istioctl/istioctl.changes

-------------------------------------------------------------------
Sat Mar 16 17:26:03 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>

- major update to 1.21.0:
  https://istio.io/latest/news/releases/1.21.x/announcing-1.21/
  https://istio.io/latest/news/releases/1.21.x/announcing-1.21/change-notes/
  istioctl-related changes:
  * Improved injector list to exclude ambient namespaces.
  * Improved bug-report performance by reducing the amount of calls
    to the k8s API. The pod/node details included in the report
    will look different, but contain the same information.
  * Improved istioctl bug-report to sort gathered events by
    creation date.
  * Updated verify-install to not require a IstioOperator file,
    since it is now removed from the installation process.
  * Added support for deleting multiple waypoints at once via
    istioctl experimental waypoint delete <waypoint1> <waypoint2>
    ....
  * Added the --all flag to istioctl experimental waypoint delete
    to delete all waypoint resources in a given namespace.
  * Added an analyzer to warn users if they set the selector field
    instead of the targetRef field for specific Istio resources,
    which will cause the resource to be ineffective. (Issue #48273)
  * Added message IST0167 to warn users that policies, such as
    Sidecar, will have no impact when applied to ambient
    namespaces. (Issue #48105)
  * Added bootstrap summary to all config dumps’ summary.
  * Added completion for Kubernetes pods for some commands that can
    select pods, such as istioctl proxy-status <pod>.
  * Added --wait option to the istioctl experimental waypoint apply
    command. (Issue #46297)
  * Added path_separated_prefix to the MATCH column in the output
    of proxy-config routes command.
  * Fixed an issue where sometimes control plane revisions and
    proxy versions were not obtained in the bug report.
  * Fixed an issue where istioctl tag list command didn’t accept
    --output flag. (Issue #47696)
  * Fixed an issue where the default namespace of Envoy and proxy
    dashboard command was not set to the actual default namespace.
  * Fixed an issue where the IST0158 message was incorrectly
    reported when the imageType field was set to distroless in mesh
    config. (Issue #47964)
  * Fixed an issue where istioctl experimental version has no proxy
    info shown.
  * Fixed an issue where the IST0158 message was incorrectly
    reported when the imageType field was set by the ProxyConfig
    resource, or the resource annotation proxy.istio.io/config.
  * Fixed an issue where proxy-config ecds didn’t show all of
    EcdsConfigDump.
  * Fixed injector list having duplicated namespaces shown for the
    same injector hook.
  * Fixed analyze not working correctly when analyzing files
    containing resources that already exist in the cluster. (Issue
    #44844)
  * Fixed analyze where it was reporting errors for empty files.
    (Issue #45653)
  * Fixed an issue where the External Control Plane Analyzer was
    not working in some remote control plane setups.
  * Fixed an issue where istioctl precheck inaccurately reports the
    IST0141 message related to resource permissions. (Issue #49379)
  * Removed the --rps-limit flag for istioctl bug-report and added
    the --rq-concurrency flag. The bug reporter will now limit
    request concurrency instead of limiting request rate to the
    Kube API.

-------------------------------------------------------------------
Sat Mar 16 17:07:28 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>

- update to 1.20.4:
  https://istio.io/latest/news/releases/1.20.x/announcing-1.20.4/
  * Added an environment variable COMPLIANCE_POLICY to Istio
    components for enforcing TLS restriction for compliance with
    FIPS. When set to fips-140-2 on the Istiod container, the Istio
    Proxy container, and all other Istio components, the TLS
    version is restricted to v1.2. The cipher suites are limited to
    a subset of ECDHE-ECDSA-AES128-GCM-SHA256,
    ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384,
    ECDHE-RSA-AES256-GCM-SHA384, and ECDH curves to P-256.
    These restrictions apply on the following data paths:
      - mTLS communication between Envoy proxies;
      - regular TLS on the downstream and the upstream of Envoy
        proxies (e.g. gateway);
      - Google gRPC side requests from Envoy proxies (e.g.
        Stackdriver extensions);
      - Istiod xDS server;
      - Istiod injection and validation webhook servers.
    The restrictions are not applied on the following data paths:
      - Istiod to Kubernetes API server;
      - JWK fetch from Istiod;
      - Wasm image and URL fetch from Istio Proxy containers;
      - ztunnel.
    Note that Istio injector will propagate the value of
    COMPLIANCE_POLICY to the injected proxy container, when set.
    (Issue #49081)
  * Fixed an issue where the local client contained incorrect
    entries in the local DNS name table. (Issue #47340)
  * Fixed a bug that made PeerAuthentication too restrictive in
    ambient mode.
  * Fixed a bug where VirtualService containing wildcard hosts that
    aren’t present in the service registry are ignored. (Issue
    #49364)
  * Fixed an issue where istioctl precheck inaccurately reports the
    IST0141 message related to resource permissions. (Issue #49379)
  * Fixed a bug for IPv6 only clusters that prevented
    ServiceEntry-based listeners from having correct SNI matches.
    (Issue #49476)
  * Fixed a bug when there is more than one service with the same
    host name within the same namespace, a STRICT_DNS cluster
    without endpoints error could occur. (Issue #49489)
  * Fixed an issue that when using a delegate in a VirtualService,
    the effective VirtualService may not be consistent with
    expectations due to a sorting error. (Issue #49539)
  * Fixed a bug where specifying a URI regex .* match within a
    VirtualService HTTP route did not short-circuit the subsequent
    HTTP routes.
  * Fixed an issue where Endpoint and Service in the istiod-remote
    chart did not respect the revision value. (Issue #47552)

-------------------------------------------------------------------
Fri Feb  9 19:19:21 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>

- update to 1.20.3:
  https://istio.io/latest/news/releases/1.20.x/announcing-1.20.3/
  * Improved graceful termination abort logic when the Envoy
    process terminates early. (Issue #36686)
  * Fixed an issue where updating a service’s TargetPort does not
    trigger an xDS push. (Issue #48580)
  * Fixed an issue where in-cluster analysis was unnecessarily
    performed when there’s no configuration change. (Issue #48665)
  * Fixed an issue where the webhook generated with istioctl tag
    set is unexpectedly removed by the installer. (Issue #47423)
  * Fixed a bug that results in the incorrect generation of
    configurations for pods without associated services, which
    includes all services within the same namespace. This can
    occasionally lead to conflicting inbound listeners error.
  * Fixed a bug that made PeerAuthentication too restrictive in
    ambient mode.
  * Fixed an issue causing Istio CNI to stop functioning on
    minimal/locked down nodes (such as no sh binary). The new logic
    runs with no external dependencies, and will attempt to
    continue if errors are encountered (which could be caused by
    things like SELinux rules). In particular, this fixes running
    Istio on Bottlerocket nodes. (Issue #48746)

-------------------------------------------------------------------
Wed Jan 10 19:23:07 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>

- update to 1.20.2:
  https://istio.io/latest/news/releases/1.20.x/announcing-1.20.2/
  * Changes
    - Added configurable scaling behavior for Gateway
      HorizontalPodAutoscaler in the helm chart. (usage)
    - Fixed a bug where overlapping wildcard hosts in a
      VirtualService produces incorrect routing configurations when
      wildcard services were selected (e.g. in ServiceEntry).
      (Issue #45415)
    - Fixed an issue where Istio was performing additional XDS
      pushes for StatefulSets and headless Service endpoints while
      scaling. (Issue #48207)
    - Fixed an issue where the Istio injection webhook may be
      modified in dry-run mode. (Issue #48241)
    - Fixed an issue if DestinationRule’s exportTo includes
      workload’s current namespace (not ‘.’), other namespaces are
      ignored from exportTo. (Issue #48349)
    - Fixed an issue where the QUIC listeners were not correctly
      created when dual-stack is enabled. (Issue #48336)
    - Fixed an issue where istioctl proxy-config ecds didn’t
      display all EcdsConfigDump.
    - Fixed an issue where new endpoints may not be sent to
      proxies. (Issue #48373)
    - Fixed an issue where installing with Stackdriver and using
      custom configurations would prevent Stackdriver from being
      enabled.
    - Fixed an issue where long-lived connections, TCP bytes and
      gRPC, could result in a proxy memory leak.

-------------------------------------------------------------------
Tue Dec 12 21:41:43 UTC 2023 - kastl@b1-systems.de

- Update to version 1.20.1:
  https://istio.io/latest/news/releases/1.20.x/announcing-1.20.1/
  * Security update
    - Changes to Istio CNI Permissions as described in
      ISTIO-SECURITY-2023-005
  * Changes
    - Fixed an issue where the webhook generated by istioctl tag
      set was unexpectedly being removed by the installer. (Issue
      #47423)
    - Fixed an issue where the istioctl tag list command did not
      accept the --output flag. (Issue #47696)
    - Fixed an issue where custom injection of the istio-proxy
      container was not working on OpenShift, due to how OpenShift
      sets the pod’s SecurityContext.RunAs field.
    - Fixed an issue where VirtualService HTTP header present match
      was not working when header-name: {} was set. (Issue #47341)
    - Fixed multi-cluster leader election not being able to
      prioritize local over remote leaders. (Issue #47901)
    - Fixed a memory leak when hostNetwork pods scaled up and down.
      (Issue #47893)
    - Fixed a memory leak when WorkloadEntries changed their IP
      address. (Issue #47893)
    - Fixed a memory leak when a ServiceEntry was removed. (Issue
      #47893)
    - Improved istioctl bug-report performance by reducing the
      number of calls to the Kubernetes API. The included pod/node
      details in the report remain comprehensive but will be
      presented differently.
    - Removed the --rps-limit flag for istioctl bug-report and
      added the --rq-concurrency flag. This change enables the bug
      reporter to limit request concurrency rather than the request
      rate to the Kubernetes API.

-------------------------------------------------------------------
Thu Nov 16 12:10:47 UTC 2023 - kastl@b1-systems.de

- Update to version 1.20.0:
  https://istio.io/latest/news/releases/1.20.x/announcing-1.20/
  * Deprecation Notices
    - There are no new deprecations in Istio 1.20.0.
  * Istioctl
    - Added a new istioctl dashboard proxy command, which can be
      used to show the admin UI of different proxy pods, like
      Envoy, Ztunnel, Waypoint.
    - Added an output format option for the istioctl experimental
      pre-check command. Valid options are log, json or yaml.
    - Added the --output-threshold flag in istioctl experimental
      precheck to control the message output threshold. The default
      threshold is now warning, which replaces the previous default
      of info.
    - Added support for auto-detecting the pilot’s monitoring port
      if it is not set to the default value of 15014. (Issue
      #46652)
    - Added lazy loading for default namespace detection in
      istioctl to avoid checking the kubeconfig for commands that
      do not require a Kubernetes environment. (Issue #47159)
    - Added support for setting loggers’ levels of istio-proxy in
      the istioctl proxy-config log command with --level <level> or
      --level level=<level>.
    - Added an analyzer for showing warning messages about
      incorrect/missing information related to Istio installations
      using an External Control Plane. (Issue #47269)
    - Added IST0162 GatewayPortNotDefinedOnService message to
      detect an issue where a Gateway port was not exposed by
      Service.
    - Fixed istioctl operator remove command to not remove all
      revisions of the operator controller when the revision is
      “default” or not specified. (Issue #45242)
    - Fixed an issue where verify-install had incorrect results
      when installed deployments were not healthy.
    - Fixed the istioctl experimental describe command to provide
      correct Gateway information when using the injected gateway.
    - Fixed an issue where istioctl analyze would analyze
      irrelevant configmaps. (Issue #46563)
    - Fixed istioctl analyze incorrectly showing an error when
      ServiceEntry hosts are used in a VirtualService destination
      across a namespace boundary. (Issue #46597)
    - Fixed an issue where istioctl proxy-config failed to process
      a config dump from a file if EDS endpoints were not provided.
      (Issue #47505)
    - Removed the istioctl experimental revision tag command, which
      was graduated to istioctl tag.

-------------------------------------------------------------------
Tue Nov 14 11:14:52 UTC 2023 - kastl@b1-systems.de

- Update to version 1.19.4:
  * Automator: update ztunnel@release-1.19 in
    istio/istio@release-1.19 (#47794)
  * Update deps for 1.19.4 (#47796)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47795)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47790)
  * Automator: update istio/client-go@release-1.19 dependency in
    istio/istio@release-1.19 (#47788)
  * Automator: update common-files@release-1.19 in
    istio/istio@release-1.19 (#47787)
  * Update BASE_VERSION to 1.19-2023-11-06T19-02-47 (#47765)
  * Fix header present match (#47704) (#47736)
  * [release-1.19] Fix tag list output command not working (#47710)
  * [release-1.19] Sidecar resources using defaultEndpoint can use
    ::1 in all cases (#47676)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47663)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47635)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47594)
  * [release-1.19] fix multiple header matches in root vs (#47274)
  * prevent running crdclient twice, this will cause
    crdClient.queue stop… (#47399) (#47597)
  * Fix traffic to terminating headless services (#47379) (#47589)
  * Update BASE_VERSION to 1.19-2023-10-25T19-03-30 (#47586)
  * [release-1.19] istioctl: allow file configdump missing eds for
    `proxy-config` (#47554)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47570)
  * Skip+Warn instead of NACK on invalid TLS gateway (#47560)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47557)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47542)
  * reduce logging level to DEBUG when td don't match but
    SkipValidateTrustDomain is enabled (#47528)
  * Allow setting priorityClassName in Istio gateway helm chart
    (#47460)
  * 1.19: Bump iptables image to fix glibc (#47339) (#47497)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47485)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47452)
  * [release-1.19] Fix multicluster secret filtering (#47438)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47421)
  * [release-1.19] Gated feature flag to add a secondary outbound
    bind for IPv6-only clusters (#47408)
  * cni: 1.19 cherrypicks (#47392)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47387)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47365)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47363)
  * [release-1.19] Clarify telemetry deployment namespace (#47360)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47345)
  * Update BASE_VERSION to 1.19-2023-10-13T03-27-30 (#47343)
  * # Adjust DNS Proxy CNAME wildcard response to be compatible
    with glibc and musl (#47323)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47317)
  * Automator: update ztunnel@release-1.19 in
    istio/istio@release-1.19 (#47314)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47296)

-------------------------------------------------------------------
Thu Oct 12 05:30:26 UTC 2023 - kastl@b1-systems.de

- Update to version 1.19.3:
  * Automator: update istio/client-go@release-1.19 dependency in
    istio/istio@release-1.19 (#47293)
  * Update golang.org/x/net and grpc-go (#47287)
  * Automator: update common-files@release-1.19 in
    istio/istio@release-1.19 (#47291)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47289)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47271)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47243)
  * Automator: update ztunnel@release-1.19 in
    istio/istio@release-1.19 (#47240)
  * Automator: update istio/client-go@release-1.19 dependency in
    istio/istio@release-1.19 (#47232)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47233)
  * Automator: update common-files@release-1.19 in
    istio/istio@release-1.19 (#47231)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47186)
- skipping non-existent release 1.19.2

-------------------------------------------------------------------
Wed Oct 04 09:40:21 UTC 2023 - kastl@b1-systems.de

- Update to version 1.19.1:
  * Update deps for 1.19.1 (#47129)
  * Automator: update istio/client-go@release-1.19 dependency in
    istio/istio@release-1.19 (#47123)
  * [release-1.19] Push back invalid secret to prevent sds fetching
    timeout (#47110)
  * Autheticate crane with DefaultKeychain (#47100)
  * [release-1.19] Fix issue with dual-stack iptables6 rules when
    using istio-cni plugin… (#47108)
  * Automator: update ztunnel@release-1.19 in
    istio/istio@release-1.19 (#47075)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#47062)
  * Fix issue with emiting uninitialized Guage metrics (#46980)
  * [release-1.19] fix DNSNoEndpointClusters metric (#46966)
  * [release-1.19] dedup addressInfo (#46949)
  * [release-1.19] Add endpoints to proxy-config all output
    (#46940)
  * [release-1.19] Gateway API cherrypicks (#46938)
  * [release-1.19] Fix verify install kinds for kind
    NetworkAttachmentDefinition (#46944)
  * Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4
    (#46889)
  * Automator: update ztunnel@release-1.19 in
    istio/istio@release-1.19 (#46900)
  * Cherrypick 46579 (#46896)
  * Automator: update istio/client-go@release-1.19 dependency in
    istio/istio@release-1.19 (#46888)
  * [release-1.19] Update sigs.k8s.io/gateway-api to 0.8.0 (#46677)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#46878)
  * Automator: update istio/client-go@release-1.19 dependency in
    istio/istio@release-1.19 (#46873)
  * Automator: update proxy@release-1.19 in
    istio/istio@release-1.19 (#46872)
  * Automator: update common-files@release-1.19 in
    istio/istio@release-1.19 (#46871)
  * [release-1.19] Cherrypick 46429 (#46784)
  * Automator: update istio/client-go@release-1.19 dependency in
    istio/istio@release-1.19 (#46853)
  * [release-1.19] install: fix warning with wrong control plane
    (#46739)
  * [release-1.19] Ambient: fix incorrect updates when ambient
    namespace label is changed (#46715)
  * [release-1.19] Add ability to install gateway helm chart with
    dual-stack service def… (#46683)
  * Remove conditional cleanup from traffic test. (#46819)
  * respect meshConfig.defaultConfig.sampling (#46735)
  * Report networkpolicies in bug-report (#46843)

-------------------------------------------------------------------
Wed Sep 06 05:22:41 UTC 2023 - kastl@b1-systems.de

- Update to version 1.19.0:
  very large changelog, please find it at
  https://github.com/istio/istio/releases/tag/1.19.0 and
  https://istio.io/news/releases/1.19.x/announcing-1.19/

-------------------------------------------------------------------
Tue Jul 25 17:22:24 UTC 2023 - kastl@b1-systems.de

- Update to version 1.18.2:
  * Add validation of workload entry identity (#117)
  * Bump proxy version (#122)
  * Automator: update proxy@release-1.18 in
    istio/istio@release-1.18 (#46039)
  * Automator: update proxy@release-1.18 in
    istio/istio@release-1.18 (#46025)
  * Fix nil map for cluster builder (#46024)
  * fix concurrent map access in endpoint metadata (#44473)
    (#46021)
  * fix conflict (#46017)
  * Exit if sds socket not found (#45941) (#46014)

-------------------------------------------------------------------
Mon Jul 17 04:59:39 UTC 2023 - kastl@b1-systems.de

- Update to version 1.18.1:
  * Automator: update proxy@release-1.18 in
    istio/istio@release-1.18 (#46007)
  * Automator: update ztunnel@release-1.18 in
    istio/istio@release-1.18 (#46000)
  * Automator: update istio/client-go@release-1.18 dependency in
    istio/istio@release-1.18 (#45996)
  * Automator: update common-files@release-1.18 in
    istio/istio@release-1.18 (#45995)
  * Update image from (#45958)
  * [release-1.18] prevent port conflict with sidecar static
    listener like 15021 15090 (#45966)
  * [release-1.18] Set inject true for compatibility tests (#45928)
  * Automator: update ztunnel@release-1.18 in
    istio/istio@release-1.18 (#45948)
  * Add release note for #45632 (#45927)
  * [release-1.18] Fix health probe port overwrite (#45873)
  * Automator: update istio/client-go@release-1.18 dependency in
    istio/istio@release-1.18 (#45938)
  * Automator: update common-files@release-1.18 in
    istio/istio@release-1.18 (#45936)
  * Automator: update ztunnel@release-1.18 in
    istio/istio@release-1.18 (#45892)
  * Automator: update common-files@release-1.18 in
    istio/istio@release-1.18 (#45875)
  * Automator: update istio/client-go@release-1.18 dependency in
    istio/istio@release-1.18 (#45876)
  * [release-1.18] Fix bug report include option not working as
    expected (#45860)
  * Automator: update istio/client-go@release-1.18 dependency in
    istio/istio@release-1.18 (#45857)
  * [release-1.18] Fix a potential nil panic of endpointindex
    (#45808)
  * Automator: update proxy@release-1.18 in
    istio/istio@release-1.18 (#45834)
  * Automator: update proxy@release-1.18 in
    istio/istio@release-1.18 (#45771)
  * Automator: update proxy@release-1.18 in
    istio/istio@release-1.18 (#45769)
  * Automator: update proxy@release-1.18 in
    istio/istio@release-1.18 (#45747)
  * gcp metadata: compute GCPClusterURL from metadata (#45741)
  * Fix auth header syntax (#45711)
  * Automator: update ztunnel@release-1.18 in
    istio/istio@release-1.18 (#45702)
  * Bump github.com/lestrrat-go/jwx from 1.2.25 to 1.2.26 (#45684)
  * Automator: update common-files@release-1.18 in
    istio/istio@release-1.18 (#45690)
  * Automator: update istio/client-go@release-1.18 dependency in
    istio/istio@release-1.18 (#45660)
  * Automator: update proxy@release-1.18 in
    istio/istio@release-1.18 (#45667)
  * prow: move to use WI for auth_header in private (#45609)
  * Automator: update proxy@release-1.18 in
    istio/istio@release-1.18 (#45587)
  * Automator: update ztunnel@release-1.18 in
    istio/istio@release-1.18 (#45579)
  * Automator: update istio/client-go@release-1.18 dependency in
    istio/istio@release-1.18 (#45570)
  * Automator: update common-files@release-1.18 in
    istio/istio@release-1.18 (#45569)
  * [release-1.18] improve accesslog mode e2e tests (#45519)
  * Update BASE_VERSION to 1.18-2023-06-15T19-02-54 (#45495)
  * [release-1.18] cherry-pick: add debug info when generating
    certs for workloads (#45194)
  * [release-1.18] Update min supported k8s version to 1.24
    (#45444)
  * Automator: update proxy@release-1.18 in
    istio/istio@release-1.18 (#45450)
  * Automator: update istio/client-go@release-1.18 dependency in
    istio/istio@release-1.18 (#45381)
  * [release-1.18] Check the disabled status when adding a log
    provider (#45373)
  * Change to use Node instead of RawMeta (#45359)
  * [release-1.18] Fix istioctl pc secret cert validity not
    accurate (#45343)
  * Add rolling update max unavailable to CNI chart to speed up
    deploys (cherry pick to release-1.18) (#44934)
  * Fix Telemetry disablement matching (#45303)
  * Fix invalid XDS configuration for wildcard Ingress HTTP path
    (#44898) (#45168)
  * Adding LRS support (#45165)
  * [release-1.18] Certificate Revocation List support (#45130)
  * [release-1.18]Manual cherry-pick of 44481 and 44775 (#45081)
  * precise-errorcode-debuggen (#45164)
  * Automator: update ztunnel@release-1.18 in
    istio/istio@release-1.18 (#45333)
  * Automator: update istio/client-go@release-1.18 dependency in
    istio/istio@release-1.18 (#45326)
  * Automator: update common-files@release-1.18 in
    istio/istio@release-1.18 (#45325)

-------------------------------------------------------------------
Tue Jun 13 06:13:18 UTC 2023 - kastl@b1-systems.de

- Update to version 1.18.0:
  very large changelog, please see
  https://istio.io/latest/news/releases/1.18.x/announcing-1.18/

-------------------------------------------------------------------
Tue Jun 13 06:08:03 UTC 2023 - kastl@b1-systems.de

- Update to version 1.17.3:
  * Update BASE_VERSION to 1.17-2023-05-31T19-02-43 (#45227)
  * Revert "[release-1.17] Operator: Fix webhooks reconciled by
    operator are inconsistent with istioctl install's (#45121)"
    (#45205)
  * 1.17: bump docker dep (#45198)
  * cherry-pick: add debug info when generating certs for workloads
    #45183 (#45189)
  * [release-1.17] Run update_deps.sh (#45177)
  * [release-1.17] Operator: Fix webhooks reconciled by operator
    are inconsistent with istioctl install's (#45121)
  * RetryWithContext should use the new NextBackOff() (#45122)
  * Update BASE_VERSION to 1.17-2023-05-24T19-03-36 (#45110)
  * [release-1.17] fix backoff and read ca file interval (#45039)
  * [release-1.17]Manual cherry-pick of 44481 and 44775 (#45082)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#45017)
  * Automator: update istio/client-go@release-1.17 dependency in
    istio/istio@release-1.17 (#45070)
  * Automator: update common-files@release-1.17 in
    istio/istio@release-1.17 (#45069)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44989)
  * remove file from file certs before triggering call backs
    (#44908)
  * [release-1.17] Fix  MaybeApplyTLSModeLabel function (#44939)
  * spiffe: fix handling of trust bundles with multiple keys
    (#44909)
  * [release-1.17] inject: remove unknown fields from template
    (#44858)
  * add support for security.istio.io/v1beta1 api in authz tests
    when testing multiple istio versions (#44447) (#44808)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44782)
  * [release-1.17] Fix persistent sessions scale down with envoy
    (#44652)
  * [release-1.17] Fix verify-install to work with multi iops
    (#44753)
  * Skip runtime resources when analyzing files (#44506) (#44733)
  *  [release-1.17] Fix pilot using wrong readinessprobe check,
     should check if /validate and /inject endpoints are ready.
     (#44750)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44745)
  * Fix multi-cluster issue by increasing the timeout of listing
    CRDs (#44715) (#44739)
  * Automator: update istio/client-go@release-1.17 dependency in
    istio/istio@release-1.17 (#44734)
  * Automator: update common-files@release-1.17 in
    istio/istio@release-1.17 (#44732)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44718)
  * Use safer dedupe for config (#44502) (#44535)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44618)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44598)
  * Update BASE_VERSION to 1.17-2023-04-26T19-03-52 (#44574)
  * disable automount SA token only on tests with min istio
    revisions >= 1.16 (#44492)
  * fix missing gateway services (#44463)
  * [release-1.17] add validation for empty prefix header match
    (#44455)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44440)
  * Integration Test for Istio custom GRPC count metrics (#44288)
  * [release-1.17] gateway: prevent duplicate `istio_authn` network
    filter in the filter chain (#44399)
  * fix gateway service name (#44382)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44389)
  * Update BASE_VERSION to 1.17-2023-04-12T19-03-40 (#44359)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44344)
  * Automator: update istio/client-go@release-1.17 dependency in
    istio/istio@release-1.17 (#44283)
  * Automator: update common-files@release-1.17 in
    istio/istio@release-1.17 (#44282)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44271)
  * gateway: remove internal annotation from propogating (#44220)
    (#44229)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44241)
  * [release-1.17] add release-notes for grpc stats (#44222)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44217)
  * [1.17] gateway deployment controller: handle backwards
    compatibility (#44171)
  * fix: increment failures in serverFailure function (#44176)
  * [release-1.17] always enable grpc stats filter (#44180)

-------------------------------------------------------------------
Wed Apr 19 12:10:36 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>

- package sample files

-------------------------------------------------------------------
Wed Apr 05 04:41:53 UTC 2023 - kastl@b1-systems.de

- Update to version 1.17.2:
  * [release-1.17] Update deps 1.17 (#106)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44133)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44102)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44079)
  * Add endpointslices to bug-report dump (#44054)
  * Automator: update common-files@release-1.17 in
    istio/istio@release-1.17 (#44055)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44061)
  * Automator: update istio/client-go@release-1.17 dependency in
    istio/istio@release-1.17 (#44058)
  * vm: fix assigning label from metadata (#44021)
  * [release-1.17] tracing: Update proxyConfig.Tracing merge logic
    (#42518) (#44019)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#44049)
  * Update BASE_VERSION to 1.17-2023-03-21T19-02-32 (#44039)
  * add retry to default service account patch command (#43915)
  * Fix gateway injection when istio.io/rev=<tag> (#43668)
  * Automator: update istio/client-go@release-1.17 dependency in
    istio/istio@release-1.17 (#43973)
  * [release-1.17] Fix x wait when
    PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING is not true (#43980)
  * Automator: update common-files@release-1.17 in
    istio/istio@release-1.17 (#43971)
  * Use ReadHeaderTimeout instead of ReadTimeout when gRPC is
    multiplexed (#43885)
  * Break system namespace and ingressgateway assumptions  (#43809)
    (#43866)
  * [release-1.17] Run update_deps.sh (#43869)
  * [release-1.17] ServiceEntry IP allocation: Stable IP when used
    in multiple namespaces (#43879)
  * Bump Helm to 3.11.1 (#43860)
  * Bump x/net to 0.7.0 (#43851)
  * Automator: update istio/client-go@release-1.17 dependency in
    istio/istio@release-1.17 (#43855)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#43856)
  * Automator: update common-files@release-1.17 in
    istio/istio@release-1.17 (#43854)
  * Automator: update istio/client-go@release-1.17 dependency in
    istio/istio@release-1.17 (#43834)
  * [release-1.17] Fix name resolution in istioctl command (#43819)
  * Update BASE_VERSION to 1.17-2023-03-07T19-01-20 (#43812)
  * [release-1.17] rbac: honor useAuthenticated (#43808)
  * [release-1.17] Include trustDomains from CaCertificates in SAN
    Validation (#43795)
  * AccessLogging: fix the issue where disable accesslogging does
    not take effect. (#43798)
  * Update BASE_VERSION to 1.17-2023-03-03T19-02-38 (#43757)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#43734)
  * Automator: update istio/client-go@release-1.17 dependency in
    istio/istio@release-1.17 (#43718)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#43707)
  * Automator: update istio/client-go@release-1.17 dependency in
    istio/istio@release-1.17 (#43695)
  * [release-1.17] Fix analyzing not caught some messages in
    default namespace (#43678)
  * Update BASE_VERSION to 1.17-2023-02-28T19-03-02 (#43666)
  * [release-1.17] fix unexpected behavior of multi accesslogging
    filters (#43591)
  * [release-1.17] validate: improve ValidateHTTPHeaderValue
    (#43391)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#43573)
  * [release-1.17] cluster: clone Push.Mesh.ConnectTimeout to avoid
    unintended mutation by EnvoyFilter (#43557)
  * [release-1.17] Fix large direct response (#43550)
  * Automator: update proxy@release-1.17 in
    istio/istio@release-1.17 (#43530)

-------------------------------------------------------------------
Tue Mar 28 10:50:26 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>

- bash-completion subpackage now Requires bash-completion

-------------------------------------------------------------------
Fri Mar  3 06:01:56 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>

- new package istioctl: CLI for the istio service mesh for Kubernetes