jshaughn
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 1 addition & 1 deletion b/‎.devcontainer/devcontainer.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/update-deps.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/update-deps.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/v1alpha1/values_types.gen.go‎
Lines changed: 19 additions & 0 deletions b/‎api/v1alpha1/values_types.gen.go‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎api/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 5 additions & 0 deletions b/‎api/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎bundle/manifests/networking.istio.io_workloadgroups.yaml‎
Lines changed: 57 additions & 0 deletions b/‎bundle/manifests/networking.istio.io_workloadgroups.yaml‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎bundle/manifests/sailoperator.clusterserviceversion.yaml‎
Lines changed: 10 additions & 10 deletions b/‎bundle/manifests/sailoperator.clusterserviceversion.yaml‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎bundle/manifests/sailoperator.io_istiorevisions.yaml‎
Lines changed: 18 additions & 4 deletions b/‎bundle/manifests/sailoperator.io_istiorevisions.yaml‎
Lines changed: 18 additions & 4 deletions
diff --git a/‎bundle/manifests/sailoperator.io_istios.yaml‎
Lines changed: 18 additions & 4 deletions b/‎bundle/manifests/sailoperator.io_istios.yaml‎
Lines changed: 18 additions & 4 deletions
@@ -1,6 +1,6 @@
 {
   "name": "istio build-tools",
-  "image": "gcr.io/istio-testing/build-tools:master-12939d7be6baee95d63b1a9d7c4e194f1b241257",
+  "image": "gcr.io/istio-testing/build-tools:master-3d91e3d29bd1057b14995647d90cbf85e043eba6",
   "privileged": true,
   "remoteEnv": {
     "USE_GKE_GCLOUD_AUTH_PLUGIN": "True",
 
@@ -23,7 +23,7 @@ jobs:
   update-deps:
     runs-on: ubuntu-latest
     container:
-      image: gcr.io/istio-testing/build-tools:master-12939d7be6baee95d63b1a9d7c4e194f1b241257
+      image: gcr.io/istio-testing/build-tools:master-3d91e3d29bd1057b14995647d90cbf85e043eba6
       options: --entrypoint ''
 
     steps:
 
@@ -65,12 +65,16 @@ spec:
                       - tcpSocket
                     - required:
                       - exec
+                    - required:
+                      - grpc
                 - required:
                   - httpGet
                 - required:
                   - tcpSocket
                 - required:
                   - exec
+                - required:
+                  - grpc
                 properties:
                   exec:
                     description: Health is determined by how the command that is executed
@@ -91,6 +95,21 @@ spec:
                     format: int32
                     minimum: 0
                     type: integer
+                  grpc:
+                    description: GRPC call is made and response/error is used to determine
+                      health.
+                    properties:
+                      port:
+                        description: Port on which the endpoint lives.
+                        maximum: 4294967295
+                        minimum: 0
+                        type: integer
+                        x-kubernetes-validations:
+                        - message: port must be between 1-65535
+                          rule: 0 < self && self <= 65535
+                      service:
+                        type: string
+                    type: object
                   httpGet:
                     description: '`httpGet` is performed to a given endpoint and the
                       status/able to connect determines health.'
@@ -355,12 +374,16 @@ spec:
                       - tcpSocket
                     - required:
                       - exec
+                    - required:
+                      - grpc
                 - required:
                   - httpGet
                 - required:
                   - tcpSocket
                 - required:
                   - exec
+                - required:
+                  - grpc
                 properties:
                   exec:
                     description: Health is determined by how the command that is executed
@@ -381,6 +404,21 @@ spec:
                     format: int32
                     minimum: 0
                     type: integer
+                  grpc:
+                    description: GRPC call is made and response/error is used to determine
+                      health.
+                    properties:
+                      port:
+                        description: Port on which the endpoint lives.
+                        maximum: 4294967295
+                        minimum: 0
+                        type: integer
+                        x-kubernetes-validations:
+                        - message: port must be between 1-65535
+                          rule: 0 < self && self <= 65535
+                      service:
+                        type: string
+                    type: object
                   httpGet:
                     description: '`httpGet` is performed to a given endpoint and the
                       status/able to connect determines health.'
@@ -645,12 +683,16 @@ spec:
                       - tcpSocket
                     - required:
                       - exec
+                    - required:
+                      - grpc
                 - required:
                   - httpGet
                 - required:
                   - tcpSocket
                 - required:
                   - exec
+                - required:
+                  - grpc
                 properties:
                   exec:
                     description: Health is determined by how the command that is executed
@@ -671,6 +713,21 @@ spec:
                     format: int32
                     minimum: 0
                     type: integer
+                  grpc:
+                    description: GRPC call is made and response/error is used to determine
+                      health.
+                    properties:
+                      port:
+                        description: Port on which the endpoint lives.
+                        maximum: 4294967295
+                        minimum: 0
+                        type: integer
+                        x-kubernetes-validations:
+                        - message: port must be between 1-65535
+                          rule: 0 < self && self <= 65535
+                      service:
+                        type: string
+                    type: object
                   httpGet:
                     description: '`httpGet` is performed to a given endpoint and the
                       status/able to connect determines health.'
 
@@ -34,7 +34,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: OpenShift Optional, Integration & Delivery, Networking, Security
     containerImage: quay.io/maistra-dev/sail-operator:0.2-latest
-    createdAt: "2024-12-02T05:05:15Z"
+    createdAt: "2024-12-04T05:04:50Z"
     description: Experimental operator for installing Istio service mesh
     features.operators.openshift.io/cnf: "false"
     features.operators.openshift.io/cni: "true"
@@ -325,7 +325,7 @@ spec:
     - v1.22.6
     - v1.22.5
     - v1.21.6
-    - latest (aaad4968)
+    - latest (8a328b6f)
 
     [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it.
   displayName: Sail Operator
@@ -575,10 +575,10 @@ spec:
           template:
             metadata:
               annotations:
-                images.latest.cni: gcr.io/istio-testing/install-cni:1.25-alpha.aaad4968067044f51f305dc78c5f267a478e746b
-                images.latest.istiod: gcr.io/istio-testing/pilot:1.25-alpha.aaad4968067044f51f305dc78c5f267a478e746b
-                images.latest.proxy: gcr.io/istio-testing/proxyv2:1.25-alpha.aaad4968067044f51f305dc78c5f267a478e746b
-                images.latest.ztunnel: gcr.io/istio-testing/ztunnel:1.25-alpha.aaad4968067044f51f305dc78c5f267a478e746b
+                images.latest.cni: gcr.io/istio-testing/install-cni:1.25-alpha.8a328b6f8a8b93fb4a2ede79108242a9a89e2d07
+                images.latest.istiod: gcr.io/istio-testing/pilot:1.25-alpha.8a328b6f8a8b93fb4a2ede79108242a9a89e2d07
+                images.latest.proxy: gcr.io/istio-testing/proxyv2:1.25-alpha.8a328b6f8a8b93fb4a2ede79108242a9a89e2d07
+                images.latest.ztunnel: gcr.io/istio-testing/ztunnel:1.25-alpha.8a328b6f8a8b93fb4a2ede79108242a9a89e2d07
                 images.v1_21_6.cni: docker.io/istio/install-cni:1.21.6
                 images.v1_21_6.istiod: docker.io/istio/pilot:1.21.6
                 images.v1_21_6.proxy: docker.io/istio/proxyv2:1.21.6
@@ -759,13 +759,13 @@ spec:
   provider:
     name: Red Hat, Inc.
   relatedImages:
-  - image: gcr.io/istio-testing/install-cni:1.25-alpha.aaad4968067044f51f305dc78c5f267a478e746b
+  - image: gcr.io/istio-testing/install-cni:1.25-alpha.8a328b6f8a8b93fb4a2ede79108242a9a89e2d07
     name: latest.cni
-  - image: gcr.io/istio-testing/pilot:1.25-alpha.aaad4968067044f51f305dc78c5f267a478e746b
+  - image: gcr.io/istio-testing/pilot:1.25-alpha.8a328b6f8a8b93fb4a2ede79108242a9a89e2d07
     name: latest.istiod
-  - image: gcr.io/istio-testing/proxyv2:1.25-alpha.aaad4968067044f51f305dc78c5f267a478e746b
+  - image: gcr.io/istio-testing/proxyv2:1.25-alpha.8a328b6f8a8b93fb4a2ede79108242a9a89e2d07
     name: latest.proxy
-  - image: gcr.io/istio-testing/ztunnel:1.25-alpha.aaad4968067044f51f305dc78c5f267a478e746b
+  - image: gcr.io/istio-testing/ztunnel:1.25-alpha.8a328b6f8a8b93fb4a2ede79108242a9a89e2d07
     name: latest.ztunnel
   - image: docker.io/istio/install-cni:1.21.6
     name: v1_21_6.cni
 
@@ -3338,10 +3338,12 @@ spec:
                               and disabling the `X-Envoy-Attempt-Count` header:\n\n```yaml\nproxyHeaders:\n\n\tserver:\n\t
                               \ value: \"my-custom-server\"\n\trequestId: {} // Explicitly
                               enable Request IDs. As this is the default, this has
-                              no effect.\n\tattemptCount:\n\t  disabled: true\n\n```\n\nSome
-                              headers are enabled by default, and require explicitly
-                              disabling. See below for an example of disabling all
-                              default-enabled headers:\n\n```yaml\nproxyHeaders:\n\n\tforwardedClientCert:
+                              no effect.\n\tattemptCount:\n\t  disabled: true\n\n```\n\n#
+                              Below shows an example of preserving the header case
+                              for HTTP 1.x requests\n\n```yaml\nproxyHeaders:\n\n\tperserveHttp1HeaderCase:
+                              true\n\n```\n\nSome headers are enabled by default,
+                              and require explicitly disabling. See below for an example
+                              of disabling all default-enabled headers:\n\n```yaml\nproxyHeaders:\n\n\tforwardedClientCert:
                               SANITIZE\n\tserver:\n\t  disabled: true\n\trequestId:\n\t
                               \ disabled: true\n\tattemptCount:\n\t  disabled: true\n\tenvoyDebugHeaders:\n\t
                               \ disabled: true\n\tmetadataExchangeHeaders:\n\t  mode:
@@ -3393,6 +3395,18 @@ spec:
                                     - IN_MESH
                                     type: string
                                 type: object
+                              preserveHttp1HeaderCase:
+                                description: |-
+                                  When true, the original case of HTTP/1.x headers will be preserved
+                                  as they pass through the proxy, rather than normalizing them to lowercase.
+                                  This field is particularly useful for applications that require case-sensitive
+                                  headers for interoperability with downstream systems or APIs that expect specific
+                                  casing.
+                                  The preserve_http1_header_case option only applies to HTTP/1.x traffic, as HTTP/2 requires all headers
+                                  to be lowercase per the protocol specification. Envoy will ignore this field for HTTP/2
+                                  requests and automatically normalize headers to lowercase, ensuring compliance with HTTP/2
+                                  standards.
+                                type: boolean
                               requestId:
                                 description: |-
                                   Controls the `X-Request-Id` header. If enabled, a request ID is generated for each request if one is not already set.
 
@@ -3407,10 +3407,12 @@ spec:
                               and disabling the `X-Envoy-Attempt-Count` header:\n\n```yaml\nproxyHeaders:\n\n\tserver:\n\t
                               \ value: \"my-custom-server\"\n\trequestId: {} // Explicitly
                               enable Request IDs. As this is the default, this has
-                              no effect.\n\tattemptCount:\n\t  disabled: true\n\n```\n\nSome
-                              headers are enabled by default, and require explicitly
-                              disabling. See below for an example of disabling all
-                              default-enabled headers:\n\n```yaml\nproxyHeaders:\n\n\tforwardedClientCert:
+                              no effect.\n\tattemptCount:\n\t  disabled: true\n\n```\n\n#
+                              Below shows an example of preserving the header case
+                              for HTTP 1.x requests\n\n```yaml\nproxyHeaders:\n\n\tperserveHttp1HeaderCase:
+                              true\n\n```\n\nSome headers are enabled by default,
+                              and require explicitly disabling. See below for an example
+                              of disabling all default-enabled headers:\n\n```yaml\nproxyHeaders:\n\n\tforwardedClientCert:
                               SANITIZE\n\tserver:\n\t  disabled: true\n\trequestId:\n\t
                               \ disabled: true\n\tattemptCount:\n\t  disabled: true\n\tenvoyDebugHeaders:\n\t
                               \ disabled: true\n\tmetadataExchangeHeaders:\n\t  mode:
@@ -3462,6 +3464,18 @@ spec:
                                     - IN_MESH
                                     type: string
                                 type: object
+                              preserveHttp1HeaderCase:
+                                description: |-
+                                  When true, the original case of HTTP/1.x headers will be preserved
+                                  as they pass through the proxy, rather than normalizing them to lowercase.
+                                  This field is particularly useful for applications that require case-sensitive
+                                  headers for interoperability with downstream systems or APIs that expect specific
+                                  casing.
+                                  The preserve_http1_header_case option only applies to HTTP/1.x traffic, as HTTP/2 requires all headers
+                                  to be lowercase per the protocol specification. Envoy will ignore this field for HTTP/2
+                                  requests and automatically normalize headers to lowercase, ensuring compliance with HTTP/2
+                                  standards.
+                                type: boolean
                               requestId:
                                 description: |-
                                   Controls the `X-Request-Id` header. If enabled, a request ID is generated for each request if one is not already set.
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "istio build-tools",`
`3`		`- "image": "gcr.io/istio-testing/build-tools:master-12939d7be6baee95d63b1a9d7c4e194f1b241257",`
	`3`	`+ "image": "gcr.io/istio-testing/build-tools:master-3d91e3d29bd1057b14995647d90cbf85e043eba6",`
`4`	`4`	`"privileged": true,`
`5`	`5`	`"remoteEnv": {`
`6`	`6`	`"USE_GKE_GCLOUD_AUTH_PLUGIN": "True",`