to an `IstioOperatorSpec` CR.
1. [Manifest creation](#manifest-creation) code. User settings are overlaid on top of the
selected profile values and passed to a renderer in the Helm library to create manifests. Further customization on the
created manifests can be done through overlays.
1. [CLI](#cli) code. CLI code shares the `IstioOperatorSpec` API with

    and share it throughout the application. Requests that needs a customized
    client should call `OkHttpClient.newBuilder()` on that shared instance.
    This allows customization without the drawbacks of separate connection
    pools.

 *  **OkHttpClient is now stateless.** In the 2.x API `OkHttpClient` had getters
    and setters. Internally each request was forced to make its own complete

    * The pod annotation  `security.alpha.kubernetes.io/unsafe-sysctls` allows customization of namespaced sysctls where isolation is unclear. Unsafe...

	Name           string                     `json:"name"`
	Profile        string                     `json:"profile"`
	Components     []string                   `json:"components,omitempty"`
	Customizations []IopDiff                  `json:"customizations,omitempty"`
}

type IopDiff struct {
	Path  string `json:"path"`
	Value string `json:"value"`
}

// MutatingWebhookConfigInfo represents a tiny subset of fields from

{
  "image": "mcr.microsoft.com/devcontainers/java:21-bookworm",
  "features": {
      "ghcr.io/devcontainers/features/java:1": {
          "version": "17"
      }
  },
  "customizations": {
      "vscode": {
          "settings": {
              "java.server.launchMode": "Standard"
          },
          "extensions": [
              "vscjava.vscode-java-pack",
              "vscjava.vscode-gradle"
          ]
      }
  }

    "CARGO_HOME": "/home/.cargo",
    "RUSTUP_HOME": "/home/.rustup"
  },
  "features": {
    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
    "ghcr.io/mpriscella/features/kind:1": {}
  },
  "customizations": {
    "vscode": {
      "extensions": [
        "golang.go",
        "rust-lang.rust-analyzer",
        "eamodio.gitlens",
        "zxh404.vscode-proto3",
        "ms-azuretools.vscode-docker",

      }

    /**
     * Add all of the host platform's trusted root certificates. This set varies by platform
     * (Android vs. Java), by platform release (Android 4.4 vs. Android 9), and with user
     * customizations.
     *
     * Most TLS clients that connect to hosts on the public Internet should call this method.
     * Otherwise it is necessary to manually prepare a comprehensive set of trusted roots.
     *

*   Added a `model.export(filepath)` API to create a lightweight SavedModel artifact that can be used for inference (e.g. with TF-Serving).

For the 1.8 release, SIG API Machinery focused on stability and on ecosystem enablement. Features include the ability to break large LIST calls into smaller chunks, improved support for API server customization with either custom API servers or Custom Resource Definitions, and client side event spam filtering.

[Sig API Machinery]: https://github.com/kubernetes/community/tree/master/sig-api-machinery

### SIG Apps

	find ./manifests/charts/gateways/istio-egress/templates -type f -exec sed -i -e 's/Ingress/Egress/g' {} \;

	# copy istio-discovery values, but apply some local customizations
	warning=$$(cat manifests/helm-profiles/warning-edit.txt | sed ':a;N;$$!ba;s/\n/\\n/g') ; \
	for chart in $(CHARTS) ; do \
		for profile in manifests/helm-profiles/*.yaml ; do \