator/pkg/resourcegenerator/istio/virtualservice" networkpolicy "github.com/kartverket/skiperator/pkg/resourcegenerator/networkpolicy/dynamic" "github.com/kartverket/skiperator/pkg/resourcegenerator/resourceutils" - istionetworkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" + istionetworkingv1 "istio.io/client-go/pkg/apis/networking/v1" networkingv1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" @@ -37,9 +38,9 @@ type RoutingReconciler struct { func (r *RoutingReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&skiperatorv1alpha1.Routing{}). - Owns(&istionetworkingv1beta1.Gateway{}). + Owns(&istionetworkingv1.Gateway{}). Owns(&networkingv1.NetworkPolicy{}). - Owns(&istionetworkingv1beta1.VirtualService{}). + Owns(&istionetworkingv1.VirtualService{}). Watches(&certmanagerv1.Certificate{}, handler.EnqueueRequestsFromMapFunc(r.skiperatorRoutingCertRequests)). Watches( &skiperatorv1alpha1.Application{}, diff --git a/internal/controllers/skipjob.go b/internal/controllers/skipjob.go index 05283f9e..6877fd23 100644 --- a/internal/controllers/skipjob.go +++ b/internal/controllers/skipjob.go @@ -3,6 +3,7 @@ package controllers import ( "context" "fmt" + skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/internal/controllers/common" "github.com/kartverket/skiperator/pkg/log" @@ -15,7 +16,7 @@ import ( "github.com/kartverket/skiperator/pkg/resourcegenerator/podmonitor" "github.com/kartverket/skiperator/pkg/resourcegenerator/resourceutils" "github.com/kartverket/skiperator/pkg/resourcegenerator/serviceaccount" - istionetworkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" + istionetworkingv1 "istio.io/client-go/pkg/apis/networking/v1" telemetryv1 "istio.io/client-go/pkg/apis/telemetry/v1" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" @@ -76,7 +77,7 @@ func (r *SKIPJobReconciler) SetupWithManager(mgr ctrl.Manager) error { return nil })). Owns(&networkingv1.NetworkPolicy{}). - Owns(&istionetworkingv1beta1.ServiceEntry{}). + Owns(&istionetworkingv1.ServiceEntry{}). Owns(&telemetryv1.Telemetry{}). // Some NetPol entries are not added unless an application is present. If we reconcile all jobs when there has been changes to NetPols, we can assume // that changes to an Applications AccessPolicy will cause a reconciliation of Jobs diff --git a/pkg/resourcegenerator/istio/authorizationpolicy/authorization_policy.go b/pkg/resourcegenerator/istio/authorizationpolicy/authorization_policy.go index c7fc1e75..6659c3e8 100644 --- a/pkg/resourcegenerator/istio/authorizationpolicy/authorization_policy.go +++ b/pkg/resourcegenerator/istio/authorizationpolicy/authorization_policy.go @@ -2,12 +2,13 @@ package authorizationpolicy import ( "fmt" + skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/pkg/reconciliation" "github.com/kartverket/skiperator/pkg/util" - securityv1beta1api "istio.io/api/security/v1beta1" + securityv1api "istio.io/api/security/v1" typev1beta1 "istio.io/api/type/v1beta1" - securityv1beta1 "istio.io/client-go/pkg/apis/security/v1beta1" + securityv1 "istio.io/client-go/pkg/apis/security/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -54,29 +55,29 @@ func Generate(r reconciliation.Reconciliation) error { return nil } -func getGeneralFromRule() []*securityv1beta1api.Rule_From { - return []*securityv1beta1api.Rule_From{ +func getGeneralFromRule() []*securityv1api.Rule_From { + return []*securityv1api.Rule_From{ { - Source: &securityv1beta1api.Source{ + Source: &securityv1api.Source{ Namespaces: []string{"istio-gateways"}, }, }, } } -func getDefaultDenyPolicy(application *skiperatorv1alpha1.Application, denyPaths []string) securityv1beta1.AuthorizationPolicy { - return securityv1beta1.AuthorizationPolicy{ +func getDefaultDenyPolicy(application *skiperatorv1alpha1.Application, denyPaths []string) securityv1.AuthorizationPolicy { + return securityv1.AuthorizationPolicy{ ObjectMeta: metav1.ObjectMeta{ Namespace: application.Namespace, Name: application.Name + "-deny", }, - Spec: securityv1beta1api.AuthorizationPolicy{ - Action: securityv1beta1api.AuthorizationPolicy_DENY, - Rules: []*securityv1beta1api.Rule{ + Spec: securityv1api.AuthorizationPolicy{ + Action: securityv1api.AuthorizationPolicy_DENY, + Rules: []*securityv1api.Rule{ { - To: []*securityv1beta1api.Rule_To{ + To: []*securityv1api.Rule_To{ { - Operation: &securityv1beta1api.Operation{ + Operation: &securityv1api.Operation{ Paths: denyPaths, }, }, diff --git a/pkg/resourcegenerator/istio/gateway/application.go b/pkg/resourcegenerator/istio/gateway/application.go index 51460698..9293d49a 100644 --- a/pkg/resourcegenerator/istio/gateway/application.go +++ b/pkg/resourcegenerator/istio/gateway/application.go @@ -6,8 +6,8 @@ import ( skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/pkg/reconciliation" "github.com/kartverket/skiperator/pkg/util" - networkingv1beta1api "istio.io/api/networking/v1beta1" - networkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" + networkingv1api "istio.io/api/networking/v1" + networkingv1 "istio.io/client-go/pkg/apis/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -36,15 +36,15 @@ func generateForApplication(r reconciliation.Reconciliation) error { // Generate separate gateway for each ingress for _, h := range hosts.AllHosts() { name := fmt.Sprintf("%s-ingress-%x", application.Name, util.GenerateHashFromName(h.Hostname)) - gateway := networkingv1beta1.Gateway{ObjectMeta: metav1.ObjectMeta{Namespace: application.Namespace, Name: name}} + gateway := networkingv1.Gateway{ObjectMeta: metav1.ObjectMeta{Namespace: application.Namespace, Name: name}} gateway.Spec.Selector = util.GetIstioGatewayLabelSelector(h.Hostname) - gatewayServersToAdd := []*networkingv1beta1api.Server{} + gatewayServersToAdd := []*networkingv1api.Server{} - baseHttpGatewayServer := &networkingv1beta1api.Server{ + baseHttpGatewayServer := &networkingv1api.Server{ Hosts: []string{h.Hostname}, - Port: &networkingv1beta1api.Port{ + Port: &networkingv1api.Port{ Number: 80, Name: "http", Protocol: "HTTP", @@ -56,15 +56,15 @@ func generateForApplication(r reconciliation.Reconciliation) error { determinedCredentialName = *h.CustomCertificateSecret } - httpsGatewayServer := &networkingv1beta1api.Server{ + httpsGatewayServer := &networkingv1api.Server{ Hosts: []string{h.Hostname}, - Port: &networkingv1beta1api.Port{ + Port: &networkingv1api.Port{ Number: 443, Name: "https", Protocol: "HTTPS", }, - Tls: &networkingv1beta1api.ServerTLSSettings{ - Mode: networkingv1beta1api.ServerTLSSettings_SIMPLE, + Tls: &networkingv1api.ServerTLSSettings{ + Mode: networkingv1api.ServerTLSSettings_SIMPLE, CredentialName: determinedCredentialName, }, } diff --git a/pkg/resourcegenerator/istio/gateway/routing.go b/pkg/resourcegenerator/istio/gateway/routing.go index 714dbc87..10a076d1 100644 --- a/pkg/resourcegenerator/istio/gateway/routing.go +++ b/pkg/resourcegenerator/istio/gateway/routing.go @@ -6,8 +6,8 @@ import ( skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/pkg/reconciliation" "github.com/kartverket/skiperator/pkg/util" - networkingv1beta1api "istio.io/api/networking/v1beta1" - networkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" + networkingv1api "istio.io/api/networking/v1" + networkingv1 "istio.io/client-go/pkg/apis/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -32,7 +32,7 @@ func generateForRouting(r reconciliation.Reconciliation) error { return err } - gateway := networkingv1beta1.Gateway{ObjectMeta: metav1.ObjectMeta{Namespace: routing.Namespace, Name: routing.GetGatewayName()}} + gateway := networkingv1.Gateway{ObjectMeta: metav1.ObjectMeta{Namespace: routing.Namespace, Name: routing.GetGatewayName()}} var determinedCredentialName string if h.UsesCustomCert() { @@ -45,10 +45,10 @@ func generateForRouting(r reconciliation.Reconciliation) error { } gateway.Spec.Selector = util.GetIstioGatewayLabelSelector(h.Hostname) - gateway.Spec.Servers = []*networkingv1beta1api.Server{ + gateway.Spec.Servers = []*networkingv1api.Server{ { Hosts: []string{h.Hostname}, - Port: &networkingv1beta1api.Port{ + Port: &networkingv1api.Port{ Number: 80, Name: "http", Protocol: "HTTP", @@ -56,13 +56,13 @@ func generateForRouting(r reconciliation.Reconciliation) error { }, { Hosts: []string{h.Hostname}, - Port: &networkingv1beta1api.Port{ + Port: &networkingv1api.Port{ Number: 443, Name: "https", Protocol: "HTTPS", }, - Tls: &networkingv1beta1api.ServerTLSSettings{ - Mode: networkingv1beta1api.ServerTLSSettings_SIMPLE, + Tls: &networkingv1api.ServerTLSSettings{ + Mode: networkingv1api.ServerTLSSettings_SIMPLE, CredentialName: determinedCredentialName, }, }, diff --git a/pkg/resourcegenerator/istio/peerauthentication/peer_authentication.go b/pkg/resourcegenerator/istio/peerauthentication/peer_authentication.go index 342bcff1..299dc409 100644 --- a/pkg/resourcegenerator/istio/peerauthentication/peer_authentication.go +++ b/pkg/resourcegenerator/istio/peerauthentication/peer_authentication.go @@ -2,12 +2,13 @@ package peerauthentication import ( "fmt" + skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/pkg/reconciliation" "github.com/kartverket/skiperator/pkg/util" - securityv1beta1api "istio.io/api/security/v1beta1" + securityv1api "istio.io/api/security/v1" typev1beta1 "istio.io/api/type/v1beta1" - securityv1beta1 "istio.io/client-go/pkg/apis/security/v1beta1" + securityv1 "istio.io/client-go/pkg/apis/security/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -24,14 +25,14 @@ func Generate(r reconciliation.Reconciliation) error { } ctxLog.Debug("Attempting to generate peer authentication for application", "application", application.Name) - peerAuthentication := securityv1beta1.PeerAuthentication{ObjectMeta: metav1.ObjectMeta{Namespace: application.Namespace, Name: application.Name}} + peerAuthentication := securityv1.PeerAuthentication{ObjectMeta: metav1.ObjectMeta{Namespace: application.Namespace, Name: application.Name}} - peerAuthentication.Spec = securityv1beta1api.PeerAuthentication{ + peerAuthentication.Spec = securityv1api.PeerAuthentication{ Selector: &typev1beta1.WorkloadSelector{ MatchLabels: util.GetPodAppSelector(application.Name), }, - Mtls: &securityv1beta1api.PeerAuthentication_MutualTLS{ - Mode: securityv1beta1api.PeerAuthentication_MutualTLS_STRICT, + Mtls: &securityv1api.PeerAuthentication_MutualTLS{ + Mode: securityv1api.PeerAuthentication_MutualTLS_STRICT, }, } diff --git a/pkg/resourcegenerator/istio/serviceentry/serviceentry.go b/pkg/resourcegenerator/istio/serviceentry/serviceentry.go index 2a7d60a0..2976c009 100644 --- a/pkg/resourcegenerator/istio/serviceentry/serviceentry.go +++ b/pkg/resourcegenerator/istio/serviceentry/serviceentry.go @@ -3,15 +3,16 @@ package serviceentry import ( "errors" "fmt" + "strings" + skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/api/v1alpha1/podtypes" "github.com/kartverket/skiperator/pkg/reconciliation" "github.com/kartverket/skiperator/pkg/util" - networkingv1beta1api "istio.io/api/networking/v1beta1" - networkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" + networkingv1api "istio.io/api/networking/v1" + networkingv1 "istio.io/client-go/pkg/apis/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" - "strings" ) func Generate(r reconciliation.Reconciliation) error { @@ -58,12 +59,12 @@ func getServiceEntries(r reconciliation.Reconciliation) error { return err } - serviceEntry := networkingv1beta1.ServiceEntry{ + serviceEntry := networkingv1.ServiceEntry{ ObjectMeta: metav1.ObjectMeta{ Namespace: object.GetNamespace(), Name: serviceEntryName, }, - Spec: networkingv1beta1api.ServiceEntry{ + Spec: networkingv1api.ServiceEntry{ // Avoid leaking service entry to other namespaces ExportTo: []string{".", "istio-system", "istio-gateways"}, Hosts: []string{rule.Host}, @@ -82,11 +83,11 @@ func getServiceEntries(r reconciliation.Reconciliation) error { return nil } -func getPorts(externalPorts []podtypes.ExternalPort, ruleIP string) ([]*networkingv1beta1api.ServicePort, error) { - var ports []*networkingv1beta1api.ServicePort +func getPorts(externalPorts []podtypes.ExternalPort, ruleIP string) ([]*networkingv1api.ServicePort, error) { + var ports []*networkingv1api.ServicePort if len(externalPorts) == 0 { - ports = append(ports, &networkingv1beta1api.ServicePort{ + ports = append(ports, &networkingv1api.ServicePort{ Name: "https", Number: uint32(443), Protocol: "HTTPS", @@ -101,7 +102,7 @@ func getPorts(externalPorts []podtypes.ExternalPort, ruleIP string) ([]*networki return nil, errors.New(errorMessage) } - ports = append(ports, &networkingv1beta1api.ServicePort{ + ports = append(ports, &networkingv1api.ServicePort{ Name: port.Name, Number: uint32(port.Port), Protocol: port.Protocol, @@ -112,12 +113,12 @@ func getPorts(externalPorts []podtypes.ExternalPort, ruleIP string) ([]*networki return ports, nil } -func getIpData(ip string) (networkingv1beta1api.ServiceEntry_Resolution, []string, []*networkingv1beta1api.WorkloadEntry) { +func getIpData(ip string) (networkingv1api.ServiceEntry_Resolution, []string, []*networkingv1api.WorkloadEntry) { if ip == "" { - return networkingv1beta1api.ServiceEntry_DNS, nil, nil + return networkingv1api.ServiceEntry_DNS, nil, nil } - return networkingv1beta1api.ServiceEntry_STATIC, []string{ip}, []*networkingv1beta1api.WorkloadEntry{{Address: ip}} + return networkingv1api.ServiceEntry_STATIC, []string{ip}, []*networkingv1api.WorkloadEntry{{Address: ip}} } func setCloudSqlRule(accessPolicy *podtypes.AccessPolicy, object client.Object) (*podtypes.AccessPolicy, error) { diff --git a/pkg/resourcegenerator/istio/sidecar/sidecar.go b/pkg/resourcegenerator/istio/sidecar/sidecar.go index 441b1b11..f30d92fb 100644 --- a/pkg/resourcegenerator/istio/sidecar/sidecar.go +++ b/pkg/resourcegenerator/istio/sidecar/sidecar.go @@ -2,9 +2,10 @@ package sidecar import ( "fmt" + "github.com/kartverket/skiperator/pkg/reconciliation" - networkingv1beta1api "istio.io/api/networking/v1beta1" - networkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" + networkingv1api "istio.io/api/networking/v1" + networkingv1 "istio.io/client-go/pkg/apis/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -17,11 +18,11 @@ func Generate(r reconciliation.Reconciliation) error { return fmt.Errorf("istio sidecar resource only supports the namespace type") } - sidecar := networkingv1beta1.Sidecar{ObjectMeta: metav1.ObjectMeta{Namespace: r.GetSKIPObject().GetName(), Name: "sidecar"}} + sidecar := networkingv1.Sidecar{ObjectMeta: metav1.ObjectMeta{Namespace: r.GetSKIPObject().GetName(), Name: "sidecar"}} - sidecar.Spec = networkingv1beta1api.Sidecar{ - OutboundTrafficPolicy: &networkingv1beta1api.OutboundTrafficPolicy{ - Mode: networkingv1beta1api.OutboundTrafficPolicy_REGISTRY_ONLY, + sidecar.Spec = networkingv1api.Sidecar{ + OutboundTrafficPolicy: &networkingv1api.OutboundTrafficPolicy{ + Mode: networkingv1api.OutboundTrafficPolicy_REGISTRY_ONLY, }, } diff --git a/pkg/resourcegenerator/istio/telemetry/telemetry.go b/pkg/resourcegenerator/istio/telemetry/telemetry.go index a7236da3..bb60bb4b 100644 --- a/pkg/resourcegenerator/istio/telemetry/telemetry.go +++ b/pkg/resourcegenerator/istio/telemetry/telemetry.go @@ -2,14 +2,15 @@ package telemetry import ( "fmt" + "strings" + "github.com/kartverket/skiperator/pkg/reconciliation" "github.com/kartverket/skiperator/pkg/util" "google.golang.org/protobuf/types/known/wrapperspb" telemetryapiv1 "istio.io/api/telemetry/v1" - "istio.io/api/type/v1beta1" + typev1beta1 "istio.io/api/type/v1beta1" telemetryv1 "istio.io/client-go/pkg/apis/telemetry/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "strings" ) func Generate(r reconciliation.Reconciliation) error { @@ -41,7 +42,7 @@ func Generate(r reconciliation.Reconciliation) error { } telemetry.Spec = telemetryapiv1.Telemetry{ Tracing: telemetryTracing, - Selector: &v1beta1.WorkloadSelector{ + Selector: &typev1beta1.WorkloadSelector{ MatchLabels: object.GetDefaultLabels(), }, } diff --git a/pkg/resourcegenerator/istio/virtualservice/application.go b/pkg/resourcegenerator/istio/virtualservice/application.go index dd8e5fda..be80cf9b 100644 --- a/pkg/resourcegenerator/istio/virtualservice/application.go +++ b/pkg/resourcegenerator/istio/virtualservice/application.go @@ -6,8 +6,8 @@ import ( skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/pkg/reconciliation" - networkingv1beta1api "istio.io/api/networking/v1beta1" - networkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" + networkingv1api "istio.io/api/networking/v1" + networkingv1 "istio.io/client-go/pkg/apis/networking/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -24,7 +24,7 @@ func generateForApplication(r reconciliation.Reconciliation) error { return fmt.Errorf("failed to cast object to Application") } - virtualService := networkingv1beta1.VirtualService{ + virtualService := networkingv1.VirtualService{ ObjectMeta: v1.ObjectMeta{ Name: application.Name + "-ingress", Namespace: application.Namespace, @@ -37,21 +37,21 @@ func generateForApplication(r reconciliation.Reconciliation) error { } if len(hosts.Hostnames()) > 0 { - virtualService.Spec = networkingv1beta1api.VirtualService{ + virtualService.Spec = networkingv1api.VirtualService{ ExportTo: []string{".", "istio-system", "istio-gateways"}, Gateways: getGatewaysFromApplication(application), Hosts: hosts.Hostnames(), - Http: []*networkingv1beta1api.HTTPRoute{}, + Http: []*networkingv1api.HTTPRoute{}, } if application.Spec.RedirectToHTTPS != nil && *application.Spec.RedirectToHTTPS { - virtualService.Spec.Http = append(virtualService.Spec.Http, &networkingv1beta1api.HTTPRoute{ + virtualService.Spec.Http = append(virtualService.Spec.Http, &networkingv1api.HTTPRoute{ Name: "redirect-to-https", - Match: []*networkingv1beta1api.HTTPMatchRequest{ + Match: []*networkingv1api.HTTPMatchRequest{ { - WithoutHeaders: map[string]*networkingv1beta1api.StringMatch{ + WithoutHeaders: map[string]*networkingv1api.StringMatch{ ":path": { - MatchType: &networkingv1beta1api.StringMatch_Prefix{ + MatchType: &networkingv1api.StringMatch_Prefix{ Prefix: "/.well-known/acme-challenge/", }, }, @@ -59,20 +59,20 @@ func generateForApplication(r reconciliation.Reconciliation) error { Port: 80, }, }, - Redirect: &networkingv1beta1api.HTTPRedirect{ + Redirect: &networkingv1api.HTTPRedirect{ Scheme: "https", RedirectCode: 308, }, }) } - virtualService.Spec.Http = append(virtualService.Spec.Http, &networkingv1beta1api.HTTPRoute{ + virtualService.Spec.Http = append(virtualService.Spec.Http, &networkingv1api.HTTPRoute{ Name: "default-app-route", - Route: []*networkingv1beta1api.HTTPRouteDestination{ + Route: []*networkingv1api.HTTPRouteDestination{ { - Destination: &networkingv1beta1api.Destination{ + Destination: &networkingv1api.Destination{ Host: application.Name, - Port: &networkingv1beta1api.PortSelector{ + Port: &networkingv1api.PortSelector{ Number: uint32(application.Spec.Port), }, }, diff --git a/pkg/resourcegenerator/istio/virtualservice/routing.go b/pkg/resourcegenerator/istio/virtualservice/routing.go index e18f2036..7b4683ae 100644 --- a/pkg/resourcegenerator/istio/virtualservice/routing.go +++ b/pkg/resourcegenerator/istio/virtualservice/routing.go @@ -5,8 +5,8 @@ import ( skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" "github.com/kartverket/skiperator/pkg/reconciliation" - networkingv1beta1api "istio.io/api/networking/v1beta1" - networkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" + networkingv1api "istio.io/api/networking/v1" + networkingv1 "istio.io/client-go/pkg/apis/networking/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -23,14 +23,14 @@ func generateForRouting(r reconciliation.Reconciliation) error { return fmt.Errorf("failed to cast object to Application") } - virtualService := networkingv1beta1.VirtualService{ + virtualService := networkingv1.VirtualService{ ObjectMeta: v1.ObjectMeta{ Name: routing.GetVirtualServiceName(), Namespace: routing.Namespace, }, } - virtualService.Spec = networkingv1beta1api.VirtualService{ + virtualService.Spec = networkingv1api.VirtualService{ ExportTo: []string{".", "istio-system", "istio-gateways"}, Gateways: []string{ routing.GetGatewayName(), @@ -38,17 +38,17 @@ func generateForRouting(r reconciliation.Reconciliation) error { Hosts: []string{ routing.Spec.Hostname, }, - Http: []*networkingv1beta1api.HTTPRoute{}, + Http: []*networkingv1api.HTTPRoute{}, } if routing.GetRedirectToHTTPS() { - virtualService.Spec.Http = append(virtualService.Spec.Http, &networkingv1beta1api.HTTPRoute{ + virtualService.Spec.Http = append(virtualService.Spec.Http, &networkingv1api.HTTPRoute{ Name: "redirect-to-https", - Match: []*networkingv1beta1api.HTTPMatchRequest{ + Match: []*networkingv1api.HTTPMatchRequest{ { - WithoutHeaders: map[string]*networkingv1beta1api.StringMatch{ + WithoutHeaders: map[string]*networkingv1api.StringMatch{ ":path": { - MatchType: &networkingv1beta1api.StringMatch_Prefix{ + MatchType: &networkingv1api.StringMatch_Prefix{ Prefix: "/.well-known/acme-challenge/", }, }, @@ -56,7 +56,7 @@ func generateForRouting(r reconciliation.Reconciliation) error { Port: 80, }, }, - Redirect: &networkingv1beta1api.HTTPRedirect{ + Redirect: &networkingv1api.HTTPRedirect{ Scheme: "https", RedirectCode: 308, }, @@ -65,23 +65,23 @@ func generateForRouting(r reconciliation.Reconciliation) error { for _, route := range routing.Spec.Routes { - httpRoute := &networkingv1beta1api.HTTPRoute{ + httpRoute := &networkingv1api.HTTPRoute{ Name: route.TargetApp, - Match: []*networkingv1beta1api.HTTPMatchRequest{ + Match: []*networkingv1api.HTTPMatchRequest{ { Port: 443, - Uri: &networkingv1beta1api.StringMatch{ - MatchType: &networkingv1beta1api.StringMatch_Prefix{ + Uri: &networkingv1api.StringMatch{ + MatchType: &networkingv1api.StringMatch_Prefix{ Prefix: route.PathPrefix, }, }, }, }, - Route: []*networkingv1beta1api.HTTPRouteDestination{ + Route: []*networkingv1api.HTTPRouteDestination{ { - Destination: &networkingv1beta1api.Destination{ + Destination: &networkingv1api.Destination{ Host: route.TargetApp, - Port: &networkingv1beta1api.PortSelector{ + Port: &networkingv1api.PortSelector{ Number: uint32(route.Port), }, }, @@ -90,7 +90,7 @@ func generateForRouting(r reconciliation.Reconciliation) error { } if route.RewriteUri { - httpRoute.Rewrite = &networkingv1beta1api.HTTPRewrite{ + httpRoute.Rewrite = &networkingv1api.HTTPRewrite{ Uri: "/", } } diff --git a/pkg/resourceschemas/schemas.go b/pkg/resourceschemas/schemas.go index 2e7d834b..65988e74 100644 --- a/pkg/resourceschemas/schemas.go +++ b/pkg/resourceschemas/schemas.go @@ -6,12 +6,13 @@ package resourceschemas */ import ( "fmt" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" skiperatorv1alpha1 "github.com/kartverket/skiperator/api/v1alpha1" nais_io_v1 "github.com/nais/liberator/pkg/apis/nais.io/v1" pov1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" - networkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" - securityv1beta1 "istio.io/client-go/pkg/apis/security/v1beta1" + istionetworkingv1 "istio.io/client-go/pkg/apis/networking/v1" + securityv1 "istio.io/client-go/pkg/apis/security/v1" telemetryv1 "istio.io/client-go/pkg/apis/telemetry/v1" appsv1 "k8s.io/api/apps/v1" autoscalingv2 "k8s.io/api/autoscaling/v2" @@ -31,8 +32,8 @@ func AddSchemas(scheme *runtime.Scheme) { utilruntime.Must(goclientscheme.AddToScheme(scheme)) utilruntime.Must(skiperatorv1alpha1.AddToScheme(scheme)) utilruntime.Must(autoscalingv2.AddToScheme(scheme)) - utilruntime.Must(securityv1beta1.AddToScheme(scheme)) - utilruntime.Must(networkingv1beta1.AddToScheme(scheme)) + utilruntime.Must(securityv1.AddToScheme(scheme)) + utilruntime.Must(istionetworkingv1.AddToScheme(scheme)) utilruntime.Must(telemetryv1.AddToScheme(scheme)) utilruntime.Must(certmanagerv1.AddToScheme(scheme)) utilruntime.Must(policyv1.AddToScheme(scheme)) @@ -61,16 +62,16 @@ func GetApplicationSchemas(scheme *runtime.Scheme) []unstructured.UnstructuredLi &appsv1.DeploymentList{}, &corev1.ServiceList{}, &corev1.ConfigMapList{}, - &networkingv1beta1.ServiceEntryList{}, - &networkingv1beta1.GatewayList{}, + &istionetworkingv1.ServiceEntryList{}, + &istionetworkingv1.GatewayList{}, &telemetryv1.TelemetryList{}, &autoscalingv2.HorizontalPodAutoscalerList{}, - &networkingv1beta1.VirtualServiceList{}, - &securityv1beta1.PeerAuthenticationList{}, + &istionetworkingv1.VirtualServiceList{}, + &securityv1.PeerAuthenticationList{}, &corev1.ServiceAccountList{}, &policyv1.PodDisruptionBudgetList{}, &networkingv1.NetworkPolicyList{}, - &securityv1beta1.AuthorizationPolicyList{}, + &securityv1.AuthorizationPolicyList{}, &nais_io_v1.MaskinportenClientList{}, &nais_io_v1.IDPortenClientList{}, &pov1.ServiceMonitorList{}, @@ -85,7 +86,7 @@ func GetJobSchemas(scheme *runtime.Scheme) []unstructured.UnstructuredList { &batchv1.JobList{}, &networkingv1.NetworkPolicyList{}, &corev1.ServiceAccountList{}, - &networkingv1beta1.ServiceEntryList{}, + &istionetworkingv1.ServiceEntryList{}, &telemetryv1.TelemetryList{}, &corev1.ConfigMapList{}, &pov1.PodMonitorList{}, @@ -95,9 +96,9 @@ func GetJobSchemas(scheme *runtime.Scheme) []unstructured.UnstructuredList { func GetRoutingSchemas(scheme *runtime.Scheme) []unstructured.UnstructuredList { return addGVKToList([]client.ObjectList{ &certmanagerv1.CertificateList{}, - &networkingv1beta1.GatewayList{}, + &istionetworkingv1.GatewayList{}, &networkingv1.NetworkPolicyList{}, - &networkingv1beta1.VirtualServiceList{}, + &istionetworkingv1.VirtualServiceList{}, }, scheme) } @@ -106,7 +107,7 @@ func GetNamespaceSchemas(scheme *runtime.Scheme) []unstructured.UnstructuredList &corev1.NamespaceList{}, &corev1.ConfigMapList{}, &networkingv1.NetworkPolicyList{}, - &networkingv1beta1.SidecarList{}, + &istionetworkingv1.SidecarList{}, &corev1.SecretList{}, }, scheme) } diff --git a/tests/application/access-policy/advanced-assert.yaml b/tests/application/access-policy/advanced-assert.yaml index ecf32cd1..876ad58e 100644 --- a/tests/application/access-policy/advanced-assert.yaml +++ b/tests/application/access-policy/advanced-assert.yaml @@ -62,7 +62,7 @@ spec: - port: 8080 protocol: TCP --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: access-policy-egress-56cd7aa901014e78 @@ -80,7 +80,7 @@ spec: number: 80 protocol: HTTP --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: access-policy-egress-3a90cb5d70dc06a diff --git a/tests/application/access-policy/advanced-patch-assert.yaml b/tests/application/access-policy/advanced-patch-assert.yaml index d0f5965f..d930d276 100644 --- a/tests/application/access-policy/advanced-patch-assert.yaml +++ b/tests/application/access-policy/advanced-patch-assert.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: access-policy-egress-56cd7aa901014e78 diff --git a/tests/application/authorization-policy/application-assert.yaml b/tests/application/authorization-policy/application-assert.yaml index 86b3a11d..380504a0 100644 --- a/tests/application/authorization-policy/application-assert.yaml +++ b/tests/application/authorization-policy/application-assert.yaml @@ -1,4 +1,4 @@ -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata: name: authorization-policy-deny diff --git a/tests/application/authorization-settings/multiple-application-assert.yaml b/tests/application/authorization-settings/multiple-application-assert.yaml index b06426ae..9fc20457 100644 --- a/tests/application/authorization-settings/multiple-application-assert.yaml +++ b/tests/application/authorization-settings/multiple-application-assert.yaml @@ -1,4 +1,4 @@ -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata: name: default-deny @@ -17,7 +17,7 @@ spec: matchLabels: app: default --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata: name: allow-list-deny @@ -37,4 +37,4 @@ spec: - /actuator/info selector: matchLabels: - app: allow-list \ No newline at end of file + app: allow-list diff --git a/tests/application/authorization-settings/multiple-application-errors.yaml b/tests/application/authorization-settings/multiple-application-errors.yaml index 5bc1fb77..5c286e90 100644 --- a/tests/application/authorization-settings/multiple-application-errors.yaml +++ b/tests/application/authorization-settings/multiple-application-errors.yaml @@ -1,4 +1,4 @@ -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata: name: allow-all-deny diff --git a/tests/application/authorization-settings/patch-application-assert.yaml b/tests/application/authorization-settings/patch-application-assert.yaml index df556a73..10302a90 100644 --- a/tests/application/authorization-settings/patch-application-assert.yaml +++ b/tests/application/authorization-settings/patch-application-assert.yaml @@ -1,5 +1,5 @@ -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata: name: allow-list-deny @@ -21,7 +21,7 @@ spec: matchLabels: app: allow-list --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata: name: allow-all-deny diff --git a/tests/application/authorization-settings/patch-application-errors.yaml b/tests/application/authorization-settings/patch-application-errors.yaml index 3f684ea8..e9930b61 100644 --- a/tests/application/authorization-settings/patch-application-errors.yaml +++ b/tests/application/authorization-settings/patch-application-errors.yaml @@ -1,4 +1,4 @@ -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata: name: allow-list-deny @@ -15,4 +15,4 @@ spec: - /actuator* notPaths: - /actuator/health - - /actuator/info \ No newline at end of file + - /actuator/info diff --git a/tests/application/cloudsql-auth-proxy/application-assert.yaml b/tests/application/cloudsql-auth-proxy/application-assert.yaml index 6653baa4..175965cc 100644 --- a/tests/application/cloudsql-auth-proxy/application-assert.yaml +++ b/tests/application/cloudsql-auth-proxy/application-assert.yaml @@ -140,7 +140,7 @@ spec: protocol: TCP appProtocol: http --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: name: randomapp @@ -151,7 +151,7 @@ spec: mtls: mode: STRICT --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: randomapp-egress-8c1a523efec2f763 diff --git a/tests/application/cloudsql-auth-proxy/application-no-cloudsql-assert.yaml b/tests/application/cloudsql-auth-proxy/application-no-cloudsql-assert.yaml index 29910117..ce4da12f 100644 --- a/tests/application/cloudsql-auth-proxy/application-no-cloudsql-assert.yaml +++ b/tests/application/cloudsql-auth-proxy/application-no-cloudsql-assert.yaml @@ -113,7 +113,7 @@ spec: protocol: TCP appProtocol: http --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: name: patchapp diff --git a/tests/application/cloudsql-auth-proxy/application-no-cloudsql-patch-assert.yaml b/tests/application/cloudsql-auth-proxy/application-no-cloudsql-patch-assert.yaml index 4f2159ad..03957645 100644 --- a/tests/application/cloudsql-auth-proxy/application-no-cloudsql-patch-assert.yaml +++ b/tests/application/cloudsql-auth-proxy/application-no-cloudsql-patch-assert.yaml @@ -135,7 +135,7 @@ spec: protocol: TCP appProtocol: http --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: name: patchapp @@ -146,7 +146,7 @@ spec: mtls: mode: STRICT --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: patchapp-egress-1aebaef7c2f133f8 diff --git a/tests/application/cloudsql-auth-proxy/cloudsql-but-not-enabled-assert.yaml b/tests/application/cloudsql-auth-proxy/cloudsql-but-not-enabled-assert.yaml index 7a36c467..cba1a394 100644 --- a/tests/application/cloudsql-auth-proxy/cloudsql-but-not-enabled-assert.yaml +++ b/tests/application/cloudsql-auth-proxy/cloudsql-but-not-enabled-assert.yaml @@ -113,7 +113,7 @@ spec: protocol: TCP appProtocol: http --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: name: lazyconfigapp diff --git a/tests/application/cloudsql-auth-proxy/set-version-assert.yaml b/tests/application/cloudsql-auth-proxy/set-version-assert.yaml index d9674c3c..9faa8209 100644 --- a/tests/application/cloudsql-auth-proxy/set-version-assert.yaml +++ b/tests/application/cloudsql-auth-proxy/set-version-assert.yaml @@ -135,7 +135,7 @@ spec: protocol: TCP appProtocol: http --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: name: randomappwithversion @@ -146,7 +146,7 @@ spec: mtls: mode: STRICT --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: randomappwithversion-egress-be39f0357195cfa5 diff --git a/tests/application/custom-certificate/application-assert.yaml b/tests/application/custom-certificate/application-assert.yaml index 641e9dc4..ed2e2bfa 100644 --- a/tests/application/custom-certificate/application-assert.yaml +++ b/tests/application/custom-certificate/application-assert.yaml @@ -83,7 +83,7 @@ metadata: namespace: istio-gateways type: kubernetes.io/tls --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: custom-cert-ingress-dc2b250f77a411ad @@ -105,4 +105,4 @@ spec: protocol: HTTPS tls: credentialName: some-cert - mode: SIMPLE \ No newline at end of file + mode: SIMPLE diff --git a/tests/application/custom-certificate/application-duplicate-ingress-assert.yaml b/tests/application/custom-certificate/application-duplicate-ingress-assert.yaml index 327b1fc6..71d2fc11 100644 --- a/tests/application/custom-certificate/application-duplicate-ingress-assert.yaml +++ b/tests/application/custom-certificate/application-duplicate-ingress-assert.yaml @@ -82,7 +82,7 @@ metadata: namespace: istio-gateways type: kubernetes.io/tls --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: custom-cert-duplicate-ingress-dc2b250f77a411ad @@ -106,7 +106,7 @@ spec: credentialName: some-cert mode: SIMPLE --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: custom-cert-duplicate-ingress diff --git a/tests/application/custom-certificate/application-duplicate-ingress-error.yaml b/tests/application/custom-certificate/application-duplicate-ingress-error.yaml index 682ecdfe..35072faa 100644 --- a/tests/application/custom-certificate/application-duplicate-ingress-error.yaml +++ b/tests/application/custom-certificate/application-duplicate-ingress-error.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: custom-cert-duplicate-ingress-db284ad1b14a59a0 @@ -22,7 +22,7 @@ spec: credentialName: some-cert mode: SIMPLE --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: custom-cert-duplicate-ingress diff --git a/tests/application/ignore-reconcile/application-assert.yaml b/tests/application/ignore-reconcile/application-assert.yaml index 855a3fcb..01fa2f12 100644 --- a/tests/application/ignore-reconcile/application-assert.yaml +++ b/tests/application/ignore-reconcile/application-assert.yaml @@ -1,7 +1,7 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ignore-reconcile-ingress spec: hosts: - - example.com \ No newline at end of file + - example.com diff --git a/tests/application/ignore-reconcile/patch-application-ingress-assert.yaml b/tests/application/ignore-reconcile/patch-application-ingress-assert.yaml index 31cef4e8..78c4dc11 100644 --- a/tests/application/ignore-reconcile/patch-application-ingress-assert.yaml +++ b/tests/application/ignore-reconcile/patch-application-ingress-assert.yaml @@ -1,7 +1,7 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ignore-reconcile-ingress spec: hosts: - - example.com \ No newline at end of file + - example.com diff --git a/tests/application/ignore-reconcile/patch-application-ingress-errors.yaml b/tests/application/ignore-reconcile/patch-application-ingress-errors.yaml index 6c5c8877..efdc7190 100644 --- a/tests/application/ignore-reconcile/patch-application-ingress-errors.yaml +++ b/tests/application/ignore-reconcile/patch-application-ingress-errors.yaml @@ -1,7 +1,7 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ignore-reconcile-ingress spec: hosts: - - test.com \ No newline at end of file + - test.com diff --git a/tests/application/ignore-reconcile/remove-label-assert.yaml b/tests/application/ignore-reconcile/remove-label-assert.yaml index af0bba6f..efdc7190 100644 --- a/tests/application/ignore-reconcile/remove-label-assert.yaml +++ b/tests/application/ignore-reconcile/remove-label-assert.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ignore-reconcile-ingress diff --git a/tests/application/ignore-reconcile/remove-label.yaml b/tests/application/ignore-reconcile/remove-label.yaml index 69732ab7..707a1f9f 100644 --- a/tests/application/ignore-reconcile/remove-label.yaml +++ b/tests/application/ignore-reconcile/remove-label.yaml @@ -1,6 +1,6 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ignore-reconcile-ingress labels: - skiperator.kartverket.no/ignore: "false" \ No newline at end of file + skiperator.kartverket.no/ignore: "false" diff --git a/tests/application/ignore-reconcile/virtualservice-set-label-assert.yaml b/tests/application/ignore-reconcile/virtualservice-set-label-assert.yaml index 4b707629..0d38df27 100644 --- a/tests/application/ignore-reconcile/virtualservice-set-label-assert.yaml +++ b/tests/application/ignore-reconcile/virtualservice-set-label-assert.yaml @@ -1,6 +1,6 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ignore-reconcile-ingress labels: - skiperator.kartverket.no/ignore: "true" \ No newline at end of file + skiperator.kartverket.no/ignore: "true" diff --git a/tests/application/ignore-reconcile/virtualservice-set-label.yaml b/tests/application/ignore-reconcile/virtualservice-set-label.yaml index 70b33408..cce1c37f 100644 --- a/tests/application/ignore-reconcile/virtualservice-set-label.yaml +++ b/tests/application/ignore-reconcile/virtualservice-set-label.yaml @@ -1,8 +1,8 @@ # Testing with a VirtualService, but any reconciled object would do -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ignore-reconcile-ingress labels: - skiperator.kartverket.no/ignore: "true" \ No newline at end of file + skiperator.kartverket.no/ignore: "true" diff --git a/tests/application/ingress/application-assert.yaml b/tests/application/ingress/application-assert.yaml index d64cbeb1..d68e719f 100644 --- a/tests/application/ingress/application-assert.yaml +++ b/tests/application/ingress/application-assert.yaml @@ -14,7 +14,7 @@ spec: dnsNames: - example.com --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingresses-ingress-56cd7aa901014e78 @@ -45,14 +45,14 @@ metadata: namespace: istio-gateways name: ingress-ingresses-ingress-34888c0b0c2a4a2c --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingresses-ingress-34888c0b0c2a4a2c ### VirtualService, should exist one for both --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ingresses-ingress diff --git a/tests/application/ingress/application-ingress-multiple-ports-assert.yaml b/tests/application/ingress/application-ingress-multiple-ports-assert.yaml index 40e89bfd..eda37fe8 100644 --- a/tests/application/ingress/application-ingress-multiple-ports-assert.yaml +++ b/tests/application/ingress/application-ingress-multiple-ports-assert.yaml @@ -14,7 +14,7 @@ spec: dnsNames: - example.com --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingress-multiple-ports-ingress-56cd7aa901014e78 @@ -45,14 +45,14 @@ metadata: namespace: istio-gateways name: ingress-ingress-multiple-ports-ingress-34888c0b0c2a4a2c --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingress-multiple-ports-ingress-34888c0b0c2a4a2c ### VirtualService, should exist one for both --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ingress-multiple-ports-ingress diff --git a/tests/application/ingress/application-is-external-assert.yaml b/tests/application/ingress/application-is-external-assert.yaml index 0f83ea7a..a9319522 100644 --- a/tests/application/ingress/application-is-external-assert.yaml +++ b/tests/application/ingress/application-is-external-assert.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: isexternal-ingress-34888c0b0c2a4a2c @@ -21,4 +21,4 @@ spec: app: istio-ingress-external podSelector: matchLabels: - app: isexternal \ No newline at end of file + app: isexternal diff --git a/tests/application/ingress/application-is-internal-assert.yaml b/tests/application/ingress/application-is-internal-assert.yaml index a9877c97..c979b781 100644 --- a/tests/application/ingress/application-is-internal-assert.yaml +++ b/tests/application/ingress/application-is-internal-assert.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: isinternal-ingress-74d65c46d5467250 @@ -21,4 +21,4 @@ spec: app: istio-ingress-internal podSelector: matchLabels: - app: isinternal \ No newline at end of file + app: isinternal diff --git a/tests/application/ingress/application-is-internal-sk-assert.yaml b/tests/application/ingress/application-is-internal-sk-assert.yaml index 4f469b04..725f84b6 100644 --- a/tests/application/ingress/application-is-internal-sk-assert.yaml +++ b/tests/application/ingress/application-is-internal-sk-assert.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: isinternalsk-ingress-3f47f7531608b94c @@ -21,4 +21,4 @@ spec: app: istio-ingress-internal podSelector: matchLabels: - app: isinternalsk \ No newline at end of file + app: isinternalsk diff --git a/tests/application/ingress/patch-application-change-ingress-assert.yaml b/tests/application/ingress/patch-application-change-ingress-assert.yaml index 8daa3f2a..afd6b6ab 100644 --- a/tests/application/ingress/patch-application-change-ingress-assert.yaml +++ b/tests/application/ingress/patch-application-change-ingress-assert.yaml @@ -6,7 +6,7 @@ metadata: namespace: istio-gateways name: ingress-ingresses-ingress-34888c0b0c2a4a2c --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingresses-ingress-34888c0b0c2a4a2c @@ -18,14 +18,14 @@ metadata: namespace: istio-gateways name: ingress-ingresses-ingress-3a90cb5d70dc06a --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingresses-ingress-3a90cb5d70dc06a --- ### Common resources -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ingresses-ingress diff --git a/tests/application/ingress/patch-application-change-ingress-errors.yaml b/tests/application/ingress/patch-application-change-ingress-errors.yaml index bb535b7b..2b42afe8 100644 --- a/tests/application/ingress/patch-application-change-ingress-errors.yaml +++ b/tests/application/ingress/patch-application-change-ingress-errors.yaml @@ -6,12 +6,12 @@ metadata: namespace: istio-gateways name: ingress-ingresses-ingress-56cd7aa901014e78 --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingresses-ingress-56cd7aa901014e78 --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ingresses-ingress diff --git a/tests/application/ingress/patch-application-disable-redirect-assert.yaml b/tests/application/ingress/patch-application-disable-redirect-assert.yaml index c7ee0f99..e7d52808 100644 --- a/tests/application/ingress/patch-application-disable-redirect-assert.yaml +++ b/tests/application/ingress/patch-application-disable-redirect-assert.yaml @@ -6,7 +6,7 @@ metadata: namespace: istio-gateways name: ingress-ingresses-ingress-34888c0b0c2a4a2c --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingresses-ingress-34888c0b0c2a4a2c @@ -18,14 +18,14 @@ metadata: namespace: istio-gateways name: ingress-ingresses-ingress-3a90cb5d70dc06a --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingresses-ingress-3a90cb5d70dc06a --- ### Common resources -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ingresses-ingress diff --git a/tests/application/ingress/patch-application-no-ingresses-errors.yaml b/tests/application/ingress/patch-application-no-ingresses-errors.yaml index 022e12ff..c7577218 100644 --- a/tests/application/ingress/patch-application-no-ingresses-errors.yaml +++ b/tests/application/ingress/patch-application-no-ingresses-errors.yaml @@ -6,7 +6,7 @@ metadata: namespace: istio-gateways name: test-ingresses-ingress-34888c0b0c2a4a2c --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingresses-ingress-34888c0b0c2a4a2c @@ -18,14 +18,14 @@ metadata: namespace: istio-gateways name: test-ingresses-ingress-3a90cb5d70dc06a --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: ingresses-ingress-3a90cb5d70dc06a --- ### Common resources -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: ingresses-ingress diff --git a/tests/application/minimal/application-assert.yaml b/tests/application/minimal/application-assert.yaml index 0e5f3935..7444d76d 100644 --- a/tests/application/minimal/application-assert.yaml +++ b/tests/application/minimal/application-assert.yaml @@ -183,7 +183,7 @@ spec: protocol: TCP appProtocol: http --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: name: minimal diff --git a/tests/application/resources-modification/application-assert.yaml b/tests/application/resources-modification/application-assert.yaml index a2c826e5..48646959 100644 --- a/tests/application/resources-modification/application-assert.yaml +++ b/tests/application/resources-modification/application-assert.yaml @@ -89,7 +89,7 @@ spec: protocol: TCP appProtocol: http --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: name: resources-modification diff --git a/tests/application/resources-modification/patch-application-assert.yaml b/tests/application/resources-modification/patch-application-assert.yaml index e91cc073..4e24f0ca 100644 --- a/tests/application/resources-modification/patch-application-assert.yaml +++ b/tests/application/resources-modification/patch-application-assert.yaml @@ -89,7 +89,7 @@ spec: protocol: TCP appProtocol: http --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: name: resources-modification diff --git a/tests/application/team-label/application-assert.yaml b/tests/application/team-label/application-assert.yaml index a1841d93..8bcd1ec9 100644 --- a/tests/application/team-label/application-assert.yaml +++ b/tests/application/team-label/application-assert.yaml @@ -94,7 +94,7 @@ spec: protocol: TCP appProtocol: http --- -apiVersion: security.istio.io/v1beta1 +apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: namespace: chainsaw-team-label diff --git a/tests/namespace/namespace-exclusion/assert.yaml b/tests/namespace/namespace-exclusion/assert.yaml index c96174ef..87e97948 100644 --- a/tests/namespace/namespace-exclusion/assert.yaml +++ b/tests/namespace/namespace-exclusion/assert.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Sidecar metadata: name: sidecar diff --git a/tests/namespace/namespace-exclusion/errors.yaml b/tests/namespace/namespace-exclusion/errors.yaml index f2534ac7..3fcadab1 100644 --- a/tests/namespace/namespace-exclusion/errors.yaml +++ b/tests/namespace/namespace-exclusion/errors.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Sidecar metadata: name: sidecar diff --git a/tests/namespace/sidecar/assert.yaml b/tests/namespace/sidecar/assert.yaml index ee040b59..77370e4d 100644 --- a/tests/namespace/sidecar/assert.yaml +++ b/tests/namespace/sidecar/assert.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Sidecar metadata: name: sidecar @@ -6,4 +6,4 @@ metadata: app.kubernetes.io/managed-by: skiperator skiperator.kartverket.no/controller: namespace spec: - outboundTrafficPolicy: {} \ No newline at end of file + outboundTrafficPolicy: {} diff --git a/tests/routing/custom-certificate/routing-assert.yaml b/tests/routing/custom-certificate/routing-assert.yaml index 2eebd593..80a45cca 100644 --- a/tests/routing/custom-certificate/routing-assert.yaml +++ b/tests/routing/custom-certificate/routing-assert.yaml @@ -15,7 +15,7 @@ # name: cluster-issuer # secretName: chainsaw-routing-routes-some-routing-routing-ingress-b1dffede #--- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: some-routing-routing-ingress diff --git a/tests/routing/routes/patch-application-change-port-assert.yaml b/tests/routing/routes/patch-application-change-port-assert.yaml index 7563acb7..0af43566 100644 --- a/tests/routing/routes/patch-application-change-port-assert.yaml +++ b/tests/routing/routes/patch-application-change-port-assert.yaml @@ -44,7 +44,7 @@ spec: - Ingress --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: app-paths-routing-ingress diff --git a/tests/routing/routes/patch-routing-change-hostname-assert.yaml b/tests/routing/routes/patch-routing-change-hostname-assert.yaml index 2f5dfa13..228ca254 100644 --- a/tests/routing/routes/patch-routing-change-hostname-assert.yaml +++ b/tests/routing/routes/patch-routing-change-hostname-assert.yaml @@ -16,7 +16,7 @@ spec: secretName: chainsaw-routing-routes-app-paths-routing-ingress-b1dffede --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: app-paths-routing-ingress @@ -41,7 +41,7 @@ spec: mode: SIMPLE --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: app-paths-routing-ingress diff --git a/tests/routing/routes/patch-routing-change-path-assert.yaml b/tests/routing/routes/patch-routing-change-path-assert.yaml index bf97dd09..61e4e1fb 100644 --- a/tests/routing/routes/patch-routing-change-path-assert.yaml +++ b/tests/routing/routes/patch-routing-change-path-assert.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: app-paths-routing-ingress diff --git a/tests/routing/routes/patch-routing-remove-path-assert.yaml b/tests/routing/routes/patch-routing-remove-path-assert.yaml index e09cd358..27cce1b9 100644 --- a/tests/routing/routes/patch-routing-remove-path-assert.yaml +++ b/tests/routing/routes/patch-routing-remove-path-assert.yaml @@ -21,7 +21,7 @@ spec: - Ingress --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: app-paths-routing-ingress diff --git a/tests/routing/routes/routing-assert.yaml b/tests/routing/routes/routing-assert.yaml index 1a69ce8e..85934909 100644 --- a/tests/routing/routes/routing-assert.yaml +++ b/tests/routing/routes/routing-assert.yaml @@ -16,7 +16,7 @@ spec: secretName: chainsaw-routing-routes-app-paths-routing-ingress-b1dffede --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: Gateway metadata: name: app-paths-routing-ingress @@ -87,7 +87,7 @@ spec: - Ingress --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: app-paths-routing-ingress diff --git a/tests/skipjob/access-policy-job/skipjob-assert.yaml b/tests/skipjob/access-policy-job/skipjob-assert.yaml index c82bea3a..d999ae1b 100644 --- a/tests/skipjob/access-policy-job/skipjob-assert.yaml +++ b/tests/skipjob/access-policy-job/skipjob-assert.yaml @@ -33,7 +33,7 @@ spec: policyTypes: - Egress --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: skipjob-access-policy-job-egress-3a90cb5d70dc06a @@ -50,7 +50,7 @@ spec: protocol: HTTPS resolution: DNS --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: name: skipjob-access-policy-job-egress-56cd7aa901014e78