chore(deps): update istio from 1.28.3 to 1.29.1#2387
Conversation
9e0fd3e to
e957758
Compare
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 8 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: a80edb5d8519a867741d99e0e4049a8a434883c42ffcdf756b2c703143a85da5
Tip: Customize your compliance reviews with Lula.
e957758 to
7256390
Compare
Superseded by a new Lula compliance review.
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 8 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: f6cce98f6ceeeabd9dd6855fdad5909809384946258158d30b1f7901c5f5c3a1
Tip: Customize your compliance reviews with Lula.
7256390 to
e606d90
Compare
Superseded by a new Lula compliance review.
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 9 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: f6cce98f6ceeeabd9dd6855fdad5909809384946258158d30b1f7901c5f5c3a1
Tip: Customize your compliance reviews with Lula.
e606d90 to
228ea47
Compare
Superseded by a new Lula compliance review.
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 10 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: f6cce98f6ceeeabd9dd6855fdad5909809384946258158d30b1f7901c5f5c3a1
Tip: Customize your compliance reviews with Lula.
228ea47 to
d5fc1d0
Compare
Superseded by a new Lula compliance review.
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 10 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: f6cce98f6ceeeabd9dd6855fdad5909809384946258158d30b1f7901c5f5c3a1
Tip: Customize your compliance reviews with Lula.
d5fc1d0 to
747ba41
Compare
Superseded by a new Lula compliance review.
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 13 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
59–65 |
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: 3920cd23086814de017433d09c0d82f819330db1df04b8212f159368059b114f
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: f6cce98f6ceeeabd9dd6855fdad5909809384946258158d30b1f7901c5f5c3a1
Tip: Customize your compliance reviews with Lula.
747ba41 to
077c742
Compare
Superseded by a new Lula compliance review.
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 13 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
59–65 |
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: 3920cd23086814de017433d09c0d82f819330db1df04b8212f159368059b114f
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: f6cce98f6ceeeabd9dd6855fdad5909809384946258158d30b1f7901c5f5c3a1
Tip: Customize your compliance reviews with Lula.
077c742 to
dfaa183
Compare
Superseded by a new Lula compliance review.
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 13 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
59–65 |
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: ffc7be359db0b3d5966119192d97c22edca895415429fa5fbf20fbe129f050fe
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: f6cce98f6ceeeabd9dd6855fdad5909809384946258158d30b1f7901c5f5c3a1
Tip: Customize your compliance reviews with Lula.
| datasource | package | from | to | | ----------- | ---------------------------------------------------- | ------ | ------ | | helm | base | 1.28.3 | 1.29.1 | | helm | cni | 1.28.3 | 1.29.1 | | docker | docker.io/istio/install-cni | 1.28.3 | 1.29.1 | | docker | docker.io/istio/pilot | 1.28.3 | 1.29.1 | | docker | docker.io/istio/proxyv2 | 1.28.3 | 1.29.1 | | docker | docker.io/istio/ztunnel | 1.28.3 | 1.29.1 | | helm | gateway | 1.28.3 | 1.29.1 | | github-tags | istio/istio | 1.28.3 | 1.29.1 | | helm | istiod | 1.28.3 | 1.29.1 | | github-tags | kubernetes-sigs/gateway-api | v1.4.1 | v1.5.1 | | docker | quay.io/rfcurated/istio/install-cni | 1.28.3 | 1.29.1 | | docker | quay.io/rfcurated/istio/pilot | 1.28.3 | 1.29.1 | | docker | quay.io/rfcurated/istio/proxyv2 | 1.28.3 | 1.29.1 | | docker | quay.io/rfcurated/istio/ztunnel | 1.28.3 | 1.29.1 | | docker | registry1.dso.mil/ironbank/tetrate/istio/install-cni | 1.28.3 | 1.29.1 | | docker | registry1.dso.mil/ironbank/tetrate/istio/pilot | 1.28.3 | 1.29.1 | | docker | registry1.dso.mil/ironbank/tetrate/istio/proxyv2 | 1.28.3 | 1.29.1 | | docker | registry1.dso.mil/ironbank/tetrate/istio/ztunnel | 1.28.3 | 1.29.1 | | helm | ztunnel | 1.28.3 | 1.29.1 |
50a7d41 to
d5770b0
Compare
Superseded by a new Lula compliance review.
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 13 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
59–65 |
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: ffc7be359db0b3d5966119192d97c22edca895415429fa5fbf20fbe129f050fe
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: 9f0c5e42942cfbda55f0194ee44da71705d3665ddefd0e86f18bab9cbb1189f8
Tip: Customize your compliance reviews with Lula.
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 15 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
59–65 |
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: ffc7be359db0b3d5966119192d97c22edca895415429fa5fbf20fbe129f050fe
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: 9f0c5e42942cfbda55f0194ee44da71705d3665ddefd0e86f18bab9cbb1189f8
Tip: Customize your compliance reviews with Lula.
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 15 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
59–65 |
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: ffc7be359db0b3d5966119192d97c22edca895415429fa5fbf20fbe129f050fe
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: 9f0c5e42942cfbda55f0194ee44da71705d3665ddefd0e86f18bab9cbb1189f8
Tip: Customize your compliance reviews with Lula.
There was a problem hiding this comment.
Lula Compliance Overview
Please review the changes to ensure they meet compliance standards.
Reviewed Changes
Lula reviewed 15 files changed that affect compliance.
| File | Lines Changed |
|---|---|
src/istio/zarf.yaml |
59–65 |
src/istio/zarf.yaml |
83–89 |
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: ffc7be359db0b3d5966119192d97c22edca895415429fa5fbf20fbe129f050fe
UUID: b4367e52-bef0-4463-a906-e5af6b4aa015
sha256: 9f0c5e42942cfbda55f0194ee44da71705d3665ddefd0e86f18bab9cbb1189f8
Tip: Customize your compliance reviews with Lula.
🤖 I have created a release *beep* *boop* --- ## [1.0.0](v0.63.0...v1.0.0) (2026-03-23) ### ⚠ BREAKING CHANGES * Package CRs with `network.allow` rules that do not explicitly specify a "remote" (`remoteGenerated`, `remoteNamespace`, `remoteSelector`, `remoteCidr`, or `remoteHost`) will be blocked at admission time. Packages previously using this behavior for "anywhere" ingress/egress should be updated to explicitly include `remoteGenerated: Anywhere` or `remoteNamespace: "*"` (anything in cluster). * Removed `operator.KUBEAPI_CIDR` and `operator.KUBENODE_CIDRS` from the UDS Operator Config helm chart. Users should remove any existing overrides utilizing the removed values. Users should switch to `cluster.networking.kubeApiCIDR` and `cluster.networking.kubeNodeCIDRs` values, respectively. * Removed `fipsAllowWeakPasswords` and previously deprecated `fips` value from Keycloak helm chart. FIPS mode is now enabled by default. Users should remove any existing overrides utilizing the removed values. See the [documentation](https://github.com/defenseunicorns/uds-core/blob/main/docs/how-to-guides/identity-and-authorization/enable-fips-mode.mdx) for more details on handling password upgrades if you were not running in FIPS mode previously. * Removed `CA_CERT` Zarf variable and `spec.expose.caCert` ClusterConfig field. Migrate to the `CA_BUNDLE_CERTS` Zarf variable / `spec.caBundle.certs` field. * Removed previously deprecated `x509LookupProvider` and `mtlsClientCert` values from Keycloak helm chart. Users should remove any existing overrides utilizing the removed values and use `thirdPartyIntegration.tls.tlsCertificateHeader` and `thirdPartyIntegration.tls.tlsCertificateFormat` instead. ### Features * add keycloak realm display name customization ([#2479](#2479)) ([10aa771](10aa771)) ### Bug Fixes * **ci:** handle flaky behavior around policy test and probe check ([#2519](#2519)) ([f2bc6a1](f2bc6a1)) * incr loki backend replicas to 3 in upgrade test ([ba33b49](ba33b49)) * **lint:** enforce strict equality and add regression guard lint rules ([#2411](#2411)) ([880c748](880c748)) * reject network.allow rules without a remote ([#2510](#2510)) ([0ef9d41](0ef9d41)) ### Miscellaneous * add polling/increase timeout to prometheus target e2e test ([#2452](#2452)) ([c6f11d4](c6f11d4)) * bump loki helm chart to 6.57.0 ([ba33b49](ba33b49)) * cleanup deprecations table so it renders better on docs site ([#2506](#2506)) ([0db9fc5](0db9fc5)) * correct the category annotation to 'dev.uds.categories' ([#2454](#2454)) ([48c05d6](48c05d6)) * **deps-dev:** bump undici from 7.16.0 to 7.24.1 in /test/vitest ([#2469](#2469)) ([a192d0e](a192d0e)) * **deps:** align identity-authorization terminology ([#2482](#2482)) ([5698329](5698329)) * **deps:** bump flatted from 3.3.3 to 3.4.1 ([#2472](#2472)) ([5e65aa1](5e65aa1)) * **deps:** bump undici from 7.20.0 to 7.24.4 ([#2475](#2475)) ([6635b2e](6635b2e)) * **deps:** update grafana from 12.4.0 to 12.4.1 ([#2443](#2443)) ([bba40a4](bba40a4)) * **deps:** update iac-support-deps ([#2464](#2464)) ([c14d667](c14d667)) * **deps:** update iac-support-deps ([#2481](#2481)) ([efdac7b](efdac7b)) * **deps:** update identity-config from 0.24.0 to 0.25.0 ([#2514](#2514)) ([607ec5a](607ec5a)) * **deps:** update istio from 1.28.3 to 1.29.1 ([#2387](#2387)) ([db05c8f](db05c8f)) * **deps:** update loki (memcached 1.6.41, nginx 1.29.6) ([#2441](#2441)) ([0625f8b](0625f8b)) * **deps:** update pepr from 1.1.2 to 1.1.4 ([#2484](#2484)) ([4cb5cdd](4cb5cdd)) * **deps:** update prometheus-stack ([#2420](#2420)) ([5041496](5041496)) * **deps:** update prometheus-stack ([#2474](#2474)) ([e2abba4](e2abba4)) * **deps:** update support-deps ([#2450](#2450)) ([84e409f](84e409f)) * **deps:** update vector to 0.54.0 ([#2451](#2451)) ([5fc8bac](5fc8bac)) * **docs:** add backup restore how to guides ([#2456](#2456)) ([6f785a2](6f785a2)) * **docs:** add compliance callout ([#2497](#2497)) ([68a77e5](68a77e5)) * **docs:** add docs on functional layers ([#2501](#2501)) ([f3fbda9](f3fbda9)) * **docs:** add docs.config.json file ([#2473](#2473)) ([fc4f9f5](fc4f9f5)) * **docs:** add how to guides for additional core packages ([#2491](#2491)) ([170f12f](170f12f)) * **docs:** add how-to guides for monitoring to new docs site ([#2445](#2445)) ([44e0c46](44e0c46)) * **docs:** add keycloak notifications and alerts how to guide ([#2516](#2516)) ([6c405b9](6c405b9)) * **docs:** add likec4 diagram ([#2500](#2500)) ([a08e63c](a08e63c)) * **docs:** add new how-to docs for logging ([#2453](#2453)) ([f18ac93](f18ac93)) * **docs:** add platform features how-to docs ([#2460](#2460)) ([bd66bce](bd66bce)) * **docs:** add troubleshooting/runbooks section to new docs site ([#2449](#2449)) ([8ffced3](8ffced3)) * **docs:** add uds packaging docs ([#2457](#2457)) ([6e92672](6e92672)) * **docs:** add versioning/release concept doc to new site ([#2495](#2495)) ([0bed16c](0bed16c)) * **docs:** add voice/style profile for docs writing and update docs ([#2509](#2509)) ([630fa16](630fa16)) * **docs:** address documentation feedback and cleanup ([#2493](#2493)) ([4bb2736](4bb2736)) * **docs:** cleanup promql and logql code blocks ([#2477](#2477)) ([65a961d](65a961d)) * **docs:** cleanup reference docs for operator CRDs on new site ([#2467](#2467)) ([e437538](e437538)) * **docs:** enable pagination override for getting started docs ([#2463](#2463)) ([bf1c9bc](bf1c9bc)) * **docs:** fix overview paths ([#2462](#2462)) ([6dd3ad8](6dd3ad8)) * **docs:** identity-access how to guides ([#2437](#2437)) ([74f1d39](74f1d39)) * **docs:** reference section part 2 ([#2465](#2465)) ([0249240](0249240)) * **docs:** remove css from index.mdx file ([#2499](#2499)) ([1263b5e](1263b5e)) * **docs:** runtime-security how to guides ([#2448](#2448)) ([88b6662](88b6662)) * **docs:** update doc dir naming ([#2522](#2522)) ([33be9b3](33be9b3)) * **docs:** update monitoring ha guide with prometheus sizing ([#2468](#2468)) ([2c7f183](2c7f183)) * **docs:** update to create landing page ([#2476](#2476)) ([e780443](e780443)) * **docs:** use registry references in new doc site instead of ghcr ([#2496](#2496)) ([509206b](509206b)) * fix dev-docs local script ([#2488](#2488)) ([793cf1a](793cf1a)) * incr loki backend/read/write replicas to 3 in ha upgrade test ([ba33b49](ba33b49)) * remove deprecated CA_CERT variable ([#2489](#2489)) ([ffdfc48](ffdfc48)) * remove deprecated operator config CIDR values ([#2494](#2494)) ([e290cdc](e290cdc)) * remove keycloak FIPS switch ([#2483](#2483)) ([f5b63d0](f5b63d0)) * remove x509LookupProvider and mtlsClientCert from KC values ([#2486](#2486)) ([9496bfe](9496bfe)) * replace accredit with authorize in docs ([#2507](#2507)) ([f3f4072](f3f4072)) * switch loki helm chart to grafana-community chart ([ba33b49](ba33b49)) * update dev-docs to align with cli ([#2498](#2498)) ([30074c7](30074c7)) * update public ca config to exclude new root ([#2511](#2511)) ([139940e](139940e)) ### Documentation * add documentation on resizing prometheus volumes ([#2440](#2440)) ([bd54266](bd54266)) * add guide link ([#2471](#2471)) ([df47223](df47223)) * add how-tos for policy/compliance ([#2461](#2461)) ([2b9a33f](2b9a33f)) * add release notes for 1.0 ([#2515](#2515)) ([f4903da](f4903da)) * clean up 1.0 release notes page ([#2523](#2523)) ([9eff8fd](9eff8fd)) * fix concepts titles and delete stub ([#2508](#2508)) ([cc94720](cc94720)) * fix policy engine reference page ([#2504](#2504)) ([2c92bf9](2c92bf9)) * how-to guide fixes and updated guidance ([#2466](#2466)) ([2e78ee6](2e78ee6)) * operations and maintenance - upgrades and configuration changes ([#2487](#2487)) ([59178ba](59178ba)) * update deprecation table for Package deprecations ([#2492](#2492)) ([c583f96](c583f96)) * update dev-docs task to handle core subdir ([#2480](#2480)) ([b36398f](b36398f)) * update network docs, add trust management ([#2459](#2459)) ([940fc64](940fc64)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## Description Working on istio v1 update I came across what I believe is a gap in our autogenerated-check. We updated to 1.29.1 here: #2387 ## Related Issue Relates to CORE-44 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate n/a ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-core/blob/main/CONTRIBUTING.md) followed
This PR contains the following updates:
1.28.3→1.29.11.28.3→1.29.11.28.3-distroless→1.29.1-distroless1.28.3-distroless→1.29.1-distroless1.28.3-distroless→1.29.1-distroless1.28.3-distroless→1.29.1-distroless1.28.3→1.29.11.28.3→1.29.11.28.3→1.29.1v1.4.1→v1.5.11.28.3-jammy-fips-rfcurated-rfhardened→1.29.1-jammy-fips-rfcurated-rfhardened1.28.3-jammy-fips-rfcurated-rfhardened→1.29.1-jammy-fips-rfcurated-rfhardened1.28.3-jammy-fips-rfcurated-rfhardened→1.29.1-jammy-fips-rfcurated-rfhardened1.28.3-jammy-scratch-fips-rfcurated→1.29.1-jammy-scratch-fips-rfcurated1.28.3-fips→1.29.1-fips1.28.3-fips→1.29.1-fips1.28.3-fips→1.29.1-fips1.28.3-fips→1.29.1-fips1.28.3→1.29.1Release Notes
istio/istio (base)
v1.29.1: Istio 1.29.1Compare Source
Artifacts
Release Notes
v1.29.0: Istio 1.29.0Compare Source
Artifacts
Release Notes
v1.28.5: Istio 1.28.5Compare Source
Artifacts
Release Notes
v1.28.4: Istio 1.28.4Compare Source
Artifacts
Release Notes
kubernetes-sigs/gateway-api (kubernetes-sigs/gateway-api)
v1.5.1Compare Source
Warning: The Experimental channel CRDs are too large for a standard
kubectl apply. To work around this please usekubectl apply --server-side=trueinstead -- or, even better, usekubercto make server-side apply the default.Gateway API v1.5.1
Major Changes Since v1.5.0
GEP
Conformance
conflicted=falsecondition is not required anymore in the listener status for non-conflicted listeners. (#4664, @zhaohuabing)What's Changed
Full Changelog: kubernetes-sigs/gateway-api@v1.5.0...v1.5.1
v1.5.0Compare Source
Warning: The Experimental channel CRDs are too large for a standard
kubectl apply. To work around this please usekubectl apply --server-side=trueinstead -- or, even better, usekubercto make server-side apply the default.Gateway API v1.5.0
Major Changes Since v1.4.1
Breaking Changes
TLSRoute
v1alpha2and XListenerSetTLSRoute and ListenerSet have graduated to the Standard channel as
v1. In 1.5.0, TLSRoutev1alpha2is present only in the Experimental channel; in 1.6, it will be removed from the Experimental channel too.Additionally, note that TLSRoute's CEL validation requires Kubernetes 1.31 or higher.
Upgrades and ValidatingAdmissionPolicy
Gateway API 1.5 introduces a validating admission policy (VAP) called
safe-upgrades.gateway.networking.k8s.ioto guard against two specific concerns:These actions can't be known to be safe without detailed knowledge about your application and users. If you need to perform them, delete the
safe-upgrades.gateway.networking.k8s.ioVAP first.New Features
In this release, the following major features are moving to the
Standardchannel and are now considered generally available:v1(GEP-2643)Additionally, the ReferenceGrant resource is moving to
v1.Experimental
Full Changelog
Full Changelog: kubernetes-sigs/gateway-api@v1.4.1...v1.5.0
Dependencies
Added
Changed
1a19826→bd525da8d1bb00→ab9386aef028d9→ab9386ac297c0c→ec3ebc5d7b6acb→589584f0af2bda→914a6e7Removed
5ec99f8Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.