Remove patching of istio; update values for seccompvalue via chart

.github/workflows/admission_webhook_test.yaml

@@ -1,11 +1,11 @@
 name: Build & Apply PodDefaults manifests in KinD
 on:
   pull_request:
     paths:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - .github/workflows/admission_webhook_test.yaml
     - apps/admission-webhook/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - tests/gh-actions/install_cert_manager.sh
     - common/cert-manager/**
 
@@ -20,7 +20,7 @@
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install cert-manager
       run: ./tests/gh-actions/install_cert_manager.sh

.github/workflows/centraldashboard_test.yaml

@@ -1,11 +1,11 @@
 name: Build & Apply CentralDashboard manifests in KinD
 on:
   pull_request:
     paths:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - .github/workflows/centraldashboard_test.yaml
     - apps/centraldashboard/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
 
 jobs:
   build:
@@ -18,7 +18,7 @@
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Build & Apply manifests
       run: |

.github/workflows/dex_test.yaml

@@ -1,11 +1,11 @@
 name: Build & Apply Dex manifests in KinD
 on:
   pull_request:
     paths:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - .github/workflows/dex_test.yaml
     - common/dex/base/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
 
 jobs:
   build:

.github/workflows/jupyter_web_application_test.yaml

@@ -1,11 +1,11 @@
 name: Build & Apply JWA manifests in KinD
 on:
   pull_request:
     paths:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - .github/workflows/jupyter_web_application_test.yaml
     - apps/jupyter/jupyter-web-app/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
 
 jobs:
   build:
@@ -18,7 +18,7 @@
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Build & Apply manifests
       run: |

.github/workflows/katib_test.yaml

@@ -1,11 +1,11 @@
 name: Build & Apply Katib manifests in KinD
 on:
   pull_request:
     paths:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - .github/workflows/katib_test.yaml
     - apps/katib/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - tests/gh-actions/install_cert_manager.sh
     - common/cert-manager/**
 
@@ -20,7 +20,7 @@
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install cert-manager
       run: ./tests/gh-actions/install_cert_manager.sh

.github/workflows/kserve_m2m_test.yaml

@@ -1,5 +1,5 @@
 name: Deploy and test KServe with m2m auth in KinD
 on:
   pull_request:
     paths:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
@@ -7,7 +7,7 @@
     - contrib/kserve/**
     - common/oauth2-proxy/**
     - common/istio*/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - tests/gh-actions/install_oauth2-proxy.sh
     - tests/gh-actions/install_cert_manager.sh
     - common/cert-manager/**
@@ -32,7 +32,7 @@
       run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install oauth2-proxy
       run: ./tests/gh-actions/install_oauth2-proxy.sh

.github/workflows/kserve_test.yaml

@@ -1,5 +1,5 @@
 name: Build & Apply KServe manifests in KinD
 on:
   pull_request:
     paths:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
@@ -25,7 +25,7 @@
       run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install cert-manager
       run: ./tests/gh-actions/install_cert_manager.sh

.github/workflows/model_registry_test.yaml

@@ -1,12 +1,12 @@
 # If anyone changes or improve the following tests for Model Registry, please
 # consider reflecting the same changes on https://github.com/kubeflow/model-registry
 name: Deploy and test Kubeflow Model Registry
 on:
   pull_request:
     paths:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - apps/model-registry/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - common/istio*/**
 
 jobs:
@@ -26,7 +26,7 @@
       run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install oauth2-proxy
       run: ./tests/gh-actions/install_oauth2-proxy.sh

.github/workflows/notebook_controller_m2m_test.yaml

@@ -1,5 +1,5 @@
 name: Test Notebook Controller with m2m auth manifests in KinD
 on:
   pull_request:
     paths:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
@@ -7,7 +7,7 @@
     - apps/jupyter/**
     - common/oauth2-proxy/**
     - common/istio*/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - tests/gh-actions/install_oauth2-proxy.sh
     - tests/gh-actions/install_multi_tenancy.sh
 
@@ -28,13 +28,13 @@
       run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install oauth2-proxy
       run: ./tests/gh-actions/install_oauth2-proxy.sh
 
     - name: Install kubeflow-istio-resources
-      run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
+      run: kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -
 
     - name: Install KF Multi Tenancy
       run: ./tests/gh-actions/install_multi_tenancy.sh

.github/workflows/notebook_controller_test.yaml

@@ -1,11 +1,11 @@
 name: Build & Apply Notebook Controller manifests in KinD
 on:
   pull_request:
     paths:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - .github/workflows/notebook_controller_test.yaml
     - apps/jupyter/notebook-controller/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - common/istio*/**
 
 jobs:
@@ -19,7 +19,7 @@
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Build & Apply manifests
       run: |

.github/workflows/pipeline_run_from_notebook.yaml

@@ -6,7 +6,7 @@ on:
     - .github/workflows/pipeline_run_from_notebook.yaml
     - apps/jupyter/notebook-controller/upstream/**
     - apps/pipeline/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - tests/gh-actions/install_cert_manager.sh
     - common/cert-manager/**
     - common/oauth2-proxy/**
@@ -25,7 +25,7 @@ jobs:
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install oauth2-proxy
       run: ./tests/gh-actions/install_oauth2-proxy.sh
@@ -37,7 +37,7 @@ jobs:
       run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -
 
     - name: Install kubeflow-istio-resources
-      run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
+      run: kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -
 
     - name: Install KF Pipelines
       run: ./tests/gh-actions/install_pipelines.sh

.github/workflows/pipeline_swfs_test.yaml

@@ -5,7 +5,7 @@ on:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - .github/workflows/pipeline_swfs_test.yaml
     - apps/pipeline/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - tests/gh-actions/install_cert_manager.sh
     - tests/gh-actions/install_oauth2-proxy.sh
     - common/cert-manager/**
@@ -27,7 +27,7 @@ jobs:
       run: ./tests/gh-actions/install_kubectl.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install oauth2-proxy
       run: ./tests/gh-actions/install_oauth2-proxy.sh
@@ -45,7 +45,7 @@ jobs:
       run: ./tests/gh-actions/install_multi_tenancy.sh
 
     - name: Install kubeflow-istio-resources
-      run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
+      run: kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -
 
     - name: Create KF Profile
       run: kustomize build common/user-namespace/base | kubectl apply -f -

.github/workflows/pipeline_test.yaml

@@ -5,7 +5,7 @@ on:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - .github/workflows/pipeline_test.yaml
     - apps/pipeline/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - tests/gh-actions/install_cert_manager.sh
     - tests/gh-actions/install_oauth2-proxy.sh
     - common/cert-manager/**
@@ -26,7 +26,7 @@ jobs:
       run: ./tests/gh-actions/install_kubectl.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install oauth2-proxy
       run: ./tests/gh-actions/install_oauth2-proxy.sh
@@ -44,7 +44,7 @@ jobs:
       run: ./tests/gh-actions/install_multi_tenancy.sh
 
     - name: Install kubeflow-istio-resources
-      run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
+      run: kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -
 
     - name: Create KF Profile
       run: kustomize build common/user-namespace/base | kubectl apply -f -

.github/workflows/profiles_test.yaml

@@ -5,7 +5,7 @@ on:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - .github/workflows/profiles_test.yaml
     - apps/profiles/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - common/istio*/**
 
 jobs:
@@ -19,7 +19,7 @@ jobs:
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Build & Apply manifests
       run: |

.github/workflows/pss_test.yaml

@@ -33,16 +33,6 @@ jobs:
     - name: Install Istio CNI
       run: ./tests/gh-actions/install_istio-cni.sh
 
-    - name: Configure istio init container with seccompProfile attribute
-      run: |
-        kubectl get cm istio-sidecar-injector -n istio-system -o yaml > temporary_patch.yaml
-        sed -i '0,/runAsNonRoot: true/{s//&\n              seccompProfile:\n                type: RuntimeDefault/}' temporary_patch.yaml
-        sed -i '/runAsNonRoot: true/{N; /runAsUser: {{ .ProxyUID | default "1337" }}/a\
-                      seccompProfile:\n                type: RuntimeDefault
-        }' temporary_patch.yaml
-        kubectl apply -f temporary_patch.yaml
-        rm temporary_patch.yaml
-
     - name: Install oauth2-proxy
       run: ./tests/gh-actions/install_oauth2-proxy.sh
 

.github/workflows/ray_test.yaml

@@ -17,7 +17,7 @@ jobs:
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install oauth2-proxy
       run: ./tests/gh-actions/install_oauth2-proxy.sh

.github/workflows/spark_test.yaml

@@ -17,7 +17,7 @@ jobs:
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Install oauth2-proxy
       run: ./tests/gh-actions/install_oauth2-proxy.sh

.github/workflows/tensorboard_controller_test.yaml

@@ -5,7 +5,7 @@ on:
     - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
     - .github/workflows/tensorboard_controller_test.yaml
     - apps/tensorboard/tensorboard-controller/upstream/**
-    - tests/gh-actions/install_istio.sh
+    - tests/gh-actions/install_istio-cni.sh
     - common/istio*/**
 
 jobs:
@@ -19,7 +19,7 @@ jobs:
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
     - name: Install Istio
-      run: ./tests/gh-actions/install_istio.sh
+      run: ./tests/gh-actions/install_istio-cni.sh
 
     - name: Build & Apply manifests
       run: |