From d8096417fe16303f5463cff942d97bb43cbce28b Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Mon, 1 Dec 2025 10:05:03 +0100 Subject: [PATCH 01/14] Add support for KYMA_FIPS_MODE_ENABLED env --- internal/images/env.go | 41 ++++++++++++++++++++++++++ internal/images/env_test.go | 58 +++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) diff --git a/internal/images/env.go b/internal/images/env.go index 2805ea7788..1924896eaa 100644 --- a/internal/images/env.go +++ b/internal/images/env.go @@ -2,11 +2,19 @@ package images import ( "fmt" + "os" "strings" "github.com/caarlos0/env/v11" ) +const ( + kymaFipsModeEnabledEnv = "KYMA_FIPS_MODE_ENABLED" + pilotFipsImageEnv = "PILOT_FIPS_IMAGE" + installCNIFipsImageEnv = "INSTALL_CNI_FIPS_IMAGE" + proxyFipsImageEnv = "PROXY_FIPS_IMAGE" +) + type Image string func (i Image) GetHub() (string, error) { @@ -34,6 +42,14 @@ func GetImages() (*Images, error) { return nil, fmt.Errorf("missing required environment variables %w", err) } + kymaFipsModeEnabled := os.Getenv(kymaFipsModeEnabledEnv) + if kymaFipsModeEnabled == "true" { + err = environments.GetFipsImages() + if err != nil { + return nil, err + } + } + return &environments, nil } @@ -57,3 +73,28 @@ func (e *Images) GetHub() (string, error) { } return initialHub, nil } + +func (e *Images) GetFipsImages() error { + pilotFipsImage := os.Getenv(pilotFipsImageEnv) + if pilotFipsImage == "" { + return fmt.Errorf("please set FIPS image url for pilot in %s environment variable", pilotFipsImageEnv) + } else { + e.Pilot = Image(pilotFipsImage) + } + + installCNIFipsImage := os.Getenv(installCNIFipsImageEnv) + if installCNIFipsImage == "" { + return fmt.Errorf("please set FIPS image url for Install CNI from %s environment variable", installCNIFipsImageEnv) + } else { + e.InstallCNI = Image(installCNIFipsImage) + } + + proxyFipsImage := os.Getenv(proxyFipsImageEnv) + if proxyFipsImage == "" { + return fmt.Errorf("please set FIPS image url for proxy from %s environment variable", proxyFipsImageEnv) + } else { + e.ProxyV2 = Image(proxyFipsImage) + } + + return nil +} diff --git a/internal/images/env_test.go b/internal/images/env_test.go index 307260eeb2..7a038f790b 100644 --- a/internal/images/env_test.go +++ b/internal/images/env_test.go @@ -2,6 +2,7 @@ package images_test import ( "fmt" + "os" "testing" . "github.com/onsi/ginkgo/v2" @@ -69,6 +70,63 @@ var _ = Describe("Images.GetHub", func() { true, fmt.Errorf("image foo.bar/istio/proxyv2:1.10.0 is not from the same hub as docker.io/istio/pilot:1.10.0"), ), + Entry("empty image", + fields{ + Pilot: "", + InstallCNI: "docker.io/istio/cni:1.10.0", + ProxyV2: "docker.io/istio/proxyv2:1.10.0", + }, + "", + true, + fmt.Errorf("image can not be empty"), + ), ) }) + +var _ = Describe("Images.GetFipsImages", func() { + _ = os.Setenv("pilot", "docker.io/istio/pilot:1.10.0") + _ = os.Setenv("install-cni", "docker.io/istio/cni:1.10.0") + _ = os.Setenv("proxyv2", "docker.io/istio/proxyv2:1.10.0") + + Context("when KYMA_FIPS_MODE_ENABLED is true", func() { + It("should set the FIPS images", func() { + _ = os.Setenv("KYMA_FIPS_MODE_ENABLED", "true") + _ = os.Setenv("PILOT_FIPS_IMAGE", "docker.io/istio/pilot-fips:1.10.0") + _ = os.Setenv("INSTALL_CNI_FIPS_IMAGE", "docker.io/istio/cni-fips:1.10.0") + _ = os.Setenv("PROXY_FIPS_IMAGE", "docker.io/istio/proxyv2-fips:1.10.0") + + e, err := images.GetImages() + Expect(err).NotTo(HaveOccurred()) + Expect(e.Pilot).To(Equal(images.Image("docker.io/istio/pilot-fips:1.10.0"))) + Expect(e.InstallCNI).To(Equal(images.Image("docker.io/istio/cni-fips:1.10.0"))) + Expect(e.ProxyV2).To(Equal(images.Image("docker.io/istio/proxyv2-fips:1.10.0"))) + }) + + It("should return an error when FIPS image environment variables are missing", func() { + _ = os.Setenv("KYMA_FIPS_MODE_ENABLED", "true") + _ = os.Unsetenv("PILOT_FIPS_IMAGE") + _ = os.Unsetenv("INSTALL_CNI_FIPS_IMAGE") + _ = os.Unsetenv("PROXY_FIPS_IMAGE") + + _, err := images.GetImages() + Expect(err).To(HaveOccurred()) + Expect(err.Error()).To(ContainSubstring("please set FIPS image url")) + }) + }) + + Context("when KYMA_FIPS_MODE_ENABLED is false", func() { + It("should use standard images", func() { + _ = os.Setenv("KYMA_FIPS_MODE_ENABLED", "false") + _ = os.Setenv("PILOT_FIPS_IMAGE", "docker.io/istio/pilot-fips:1.10.0") + _ = os.Setenv("INSTALL_CNI_FIPS_IMAGE", "docker.io/istio/cni-fips:1.10.0") + _ = os.Setenv("PROXY_FIPS_IMAGE", "docker.io/istio/proxyv2-fips:1.10.0") + + e, err := images.GetImages() + Expect(err).NotTo(HaveOccurred()) + Expect(e.Pilot).To(Equal(images.Image("docker.io/istio/pilot:1.10.0"))) + Expect(e.InstallCNI).To(Equal(images.Image("docker.io/istio/cni:1.10.0"))) + Expect(e.ProxyV2).To(Equal(images.Image("docker.io/istio/proxyv2:1.10.0"))) + }) + }) +}) From d7abed64fd10a0c0122e5c2e970cf1f3a9414238 Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Mon, 1 Dec 2025 10:25:24 +0100 Subject: [PATCH 02/14] Add ztunnel to fips images --- internal/images/env.go | 8 ++++++++ internal/images/env_test.go | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/internal/images/env.go b/internal/images/env.go index f644fc3a3c..79f4f421b0 100644 --- a/internal/images/env.go +++ b/internal/images/env.go @@ -13,6 +13,7 @@ const ( pilotFipsImageEnv = "PILOT_FIPS_IMAGE" installCNIFipsImageEnv = "INSTALL_CNI_FIPS_IMAGE" proxyFipsImageEnv = "PROXY_FIPS_IMAGE" + ztunnelFipsImageEnv = "ZTUNNEL_FIPS_IMAGE" ) type Image string @@ -97,5 +98,12 @@ func (e *Images) GetFipsImages() error { e.ProxyV2 = Image(proxyFipsImage) } + ztunnelFipsImage := os.Getenv(ztunnelFipsImageEnv) + if ztunnelFipsImage == "" { + return fmt.Errorf("please set FIPS image url for proxy from %s environment variable", ztunnelFipsImageEnv) + } else { + e.Ztunnel = Image(ztunnelFipsImage) + } + return nil } diff --git a/internal/images/env_test.go b/internal/images/env_test.go index 7839007b7d..375b6b95f5 100644 --- a/internal/images/env_test.go +++ b/internal/images/env_test.go @@ -92,6 +92,7 @@ var _ = Describe("Images.GetFipsImages", func() { _ = os.Setenv("pilot", "docker.io/istio/pilot:1.10.0") _ = os.Setenv("install-cni", "docker.io/istio/cni:1.10.0") _ = os.Setenv("proxyv2", "docker.io/istio/proxyv2:1.10.0") + _ = os.Setenv("ztunnel", "docker.io/istio/ztunnel:1.10.0") Context("when KYMA_FIPS_MODE_ENABLED is true", func() { It("should set the FIPS images", func() { @@ -99,12 +100,14 @@ var _ = Describe("Images.GetFipsImages", func() { _ = os.Setenv("PILOT_FIPS_IMAGE", "docker.io/istio/pilot-fips:1.10.0") _ = os.Setenv("INSTALL_CNI_FIPS_IMAGE", "docker.io/istio/cni-fips:1.10.0") _ = os.Setenv("PROXY_FIPS_IMAGE", "docker.io/istio/proxyv2-fips:1.10.0") + _ = os.Setenv("ZTUNNEL_FIPS_IMAGE", "docker.io/istio/ztunnel-fips:1.10.0") e, err := images.GetImages() Expect(err).NotTo(HaveOccurred()) Expect(e.Pilot).To(Equal(images.Image("docker.io/istio/pilot-fips:1.10.0"))) Expect(e.InstallCNI).To(Equal(images.Image("docker.io/istio/cni-fips:1.10.0"))) Expect(e.ProxyV2).To(Equal(images.Image("docker.io/istio/proxyv2-fips:1.10.0"))) + Expect(e.Ztunnel).To(Equal(images.Image("docker.io/istio/ztunnel-fips:1.10.0"))) }) It("should return an error when FIPS image environment variables are missing", func() { @@ -112,6 +115,7 @@ var _ = Describe("Images.GetFipsImages", func() { _ = os.Unsetenv("PILOT_FIPS_IMAGE") _ = os.Unsetenv("INSTALL_CNI_FIPS_IMAGE") _ = os.Unsetenv("PROXY_FIPS_IMAGE") + _ = os.Unsetenv("ZTUNNEL_FIPS_IMAGE") _, err := images.GetImages() Expect(err).To(HaveOccurred()) @@ -125,12 +129,15 @@ var _ = Describe("Images.GetFipsImages", func() { _ = os.Setenv("PILOT_FIPS_IMAGE", "docker.io/istio/pilot-fips:1.10.0") _ = os.Setenv("INSTALL_CNI_FIPS_IMAGE", "docker.io/istio/cni-fips:1.10.0") _ = os.Setenv("PROXY_FIPS_IMAGE", "docker.io/istio/proxyv2-fips:1.10.0") + _ = os.Setenv("ZTUNNEL_FIPS_IMAGE", "docker.io/istio/ztunnel-fips:1.10.0") e, err := images.GetImages() Expect(err).NotTo(HaveOccurred()) Expect(e.Pilot).To(Equal(images.Image("docker.io/istio/pilot:1.10.0"))) Expect(e.InstallCNI).To(Equal(images.Image("docker.io/istio/cni:1.10.0"))) Expect(e.ProxyV2).To(Equal(images.Image("docker.io/istio/proxyv2:1.10.0"))) + Expect(e.Ztunnel).To(Equal(images.Image("docker.io/istio/ztunnel:1.10.0"))) + }) }) }) From 96052f9deee9ff85057dfb003236a20ddb315c9e Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Mon, 1 Dec 2025 10:27:27 +0100 Subject: [PATCH 03/14] Fix error message --- internal/images/env.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/images/env.go b/internal/images/env.go index 79f4f421b0..6fe62d21ab 100644 --- a/internal/images/env.go +++ b/internal/images/env.go @@ -100,7 +100,7 @@ func (e *Images) GetFipsImages() error { ztunnelFipsImage := os.Getenv(ztunnelFipsImageEnv) if ztunnelFipsImage == "" { - return fmt.Errorf("please set FIPS image url for proxy from %s environment variable", ztunnelFipsImageEnv) + return fmt.Errorf("please set FIPS image url for ztunnel from %s environment variable", ztunnelFipsImageEnv) } else { e.Ztunnel = Image(ztunnelFipsImage) } From b25a895ab8fa2e95a1aa2fa294b541468c8cb0b8 Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Wed, 3 Dec 2025 13:36:50 +0100 Subject: [PATCH 04/14] Use struct for fips images --- internal/images/env.go | 62 ++++++++++--------------------------- internal/images/env_test.go | 29 +++++++++-------- 2 files changed, 32 insertions(+), 59 deletions(-) diff --git a/internal/images/env.go b/internal/images/env.go index 6fe62d21ab..5d35d626dc 100644 --- a/internal/images/env.go +++ b/internal/images/env.go @@ -8,13 +8,7 @@ import ( "github.com/caarlos0/env/v11" ) -const ( - kymaFipsModeEnabledEnv = "KYMA_FIPS_MODE_ENABLED" - pilotFipsImageEnv = "PILOT_FIPS_IMAGE" - installCNIFipsImageEnv = "INSTALL_CNI_FIPS_IMAGE" - proxyFipsImageEnv = "PROXY_FIPS_IMAGE" - ztunnelFipsImageEnv = "ZTUNNEL_FIPS_IMAGE" -) +const kymaFipsModeEnabledEnv = "KYMA_FIPS_MODE_ENABLED" type Image string @@ -38,18 +32,26 @@ type Images struct { Ztunnel Image `env:"ztunnel,notEmpty"` } -func GetImages() (*Images, error) { - environments, err := env.ParseAs[Images]() - if err != nil { - return nil, fmt.Errorf("missing required environment variables %w", err) - } +type ImagesFips struct { + Pilot Image `env:"pilot-fips,notEmpty"` + InstallCNI Image `env:"install-cni-fips,notEmpty"` + ProxyV2 Image `env:"proxyv2-fips,notEmpty"` + Ztunnel Image `env:"ztunnel-fips,notEmpty"` +} +func GetImages() (*Images, error) { kymaFipsModeEnabled := os.Getenv(kymaFipsModeEnabledEnv) if kymaFipsModeEnabled == "true" { - err = environments.GetFipsImages() + environments, err := env.ParseAs[ImagesFips]() if err != nil { - return nil, err + return nil, fmt.Errorf("missing required environment variables %w", err) } + return (*Images)(&environments), nil + } + + environments, err := env.ParseAs[Images]() + if err != nil { + return nil, fmt.Errorf("missing required environment variables %w", err) } return &environments, nil @@ -75,35 +77,3 @@ func (e *Images) GetHub() (string, error) { } return initialHub, nil } - -func (e *Images) GetFipsImages() error { - pilotFipsImage := os.Getenv(pilotFipsImageEnv) - if pilotFipsImage == "" { - return fmt.Errorf("please set FIPS image url for pilot in %s environment variable", pilotFipsImageEnv) - } else { - e.Pilot = Image(pilotFipsImage) - } - - installCNIFipsImage := os.Getenv(installCNIFipsImageEnv) - if installCNIFipsImage == "" { - return fmt.Errorf("please set FIPS image url for Install CNI from %s environment variable", installCNIFipsImageEnv) - } else { - e.InstallCNI = Image(installCNIFipsImage) - } - - proxyFipsImage := os.Getenv(proxyFipsImageEnv) - if proxyFipsImage == "" { - return fmt.Errorf("please set FIPS image url for proxy from %s environment variable", proxyFipsImageEnv) - } else { - e.ProxyV2 = Image(proxyFipsImage) - } - - ztunnelFipsImage := os.Getenv(ztunnelFipsImageEnv) - if ztunnelFipsImage == "" { - return fmt.Errorf("please set FIPS image url for ztunnel from %s environment variable", ztunnelFipsImageEnv) - } else { - e.Ztunnel = Image(ztunnelFipsImage) - } - - return nil -} diff --git a/internal/images/env_test.go b/internal/images/env_test.go index 375b6b95f5..9835dad5a6 100644 --- a/internal/images/env_test.go +++ b/internal/images/env_test.go @@ -97,10 +97,10 @@ var _ = Describe("Images.GetFipsImages", func() { Context("when KYMA_FIPS_MODE_ENABLED is true", func() { It("should set the FIPS images", func() { _ = os.Setenv("KYMA_FIPS_MODE_ENABLED", "true") - _ = os.Setenv("PILOT_FIPS_IMAGE", "docker.io/istio/pilot-fips:1.10.0") - _ = os.Setenv("INSTALL_CNI_FIPS_IMAGE", "docker.io/istio/cni-fips:1.10.0") - _ = os.Setenv("PROXY_FIPS_IMAGE", "docker.io/istio/proxyv2-fips:1.10.0") - _ = os.Setenv("ZTUNNEL_FIPS_IMAGE", "docker.io/istio/ztunnel-fips:1.10.0") + _ = os.Setenv("pilot-fips", "docker.io/istio/pilot-fips:1.10.0") + _ = os.Setenv("install-cni-fips", "docker.io/istio/cni-fips:1.10.0") + _ = os.Setenv("proxyv2-fips", "docker.io/istio/proxyv2-fips:1.10.0") + _ = os.Setenv("ztunnel-fips", "docker.io/istio/ztunnel-fips:1.10.0") e, err := images.GetImages() Expect(err).NotTo(HaveOccurred()) @@ -112,24 +112,27 @@ var _ = Describe("Images.GetFipsImages", func() { It("should return an error when FIPS image environment variables are missing", func() { _ = os.Setenv("KYMA_FIPS_MODE_ENABLED", "true") - _ = os.Unsetenv("PILOT_FIPS_IMAGE") - _ = os.Unsetenv("INSTALL_CNI_FIPS_IMAGE") - _ = os.Unsetenv("PROXY_FIPS_IMAGE") - _ = os.Unsetenv("ZTUNNEL_FIPS_IMAGE") + _ = os.Unsetenv("pilot-fips") + _ = os.Unsetenv("install-cni-fips") + _ = os.Unsetenv("proxyv2-fips") + _ = os.Unsetenv("ztunnel-fips") _, err := images.GetImages() Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("please set FIPS image url")) + Expect(err.Error()).To(ContainSubstring("environment variable \"pilot-fips\" should not be empty")) + Expect(err.Error()).To(ContainSubstring("environment variable \"install-cni-fips\" should not be empty")) + Expect(err.Error()).To(ContainSubstring("environment variable \"proxyv2-fips\" should not be empty")) + Expect(err.Error()).To(ContainSubstring("environment variable \"ztunnel-fips\" should not be empty")) }) }) Context("when KYMA_FIPS_MODE_ENABLED is false", func() { It("should use standard images", func() { _ = os.Setenv("KYMA_FIPS_MODE_ENABLED", "false") - _ = os.Setenv("PILOT_FIPS_IMAGE", "docker.io/istio/pilot-fips:1.10.0") - _ = os.Setenv("INSTALL_CNI_FIPS_IMAGE", "docker.io/istio/cni-fips:1.10.0") - _ = os.Setenv("PROXY_FIPS_IMAGE", "docker.io/istio/proxyv2-fips:1.10.0") - _ = os.Setenv("ZTUNNEL_FIPS_IMAGE", "docker.io/istio/ztunnel-fips:1.10.0") + _ = os.Setenv("pilot-fips", "docker.io/istio/pilot-fips:1.10.0") + _ = os.Setenv("install-cni-fips", "docker.io/istio/cni-fips:1.10.0") + _ = os.Setenv("proxyv2-fips", "docker.io/istio/proxyv2-fips:1.10.0") + _ = os.Setenv("ztunnel-fips", "docker.io/istio/ztunnel-fips:1.10.0") e, err := images.GetImages() Expect(err).NotTo(HaveOccurred()) From 261f43d82ed3077a96e03662e7d0e24b8dbc27b4 Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Mon, 8 Dec 2025 09:12:15 +0100 Subject: [PATCH 05/14] Pass hub and tag to reconciler --- controllers/istio_controller.go | 6 +-- internal/images/env.go | 45 ++++++++++++++++--- internal/images/env_test.go | 41 +++++++++++++---- internal/images/merge.go | 7 +-- internal/images/merge_test.go | 17 ++++--- internal/istiooperator/istiooperator.go | 3 +- internal/istiooperator/merge.go | 4 +- internal/istiooperator/merge_experimental.go | 2 +- internal/reconciliations/istio/install.go | 7 +-- .../reconciliations/istio/reconciliation.go | 7 +-- 10 files changed, 101 insertions(+), 38 deletions(-) diff --git a/controllers/istio_controller.go b/controllers/istio_controller.go index 42b366ba4c..7ecac7af45 100644 --- a/controllers/istio_controller.go +++ b/controllers/istio_controller.go @@ -115,9 +115,9 @@ func (r *IstioReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl return r.terminateReconciliation(ctx, &istioCR, describederrors.NewDescribedError(imgErr, "Unable to get Istio images environments"), operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonReconcileFailed)) } - hub, imgErr := istioImages.GetHub() + hubAndTag, imgErr := istioImages.GetHubAndImageTag() if imgErr != nil { - return r.terminateReconciliation(ctx, &istioCR, describederrors.NewDescribedError(imgErr, "Unable to get Istio images hub"), + return r.terminateReconciliation(ctx, &istioCR, describederrors.NewDescribedError(imgErr, "Unable to get Istio images hubAndTag"), operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonReconcileFailed)) } @@ -172,7 +172,7 @@ func (r *IstioReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl } } - istioImageVersion, installationErr := r.istioInstallation.Reconcile(ctx, &istioCR, r.statusHandler, hub) + istioImageVersion, installationErr := r.istioInstallation.Reconcile(ctx, &istioCR, r.statusHandler, hubAndTag) if installationErr != nil { return r.requeueReconciliation(ctx, &istioCR, installationErr, operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonIstioInstallUninstallFailed), diff --git a/internal/images/env.go b/internal/images/env.go index 5d35d626dc..e904626f76 100644 --- a/internal/images/env.go +++ b/internal/images/env.go @@ -12,6 +12,11 @@ const kymaFipsModeEnabledEnv = "KYMA_FIPS_MODE_ENABLED" type Image string +type HubTag struct { + Hub string + Tag string +} + func (i Image) GetHub() (string, error) { if i == "" { return "", fmt.Errorf("image can not be empty") @@ -25,6 +30,19 @@ func (i Image) GetHub() (string, error) { return strings.Join(parts[:len(parts)-1], "/"), nil } +func (i Image) GetTag() (string, error) { + if i == "" { + return "", fmt.Errorf("image can not be empty") + } + + parts := strings.Split(string(i), ":") + if len(parts) != 2 { + return "", fmt.Errorf("image %s does not contain a valid tag", i) + } + + return strings.Join(parts[len(parts)-1:], "/"), nil +} + type Images struct { Pilot Image `env:"pilot,notEmpty"` InstallCNI Image `env:"install-cni,notEmpty"` @@ -57,23 +75,36 @@ func GetImages() (*Images, error) { return &environments, nil } -func (e *Images) GetHub() (string, error) { +func (e *Images) GetHubAndImageTag() (HubTag, error) { environments := []Image{e.Pilot, e.InstallCNI, e.ProxyV2} initialHub, err := environments[0].GetHub() if err != nil { - return "", fmt.Errorf("failed to get hub for image %s: %w", environments[0], err) + return HubTag{}, fmt.Errorf("failed to get hub for image %s: %w", environments[0], err) } - // Ensure that all required images are from the same hub + initialTag, err := environments[0].GetTag() + if err != nil { + return HubTag{}, fmt.Errorf("failed to get tag for image %s: %w", environments[0], err) + } + + // Ensure that all required images are from the same hub and have the same version tag for _, image := range environments { currentHub, err := image.GetHub() if err != nil { - return "", fmt.Errorf("failed to get hub for image %s: %w", image, err) + return HubTag{}, fmt.Errorf("failed to get hub for image %s: %w", image, err) } - if currentHub != initialHub { - return "", fmt.Errorf("image %s is not from the same hub as %s", image, initialHub) + return HubTag{}, fmt.Errorf("image %s is not from the same hub as %s", image, environments[0]) + } + + currentTag, err := image.GetTag() + if err != nil { + return HubTag{}, fmt.Errorf("failed to get tag for image %s: %w", image, err) + } + if currentTag != initialTag { + return HubTag{}, fmt.Errorf("image %s does not have the same tag as %s", image, environments[0]) } } - return initialHub, nil + + return HubTag{Hub: initialHub, Tag: initialTag}, nil } diff --git a/internal/images/env_test.go b/internal/images/env_test.go index 9835dad5a6..10699aab2f 100644 --- a/internal/images/env_test.go +++ b/internal/images/env_test.go @@ -17,7 +17,7 @@ func TestEnvs(t *testing.T) { RunSpecs(t, "Environment Suite") } -var _ = Describe("Images.GetHub", func() { +var _ = Describe("Images.GetHubAndImageTag", func() { type fields struct { Pilot images.Image InstallCNI images.Image @@ -25,18 +25,19 @@ var _ = Describe("Images.GetHub", func() { Ztunnel images.Image } - DescribeTable("GetHub", - func(f fields, want string, wantErr bool, err error) { + DescribeTable("GetHubAndImageTag", + func(f fields, want images.HubTag, wantErr bool, expErr error) { e := &images.Images{ Pilot: f.Pilot, InstallCNI: f.InstallCNI, ProxyV2: f.ProxyV2, Ztunnel: f.Ztunnel, } - got, err := e.GetHub() + got, err := e.GetHubAndImageTag() if wantErr { Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("image")) + Expect(err.Error()).To(ContainSubstring(expErr.Error())) } else { Expect(err).NotTo(HaveOccurred()) Expect(got).To(Equal(want)) @@ -49,21 +50,32 @@ var _ = Describe("Images.GetHub", func() { ProxyV2: "docker.io/istio/proxyv2:1.10.0", Ztunnel: "docker.io/istio/ztunnel:1.10.0", }, - "docker.io/istio", + images.HubTag{Hub: "docker.io/istio", Tag: "1.10.0"}, false, nil, ), - Entry("invalid image format", + Entry("invalid image hub", fields{ Pilot: "pilot:1.10.0", InstallCNI: "docker.io/istio/cni:1.10.0", ProxyV2: "docker.io/istio/proxyv2:1.10.0", Ztunnel: "docker.io/istio/ztunnel:1.10.0", }, - "", + images.HubTag{}, true, fmt.Errorf("image pilot:1.10.0 does not contain a valid hub URL"), ), + Entry("missing image tag", + fields{ + Pilot: "docker.io/istio/pilot1.10.0", + InstallCNI: "docker.io/istio/cni:1.10.0", + ProxyV2: "docker.io/istio/proxyv2:1.10.0", + Ztunnel: "docker.io/istio/ztunnel:1.10.0", + }, + images.HubTag{}, + true, + fmt.Errorf("image docker.io/istio/pilot1.10.0 does not contain a valid tag"), + ), Entry("images from different hubs", fields{ Pilot: "docker.io/istio/pilot:1.10.0", @@ -71,17 +83,28 @@ var _ = Describe("Images.GetHub", func() { ProxyV2: "foo.bar/istio/proxyv2:1.10.0", Ztunnel: "docker.io/istio/ztunnel:1.10.0", }, - "", + images.HubTag{}, true, fmt.Errorf("image foo.bar/istio/proxyv2:1.10.0 is not from the same hub as docker.io/istio/pilot:1.10.0"), ), + Entry("images with different tags", + fields{ + Pilot: "docker.io/istio/pilot:1.10.0", + InstallCNI: "docker.io/istio/cni:1.10.0", + ProxyV2: "docker.io/istio/proxyv2:1.11.0", + Ztunnel: "docker.io/istio/ztunnel:1.10.0", + }, + images.HubTag{}, + true, + fmt.Errorf("image docker.io/istio/proxyv2:1.11.0 does not have the same tag as docker.io/istio/pilot:1.10.0"), + ), Entry("empty image", fields{ Pilot: "", InstallCNI: "docker.io/istio/cni:1.10.0", ProxyV2: "docker.io/istio/proxyv2:1.10.0", }, - "", + images.HubTag{}, true, fmt.Errorf("image can not be empty"), ), diff --git a/internal/images/merge.go b/internal/images/merge.go index 010f66ad65..6756f4d9fc 100644 --- a/internal/images/merge.go +++ b/internal/images/merge.go @@ -9,8 +9,8 @@ import ( const pullSecretEnvVar = "SKR_IMG_PULL_SECRET" -// MergeHubConfiguration merges the Istio hub configuration to the provided manifest. -func MergeHubConfiguration(manifest []byte, istioImagesHub string) ([]byte, error) { +// MergeHubTagConfiguration merges the Istio hub and tag configuration to the provided manifest. +func MergeHubTagConfiguration(manifest []byte, istioImagesHubTag HubTag) ([]byte, error) { var templateMap map[string]interface{} err := yaml.Unmarshal(manifest, &templateMap) if err != nil { @@ -19,7 +19,8 @@ func MergeHubConfiguration(manifest []byte, istioImagesHub string) ([]byte, erro err = mergo.Merge(&templateMap, map[string]interface{}{ "spec": map[string]interface{}{ - "hub": istioImagesHub, + "hub": istioImagesHubTag.Hub, + "tag": istioImagesHubTag.Tag, }, }, mergo.WithOverride) if err != nil { diff --git a/internal/images/merge_test.go b/internal/images/merge_test.go index 85a61d958c..e5772a4647 100644 --- a/internal/images/merge_test.go +++ b/internal/images/merge_test.go @@ -13,11 +13,11 @@ import ( var _ = Describe("Images merging", func() { - Describe("MergeHubConfiguration", func() { + Describe("MergeHubTagConfiguration", func() { DescribeTable("merges hub correctly", - func(input string, hub string, expectedHub string, expectsError bool) { - out, err := images.MergeHubConfiguration([]byte(input), hub) + func(input string, hubTag images.HubTag, expectedHub string, expectedTag string, expectsError bool) { + out, err := images.MergeHubTagConfiguration([]byte(input), hubTag) if expectsError { Expect(err).To(HaveOccurred()) @@ -31,6 +31,7 @@ var _ = Describe("Images merging", func() { spec := parsed["spec"].(map[string]interface{}) Expect(spec["hub"]).To(Equal(expectedHub)) + Expect(spec["tag"]).To(Equal(expectedTag)) }, Entry("adds hub when missing", @@ -38,8 +39,9 @@ var _ = Describe("Images merging", func() { spec: profile: default `, + images.HubTag{Hub: "my-hub", Tag: "my-tag"}, "my-hub", - "my-hub", + "my-tag", false, ), @@ -47,15 +49,18 @@ spec: ` spec: hub: old-hub + tag: old-tag `, + images.HubTag{Hub: "new-hub", Tag: "new-tag"}, "new-hub", - "new-hub", + "new-tag", false, ), Entry("fails on invalid yaml", `::: bad yaml :::`, - "hub", + images.HubTag{}, + "", "", true, ), diff --git a/internal/istiooperator/istiooperator.go b/internal/istiooperator/istiooperator.go index 441262daba..7ec813c9c3 100644 --- a/internal/istiooperator/istiooperator.go +++ b/internal/istiooperator/istiooperator.go @@ -6,6 +6,7 @@ import ( "fmt" "github.com/coreos/go-semver/semver" + "github.com/kyma-project/istio/operator/internal/images" iopv1alpha1 "istio.io/istio/operator/pkg/apis" "sigs.k8s.io/yaml" @@ -52,7 +53,7 @@ func (i *IstioImageVersion) Empty() bool { } type Merger interface { - Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesHub string) (string, error) + Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesHubTag images.HubTag) (string, error) GetIstioOperator(clusterSize clusterconfig.ClusterSize) (iopv1alpha1.IstioOperator, error) GetIstioImageVersion() (IstioImageVersion, error) } diff --git a/internal/istiooperator/merge.go b/internal/istiooperator/merge.go index 2e8e4edf07..46386cade2 100644 --- a/internal/istiooperator/merge.go +++ b/internal/istiooperator/merge.go @@ -11,7 +11,7 @@ import ( "github.com/kyma-project/istio/operator/internal/images" ) -func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesHub string) (string, error) { +func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesHubTag images.HubTag) (string, error) { toBeInstalledIop, err := m.GetIstioOperator(clusterSize) if err != nil { return "", err @@ -20,7 +20,7 @@ func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *oper if err != nil { return "", err } - manifestWithOverrideImagesHub, err := images.MergeHubConfiguration(mergedManifest, istioImagesHub) + manifestWithOverrideImagesHub, err := images.MergeHubTagConfiguration(mergedManifest, istioImagesHubTag) if err != nil { return "", err } diff --git a/internal/istiooperator/merge_experimental.go b/internal/istiooperator/merge_experimental.go index a219ce6cd3..a9c87e8dad 100644 --- a/internal/istiooperator/merge_experimental.go +++ b/internal/istiooperator/merge_experimental.go @@ -30,7 +30,7 @@ func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *oper return "", err } - manifestWithOverrideImagesHub, err := images.MergeHubConfiguration(mergedManifest, istioImagesHub) + manifestWithOverrideImagesHub, err := images.MergeHubTagConfiguration(mergedManifest, istioImagesHub) if err != nil { return "", err } diff --git a/internal/reconciliations/istio/install.go b/internal/reconciliations/istio/install.go index 5086874186..492209eabb 100644 --- a/internal/reconciliations/istio/install.go +++ b/internal/reconciliations/istio/install.go @@ -3,6 +3,7 @@ package istio import ( "context" + "github.com/kyma-project/istio/operator/internal/images" "github.com/kyma-project/istio/operator/pkg/lib/gatherer" ctrl "sigs.k8s.io/controller-runtime" @@ -25,7 +26,7 @@ type installArgs struct { istioOperatorMerger istiooperator.Merger istioImageVersion istiooperator.IstioImageVersion istioClient libraryClient - istioImagesHub string + istioImagesHubTag images.HubTag } //nolint:funlen // Function 'installIstio' has too many statements (51 > 50) TODO: refactor. @@ -36,7 +37,7 @@ func installIstio(ctx context.Context, args installArgs) (istiooperator.IstioIma statusHandler := args.statusHandler iopMerger := args.istioOperatorMerger istioClient := args.istioClient - istioImagesHub := args.istioImagesHub + istioImagesHubTag := args.istioImagesHubTag ctrl.Log.Info("Starting Istio install", "istio version", istioImageVersion.Version()) @@ -80,7 +81,7 @@ func installIstio(ctx context.Context, args installArgs) (istiooperator.IstioIma ctrl.Log.Info("Installing Istio with", "profile", clusterSize.String()) - mergedIstioOperatorPath, err := iopMerger.Merge(clusterSize, istioCR, clusterConfiguration, istioImagesHub) + mergedIstioOperatorPath, err := iopMerger.Merge(clusterSize, istioCR, clusterConfiguration, istioImagesHubTag) if err != nil { statusHandler.SetCondition(istioCR, operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonCustomResourceMisconfigured)) return istioImageVersion, describederrors.NewDescribedError(err, "Could not merge Istio operator configuration").SetCondition(false) diff --git a/internal/reconciliations/istio/reconciliation.go b/internal/reconciliations/istio/reconciliation.go index b2f0c124ae..54ea5af05c 100644 --- a/internal/reconciliations/istio/reconciliation.go +++ b/internal/reconciliations/istio/reconciliation.go @@ -3,6 +3,7 @@ package istio import ( "context" + "github.com/kyma-project/istio/operator/internal/images" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -13,7 +14,7 @@ import ( ) type InstallationReconciliation interface { - Reconcile(ctx context.Context, istioCR *operatorv1alpha2.Istio, statusHandler status.Status, istioImageHub string) (istiooperator.IstioImageVersion, describederrors.DescribedError) + Reconcile(ctx context.Context, istioCR *operatorv1alpha2.Istio, statusHandler status.Status, istioImageHub images.HubTag) (istiooperator.IstioImageVersion, describederrors.DescribedError) } type Installation struct { @@ -27,7 +28,7 @@ func (i *Installation) Reconcile( ctx context.Context, istioCR *operatorv1alpha2.Istio, statusHandler status.Status, - istioImagesHub string, + istioImagesHubTag images.HubTag, ) (istiooperator.IstioImageVersion, describederrors.DescribedError) { istioImageVersion, err := i.Merger.GetIstioImageVersion() if err != nil { @@ -43,7 +44,7 @@ func (i *Installation) Reconcile( istioOperatorMerger: i.Merger, istioImageVersion: istioImageVersion, istioClient: i.IstioClient, - istioImagesHub: istioImagesHub, + istioImagesHubTag: istioImagesHubTag, } return installIstio(ctx, args) } From dcf0bdd534263a3bd9533095c2d56296ee9468ce Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Mon, 8 Dec 2025 09:33:40 +0100 Subject: [PATCH 06/14] Add ztunnel, fix tests --- controllers/istio_controller_test.go | 3 +- internal/images/env.go | 2 +- internal/istiooperator/istiooperator_test.go | 10 +++-- .../istio/reconciliation_test.go | 41 ++++++++++--------- internal/restarter/sidecars_test.go | 3 +- 5 files changed, 32 insertions(+), 27 deletions(-) diff --git a/controllers/istio_controller_test.go b/controllers/istio_controller_test.go index b709fae54a..48fff72eba 100644 --- a/controllers/istio_controller_test.go +++ b/controllers/istio_controller_test.go @@ -6,6 +6,7 @@ import ( "os" "time" + "github.com/kyma-project/istio/operator/internal/images" "istio.io/api/networking/v1alpha3" "k8s.io/utils/ptr" @@ -1198,7 +1199,7 @@ type istioInstallationReconciliationMock struct { err describederrors.DescribedError } -func (i *istioInstallationReconciliationMock) Reconcile(_ context.Context, _ *operatorv1alpha2.Istio, _ status.Status, _ string) (istiooperator.IstioImageVersion, describederrors.DescribedError) { +func (i *istioInstallationReconciliationMock) Reconcile(_ context.Context, _ *operatorv1alpha2.Istio, _ status.Status, _ images.HubTag) (istiooperator.IstioImageVersion, describederrors.DescribedError) { version, err := istiooperator.NewIstioImageVersionFromTag("1.16.0-distroless") if err != nil { i.err = describederrors.NewDescribedError(err, "error creating IstioImageVersion") diff --git a/internal/images/env.go b/internal/images/env.go index e904626f76..b33414b99e 100644 --- a/internal/images/env.go +++ b/internal/images/env.go @@ -76,7 +76,7 @@ func GetImages() (*Images, error) { } func (e *Images) GetHubAndImageTag() (HubTag, error) { - environments := []Image{e.Pilot, e.InstallCNI, e.ProxyV2} + environments := []Image{e.Pilot, e.InstallCNI, e.ProxyV2, e.Ztunnel} initialHub, err := environments[0].GetHub() if err != nil { diff --git a/internal/istiooperator/istiooperator_test.go b/internal/istiooperator/istiooperator_test.go index 4e3231ddf0..f71943a7fa 100644 --- a/internal/istiooperator/istiooperator_test.go +++ b/internal/istiooperator/istiooperator_test.go @@ -5,6 +5,7 @@ import ( "path" "testing" + "github.com/kyma-project/istio/operator/internal/images" meshv1alpha1 "istio.io/api/mesh/v1alpha1" "istio.io/istio/operator/pkg/values" "istio.io/istio/pkg/util/protomarshal" @@ -53,7 +54,7 @@ var _ = Describe("Merge", func() { sut := istiooperator.NewDefaultIstioMerger() // when - mergedIstioOperatorPath, err := sut.Merge(clusterSize, istioCR, clusterconfig.ClusterConfiguration{}, "docker.io/istio") + mergedIstioOperatorPath, err := sut.Merge(clusterSize, istioCR, clusterconfig.ClusterConfiguration{}, images.HubTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) // then if shouldError { @@ -107,7 +108,7 @@ var _ = Describe("Merge", func() { sut := istiooperator.NewDefaultIstioMerger() // when - mergedIstioOperatorPath, err := sut.Merge(clusterconfig.Production, istioCR, clusterConfig, "docker.io/istio") + mergedIstioOperatorPath, err := sut.Merge(clusterconfig.Production, istioCR, clusterConfig, images.HubTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -139,7 +140,7 @@ var _ = Describe("Merge", func() { It("should return merged istio hub", func() { // given - istioImagesHub := "docker.io/overridden/istio-hub" + istioImagesHub := images.HubTag{Hub: "docker.io/overridden/istio-hub", Tag: "1.27.1-overridden"} sut := istiooperator.NewDefaultIstioMerger() @@ -163,7 +164,8 @@ var _ = Describe("Merge", func() { Expect(err).ShouldNot(HaveOccurred()) Expect(mergedIstioOperatorPath).To(Equal(path.Join("/tmp", istiooperator.MergedIstioOperatorFile))) iop := readIOP(mergedIstioOperatorPath) - Expect(iop.Spec.Hub).To(Equal(istioImagesHub)) + Expect(iop.Spec.Hub).To(Equal(istioImagesHub.Hub)) + Expect(iop.Spec.Tag).To(Equal(istioImagesHub.Tag)) }) }) diff --git a/internal/reconciliations/istio/reconciliation_test.go b/internal/reconciliations/istio/reconciliation_test.go index ce9d1bbb93..01d44bb5c4 100644 --- a/internal/reconciliations/istio/reconciliation_test.go +++ b/internal/reconciliations/istio/reconciliation_test.go @@ -6,6 +6,7 @@ import ( "strings" "time" + "github.com/kyma-project/istio/operator/internal/images" networkingv1 "istio.io/client-go/pkg/apis/networking/v1" "github.com/kyma-project/istio/operator/pkg/labels" @@ -76,7 +77,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -121,7 +122,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -163,7 +164,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -210,7 +211,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -250,7 +251,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -292,7 +293,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -334,7 +335,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -372,7 +373,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -423,7 +424,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -465,7 +466,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -512,7 +513,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -556,7 +557,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -600,7 +601,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -646,7 +647,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -686,7 +687,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -725,7 +726,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -775,7 +776,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -824,7 +825,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -870,7 +871,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, "docker.io/istio") + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) Expect(err).ShouldNot(HaveOccurred()) Expect(mockClient.installCalled).To(BeTrue()) Expect(mockClient.uninstallCalled).To(BeFalse()) @@ -978,7 +979,7 @@ type MergerMock struct { tag string } -func (m MergerMock) Merge(_ clusterconfig.ClusterSize, _ *operatorv1alpha2.Istio, _ clusterconfig.ClusterConfiguration, _ string) (string, error) { +func (m MergerMock) Merge(_ clusterconfig.ClusterSize, _ *operatorv1alpha2.Istio, _ clusterconfig.ClusterConfiguration, _ images.HubTag) (string, error) { return "mocked istio operator merge result", m.mergeError } diff --git a/internal/restarter/sidecars_test.go b/internal/restarter/sidecars_test.go index b6175e465c..3ef431b789 100644 --- a/internal/restarter/sidecars_test.go +++ b/internal/restarter/sidecars_test.go @@ -6,6 +6,7 @@ import ( "strings" "github.com/go-logr/logr" + "github.com/kyma-project/istio/operator/internal/images" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/pkg/errors" @@ -277,7 +278,7 @@ type MergerMock struct { tag string } -func (m MergerMock) Merge(_ clusterconfig.ClusterSize, _ *operatorv1alpha2.Istio, _ clusterconfig.ClusterConfiguration, _ string) (string, error) { +func (m MergerMock) Merge(_ clusterconfig.ClusterSize, _ *operatorv1alpha2.Istio, _ clusterconfig.ClusterConfiguration, _ images.HubTag) (string, error) { return "mocked istio operator merge result", nil } From ce99a2cdb7eb20595d2a9d34677032e1020b97bc Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Mon, 8 Dec 2025 10:06:19 +0100 Subject: [PATCH 07/14] Fix experimental --- internal/istiooperator/merge_experimental.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/istiooperator/merge_experimental.go b/internal/istiooperator/merge_experimental.go index a9c87e8dad..dc6193a52d 100644 --- a/internal/istiooperator/merge_experimental.go +++ b/internal/istiooperator/merge_experimental.go @@ -16,7 +16,7 @@ import ( "github.com/kyma-project/istio/operator/internal/images" ) -func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesHub string) (string, error) { +func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesHubTag images.HubTag) (string, error) { toBeInstalledIop, err := m.GetIstioOperator(clusterSize) if err != nil { return "", err @@ -30,7 +30,7 @@ func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *oper return "", err } - manifestWithOverrideImagesHub, err := images.MergeHubTagConfiguration(mergedManifest, istioImagesHub) + manifestWithOverrideImagesHub, err := images.MergeHubTagConfiguration(mergedManifest, istioImagesHubTag) if err != nil { return "", err } From e746a446cae0d157237bbc7b5ac70ad2cb922cb8 Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Mon, 8 Dec 2025 10:16:04 +0100 Subject: [PATCH 08/14] Fix experimental test --- internal/istiooperator/merge_experimental_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/istiooperator/merge_experimental_test.go b/internal/istiooperator/merge_experimental_test.go index 5a0a69442c..d998ad9786 100644 --- a/internal/istiooperator/merge_experimental_test.go +++ b/internal/istiooperator/merge_experimental_test.go @@ -31,7 +31,7 @@ var _ = Describe("Merge", func() { } merger := istiooperator.NewDefaultIstioMerger() - p, err := merger.Merge(clusterconfig.Evaluation, &istioCR, clusterconfig.ClusterConfiguration{}, "docker.io/istio") + p, err := merger.Merge(clusterconfig.Evaluation, &istioCR, clusterconfig.ClusterConfiguration{}, images.HubTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) Expect(err).ShouldNot(HaveOccurred()) iop := readIOP(p) Expect(iop.Spec.Components.Pilot).ToNot(BeNil()) From da1745c61c53879c963ac6ddee8c9799475a9dea Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Mon, 8 Dec 2025 12:17:43 +0100 Subject: [PATCH 09/14] Add missing import --- internal/istiooperator/merge_experimental.go | 4 ++-- internal/istiooperator/merge_experimental_test.go | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/istiooperator/merge_experimental.go b/internal/istiooperator/merge_experimental.go index dc6193a52d..020d3db0e6 100644 --- a/internal/istiooperator/merge_experimental.go +++ b/internal/istiooperator/merge_experimental.go @@ -30,11 +30,11 @@ func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *oper return "", err } - manifestWithOverrideImagesHub, err := images.MergeHubTagConfiguration(mergedManifest, istioImagesHubTag) + manifestWithOverrideImagesHubTag, err := images.MergeHubTagConfiguration(mergedManifest, istioImagesHubTag) if err != nil { return "", err } - manifestWithOverridePullSecret, err := images.MergePullSecretEnv(manifestWithOverrideImagesHub) + manifestWithOverridePullSecret, err := images.MergePullSecretEnv(manifestWithOverrideImagesHubTag) if err != nil { return "", err } diff --git a/internal/istiooperator/merge_experimental_test.go b/internal/istiooperator/merge_experimental_test.go index d998ad9786..6b2ec088c8 100644 --- a/internal/istiooperator/merge_experimental_test.go +++ b/internal/istiooperator/merge_experimental_test.go @@ -13,6 +13,7 @@ import ( "github.com/kyma-project/istio/operator/api/v1alpha2" "github.com/kyma-project/istio/operator/internal/clusterconfig" + "github.com/kyma-project/istio/operator/internal/images" "github.com/kyma-project/istio/operator/internal/istiooperator" ) From 434e44c264ab72efa6193c98bf279406944ba015 Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Tue, 9 Dec 2025 14:35:42 +0100 Subject: [PATCH 10/14] Refactor function names --- controllers/istio_controller.go | 9 +++-- controllers/istio_controller_test.go | 2 +- internal/images/env.go | 18 ++++----- internal/images/env_test.go | 20 +++++----- internal/images/merge.go | 8 ++-- internal/images/merge_test.go | 12 +++--- internal/istiooperator/istiooperator.go | 2 +- internal/istiooperator/istiooperator_test.go | 6 +-- internal/istiooperator/merge.go | 4 +- internal/istiooperator/merge_experimental.go | 6 +-- .../istiooperator/merge_experimental_test.go | 2 +- internal/reconciliations/istio/install.go | 18 ++++----- .../reconciliations/istio/reconciliation.go | 18 ++++----- .../istio/reconciliation_test.go | 40 +++++++++---------- internal/restarter/sidecars_test.go | 2 +- 15 files changed, 84 insertions(+), 83 deletions(-) diff --git a/controllers/istio_controller.go b/controllers/istio_controller.go index c8e16527ee..6e2efcc8ea 100644 --- a/controllers/istio_controller.go +++ b/controllers/istio_controller.go @@ -19,9 +19,10 @@ package controllers import ( "context" "fmt" - istiocrmetrics "github.com/kyma-project/istio/operator/internal/metrics" "time" + istiocrmetrics "github.com/kyma-project/istio/operator/internal/metrics" + "github.com/pkg/errors" "github.com/kyma-project/istio/operator/internal/images" @@ -122,9 +123,9 @@ func (r *IstioReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl return r.terminateReconciliation(ctx, &istioCR, describederrors.NewDescribedError(imgErr, "Unable to get Istio images environments"), operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonReconcileFailed)) } - hubAndTag, imgErr := istioImages.GetHubAndImageTag() + RegistryAndTag, imgErr := istioImages.GetImageRegistryAndTag() if imgErr != nil { - return r.terminateReconciliation(ctx, &istioCR, describederrors.NewDescribedError(imgErr, "Unable to get Istio images hubAndTag"), + return r.terminateReconciliation(ctx, &istioCR, describederrors.NewDescribedError(imgErr, "Unable to get Istio images RegistryAndTag"), operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonReconcileFailed)) } @@ -179,7 +180,7 @@ func (r *IstioReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl } } - istioImageVersion, installationErr := r.istioInstallation.Reconcile(ctx, &istioCR, r.statusHandler, hubAndTag) + istioImageVersion, installationErr := r.istioInstallation.Reconcile(ctx, &istioCR, r.statusHandler, RegistryAndTag) if installationErr != nil { return r.requeueReconciliation(ctx, &istioCR, installationErr, operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonIstioInstallUninstallFailed), diff --git a/controllers/istio_controller_test.go b/controllers/istio_controller_test.go index 48fff72eba..9c8f53ebd0 100644 --- a/controllers/istio_controller_test.go +++ b/controllers/istio_controller_test.go @@ -1199,7 +1199,7 @@ type istioInstallationReconciliationMock struct { err describederrors.DescribedError } -func (i *istioInstallationReconciliationMock) Reconcile(_ context.Context, _ *operatorv1alpha2.Istio, _ status.Status, _ images.HubTag) (istiooperator.IstioImageVersion, describederrors.DescribedError) { +func (i *istioInstallationReconciliationMock) Reconcile(_ context.Context, _ *operatorv1alpha2.Istio, _ status.Status, _ images.RegistryAndTag) (istiooperator.IstioImageVersion, describederrors.DescribedError) { version, err := istiooperator.NewIstioImageVersionFromTag("1.16.0-distroless") if err != nil { i.err = describederrors.NewDescribedError(err, "error creating IstioImageVersion") diff --git a/internal/images/env.go b/internal/images/env.go index b33414b99e..37585b8b17 100644 --- a/internal/images/env.go +++ b/internal/images/env.go @@ -12,7 +12,7 @@ const kymaFipsModeEnabledEnv = "KYMA_FIPS_MODE_ENABLED" type Image string -type HubTag struct { +type RegistryAndTag struct { Hub string Tag string } @@ -75,36 +75,36 @@ func GetImages() (*Images, error) { return &environments, nil } -func (e *Images) GetHubAndImageTag() (HubTag, error) { +func (e *Images) GetImageRegistryAndTag() (RegistryAndTag, error) { environments := []Image{e.Pilot, e.InstallCNI, e.ProxyV2, e.Ztunnel} initialHub, err := environments[0].GetHub() if err != nil { - return HubTag{}, fmt.Errorf("failed to get hub for image %s: %w", environments[0], err) + return RegistryAndTag{}, fmt.Errorf("failed to get hub for image %s: %w", environments[0], err) } initialTag, err := environments[0].GetTag() if err != nil { - return HubTag{}, fmt.Errorf("failed to get tag for image %s: %w", environments[0], err) + return RegistryAndTag{}, fmt.Errorf("failed to get tag for image %s: %w", environments[0], err) } // Ensure that all required images are from the same hub and have the same version tag for _, image := range environments { currentHub, err := image.GetHub() if err != nil { - return HubTag{}, fmt.Errorf("failed to get hub for image %s: %w", image, err) + return RegistryAndTag{}, fmt.Errorf("failed to get hub for image %s: %w", image, err) } if currentHub != initialHub { - return HubTag{}, fmt.Errorf("image %s is not from the same hub as %s", image, environments[0]) + return RegistryAndTag{}, fmt.Errorf("image %s is not from the same hub as %s", image, environments[0]) } currentTag, err := image.GetTag() if err != nil { - return HubTag{}, fmt.Errorf("failed to get tag for image %s: %w", image, err) + return RegistryAndTag{}, fmt.Errorf("failed to get tag for image %s: %w", image, err) } if currentTag != initialTag { - return HubTag{}, fmt.Errorf("image %s does not have the same tag as %s", image, environments[0]) + return RegistryAndTag{}, fmt.Errorf("image %s does not have the same tag as %s", image, environments[0]) } } - return HubTag{Hub: initialHub, Tag: initialTag}, nil + return RegistryAndTag{Hub: initialHub, Tag: initialTag}, nil } diff --git a/internal/images/env_test.go b/internal/images/env_test.go index 10699aab2f..ce4f1c92e5 100644 --- a/internal/images/env_test.go +++ b/internal/images/env_test.go @@ -17,7 +17,7 @@ func TestEnvs(t *testing.T) { RunSpecs(t, "Environment Suite") } -var _ = Describe("Images.GetHubAndImageTag", func() { +var _ = Describe("Images.GetImageRegistryAndTag", func() { type fields struct { Pilot images.Image InstallCNI images.Image @@ -25,15 +25,15 @@ var _ = Describe("Images.GetHubAndImageTag", func() { Ztunnel images.Image } - DescribeTable("GetHubAndImageTag", - func(f fields, want images.HubTag, wantErr bool, expErr error) { + DescribeTable("GetImageRegistryAndTag", + func(f fields, want images.RegistryAndTag, wantErr bool, expErr error) { e := &images.Images{ Pilot: f.Pilot, InstallCNI: f.InstallCNI, ProxyV2: f.ProxyV2, Ztunnel: f.Ztunnel, } - got, err := e.GetHubAndImageTag() + got, err := e.GetImageRegistryAndTag() if wantErr { Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("image")) @@ -50,7 +50,7 @@ var _ = Describe("Images.GetHubAndImageTag", func() { ProxyV2: "docker.io/istio/proxyv2:1.10.0", Ztunnel: "docker.io/istio/ztunnel:1.10.0", }, - images.HubTag{Hub: "docker.io/istio", Tag: "1.10.0"}, + images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10.0"}, false, nil, ), @@ -61,7 +61,7 @@ var _ = Describe("Images.GetHubAndImageTag", func() { ProxyV2: "docker.io/istio/proxyv2:1.10.0", Ztunnel: "docker.io/istio/ztunnel:1.10.0", }, - images.HubTag{}, + images.RegistryAndTag{}, true, fmt.Errorf("image pilot:1.10.0 does not contain a valid hub URL"), ), @@ -72,7 +72,7 @@ var _ = Describe("Images.GetHubAndImageTag", func() { ProxyV2: "docker.io/istio/proxyv2:1.10.0", Ztunnel: "docker.io/istio/ztunnel:1.10.0", }, - images.HubTag{}, + images.RegistryAndTag{}, true, fmt.Errorf("image docker.io/istio/pilot1.10.0 does not contain a valid tag"), ), @@ -83,7 +83,7 @@ var _ = Describe("Images.GetHubAndImageTag", func() { ProxyV2: "foo.bar/istio/proxyv2:1.10.0", Ztunnel: "docker.io/istio/ztunnel:1.10.0", }, - images.HubTag{}, + images.RegistryAndTag{}, true, fmt.Errorf("image foo.bar/istio/proxyv2:1.10.0 is not from the same hub as docker.io/istio/pilot:1.10.0"), ), @@ -94,7 +94,7 @@ var _ = Describe("Images.GetHubAndImageTag", func() { ProxyV2: "docker.io/istio/proxyv2:1.11.0", Ztunnel: "docker.io/istio/ztunnel:1.10.0", }, - images.HubTag{}, + images.RegistryAndTag{}, true, fmt.Errorf("image docker.io/istio/proxyv2:1.11.0 does not have the same tag as docker.io/istio/pilot:1.10.0"), ), @@ -104,7 +104,7 @@ var _ = Describe("Images.GetHubAndImageTag", func() { InstallCNI: "docker.io/istio/cni:1.10.0", ProxyV2: "docker.io/istio/proxyv2:1.10.0", }, - images.HubTag{}, + images.RegistryAndTag{}, true, fmt.Errorf("image can not be empty"), ), diff --git a/internal/images/merge.go b/internal/images/merge.go index 6756f4d9fc..0e9a6f1dd1 100644 --- a/internal/images/merge.go +++ b/internal/images/merge.go @@ -9,8 +9,8 @@ import ( const pullSecretEnvVar = "SKR_IMG_PULL_SECRET" -// MergeHubTagConfiguration merges the Istio hub and tag configuration to the provided manifest. -func MergeHubTagConfiguration(manifest []byte, istioImagesHubTag HubTag) ([]byte, error) { +// MergeRegistryAndTagConfiguration merges the Istio hub and tag configuration to the provided manifest. +func MergeRegistryAndTagConfiguration(manifest []byte, istioImagesRegistryAndTag RegistryAndTag) ([]byte, error) { var templateMap map[string]interface{} err := yaml.Unmarshal(manifest, &templateMap) if err != nil { @@ -19,8 +19,8 @@ func MergeHubTagConfiguration(manifest []byte, istioImagesHubTag HubTag) ([]byte err = mergo.Merge(&templateMap, map[string]interface{}{ "spec": map[string]interface{}{ - "hub": istioImagesHubTag.Hub, - "tag": istioImagesHubTag.Tag, + "hub": istioImagesRegistryAndTag.Hub, + "tag": istioImagesRegistryAndTag.Tag, }, }, mergo.WithOverride) if err != nil { diff --git a/internal/images/merge_test.go b/internal/images/merge_test.go index e5772a4647..f05c68efdb 100644 --- a/internal/images/merge_test.go +++ b/internal/images/merge_test.go @@ -13,11 +13,11 @@ import ( var _ = Describe("Images merging", func() { - Describe("MergeHubTagConfiguration", func() { + Describe("MergeRegistryAndTagConfiguration", func() { DescribeTable("merges hub correctly", - func(input string, hubTag images.HubTag, expectedHub string, expectedTag string, expectsError bool) { - out, err := images.MergeHubTagConfiguration([]byte(input), hubTag) + func(input string, registryAndTag images.RegistryAndTag, expectedHub string, expectedTag string, expectsError bool) { + out, err := images.MergeRegistryAndTagConfiguration([]byte(input), registryAndTag) if expectsError { Expect(err).To(HaveOccurred()) @@ -39,7 +39,7 @@ var _ = Describe("Images merging", func() { spec: profile: default `, - images.HubTag{Hub: "my-hub", Tag: "my-tag"}, + images.RegistryAndTag{Hub: "my-hub", Tag: "my-tag"}, "my-hub", "my-tag", false, @@ -51,7 +51,7 @@ spec: hub: old-hub tag: old-tag `, - images.HubTag{Hub: "new-hub", Tag: "new-tag"}, + images.RegistryAndTag{Hub: "new-hub", Tag: "new-tag"}, "new-hub", "new-tag", false, @@ -59,7 +59,7 @@ spec: Entry("fails on invalid yaml", `::: bad yaml :::`, - images.HubTag{}, + images.RegistryAndTag{}, "", "", true, diff --git a/internal/istiooperator/istiooperator.go b/internal/istiooperator/istiooperator.go index 7ec813c9c3..7b38d4733d 100644 --- a/internal/istiooperator/istiooperator.go +++ b/internal/istiooperator/istiooperator.go @@ -53,7 +53,7 @@ func (i *IstioImageVersion) Empty() bool { } type Merger interface { - Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesHubTag images.HubTag) (string, error) + Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesRegistryAndTag images.RegistryAndTag) (string, error) GetIstioOperator(clusterSize clusterconfig.ClusterSize) (iopv1alpha1.IstioOperator, error) GetIstioImageVersion() (IstioImageVersion, error) } diff --git a/internal/istiooperator/istiooperator_test.go b/internal/istiooperator/istiooperator_test.go index f71943a7fa..cc9d75aaee 100644 --- a/internal/istiooperator/istiooperator_test.go +++ b/internal/istiooperator/istiooperator_test.go @@ -54,7 +54,7 @@ var _ = Describe("Merge", func() { sut := istiooperator.NewDefaultIstioMerger() // when - mergedIstioOperatorPath, err := sut.Merge(clusterSize, istioCR, clusterconfig.ClusterConfiguration{}, images.HubTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) + mergedIstioOperatorPath, err := sut.Merge(clusterSize, istioCR, clusterconfig.ClusterConfiguration{}, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) // then if shouldError { @@ -108,7 +108,7 @@ var _ = Describe("Merge", func() { sut := istiooperator.NewDefaultIstioMerger() // when - mergedIstioOperatorPath, err := sut.Merge(clusterconfig.Production, istioCR, clusterConfig, images.HubTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) + mergedIstioOperatorPath, err := sut.Merge(clusterconfig.Production, istioCR, clusterConfig, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -140,7 +140,7 @@ var _ = Describe("Merge", func() { It("should return merged istio hub", func() { // given - istioImagesHub := images.HubTag{Hub: "docker.io/overridden/istio-hub", Tag: "1.27.1-overridden"} + istioImagesHub := images.RegistryAndTag{Hub: "docker.io/overridden/istio-hub", Tag: "1.27.1-overridden"} sut := istiooperator.NewDefaultIstioMerger() diff --git a/internal/istiooperator/merge.go b/internal/istiooperator/merge.go index 46386cade2..fa88392f36 100644 --- a/internal/istiooperator/merge.go +++ b/internal/istiooperator/merge.go @@ -11,7 +11,7 @@ import ( "github.com/kyma-project/istio/operator/internal/images" ) -func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesHubTag images.HubTag) (string, error) { +func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesRegistryAndTag images.RegistryAndTag) (string, error) { toBeInstalledIop, err := m.GetIstioOperator(clusterSize) if err != nil { return "", err @@ -20,7 +20,7 @@ func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *oper if err != nil { return "", err } - manifestWithOverrideImagesHub, err := images.MergeHubTagConfiguration(mergedManifest, istioImagesHubTag) + manifestWithOverrideImagesHub, err := images.MergeRegistryAndTagConfiguration(mergedManifest, istioImagesRegistryAndTag) if err != nil { return "", err } diff --git a/internal/istiooperator/merge_experimental.go b/internal/istiooperator/merge_experimental.go index 020d3db0e6..995bdf9628 100644 --- a/internal/istiooperator/merge_experimental.go +++ b/internal/istiooperator/merge_experimental.go @@ -16,7 +16,7 @@ import ( "github.com/kyma-project/istio/operator/internal/images" ) -func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesHubTag images.HubTag) (string, error) { +func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *operatorv1alpha2.Istio, overrides clusterconfig.ClusterConfiguration, istioImagesRegistryAndTag images.RegistryAndTag) (string, error) { toBeInstalledIop, err := m.GetIstioOperator(clusterSize) if err != nil { return "", err @@ -30,11 +30,11 @@ func (m *IstioMerger) Merge(clusterSize clusterconfig.ClusterSize, istioCR *oper return "", err } - manifestWithOverrideImagesHubTag, err := images.MergeHubTagConfiguration(mergedManifest, istioImagesHubTag) + manifestWithOverrideImagesRegistryAndTag, err := images.MergeRegistryAndTagConfiguration(mergedManifest, istioImagesRegistryAndTag) if err != nil { return "", err } - manifestWithOverridePullSecret, err := images.MergePullSecretEnv(manifestWithOverrideImagesHubTag) + manifestWithOverridePullSecret, err := images.MergePullSecretEnv(manifestWithOverrideImagesRegistryAndTag) if err != nil { return "", err } diff --git a/internal/istiooperator/merge_experimental_test.go b/internal/istiooperator/merge_experimental_test.go index 6b2ec088c8..969b5c9f92 100644 --- a/internal/istiooperator/merge_experimental_test.go +++ b/internal/istiooperator/merge_experimental_test.go @@ -32,7 +32,7 @@ var _ = Describe("Merge", func() { } merger := istiooperator.NewDefaultIstioMerger() - p, err := merger.Merge(clusterconfig.Evaluation, &istioCR, clusterconfig.ClusterConfiguration{}, images.HubTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) + p, err := merger.Merge(clusterconfig.Evaluation, &istioCR, clusterconfig.ClusterConfiguration{}, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) Expect(err).ShouldNot(HaveOccurred()) iop := readIOP(p) Expect(iop.Spec.Components.Pilot).ToNot(BeNil()) diff --git a/internal/reconciliations/istio/install.go b/internal/reconciliations/istio/install.go index 492209eabb..a9a21cd5cd 100644 --- a/internal/reconciliations/istio/install.go +++ b/internal/reconciliations/istio/install.go @@ -20,13 +20,13 @@ import ( ) type installArgs struct { - client client.Client - istioCR *operatorv1alpha2.Istio - statusHandler status.Status - istioOperatorMerger istiooperator.Merger - istioImageVersion istiooperator.IstioImageVersion - istioClient libraryClient - istioImagesHubTag images.HubTag + client client.Client + istioCR *operatorv1alpha2.Istio + statusHandler status.Status + istioOperatorMerger istiooperator.Merger + istioImageVersion istiooperator.IstioImageVersion + istioClient libraryClient + istioImagesRegistryAndTag images.RegistryAndTag } //nolint:funlen // Function 'installIstio' has too many statements (51 > 50) TODO: refactor. @@ -37,7 +37,7 @@ func installIstio(ctx context.Context, args installArgs) (istiooperator.IstioIma statusHandler := args.statusHandler iopMerger := args.istioOperatorMerger istioClient := args.istioClient - istioImagesHubTag := args.istioImagesHubTag + istioImagesRegistryAndTag := args.istioImagesRegistryAndTag ctrl.Log.Info("Starting Istio install", "istio version", istioImageVersion.Version()) @@ -81,7 +81,7 @@ func installIstio(ctx context.Context, args installArgs) (istiooperator.IstioIma ctrl.Log.Info("Installing Istio with", "profile", clusterSize.String()) - mergedIstioOperatorPath, err := iopMerger.Merge(clusterSize, istioCR, clusterConfiguration, istioImagesHubTag) + mergedIstioOperatorPath, err := iopMerger.Merge(clusterSize, istioCR, clusterConfiguration, istioImagesRegistryAndTag) if err != nil { statusHandler.SetCondition(istioCR, operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonCustomResourceMisconfigured)) return istioImageVersion, describederrors.NewDescribedError(err, "Could not merge Istio operator configuration").SetCondition(false) diff --git a/internal/reconciliations/istio/reconciliation.go b/internal/reconciliations/istio/reconciliation.go index 54ea5af05c..7cf0659649 100644 --- a/internal/reconciliations/istio/reconciliation.go +++ b/internal/reconciliations/istio/reconciliation.go @@ -14,7 +14,7 @@ import ( ) type InstallationReconciliation interface { - Reconcile(ctx context.Context, istioCR *operatorv1alpha2.Istio, statusHandler status.Status, istioImageHub images.HubTag) (istiooperator.IstioImageVersion, describederrors.DescribedError) + Reconcile(ctx context.Context, istioCR *operatorv1alpha2.Istio, statusHandler status.Status, istioImageHub images.RegistryAndTag) (istiooperator.IstioImageVersion, describederrors.DescribedError) } type Installation struct { @@ -28,7 +28,7 @@ func (i *Installation) Reconcile( ctx context.Context, istioCR *operatorv1alpha2.Istio, statusHandler status.Status, - istioImagesHubTag images.HubTag, + istioImagesRegistryAndTag images.RegistryAndTag, ) (istiooperator.IstioImageVersion, describederrors.DescribedError) { istioImageVersion, err := i.Merger.GetIstioImageVersion() if err != nil { @@ -38,13 +38,13 @@ func (i *Installation) Reconcile( if istioCR.DeletionTimestamp.IsZero() { args := installArgs{ - client: i.Client, - istioCR: istioCR, - statusHandler: statusHandler, - istioOperatorMerger: i.Merger, - istioImageVersion: istioImageVersion, - istioClient: i.IstioClient, - istioImagesHubTag: istioImagesHubTag, + client: i.Client, + istioCR: istioCR, + statusHandler: statusHandler, + istioOperatorMerger: i.Merger, + istioImageVersion: istioImageVersion, + istioClient: i.IstioClient, + istioImagesRegistryAndTag: istioImagesRegistryAndTag, } return installIstio(ctx, args) } diff --git a/internal/reconciliations/istio/reconciliation_test.go b/internal/reconciliations/istio/reconciliation_test.go index 01d44bb5c4..5fccc8faf4 100644 --- a/internal/reconciliations/istio/reconciliation_test.go +++ b/internal/reconciliations/istio/reconciliation_test.go @@ -77,7 +77,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -122,7 +122,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -164,7 +164,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -211,7 +211,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -251,7 +251,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -293,7 +293,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -335,7 +335,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -373,7 +373,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -424,7 +424,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -466,7 +466,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -513,7 +513,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -557,7 +557,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -601,7 +601,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -647,7 +647,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -687,7 +687,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -726,7 +726,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -776,7 +776,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -825,7 +825,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -871,7 +871,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.HubTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) Expect(err).ShouldNot(HaveOccurred()) Expect(mockClient.installCalled).To(BeTrue()) Expect(mockClient.uninstallCalled).To(BeFalse()) @@ -979,7 +979,7 @@ type MergerMock struct { tag string } -func (m MergerMock) Merge(_ clusterconfig.ClusterSize, _ *operatorv1alpha2.Istio, _ clusterconfig.ClusterConfiguration, _ images.HubTag) (string, error) { +func (m MergerMock) Merge(_ clusterconfig.ClusterSize, _ *operatorv1alpha2.Istio, _ clusterconfig.ClusterConfiguration, _ images.RegistryAndTag) (string, error) { return "mocked istio operator merge result", m.mergeError } diff --git a/internal/restarter/sidecars_test.go b/internal/restarter/sidecars_test.go index 3ef431b789..4a7e3e0e4a 100644 --- a/internal/restarter/sidecars_test.go +++ b/internal/restarter/sidecars_test.go @@ -278,7 +278,7 @@ type MergerMock struct { tag string } -func (m MergerMock) Merge(_ clusterconfig.ClusterSize, _ *operatorv1alpha2.Istio, _ clusterconfig.ClusterConfiguration, _ images.HubTag) (string, error) { +func (m MergerMock) Merge(_ clusterconfig.ClusterSize, _ *operatorv1alpha2.Istio, _ clusterconfig.ClusterConfiguration, _ images.RegistryAndTag) (string, error) { return "mocked istio operator merge result", nil } From c92a843d466f41a76bc9a37160498ee7d1e5fedb Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Tue, 9 Dec 2025 14:42:23 +0100 Subject: [PATCH 11/14] cr fix --- controllers/istio_controller.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/controllers/istio_controller.go b/controllers/istio_controller.go index 6e2efcc8ea..b2bdf70bc5 100644 --- a/controllers/istio_controller.go +++ b/controllers/istio_controller.go @@ -123,9 +123,9 @@ func (r *IstioReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl return r.terminateReconciliation(ctx, &istioCR, describederrors.NewDescribedError(imgErr, "Unable to get Istio images environments"), operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonReconcileFailed)) } - RegistryAndTag, imgErr := istioImages.GetImageRegistryAndTag() + registryAndTag, imgErr := istioImages.GetImageRegistryAndTag() if imgErr != nil { - return r.terminateReconciliation(ctx, &istioCR, describederrors.NewDescribedError(imgErr, "Unable to get Istio images RegistryAndTag"), + return r.terminateReconciliation(ctx, &istioCR, describederrors.NewDescribedError(imgErr, "Unable to get Istio images registryAndTag"), operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonReconcileFailed)) } @@ -180,7 +180,7 @@ func (r *IstioReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl } } - istioImageVersion, installationErr := r.istioInstallation.Reconcile(ctx, &istioCR, r.statusHandler, RegistryAndTag) + istioImageVersion, installationErr := r.istioInstallation.Reconcile(ctx, &istioCR, r.statusHandler, registryAndTag) if installationErr != nil { return r.requeueReconciliation(ctx, &istioCR, installationErr, operatorv1alpha2.NewReasonWithMessage(operatorv1alpha2.ConditionReasonIstioInstallUninstallFailed), From 0d19c85a515aaa8557d8a7ff32015b0ad83da15b Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Tue, 9 Dec 2025 15:08:06 +0100 Subject: [PATCH 12/14] Add release notes --- docs/release-notes/1.24.0.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/release-notes/1.24.0.md b/docs/release-notes/1.24.0.md index 5961d07f81..72882e6ad6 100644 --- a/docs/release-notes/1.24.0.md +++ b/docs/release-notes/1.24.0.md @@ -12,3 +12,5 @@ See [#1710](https://github.com/kyma-project/istio/pull/1710). - We've added support for **forwardClientCertDetails**. See [#1715](https://github.com/kyma-project/istio/pull/1715) and [Istio Custom Resource](https://kyma-project.io/external-content/istio/docs/user/04-00-istio-custom-resource.html). +- Add support for the **KYMA_FIPS_MODE_ENABLED** environment variable, which allows configuring separate Istio fips images. + See [#1721](https://github.com/kyma-project/istio/pull/1721). \ No newline at end of file From e817a4d77cb0554ab7035e1f0fcba96ea5bc7505 Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Wed, 10 Dec 2025 07:54:55 +0100 Subject: [PATCH 13/14] Rename struct field --- internal/images/env.go | 6 +-- internal/images/env_test.go | 2 +- internal/images/merge.go | 2 +- internal/images/merge_test.go | 4 +- internal/istiooperator/istiooperator_test.go | 8 ++-- .../istiooperator/merge_experimental_test.go | 2 +- .../istio/reconciliation_test.go | 38 +++++++++---------- 7 files changed, 31 insertions(+), 31 deletions(-) diff --git a/internal/images/env.go b/internal/images/env.go index 37585b8b17..0223399d67 100644 --- a/internal/images/env.go +++ b/internal/images/env.go @@ -13,8 +13,8 @@ const kymaFipsModeEnabledEnv = "KYMA_FIPS_MODE_ENABLED" type Image string type RegistryAndTag struct { - Hub string - Tag string + Registry string + Tag string } func (i Image) GetHub() (string, error) { @@ -106,5 +106,5 @@ func (e *Images) GetImageRegistryAndTag() (RegistryAndTag, error) { } } - return RegistryAndTag{Hub: initialHub, Tag: initialTag}, nil + return RegistryAndTag{Registry: initialHub, Tag: initialTag}, nil } diff --git a/internal/images/env_test.go b/internal/images/env_test.go index ce4f1c92e5..6d984c1643 100644 --- a/internal/images/env_test.go +++ b/internal/images/env_test.go @@ -50,7 +50,7 @@ var _ = Describe("Images.GetImageRegistryAndTag", func() { ProxyV2: "docker.io/istio/proxyv2:1.10.0", Ztunnel: "docker.io/istio/ztunnel:1.10.0", }, - images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10.0"}, + images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10.0"}, false, nil, ), diff --git a/internal/images/merge.go b/internal/images/merge.go index 0e9a6f1dd1..3ba036e0d2 100644 --- a/internal/images/merge.go +++ b/internal/images/merge.go @@ -19,7 +19,7 @@ func MergeRegistryAndTagConfiguration(manifest []byte, istioImagesRegistryAndTag err = mergo.Merge(&templateMap, map[string]interface{}{ "spec": map[string]interface{}{ - "hub": istioImagesRegistryAndTag.Hub, + "hub": istioImagesRegistryAndTag.Registry, "tag": istioImagesRegistryAndTag.Tag, }, }, mergo.WithOverride) diff --git a/internal/images/merge_test.go b/internal/images/merge_test.go index f05c68efdb..e08c4e63dc 100644 --- a/internal/images/merge_test.go +++ b/internal/images/merge_test.go @@ -39,7 +39,7 @@ var _ = Describe("Images merging", func() { spec: profile: default `, - images.RegistryAndTag{Hub: "my-hub", Tag: "my-tag"}, + images.RegistryAndTag{Registry: "my-hub", Tag: "my-tag"}, "my-hub", "my-tag", false, @@ -51,7 +51,7 @@ spec: hub: old-hub tag: old-tag `, - images.RegistryAndTag{Hub: "new-hub", Tag: "new-tag"}, + images.RegistryAndTag{Registry: "new-hub", Tag: "new-tag"}, "new-hub", "new-tag", false, diff --git a/internal/istiooperator/istiooperator_test.go b/internal/istiooperator/istiooperator_test.go index cc9d75aaee..51ab0713cf 100644 --- a/internal/istiooperator/istiooperator_test.go +++ b/internal/istiooperator/istiooperator_test.go @@ -54,7 +54,7 @@ var _ = Describe("Merge", func() { sut := istiooperator.NewDefaultIstioMerger() // when - mergedIstioOperatorPath, err := sut.Merge(clusterSize, istioCR, clusterconfig.ClusterConfiguration{}, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) + mergedIstioOperatorPath, err := sut.Merge(clusterSize, istioCR, clusterconfig.ClusterConfiguration{}, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.27.1-distroless"}) // then if shouldError { @@ -108,7 +108,7 @@ var _ = Describe("Merge", func() { sut := istiooperator.NewDefaultIstioMerger() // when - mergedIstioOperatorPath, err := sut.Merge(clusterconfig.Production, istioCR, clusterConfig, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) + mergedIstioOperatorPath, err := sut.Merge(clusterconfig.Production, istioCR, clusterConfig, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.27.1-distroless"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -140,7 +140,7 @@ var _ = Describe("Merge", func() { It("should return merged istio hub", func() { // given - istioImagesHub := images.RegistryAndTag{Hub: "docker.io/overridden/istio-hub", Tag: "1.27.1-overridden"} + istioImagesHub := images.RegistryAndTag{Registry: "docker.io/overridden/istio-hub", Tag: "1.27.1-overridden"} sut := istiooperator.NewDefaultIstioMerger() @@ -164,7 +164,7 @@ var _ = Describe("Merge", func() { Expect(err).ShouldNot(HaveOccurred()) Expect(mergedIstioOperatorPath).To(Equal(path.Join("/tmp", istiooperator.MergedIstioOperatorFile))) iop := readIOP(mergedIstioOperatorPath) - Expect(iop.Spec.Hub).To(Equal(istioImagesHub.Hub)) + Expect(iop.Spec.Hub).To(Equal(istioImagesHub.Registry)) Expect(iop.Spec.Tag).To(Equal(istioImagesHub.Tag)) }) }) diff --git a/internal/istiooperator/merge_experimental_test.go b/internal/istiooperator/merge_experimental_test.go index 969b5c9f92..c80ba922fe 100644 --- a/internal/istiooperator/merge_experimental_test.go +++ b/internal/istiooperator/merge_experimental_test.go @@ -32,7 +32,7 @@ var _ = Describe("Merge", func() { } merger := istiooperator.NewDefaultIstioMerger() - p, err := merger.Merge(clusterconfig.Evaluation, &istioCR, clusterconfig.ClusterConfiguration{}, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.27.1-distroless"}) + p, err := merger.Merge(clusterconfig.Evaluation, &istioCR, clusterconfig.ClusterConfiguration{}, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.27.1-distroless"}) Expect(err).ShouldNot(HaveOccurred()) iop := readIOP(p) Expect(iop.Spec.Components.Pilot).ToNot(BeNil()) diff --git a/internal/reconciliations/istio/reconciliation_test.go b/internal/reconciliations/istio/reconciliation_test.go index 5fccc8faf4..eab720141b 100644 --- a/internal/reconciliations/istio/reconciliation_test.go +++ b/internal/reconciliations/istio/reconciliation_test.go @@ -77,7 +77,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -122,7 +122,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -164,7 +164,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -211,7 +211,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -251,7 +251,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -293,7 +293,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -335,7 +335,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -373,7 +373,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -424,7 +424,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -466,7 +466,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -513,7 +513,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -557,7 +557,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -601,7 +601,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -647,7 +647,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -687,7 +687,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -726,7 +726,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -776,7 +776,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).ShouldNot(HaveOccurred()) @@ -825,7 +825,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) // then Expect(err).Should(HaveOccurred()) @@ -871,7 +871,7 @@ var _ = Describe("Installation reconciliation", func() { statusHandler := status.NewStatusHandler(c) // when - _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Hub: "docker.io/istio", Tag: "1.10"}) + _, err := installation.Reconcile(context.Background(), &istioCR, statusHandler, images.RegistryAndTag{Registry: "docker.io/istio", Tag: "1.10"}) Expect(err).ShouldNot(HaveOccurred()) Expect(mockClient.installCalled).To(BeTrue()) Expect(mockClient.uninstallCalled).To(BeFalse()) From 8b0593ed1251523c464e65d740e70a95ac9e9d3f Mon Sep 17 00:00:00 2001 From: Patryk Strugacz Date: Wed, 10 Dec 2025 07:58:46 +0100 Subject: [PATCH 14/14] Update docs/release-notes/1.24.0.md Co-authored-by: Natalia Sitko <80401180+nataliasitko@users.noreply.github.com> --- docs/release-notes/1.24.0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/release-notes/1.24.0.md b/docs/release-notes/1.24.0.md index 72882e6ad6..9cecf2aa2e 100644 --- a/docs/release-notes/1.24.0.md +++ b/docs/release-notes/1.24.0.md @@ -12,5 +12,5 @@ See [#1710](https://github.com/kyma-project/istio/pull/1710). - We've added support for **forwardClientCertDetails**. See [#1715](https://github.com/kyma-project/istio/pull/1715) and [Istio Custom Resource](https://kyma-project.io/external-content/istio/docs/user/04-00-istio-custom-resource.html). -- Add support for the **KYMA_FIPS_MODE_ENABLED** environment variable, which allows configuring separate Istio fips images. +- Add support for the **KYMA_FIPS_MODE_ENABLED** environment variable, which allows configuring separate Istio FIPS images. See [#1721](https://github.com/kyma-project/istio/pull/1721). \ No newline at end of file