* fix bootstrap destination attributes (#5766) Signed-off-by: Kuat Yessenov <kuat@google.com> * Add mixer cluster configuration to mixer CR jobs (#5669) * Add mixer cluster configuration to mixer CR jobs * fix config map * Add new service account and binding for cr job * Fix destination rule * Use ALPN to indicate HTTP/2 and/or in-mesh traffic. (#5776) For #5769. Signed-off-by: Piotr Sikora <piotrsikora@google.com> * Multicluster Fixing locks for add/delete/read (#5622) * Fixing locks for add/delete/read * Adding Unit tests * Addressing comments * Addressing comments * Change locking model * Change locking model * Bookinfo Cleanup.sh should remove virtualservices, gateways and destinationrules (#5709) * Also remove virtualservices, gateways and destinationrules (#5703) * Updated following review comments * do not set full wildcard SNI domains (#5785) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * additional context path work for cloud foundry (#5790) * context paths corrected * configs need to stay sorted * Remove comment and fix {live,readi}ness path to '/graph' on servicegraph … (#5490) This is workaround because servicegraph haven't the health check path. But the ingress-gce needs the readinessProbe path that returns 200 status, so we should get 'generic JSON serialization' body and 200(httpOK) status. * CKI-3 Fix tear down of envoy on exit (#5495) Defered funcs won't be called when os.Exit() is invoked in the same method. * Revert switch to jaeger (#5795) * Revert "Include helm chart option for installing jaeger specific services (#5670)" This reverts commit 6dbbaca. * Revert "Use jaeger for zipkin service (#5656)" This reverts commit 7efb91d. * Multicluster Adding Delete logic for dynamically created controllers (#5672) * Initial Code load * Addressing unit test failure * Fixing initial controller * Addressing comments * Fixing unit tests * Fixing lint * Addressing comments * Proxy image default to v2 (#5741) * use namespace as chart name so it is unique * use proxyv2 as default * updating few values yaml in hope to get test passing * add a missing proxyv2 config * getting back needed proxyv2 to get test passing * getting back needed proxyv2 to get test passing * use proxy for old ingress * change zipkin error to log message for flaky tests (#5819) * Istioctl kube-inject requires injectConfigFile or injectConfigMapName (#5800) * force users to use injectConfigMapName or injectConfigFile * set ISTIOCTL_USE_BUILTIN_DEFAULTS in Makefile, so tests continue to work * set defaults for injectconfigmap * ensure that tag and hub are specified when using builins * Remove errant extra comma in ads response (#5832) * Replace join implementation (#5836) * Replace join implementation * Update dump_kubernetes.sh * Fix pilot_cli debug tool to work with EDS (#5531) * Fix pilot_cli debug tool to work with EDS * Clean up unused code. * Renamed the sidecar injection toggle key to match the new name (#5808) * Switch back to jaeger - revert (#5795) (#5840) This reverts commit 0e633b3. * SNI, Listeners, and VHost bug fixes (#5807) * disable full wildcard for mesh Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * updates * more bug fixes and proxy sha update Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * undo some changes in gateway Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * patching Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * no sni hosts for plain text listeners in gateway Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Do not set SNI for internal services Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * tcp fix Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Do not infer Client TLSSettings based on Authentication Policy. (#5525) * Add handling of ISTIO_MUTUAL when generating cluster config. * Remove the inferences from authn policy. Also remove the accidetally included port level DR policy #5055. * respect the global configmap by changing how to build defaultTrafficPolicy * Fill in TLSSettings in advance to avoid plumbing service account. * remove dead code. * Skip override for external and support port level settings. * update dependency * restore port level settings. * remove redudant call plugins loop. * Check fields to avoid null pointer reference. * fix the lint. * Move down the H2 header since ISTIO_MUTUAL to avoid NPR. * Change cluster.go to remove TLS when it's DISABLE mode. * Add the DestinationRule to make the test passing. * Add DestinationRule to pass TestAuthnJWT test. * Remove obsolete todo * Only add DestinationRule when auth is enabled for TestAuthNJwt. * Move configmap check into the branch when no DR is available. * Remove the NIR code in cluster.go. * Add H2 back and change disable-egress-mtls.yaml for gateway. * Fix ingress e23 tests * Correct template * Apply DR template for TestRoutes. * Fix TestRouteFaultInjection * Add tls ISTIO_MUTUAL for mixer destination rules. * fix the lint in cluster.go. * Rename the fillTemplate and clarify the comments. * Change the ISTIO_MUTUAL for grpc-mixer-mtls port, instead of everything. * Wrap around adding DR before checking v1alpha3. * fix the lint and change istio-telemetry port tls. * Add ISTIO_MUTUAL in route-rule-all-v1. * Branching the route-rule-all-v1-mtls when auth_enable=true for prow test. * copy the kube/route-rule-all-v1-mtls. * Remove chgrp in tproxy that suppressed core dumps (#5846) * Fixing new linter errors. * export RESOURCE_TYPE (#5850) * missing ability to filter instances by label (#5851) Co-authored-by: Nancy Hsieh <nhsieh@pivotal.io> * Fix values-istio-demo.yaml, empty global replace global dict with empty (#5859) * rename istio-mixer-create-cr to istio-mixer-post-install (#5857) * Bug fixes in SNI forwarding for external services (#5845) * Bug fixes in SNI forwarding for external services Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix istioctl Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nil pointer fix Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Add mixer config info into per route (#5853) * Add mixer config info into per route * Skip gateway 503 test * Updating fortio to latest (0.11.0) (#5765) Ran ``` dep ensure --update istio.io/fortio ``` * Fixes some minor bugs in multicluster e2e tests (#5329) A few bugs with respect to error handling have been noted in the multicluster e2e tests, This change fixes these bugs. * fix cleanup.sh (#5660) * Rename Service's field: Addresses -> ClusterVIPs (#5664) * Rename Service's field: Addresses -> MulticlusterAddresses * Rename MulticlusterAddresses -> ClusterVIPs * Metrics now refresh automatically and look better. (#5615) * Reference new types from policy/v1beta1 (#5587) * Add NOTES.txt for chart. (#5906) * Cleanup some superfluous abstractions (#5740) - Delete the unused Result and CacheabilityInfo types - Delete the SetStatus/GetStatus functions, replaced with Go-idiomatic field writes - Delete the unused CheckResult.Combine method - Inline the CheckResult.CombineCheckResult method since it is used only once and its semantics were misleading (as it didn't combine the embedded status field) * Ran `dep ensure -update github.com/envoyproxy/go-control-plane` (#5889) * Adding instructions and scripts to facilitate running E2E tests locally (#5838) * Add documents and scripts for k8s+vagrant env. * update macOS setup * Update and rename setup_linux_prereqs.sh to linux_prereqs.sh * Update localregistry.yaml * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update startup.sh * Update README.md * update filename and readme * update readme * update image * Create prereqs.sh * Update README.md * update README * update readme for cleanup * add insecure registry setting onto vm * Add dlv debugging installation to vm setup * Change vm sync folder * Update setup_kubectl_host.sh * Update vm_setup.sh * Create OWNERS (#5130) * Update vm_setup.sh (#5135) * Update Vagrantfile (#5134) * Update README.md (#5138) * Update README.md (#5141) * Update README.md (#5142) * Update README.md (#5154) * Update README.md * Update README.md * Update README.md * Update README.md * Add localregistry.yaml specific for vagrant (#5181) * Create localregistry.yaml * Revert back changes in localregistry.yaml * Updated VagrantFile Updated VagrantFile as per new location of localregistry.yaml * Make test available on macOS (#5177) * update test setup for macos * add local test flag * modify init.sh * update docker check * update env setting * update USE_DOCKER * export GOOS=linux to docker and push targets * Move files out of RunTestOnHost and remove RunTestOnHost and RunTestOnVm. (#5206) * Move files. * Revise per review comments. * Revise per comment. * Polish and simplify README.md (#5211) * Polish and simplify README.md * Update README.md * Update README.md * Rename scripts and cleanup unused scripts. (#5215) * Move files. * Rename scripts and remove unused scripts. * Update README.md * Remove unnecessary env setting (#5217) * remove space at the end of export * modify env changes * Update prerequisites and setup scripts (#5220) * remove space at the end of export * modify env changes * modify setups * update prereqs scripts for macos * Update README.md * Cleanup test_setup.sh and setup_kubelet_config_host.sh (#5230) * Protect Copy to ~/.kube/config_old * Update setup_test.sh * Update setup_dockerdaemon_linux.sh * Push data from help commands to > /dev/null Push data from help commands to > /dev/null as otherwise it fills up screen with too much info and we won't come to know about failures easily * Update setup_test.sh * Update README.md * Update setup_dockerdaemon_linux.sh * Update setup_kubelet_config_host.sh * Create Troubleshooting.md (#5235) * Clean up and update scripts (#5233) * remove space at the end of export * modify env changes * modify setups * update prereqs scripts for macos * modify and cleanup the scripts * rename files * cleanup * update scripts * changes update * update * update Vagrantfile * update local registry setting * add comment back * Update Vagrantfile (#5239) * Update Troubleshooting.md (#5237) * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Small changes to scripts from feedback (#5449) * remove space at the end of export * modify env changes * modify setups * update prereqs scripts for macos * modify and cleanup the scripts * rename files * cleanup * update scripts * changes update * update * update Vagrantfile * update local registry setting * add comment back * Add changes to setup scripts * update kubectl setup script * Separate debian linux distribution (#5515) * Separate debian linux distribution * add default case * Fix download path for kubectl on mac (#5553) * Update Troubleshooting.md (#5240) * Update Troubleshooting.md * Update Troubleshooting.md * Fix minor issues with scripts (#5555) * Update install_prereqs_macos.sh * Update install_prereqs_debian.sh * Update install_prereqs_debian.sh * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Update README.md * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Adding version of virtualbox installed * Setup local testing using minikube * Update install_prereqs_debian.sh * Format script * Update cleanup_host.sh * Update cleanup_host.sh * Update setup_host.sh * Revise per comment. * Update go installation. * Revise per comment. * use UDS for mixer (#5930) Signed-off-by: Kuat Yessenov <kuat@google.com> * Remove alpha1 tests from master, starting to add 1.0 tooling (#5794) * Remove alpha1 tests from master, starting to add 1.0 tooling * Switch image to v2 by default and force off the v1 endpoints, to evaluate which remaining components are still stuck * Switch ingress to v2 - will loose v1 route rule * Remove the v1 discovery tests. Keep the v1 enabled, additional PRs needed * Revert more changes, mixer v2 not ready yet * Add required tiller version for chart. (#5908) * Added Kiali chart. (#5869) * Added Kiali chart. * Updated replicas. * Updated service account name. * Fix lint. * Address costinm and linsun's comments. * Snapshot contract between the config builder and the runtime. (#5917) * Contract between the config builder and the runtime. Add new configuration data to the snapshot. Ephemeral.go builds the snapshot. Snapshot is used by the runtime dispatch table. * address Oz's comments. * Renames old style config as legacy. * Make ci2gubernator unblocking (#5961) * Tests for istioctl get/delete/etc (#5949) * Tests for istioctl get/delete/etc * Use subtests for test cases * add require tiller version for kiali addon. (#5966) * add README file to chart. (#5967) * add README file to chart. * update installation steps for README. * Preserve Ingress namespace in generated Gateway and VS (#5973) * Handle GOPATH with multiple paths (#5179) Similar to #2460. We should not rely on GOPATH being a single value. Also, while on that, replace $TOP with $GO_TOP in testEnvLocalK8S.sh, to make it consistent to Makefile. * Fix broken mixer develop document link. (#5758) Mixer developer doc has moved to github wiki page, update the link url for README file. * Allow downstream to change the location of the root ca bundle file (#5798) By making publicRootCABundlePath a var instead of a const. By using the -X ldflag option, the user bulding istio can override the default location for this file. * Remove mTLS enablement via service annotation. (#5890) * Remove mTLS enablement via service annotation. See #5826. * Remove AuthenticationPolicy from Port struct (model/service.go) * Address comments. * Fix e2e tests. * Try to fix the e2e test again. * Fish imagePullPolicy to istioctl in e2e test framework (#5925) We already have an imagePullPolicy flag in the e2e test framework, but we're not currently passing it to istioctl. In local testing, this has resulted in stale istio-init images, which do not respect the new iptables flags. * put matches first when building routes (#5972) otherwise, pilot will not enumerate the routes past the base route * switch stable download to 0.8.0 (from 0.2.12) (#5979) to match https://istio.io/about/notes/ * Merging release-0.8 to master (final round) (#5975) * use Gateway and VirtualService to expose helloworld service (#5791) * use Gateway and VirtualService to expose helloworld service * readme fix * Make istio work without rbac. (#5877) Fixed istio/old_issues_repo#255 * Update Jaeger version and add limit on the number of traces held in m… (#5873) * Update Jaeger version and add limit on the number of traces held in memory * Use tag 1 to pick up latest stable versions * Use tag 1.5 * enable mixer alpha3_v2 tests (#5844) * enable mixer alpha3_v2 tests * fix capture logs for new target * make rate limit test more resilient * linter errors * fix fmt * update tests * update api sha to head of release-0.8 (#5939) * loose the validation on istioctl to allow users to pass config (#5955) * remove the unecessary check * add proxyType for pilot_cli tool (#5948) * Update the 'long running cluster' tests (#5895) * Update the helm cluster to v2 * More files for the test env * Make script customizable * Implement a spy IBP backend (#4373) * Implement a spy IBP backend. This will help in easy testing of our OOP adapter implementation. Now, this backend only implements static IBP interface. After my template specific IBP Handle service PR goes in, I will enhance this spy backend to have two flavors, session plan and no-session plan. * fix lint * Restore pulling from master before testing, was lost by merge from 0.8 (#5957) * Doc updates (#5914) - Patch up URLs and front-matter to make the new Hugo-based doc setup happy. * Add buffering in front of REPORT adapters. (#5432) * Add buffering in front of REPORT adapters. The proxy calls Mixer with large batches of reports (on the order of 1000 items). Instead of calling adapters for each of these reports, Mixer buffers the generated instances and calls into the adapters a single time. This eliminates a fairly large amount of computation in Mixer proper. But more importantly, adapters can leverage these large incoming batches to use batches when talking to their back end, potentially reducing RPC overhead considerably. Also, remove the request_count and request_duration metrics. They weren't actually measuring the right thing and they're redundant with gRPC metrics we already have. * copy license file to chart. (#5912) * copy license file to chart. * Update date in LICENSE files. * rollback the change for origin license. * Align istioctl get with kubectl and add --all-namespaces flag (#5960) * Revert "Fix #4325 - istioctl get list of resources by default must scan all namespaces (#4326)" This reverts commit f94f090. * add --all-namespaces flag to `istioctl get` * fix refactoring typo * istioctl: fix kubeconfig override with default namespace handling * fix tests * fix * fix resources in each deployment issues. (#6006) * fix sidecar webhook default values missing for chart. (#6003) * Add new attributes to manifests (#5540) * mixer: implement reporter attributes (#5959) * implement reporter attributes Signed-off-by: Kuat Yessenov <kuat@google.com> * format Signed-off-by: Kuat Yessenov <kuat@google.com> * Add Collections support to Ctrlz (#5682) * Add a bypass adapter to Mixer for using gRPC backends via inline model. (#5786) * Add a bypass adapter to Mixer for using gRPC backends via inline model. * 'istioctl get all' implementation (#5970) * 'istioctl get all' implementation * Lint * 'istioctl get all' implementation * Lint * Unneeded recalc after merge * Better error message if Istio resource corrupt * Process 'any' outside of protoSchema() * Reuse getByName calculation * add galley e2e test (#5757) * This currently tests the configuration validation service. Additional test cases will be added overtime to cover other aspects of Galley. * remove istio-{auth-,}galley.yaml from install/updateVersion.sh * add missing files * s/ExternalService/ServiceEntry * update test data * Update E2E Tests Doc (#6015) * Update E2E test README.md to make the local testing option more clear and obvous. * Some more updates * Retry to connect to cluster 10 times (#5849) * Retry to connect to cluster 10 times * Rename test_cluster to check_cluster * Fixed istioctl to be able to deal with multiple paths in KUBECONFIG (#5881) * Fixed istioctl to be able to deal with multiple paths in KUBECONFIG * Fixed using wrong variable name * Testcase added * Refactored and fixed other istioctl command when config has multiple paths * Lint fixes * Added a test for default system config * istioctl no longer set value in kubeconfig flag if it is not provided * Tests updated * Lint fix * Lint fix * t.Error -> t.Fatal and Gopkg.lock update * Gopkg.lock update for master * Let DefaultClientConfig handle in-cluster config and change precedences order * Updated the test * Fixed a recent change after rebase * Revert "Updated the test" This reverts commit bbf27ea. * Removed a test case which depends on the environment where it runs for the desired test result * Run pilot e2e test in a multiple cluster environment (#5503) * Run pilot e2e test in a multiple cluster environment Added telemetry and ingress to the remote istio deployment. Made changes in Kubeinfo to facilitate cluster-related handling. Modified tests to allow requests to be initiated from the remote cluster. * a couple of changes to fix the template file and lint error * Add a helm flag selfSigned to indicate citadel ca options. Some other minor changes. * Update E2E test doc to address the comments in #6015 (#6021) * Remove redundant type conversion (#5907) * pull proxy tip (#5962) Signed-off-by: Kuat Yessenov <kuat@google.com> * Use snapshot builder (ephemeral.go) for validation. (#6020) * Add errors to snapshot building test validator f f f f f h f f f g f g f make linter happy f f f move validator to config f d f f f f f f f f d cleanup remove extra code. pass1 f g f f * move handler validation out of snapshot into validation only code. * make linter happy. * Add namedBuilders for special input encoding of types (#6044) * add istio Value message to test message * Update go:generate command line * Add namedTypes and builders * remove e2e mixer from master tests * Bug fixes: Gateway TCP routing and timeout (#6042) * update Go control plane Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Fix Gateway TCP routing and timeout Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * spell check Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Handle cases when deleted object is cache.DeletionFinalStateUnknown (#6007) * [Pilot] Adding support for config-backed service registry (#6038) Adding a new "Config" service registry that is backed by the provided config store. The service registry will be updated via events for ServiceEntry CRDs. This will allow the testing framework to eliminate the dependency on k8s entirely and use the file-based config store as the backend for the service registry. * Remove unuse subset from authn policy. (#5954) * Fix issue that replicaCount is not defined, but used in deployment. (#6008) * remote duplicated replica count since auto scaler is used. * add default of replica count. * Do not expose tracing as lb service. (#6002) * Enabled fixed ip for tracing loadbalancer. * Do not expose tracing as lb service. * Refactor Istio Dashboards to support larger meshes (#5952) * Refactor Istio Dashboards * Remove vestiges of variable templating * Fix test code to be thread safe and enable racetest in ads_test.go (#5586) * Fix test code to be thread safe enable race test in ads_test.go remove the code to copy service in aggregate controller * Correct a typo in controller_test.go * Make iptables excludeIPRanges take precedence over includeIPRanges (#6051) Fixes #6027 * Implement the rbac effect query command in istioctl (#5319) * Implement RBAC policy query in istioctl. * Refactored the mixer rbac adapter to expose CheckPermission() * Added calling to CheckPermission() from istioctl * Refactor some code into rbac adapter. * Fix typo. * Fix lint. * Address comment. * CMD tool to create adapter and template custom resource configs (#5320) * CMD tool to create adapter and template configs. * fix typo * make linter happy. * fix after rebase. * validate if the fds contains transitive closure. * make linter happy * rename * Change encoder input to be json's map[string]interface{} (#5277) * Change encoder input to be json's map[string]interface{} instead of yaml's map[interface{}]interface{} * Undo some test deletion that I had done earlier before making the fix to support number as map key. * Generate descriptor for the generate service proto. (#6058) * f * add docgen suppression option * Remove confusing double ingress, redo picture from saved source (#6063) * Remove confusing double ingress, redo picture from saved source fixes #6059 Source https://docs.google.com/drawings/d/1mhwDtcDXYxj0O8DuSce_d0tBuyH1PZqnaMtP RTC-CyM/edit * A bit more detail about the diagram * Bolder lines for main boxes * A bit more readable still * Update Pilot to provide new destination.service.* attributes (#6014) * Add initial support for new service attributes to Pilot * Add wrapper for v1 code to allow changes * Small refactor * Add per-route * Move v1 service config and use role.Domain * Revert v1 mixer.go rename * Remove namespace from domain to get only domain suffix * Add some params checks * Add nolint directive * Update OWNERS (#5920) * use ISTIO_CP_AUTH variable in cluster.env to enable/disable mTLS for cp in mesh ex (#5950) * Dispatcher improvements (#6034) - Fix bug around handling of quotas. Mixer wasn't observing the requested quota name and getting quota from all defines instances. It now limits itself to the requested instances and produces an error if the proxy requests quota from an unknown instance, instead of failing open. - Pass CheckResult, QuotaResult, and QuotaMethodArgs by value. This is cleaner, avoids transient allocations, and eliminates some code paths. * Stackdriver tracespan support (#5938) * Stackdriver tracespan support Adds tracespan template support to the Stackdriver adapter sending spans to Stackdriver Trace using OpenCensus. * Prevent races on gRPC logging configuration from test code * Don't print usage text when galley, injector, and pilot commands exit on runtime error (#6062) * Correct error handling cases in Mixer. (#6076) - When an instance can't be built, we now fail the gRPC call instesd of silenty ignoring the failure. - When a request is made to allocate a bogus quota, we now also fail the gRPC call instead of returning success, but with a 0 quota amount. * [pilot] Support manually specifying config controller (#6075) This is needed to support local testing using an in-memory controller that is modified directly by the test code. * Enable websocket for all v1alpha3 routes (#6073) * Remove populating mtlsExcludeServices in mesh config. (#6056) * Add more kinds to the config vocabulary. (#6080) * Refactor k8senv adapter to generate workload info. (#5932) * Refactor k8senv adapter to generate workload info. * Update helm config artifact * Update mixer ClusterRoleBindings and kubernetesenv config * cleanup of bad rebase in config.proto * Add alias for messagediff * Add missing quote in test config * Update interface to appease linter * address daemon lint issue in cache.go * fix import * lint issue * Try updating inputs-digest to trick linters * Fix snapshot and rename Legacy to static and new adapters to dynamic (#6087) * [helm] Don't set prom-bridge address in proxy config if mixer disabled (#6091) * don't set prom-bridge address in proxy config if mixer disabled * omit value if not needed * vendor: update api (#6086) * update vendor Signed-off-by: Kuat Yessenov <kuat@google.com> * update vendor Signed-off-by: Kuat Yessenov <kuat@google.com> * urgh silly linters Signed-off-by: Kuat Yessenov <kuat@google.com> * rollback proxy Signed-off-by: Kuat Yessenov <kuat@google.com> * istio*.yaml -> istio-demo*.yaml (#6103) * Golinter (#6039) * Add golinter. * Only check test function in e2e/integ tests. * Remove unused function. * Adjust comments. * Fix lint error. * Remove comment. * Revise per feedback. * refactor * Refactor * Add golinter. * Only check test function in e2e/integ tests. * Remove unused function. * Adjust comments. * Fix lint error. * Remove comment. * Revise per feedback. * refactor * Refactor * Refactor * Refactor * Refactor * Refactor * Refactor * Fix lint errors * revise per comment. * Revise per comment. * fix lint errors. * Revise per comment. * Update README * Add test and revise per comment. * fix linter errors. * Update README * Revise per comment. * A new istioctl flag to choose the context from the kuebconfig (#6101) * Custom columns for v1alpha3 types (#6113) * Custom columns for v1alpha3 types * Use interface to appease lint * Update OWNERS file for galley and sidecar related code (#6118) * quick fix to align broker kubeconfig handling with pilot (#5894) * Several enhancement of pilot debug cli tool (#5956) * Fix flag typo in README (#6052) * Fix flag typo in README - Underscores instead of dashes * Fix another typo for 'local' * Remove populating mtlsExcludeServices. (#6088) This is a follow up PR for #6056 * Fixes #6108 Updated version checking statements in Ansible scripts (#6111) Using version-comparison feature of Ansible to compare the versions. * Make pilot port configuration consistent (#6115) This change attempts to resolve a few things: - Make it clear (via documentation) that if ports are unspecified, ports will be dynamically assigned. - Make the configuration of the HTTP and monitoring ports consistent with the new GRPC addresses. - Expose all listening addresses to the user. This is especially useful if ports were dynamically assigned. - Lock down the pilot server. Many variables were public that shouldn't be. * Change span name to be virtual service/host : port + uri match string. (#5931) * enable server-side validation by default (#6035) * enable server-side validation by default * disable k8s apa validation * remove mixer external validator (ref integrity checks) * remove unused mixer store code * don't validate ingressrules * don't invoke mixer validation on DELETE * Fix upgrade TestMain since it is breaking post submit tests (#6096) * Fix upgrade TestMain since it is breaking tests. Also add helm installer to SimpleTests. * Fix errors * Fill project metadata automatically in stackdriver log adapter. (#5721) * Add e2e_simple for v2 and enable in circle (#6017) * Add e2e_simple for v2 and enable in circle * Remove e2e_simple v1 * Further cleanup * Add scripts for setting Minikube for Mac and improve Linux scripts (#6074) * Add scripts for setting Minikube for Mac and improve Linux scripts * Update README.md * Update README.md * Added a check to ask user to delete docker images * Make script more descriptive * Added zipkin endpoint to istio remote chart. (#6127) * Remove security enablement flag (#6142) * Remove this enable flag from security as it is required * Removed the requirements condition as well * Fixes bug #6105 - Updated version check regex (#6110) Updated the version checking regex to match double digit version numbers. * Proposing Gaung Ya Liu to OWNERS file of install (#6143) * fix one namespace issue for chart. (#6138) * fix one namespace issue for chart. * add oneNamespace paramater to global for chart. * Istioctl fixes to satisfy gometalinter (#6104) * Fixes to satisfy gometalinter * Combined lines per review suggestion * pilot: make sure disabling access logging actually work with proxyv2 (#6129) Without this change setting AccessLogFile="" makes envoy very unhappy and istio-ingressgateway reports back with: envoy.api.v2.Listener rejected: Error adding/updating listener 0.0.0.0_80: Provided name for static registration lookup was empty It also makes much more sense to specify 0 access logging filters, when disabled. * E2e Local Minikube Fixes (#6130) * Wrong version corrected * Avoid busy waiting * quota and api-spec references should inherit the namespace of the parent object if not specified (#5918) * Removed redundant if condition (#6093) * Enable websocket for all v1alpha3 routes * Removing redundant if condition (already covered by the type assertion) * Remove people that left the project (#6098) * Update owners * Update OWNERS * Update OWNERS * mixerfilter: client telemetry settings (#6122) * tcp client settings Signed-off-by: Kuat Yessenov <kuat@google.com> * start http client-side telemetry Signed-off-by: Kuat Yessenov <kuat@google.com> * clean-up the code Signed-off-by: Kuat Yessenov <kuat@google.com> * this is bad code Signed-off-by: Kuat Yessenov <kuat@google.com> * remove last v1 dependency Signed-off-by: Kuat Yessenov <kuat@google.com> * Implement a fake backend for Mixer. (#6126) * Implement a fake backend for Mixer. This is a basic fake backend implementation for Mixer. It can be used for testing Mixer via gRPC adapter model. It can get deployed in-cluster for testing purposes as well. * Fix the copyright notice. * Update the dependency input digest. * Restructure golinter for better reusability and extensibility (#6128) * Fix upgrade TestMain since it is breaking tests. Also add helm installer to SimpleTests. * Fix errors * Restructure and refactor golinter to make it more reusable (outside of linter) and extensible. * Restructure and refactor golinter to make it more reusable (outside of linter) and extensible. * Simplify path matching logic. * Pushing whitelisting logic to the Checker to better reusability. * Adding README.md for both Checker and Linter packages. * Updated README.md, and improved report interface. * Updated README.md, and improved report interface. * Fix more linter errors. * Rename golinter to testlinter, to avoid confusion with "golint" * refactor image pull secrets for private docker registry. (#5902) * refactor image pull secrets for private docker registry. * update image pull secrets for kiali addon. * add comments for imagePullSecrets. * Split cr to cr and crb for prometheus. (#5999) * Fixes to allow disabling RBAC (#6139) * Fixes to allow disabling RBAC * New line added per review comment * Create CRs for dynamic templates (#6150) * Create CR for templates create template CRs * make linter happy * fix `-template` suffix. * make linter happy * make linter happy * remove unused paramaters for istio remote chart. (#6172) * [Ansible Installer] Add Kiali as addon (#5921) * Add Kiali as addon on Ansible Installer * Kiali version set to 0.3.0.Alpha * Add a rbac plugin in pilot to distribute rbac policies to proxy (#5484) * Initial implementation of rbac filter plugin in pilot. * Enable the rbac filter plugin. * Add CRD support of RbacConfig and check before generation. * format fix. * Use the real policy proto from the go-control-plane repo. * Refacor common code to util.go, address comments. * Update the config generation for the latest RBAC api. * Resolve conflicts. * Add more comments and tests. * Address comments. * Address comments. * Address comments. * Address comments. * Skip role if found no binding for it. * move Namespace() back to plugin. * support single ip address. * refactor * Fix lint. * Fix lint. * Add more comments. * Fix make depend.diff * Migrate istioctl proxy-config to the envoy config_dump admin endpoint (#6120) * Migrate istioctl proxy-config to the envoy config_dump admin endpoint * formatting fixes * Add protobuf issue link to comments * rename to something more suitable * Add v2alpha admin api to deps * reduce testfile sizes * fix dep conflicts * pr review * fix conflicts * Introduce dynamic handler (#6163) * make spybackend usable from outside * add Remote methods * add dynamic handler * use per template svc * renames * fix linter errors for spybackend * replace user path with $GOPATH. (#6183) * replace user path with $GOPATH. * generate CR for spy adapters. * fix session based command. * make linter happy. * Create snapshot for dynamic config artifacts (#6132) * Create snapshot for dynamic (referencing to non compiled in adapters and templates) config artifacts of Mixer configuration. * Address Mandar's comments. * check if the param is a proper map[string]interface{} * update api SHA (#6168) * Updste reference docs. (#6193) * Add e2e-pilot-noauth-v1alpha3-v2 to the presubmit test. (#6197) * Bash completions for get and delete (#6208) * Update e2e minikube install scripts (#6201) * Update e2e minikube install scripts * Add additional packages to be installed for KVM2 * Make startup of minikube more robust * Make startup of minikube more robust * Change accesslog entry to have global resource type (#6211) Fix a bug with logging error for creation/update of sink * Fix mixgen to add extra space in template name ref (#6212) * fix CR spaces. * fix spacing in the template reference generation of CR. * Publish the tracespan docs, since the stackdriver docs reference it. (#6200) * Add tool to check for TLS conflict between authentication policy and destination rule (#6089) * Add pilot debug/authenticationz and istioclt command to check if there is TLS conflict between authn policy and destination rule * Refactor to reuse traffic policy selection for port. * Clean up comment * Reuse AuthenticationDebug struct * Use - for no config * Lint * Another clean up * Add option to check status for a single service * Fix test * address Mandar's comments. (#6195) * Use jwt_auth config from istio/api (#6215) * Use jwt_auth config from istio/api * Update Gopkg.lock * [Ansible Installer] Kiali Addon 0.3.1 (#6192) and fixing the curl commands to specific version of Kiali * Fix a bug in rbac adapter to evaluate the properties correctly. (#6156) * Deprecation warning for deprecated types (#6188) * Deprecation warning for deprecated types * Refer to golden file so test order is not important * Verbiage change per @ajy * Verbiage change for test * EgressRule has been deprecated * remove unused parameters for istio remote chart. (#6226) * remove unused parameters for istio remote chart. * update security subchart to use global imagePullPolicy. * Upgrade kiali to 0.3.1.Alpha. (#6222) * Self nominating Baodong (Robert) Li to OWNERS file of tests (#6147) * Ed Snible becomes approver for istioctl (#6239) * Fix a couple doc issues in the tracespace proto. (#6243) * Fix weighted routing with 0 weights (#6220) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Use unique port names in Gateway servers (#6221) * Use unique port names in Gateway servers Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix goldens * more yaml fixes * Wire mixer.runtime to dynamic.Handler (#6217) * wire runtime to dynamic.Handler * add basic test case for validating no-session report and check calls. * renames and more cases. * make format * fix test and format * fix unit tests * WIP commit e2e still not working * basic test passes * fix handler_test * fix linter errors * Removed flag multicluster.enabled from values.yaml. (#6228) * Remove duplicated resources declaration for proxy (#6185) * Remove resources duplicated declaration for proxy * Changing from 500m to 100m * Toggle proxy's --statsdUdpAddress arg by a global helm flag (#6133) * Proxy statsdUdpAddress arg is now controlled by a global helm flag * Incorrect value path * Updated based on comment from costin * +namespace * Revert "+namespace" This reverts commit 176c186. * Review comments targeted * Added missing kubeconfig setting in Pilot tests (#6106) * Added missing kubeconfig setting * Formatting fixed * Fix xds_test on MacOS by configuring ... (#5779) mesh in test setup so that listeners write access log to /tmp/envoy-access.log instead of default /dev/stdout. With this change `make test` shows the same failures on MacOS as on linux. (Given a matching envoy executable version.) Co-authored-by: Holger Oehm <holger.oehm@sap.com> * Revert "Fix xds_test on MacOS by configuring ... (#5779)" (#6256) This reverts commit 2dd8f38. * detect error with quota and fix nosession_integration (#6251) * Update dash tests to use ingressgateway (#6194) * Update dash tests to use ingressgateway * Fix network config, alter error codes * Remove unneeded file. (#6248) * Fix a couple bugs. (#6252) - When no adapter is configured for a particular call to Check, Mixer now returns a ValidUseCount of 10000 and a ValidDuration of 1 minute. This allows the proxy to cache in this case. - We were losing error during instance creation. They were being overwritten in some situations by later error codes. They are now plumbed through the whole way. * owners files for pilot packages (#6260) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * log unexpected resp for debug (#6250) * update envoyproxy SHA (#6263) * Update dump_kubernetes.sh (#5984) * mkdir -p ${LOG_DIR} before use * Rename pods-system.txt istio-system-pods * Add 's' * Limit to 80 characters * Dump misc to OUT_DIR not LOG_DIR * Only dump crds if found * Only dump pilot info if found * Extract functions for dump_resources * Create tap_containers which runs function on all containers * Don't print "No resources found" * Copy core dumps of all istio-proxy containers * Update usage() * Add --error-if-nasty-logs * Add --error-if-nasty-logs to `make dumpsys` * Search in /etc and /var for istio/proxy/core.* * Also retrieve jobs in dump_kubernetes_resources() * Adapter mixer e2e tests for grpc adapters (#6264) * updated tests from @guptasu * fix missed updates in spy backend * allow parallel calls * Remove pre-commit hooks (#6270) * telemetry: tuning mixerfilter (#6262) * tuning Signed-off-by: Kuat Yessenov <kuat@google.com> * undo gateway telemetry Signed-off-by: Kuat Yessenov <kuat@google.com> * put it back since it is just flaky Signed-off-by: Kuat Yessenov <kuat@google.com> * update proxy Signed-off-by: Kuat Yessenov <kuat@google.com> * Patch MixerReportToMixer test to reflect source.service removal (#6253) * Fix TestMetricsAndRateLimitAndRulesAndBookinfo (#6271) * Remove default --skip_cleanup in test makefile. (#6273) * Update issue templates * Delete legacy issue template * Remove auth-exclude e2e test (#6272) * not pass adapter config when there is none. (#6284) * not pass adapter config when there is none. * make linter happy. * Test cases for kube-inject to stdout via CLI (#6249) * Test cases for kube-inject to stdout via CLI * Named fields for test cases * Simplify inject-config * Lint * Use downstream protocol by default (#6158) * Use downstream protocol by default * Set downstream protocol only for HTTP, also set http2ProtocolOptions for HTTP2 * Fixes CF servicediscovery test These tests were failing when the optional protocol was removed * Check upstream protocol based on model.Protocol * Turns out protocol field is not quite optional :b * adds case for GRPC * Mock service registry refactored (#6277) * Refactored the mock service registry to be a common memory service registry * Lint fixes * More refactoring - moving test data to the test file. Keeping unused code in comment for future reference. * Revert "More refactoring - moving test data to the test file. Keeping unused code in comment for future reference." This reverts commit adc5e59. * Revert "Lint fixes" This reverts commit 93f05bc. * More refactoring - moved mock code to its own file * Another refactored file * File rename * Use RDS for sidecars and gateways (#6081) * update Go control plane Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Enable RDS for gateways and sidecars Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixing gateway Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * more test fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * bug fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixing major gaffe in routing weights Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * more fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * cleanups and renaming for clarity Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * more comments Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nits * format * fix * Fix weighted routing with 0 weights Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Use unique port names in Gateway servers Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * undo weighting bug fix * undo port name fix * undo file remove * fix goldens * more yaml fixes * reduce diffs Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * enable gateway rds Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * turn on debugging * snafu Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * undo log level changes * another log level fix * missing i * missing route name Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * renaming, comments, cleanup in old RDS code Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * remove old rdsv2 flag * disable pilot TestAuthNJwt/a->d[200] for now (#6289) * Update README.md (#6268) * update mixer_codegen.sh to generate proto_descriptors (#6294) * policy: enable policy on gateways and fix the test rules (#6274) * fix ingress rules Signed-off-by: Kuat Yessenov <kuat@google.com> * add source workload Signed-off-by: Kuat Yessenov <kuat@google.com> * remove fqdn from workload name Signed-off-by: Kuat Yessenov <kuat@google.com> * deprecated http outlier detection (#6302) * deprecated http outlier detection * remove invalid test and deprecated error

Remove mTLS enablement via service annotation #5826

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions