chore: upgrade Istio and deprovision operator

[merll]

📌 Summary

This PR upgrades Istio to the current release 1.26.0. Since the Istio Operator has been deprecated as of version 1.23, also a migration to the Helm charts is implemented. The migration runs in these steps:

• Installation of the new Helm charts
  • istio-base upgrades the existing CRDs, which is not in conflict with the Operator if deployed
  • istiod tagged as a canary revision
  • istio-gateway (deployed once as ingress-gateway and optionally once as egress-gateway). istiod has to be fully installed at this point, since it includes a MutatingWebhookConfiguration required by the gateway Deployment. The new gateway(s) are installed as canary revisions.
• Switching over to the canary revisions (post-install script checks and updates the values, then re-triggers the pipeline).
• Second pipeline updates all resources to make the canary revisions the default.
• A Job watches the gateways, until the canary gateways are removed. Then Istio Operator is uninstalled.

This required additional changes to the otomi core:

• Added a method to set individual ArgoCD application spec overrides per app with a separate JSON file in the repository. This was necessary since ignoreDifferences required specifically for Istio components did not work well with several other apps.
• Added possibility to re-trigger the pipeline from the upgrade, by adding a .rerun file. The file is not committed to the repository.

🔍 Reviewer Notes

The following functionality should be tested specifially:

• Upgrading Istio on a running cluster with several services. A short downtime is expected, since the team-ns pipeline runs prematurely, not considering the migration. This could be fixed potentially in another PR. Either way, hte downtime should only last for a few seconds.
• The job istio-operator-uninstall should finish and remove all old components without further user intervention.
• Egress gateway is optional and should be tested.
• Tracing
• Knative
• Kiali is known to be incompatible with this Istio version and needs an upgrade. This is to be implemented in a separate PR.

🧹 Checklist

• Code is readable, maintainable, and robust.
• Unit tests added/updated

[github-actions]

Coverage report

St.❔	Category	Percentage	Covered / Total
🔴	Statements	46.79% (-0.6% 🔻)	991/2118
🔴	Branches	35.16% (-0.71% 🔻)	328/933
🔴	Functions	46.49% (-0.81% 🔻)	159/342
🔴	Lines	48% (-0.54% 🔻)	946/1971

Show files with reduced coverage 🔻

St.❔	File	Statements	Branches	Functions	Lines
🔴	common/k8s.ts	27.69% (-0.58% 🔻)	14.86% (-0.41% 🔻)	23.53% (-0.71% 🔻)	29.94% (-0.52% 🔻)
🔴	cmd/migrate.ts	54.17% (-2.98% 🔻)	44.97% (-3.55% 🔻)	58.02% (-5.49% 🔻)	53.72% (-3.02% 🔻)
🔴	cmd/commit.ts	13.43% (-0.63% 🔻)	25% (-4.41% 🔻)	7.69%	13.64% (-0.65% 🔻)

Test suite run success

143 tests passing in 13 suites.

Report generated by 🧪jest coverage report action from d1c52f4

[CasLubbers]

Upgraded successfully from an existing cluster. istio-operator-uninstall job completed.
And istio-operator is removed.
We could also remove the job in a next update?

[merll]

Upgraded successfully from an existing cluster. istio-operator-uninstall job completed. And istio-operator is removed. We could also remove the job in a next update?

Yes, in fact the job could probably remove itself as well. Once the apl-operator is merged I will update the migration scripts.