Merge pull request #13521 from presztak/update_istio_addon_yaml

Update istio addon YAML
2022-01-31 17:23:33 -08:00 · 2022-01-31 17:23:33 -08:00 · 74452b5802
parent 034f55696d 3799866c13
commit 74452b5802
2 changed files with 37 additions and 14 deletions
--- a/deploy/addons/istio-provisioner/istio-operator.yaml.tmpl
+++ b/deploy/addons/istio-provisioner/istio-operator.yaml.tmpl
@ -16,6 +16,8 @@ metadata:
    kubernetes.io/minikube-addons: istio
    addonmanager.kubernetes.io/mode: EnsureExists
 spec:
  conversion:
    strategy: None
  group: install.istio.io
  names:
    kind: IstioOperator
@ -24,13 +26,18 @@ spec:
    singular: istiooperator
    shortNames:
    - iop
    - io
  scope: Namespaced
  subresources:
    status: {}
  versions:
  - name: v1alpha1
    served: true
    storage: true
    subresources:
      status: {}
    schema:
      openAPIV3Schema:
        type: object
        x-kubernetes-preserve-unknown-fields: true
 ...
 ---
 apiVersion: v1
@ -77,12 +84,6 @@ rules:
  - '*'
  verbs:
  - '*'
 - apiGroups:
  - rbac.istio.io
  resources:
  - '*'
  verbs:
  - '*'
 - apiGroups:
  - security.istio.io
  resources:
@ -111,9 +112,7 @@ rules:
  - daemonsets
  - deployments
  - deployments/finalizers
  - ingresses
  - replicasets
  - statefulsets
  verbs:
  - '*'
 - apiGroups:
@ -129,6 +128,7 @@ rules:
  verbs:
  - get
  - create
  - update
 - apiGroups:
  - policy
  resources:
@ -144,18 +144,28 @@ rules:
  - rolebindings
  verbs:
  - '*'
 - apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - get
  - create
  - update
 - apiGroups:
  - ""
  resources:
-  - configmaps  
+  - configmaps
  - endpoints
  - events
  - namespaces
  - pods
  - pods/proxy
  - pods/portforward
  - persistentvolumeclaims
  - secrets
  - services
-  - serviceaccounts  
+  - serviceaccounts
  verbs:
  - '*'
 ...
@ -191,6 +201,7 @@ spec:
  - name: http-metrics
    port: 8383
    targetPort: 8383
    protocol: TCP
  selector:
    name: istio-operator
 ...
@ -202,7 +213,7 @@ metadata:
  name: istio-operator
  labels:
    kubernetes.io/minikube-addons: istio
-    addonmanager.kubernetes.io/mode: Reconcile 
+    addonmanager.kubernetes.io/mode: Reconcile
 spec:
  replicas: 1
  selector:
@ -222,6 +233,16 @@ spec:
          command:
          - operator
          - server
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            privileged: false
            readOnlyRootFilesystem: true
            runAsGroup: 1337
            runAsUser: 1337
            runAsNonRoot: true
          imagePullPolicy: IfNotPresent
          resources:
            limits:
@ -243,4 +264,6 @@ spec:
                  fieldPath: metadata.name
            - name: OPERATOR_NAME
              value: "istio-operator"
            - name: WAIT_FOR_RESOURCES_TIMEOUT
              value: "300s"
 ...
--- a/pkg/minikube/assets/addons.go
+++ b/pkg/minikube/assets/addons.go
@ -254,7 +254,7 @@ var Addons = map[string]*Addon{
 			"istio-operator.yaml",
 			"0640"),
 	}, false, "istio-provisioner", "third-party (istio)", map[string]string{
-		"IstioOperator": "istio/operator:1.5.0@sha256:25a6398ed4996a5313767ceb63768d503c266f63506ad3074b30eef6b5b5167e",
+		"IstioOperator": "istio/operator:1.12.2@sha256:42c7609872882cb88728a1592561b4046dac6d05b6002cbdc815b84c86a24f08",
 	}, nil),
 	"istio": NewAddon([]*BinAsset{
 		MustBinAsset(addons.IstioAssets,