fix linting errors

Author: upodroid

kubernetes/apps/istio.yaml

@@ -16,10 +16,10 @@ spec:
     - path: config/crd/experimental
       repoURL: https://github.com/kubernetes-sigs/gateway-api
       targetRevision: v1.1.0
-  ignoreDifferences:     
-    - group: admissionregistration.k8s.io                                                              
+  ignoreDifferences:
+    - group: admissionregistration.k8s.io
       kind: ValidatingWebhookConfiguration
-      jsonPointers:                                                                                    
+      jsonPointers:
       - /webhooks/0/failurePolicy
   syncPolicy:
     automated:
@@ -52,7 +52,11 @@ spec:
             enablePrometheusMerge: true
             protocolDetectionTimeout: 5s
             enableTracing: true
+            defaultConfig:
+              tracing:
             extensionProviders:
+            - name: stackdriver
+              stackdriver:
             - name: "oauth2-proxy"
               envoyExtAuthzHttp:
                 service: "oauth2-proxy.oauth2-proxy.svc.cluster.local"
@@ -69,6 +73,8 @@ spec:
                   - authorization
                   - cookie
                   - user-agent
+                includeAdditionalHeadersInCheck:
+                  X-Auth-Request-Redirect: https://%REQ(Host)%%REQ(:PATH)%
             defaultConfig:
               gatewayTopology:
                 numTrustedProxies: 2
@@ -79,12 +85,12 @@ spec:
                 enabled: true
                 wasmEnabled: false
     - path: kubernetes/gke-utility/istio-system
-      repoURL: https://github.com/borg-land/k8s.io
-      targetRevision: istio
-  ignoreDifferences:     
-    - group: admissionregistration.k8s.io                                                              
+      repoURL: https://github.com/kubernetes/k8s.io
+      targetRevision: main
+  ignoreDifferences:
+    - group: admissionregistration.k8s.io
       kind: ValidatingWebhookConfiguration
-      jsonPointers:                                                                                    
+      jsonPointers:
       - /webhooks/0/failurePolicy
   syncPolicy:
     automated:

kubernetes/gke-utility/argocd/argocd-cm.yaml

@@ -12,17 +12,11 @@ data:
       ignoreDifferences: |
         jqPathExpressions:
         - '.webhooks[]?.clientConfig.caBundle'
+  resource.exclusions: |
+    - apiGroups:
+        - cilium.io
+      kinds:
+        - CiliumIdentity
+      clusters:
+        - "*"
   kustomize.buildOptions: --load-restrictor LoadRestrictionsNone --enable-alpha-plugins
-  dex.config: |
-    connectors:
-      - type: github
-        id: github
-        name: GitHub
-        config:
-          clientID: $dex.github.clientId
-          clientSecret: $dex.github.clientSecret
-          orgs:
-          - name: kubernetes
-          useLoginAsID: true
-          loadAllGroups: true
-          teamNameField: slug

kubernetes/gke-utility/argocd/extras.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
     argocd.argoproj.io/secret-type: repository
 stringData:
-  url: https://github.com/kubernetes
+  url: https://github.com/kubernetes/k8s.io
   name: kubernetes
   type: git
 ---
@@ -43,3 +43,25 @@ spec:
     - backendRefs:
         - name: argocd-server
           port: 80
+---
+apiVersion: security.istio.io/v1
+kind: AuthorizationPolicy
+metadata:
+  name: argocd
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-server
+  action: ALLOW
+  rules:
+    - from:
+        - source:
+            namespaces:
+              - istio-system
+      when:
+        - key: request.headers[X-Auth-Request-User]
+          values:
+            - dims
+            - upodroid
+            - ameukam
+            - BenTheElder

kubernetes/gke-utility/helm/oauth2-proxy.yaml

@@ -1,11 +1,9 @@
-
 config:
   existingSecret: oauth2-proxy-creds
 
 extraArgs:
   provider: github
   github-org: kubernetes
-  github-team: sig-k8s-infra-leads,sig-k8s-infra
   redirect-url: https://oauth2-proxy.k8s.io/oauth2/callback
   reverse-proxy: true
   pass-access-token: true

kubernetes/gke-utility/istio-system/kustomization.yaml

@@ -1,5 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: istio-system
 resources:
   - auth-policy.yaml
   - gateway.yaml