chore(deps): update kubezero-ci-dependencies

charts/kubezero-ci/Chart.yaml

@@ -22,7 +22,7 @@ dependencies:
     repository: https://dl.gitea.io/charts/
     condition: gitea.enabled
   - name: jenkins
-    version: 5.8.45
+    version: 5.8.47
     repository: https://charts.jenkins.io
     condition: jenkins.enabled
   - name: trivy

charts/kubezero-istio-gateway/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio-gateway
 description: KubeZero Umbrella Chart for Istio gateways
 type: application
-version: 0.24.3
+version: 0.24.6
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -17,6 +17,6 @@ dependencies:
     version: 0.2.1
     repository: https://cdn.zero-downtime.net/charts/
   - name: gateway
-    version: 1.24.3
+    version: 1.24.6
     repository: https://istio-release.storage.googleapis.com/charts
 kubeVersion: ">= 1.30.0-0"

charts/kubezero-istio-gateway/README.md

@@ -1,6 +1,6 @@
 # kubezero-istio-gateway
 
-![Version: 0.24.3](https://img.shields.io/badge/Version-0.24.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.24.6](https://img.shields.io/badge/Version-0.24.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero Umbrella Chart for Istio gateways
 
@@ -21,7 +21,7 @@ Kubernetes: `>= 1.30.0-0`
 | Repository | Name | Version |
 |------------|------|---------|
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
-| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.3 |
+| https://istio-release.storage.googleapis.com/charts | gateway | 1.24.6 |
 
 ## Values
 

charts/kubezero-istio-gateway/charts/gateway/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.24.3
+appVersion: 1.24.6
 description: Helm chart for deploying Istio gateways
 icon: https://istio.io/latest/favicons/android-192x192.png
 keywords:
@@ -9,4 +9,4 @@ name: gateway
 sources:
 - https://github.com/istio/istio
 type: application
-version: 1.24.3
+version: 1.24.6

charts/kubezero-istio-gateway/templates/envoyfilter-grpcweb.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.httpFilter.grpcWeb }}
+# Inserts the grpcWeb filter into the http_connection mangager chain before the CORS filter
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: {{ include "gatewayName" . | trimPrefix "istio-" }}-grpcweb
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{ include "kubezero-lib.labels" . | nindent 4 }}
+spec:
+  workloadSelector:
+    labels:
+      {{- include "gatewaySelectorLabels" . | nindent 6 }}
+  configPatches:
+  - applyTo: HTTP_FILTER
+    match:
+      context: GATEWAY
+      listener:
+        filterChain:
+          filter:
+            name: envoy.filters.network.http_connection_manager
+            subFilter:
+              name: envoy.filters.http.cors
+    patch:
+      operation: INSERT_BEFORE
+      value:
+        name: envoy.filters.http.grpc_web
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
+{{- end }}

charts/kubezero-istio-gateway/templates/envoyfilter-listener.yaml

@@ -1,7 +1,7 @@
 apiVersion: networking.istio.io/v1alpha3
 kind: EnvoyFilter
 metadata:
-  name: {{ include "gatewayName" . | trimPrefix "istio-" }}-proxy-protocol
+  name: {{ include "gatewayName" . | trimPrefix "istio-" }}-listener
   namespace: {{ .Release.Namespace }}
   labels:
     {{ include "kubezero-lib.labels" . | nindent 4 }}
@@ -10,24 +10,20 @@ spec:
     labels:
       {{- include "gatewaySelectorLabels" . | nindent 6 }}
   configPatches:
-  - applyTo: LISTENER
+  - applyTo: LISTENER_FILTER
+    match:
+      context: GATEWAY
+      listener:
+        portNumber: 8443
+        listenerFilter: "envoy.filters.listener.tls_inspector"
     patch:
-      operation: MERGE
+      operation: REPLACE
       value:
-        listener_filters:
+         name: envoy.filters.listener.tls_inspector
-        {{- if .Values.proxyProtocol }}
+         typed_config:
-        - name: envoy.filters.listener.proxy_protocol
+           "@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
-          typed_config:
+           "initialReadBufferSize": 512
-            "@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
+         filter_disabled:
-          filter_disabled:
+           destination_port_range:
-            destination_port_range:
+             start: 1025
-              start: 1025
+             end: 1026
-              end: 1026
-        {{- end }}
-        - name: envoy.filters.listener.tls_inspector
-          typed_config:
-            "@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
-          filter_disabled:
-            destination_port_range:
-              start: 1025
-              end: 1026

charts/kubezero-istio-gateway/templates/envoyfilter-proxyprotocol.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.proxyProtocol }}
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: {{ include "gatewayName" . | trimPrefix "istio-" }}-proxy-protocol
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{ include "kubezero-lib.labels" . | nindent 4 }}
+spec:
+  workloadSelector:
+    labels:
+      {{- include "gatewaySelectorLabels" . | nindent 6 }}
+  configPatches:
+  - applyTo: LISTENER_FILTER
+    match:
+      context: GATEWAY
+    patch:
+      operation: INSERT_FIRST
+      value:
+        name: envoy.filters.listener.proxy_protocol
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
+        filter_disabled:
+          destination_port_range:
+            start: 1025
+            end: 1026
+{{- end }}

charts/kubezero-istio-gateway/values.yaml

@@ -44,3 +44,6 @@ hardening:
   rejectUnderscoresHeaders: true
   unescapeSlashes: true
   preserveExternalRequestId: false
+
+httpFilter:
+  grpcWeb: false

charts/kubezero-istio/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-istio
 description: KubeZero Umbrella Chart for Istio
 type: application
-version: 0.24.3
+version: 0.24.6
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -20,10 +20,10 @@ dependencies:
     repository: https://cdn.zero-downtime.net/charts/
     condition: envoy-ratelimit.enabled
   - name: base
-    version: 1.24.3
+    version: 1.24.6
     repository: https://istio-release.storage.googleapis.com/charts
   - name: istiod
-    version: 1.24.3
+    version: 1.24.6
     repository: https://istio-release.storage.googleapis.com/charts
   - name: kiali-server
     version: "2.6.0"

charts/kubezero-istio/README.md

@@ -1,6 +1,6 @@
 # kubezero-istio
 
-![Version: 0.24.3](https://img.shields.io/badge/Version-0.24.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.24.6](https://img.shields.io/badge/Version-0.24.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero Umbrella Chart for Istio
 
@@ -22,8 +22,8 @@ Kubernetes: `>= 1.30.0-0`
 |------------|------|---------|
 | https://cdn.zero-downtime.net/charts/ | envoy-ratelimit | 0.1.2 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
-| https://istio-release.storage.googleapis.com/charts | base | 1.24.3 |
+| https://istio-release.storage.googleapis.com/charts | base | 1.24.6 |
-| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.3 |
+| https://istio-release.storage.googleapis.com/charts | istiod | 1.24.6 |
 | https://kiali.org/helm-charts | kiali-server | 2.6.0 |
 
 ## Values

charts/kubezero/templates/_app.tpl

@@ -25,8 +25,7 @@ spec:
     repoURL: {{ default "https://cdn.zero-downtime.net/charts" (index .Values $name "repository") }}
     targetRevision: {{ default "HEAD" ( index .Values $name "targetRevision" ) | quote }}
     helm:
-      # add with 1.32
+      skipTests: true
-      #skipTests: true
       valuesObject:
         {{- include (print $name "-values") $ | nindent 8 }}
 

charts/kubezero/templates/istio-ingress.yaml

@@ -98,6 +98,10 @@ proxyProtocol: {{ default true (index .Values "istio-ingress" "proxyProtocol") }
 hardening:
   {{- toYaml . | nindent 2 }}
 {{- end }}
+{{- with (index .Values "istio-ingress" "httpFilter") }}
+httpFilter:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
 
 {{- end }}
 

charts/kubezero/templates/istio-private-ingress.yaml

@@ -93,6 +93,10 @@ proxyProtocol: {{ default true (index .Values "istio-private-ingress" "proxyProt
 hardening:
   {{- toYaml . | nindent 2 }}
 {{- end }}
+{{- with (index .Values "istio-private-ingress" "httpFilter") }}
+httpFilter:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
 
 {{- end }}