Merged
Conversation
Contributor
Author
smawson
approved these changes
Dec 9, 2016
linsun
added a commit
that referenced
this pull request
Oct 6, 2017
and Lin as reviewer. Frank is #1 contributor to Istio repo, he is well deserved to be on both :)
istio-merge-robot
pushed a commit
that referenced
this pull request
Oct 6, 2017
Automatic merge from submit-queue adding Frank as review & approver and Lin as reviewer. Frank is #1 contributor to Istio repo, he is well deserved to be on both :) ```release-note NONE ```
rshriram
pushed a commit
that referenced
this pull request
Oct 30, 2017
mandarjog
pushed a commit
that referenced
this pull request
Oct 31, 2017
mandarjog
pushed a commit
that referenced
this pull request
Nov 2, 2017
This was referenced Feb 3, 2018
Closed
costinm
pushed a commit
that referenced
this pull request
Apr 20, 2018
* Vendor changes adding Informers and Listers * Secret Controller code * Linter detected issues * Vendor update related sha change * Adding final bits to the controller * Fixing controller startup code * Adding required RBAC rules to watch for secrets * Refactor Cluster Store initialization place * Fixing Unit test failure * Fixing Unit test failure * Addressing comments part #1 * Fixing Unit test * Switching to different type of Informer * Add create k8s_cr.Cluster object * Fixing if statement * Fixing lint error * Cosmetic changes * Fixing lint error
ozevren
added a commit
that referenced
this pull request
Apr 23, 2018
* Do not add jwt and authn filter for TCP listner type (they are http filters) (#5034) * Improve virtual service validation (#5027) Automatic merge from submit-queue. Improve virtual service validation Adds more tests to virtual service validation and fixes a few issues. This PR improves the coverage but more test cases need to be added. * istioctl: fix default namespace handling for (de)register commands (#4493) * istioctl: fix default namespace handling for (de)register commands PersistentPreRun is only invoked for the leaf subcommand in the command chain and parent PersistentPreRun are skipped. In case of (de)register's PersistentPreRun, this skipped default namespace handling. Fortunatly, (de)register was only calling getRealKubeConfig which was already handled by the parent command. * fix lint errors * Removed duplicate core v1 import. (#4957) Automatic merge from submit-queue. Removed duplicate core v1 import. * update the --grpc-host-identities=istio-ca to preserve the default behavior. (#4972) Automatic merge from submit-queue. update the --grpc-host-identities=istio-ca to preserve the default behavior. We still need to set default value of --grpc-host-identities=istio-ca to support mesh expansion customer. * Support multiple route rules versions in Bookinfo e2e tests (#4896) * move route-rule-reviews-90-10 and route-rule-reviews-80-20 with all other routing rules otherwise, complex logic will be required to test them on v1alpha3 and v1alpha2 * added v1alpha3 versions of route-rule-reviews-80-20/90-10 * add TestFlags to e2e test framework * add reprocessRule * split demo_test.go into demo_test.go and main_test.go * refactor: extract getPreprocessedRulePath * add TestFlags definition and initialization * remove adding default rules from setUpDefaultRouting * remove deleting default rules on testConfig cleanup * remove adding default routing rule * print the migration rate in TestVersionMigration * add setting default rules in TestVersionMigration * ignore an error in deleting a rule that was deleted before ignore the error that will happen since the fifty rule redefines "reviews-default" rule and is deleted * add default rules to test version routing and test fault * add handling of rules config versions * refactor: extract allRules variable * add reviewsDestinationRule for v1Alpha3 * Skip -> Skipf * Remove forCA from CsrRequest. (#5018) Automatic merge from submit-queue. Remove ForCA from CsrRequest. ForCA is not used by Citadel any more. Instead, Citadel decides whether to sign certificate for workload or CA from the flag `sign-ca-certs`: https://github.com/istio/istio/blob/master/security/cmd/istio_ca/main.go#L218 * Use pod IP instead of host IP (#4988) Automatic merge from submit-queue. Correct IP for pilot debug tool. * Remove vendor files from .gitignore (#5048) * update Go control plane (#5053) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * updated istio/api repo version (#5050) * updated istio/api repo version * code review comments * Add myself to install/OWNERS (#5046) Automatic merge from submit-queue. Add myself to install/OWNERS * cleanup unused files (#5042) Automatic merge from submit-queue. cleanup unused files istio-pilot-e2e-v1alpha3 is not run anymore. istio-pilot-e2e-envoyv2-v1alpha3 replaced that test * Don't build anything in the init phase (#5035) Automatic merge from submit-queue. Don't build anything in the init phase make init shouldn't actually build any binary. That was introduced in #4773. * [Part2] Added `ImagePullSecrets` to `SidecarInjectionSpec` (#5002) Automatic merge from submit-queue. [Part2] Added `ImagePullSecrets` to `SidecarInjectionSpec` This PR updated the test cases related to SidecarInjectionSpec. Fixed #4870 /cc @ayj @yusuoh @linsun * Mixer filter fixes (#5012) * Add proxy instances to plugin input params * Fix yet another slice handling issue * Update mixer cluster names * Fix mixer cluster addresses * Fix mixer cluster addresses #2 * Put registry and secrets into a nodeagent package. (#5054) Automatic merge from submit-queue. Put registry and secrets into a nodeagent package. Two sub-package under nodeagent/ - `registry/`, is to handle the workload pod creation, deletion, etc, contains interaction with flexvolumedriver. - `secrets/`, is to handle the secrets management, containing envoy SDS API interaction. * Fix pilot gRPC port in mTLS mode (#4998) * Use 15011 for pilot gRPC port when mTLS enabled. * Update bootstrap test. * Add tls context to bootstrap v1 (ingress using this). * Update bootstrap golden data. * Add a prow test for bookinfo v1alpha3 route rules (#5049) Automatic merge from submit-queue. Add a prow test for bookinfo v1alpha3 route rules * Sets up Pilot and remote cluster for multicluster (#4997) Automatic merge from submit-queue. Sets up Pilot and remote cluster for multicluster This change creates a secret and configmap in order to start pilot in mulitcluster mode. It also creates the necessary resources on the remote cluster to deploy applications there. * Update helm chart version to 0.8.0 (#5030) * simple e2e test: fix error output and exit condition (#5060) * [pilot] Some minor cleanup of bootstrap code (#5071) Automatic merge from submit-queue. [pilot] Some minor cleanup of bootstrap code * Start GRPC server using native go stack, cleanup auth (#4867) * Refactoring the init code for grpc. * Merge cleanup * Add the secure grpc port (also serving https) * Revert cleanup * Refactor and fix AZ retrieval, add test * Change default since the tls-via-envoy uses that, remove verbose log * Allow custom DNS names for pilot * Panic if certs not found an policy requires it * Setting the add to emtpty will disable the mtls listener * Revert vendor again * Fix test failure * Typo * Make sure previous logs are dumped, it seems pilot may crash * Manual fix of fmt -c * Better fix for 'prev log' * Lint errors * routes no longer working * Mount certs to pilot pod * Lint fix and revert pod logs, it's used for something else * Format * Add missing transitive dependency envoyproxy/go-control-plane (#5076) Automatic merge from submit-queue. Add missing transitive dependency envoyproxy/go-control-plane Not entirely sure how these were missed previously. Regardless, running `dep ensure` adds them to vendor (no changes to our lock file since they're transitive). * Remove EUC validation code (#5080) Automatic merge from submit-queue. Remove EUC validation code Issue: #4744 * renamed e2e-bookInfoTests-v1alpha3.sh -> e2e-bookInfoTests-envoyv2-v1alpha3.sh (#5087) Automatic merge from submit-queue. rename e2e-bookInfoTests-v1alpha3.sh -> e2e-bookInfoTests-envoyv2-v1alpha3.sh * Revert "[pilot] Some minor cleanup of bootstrap code (#5071)" (#5090) This reverts commit d5fa2b7. Conflicts: pilot/pkg/bootstrap/server.go * Enable RBAC (#5082) * Use zipkin 2.6.0 in istio. (#4726) * Modernize istio-remote helm chart (#5083) Automatic merge from submit-queue. Modernize istio-remote helm chart Modifies endpoints and services to match master This PR further changes the Makefile target to use istio-${service}.istio-system This PR further adds in the CA service and deploys it by default * Remove gcloud docker calls (#5092) Automatic merge from submit-queue. Remove gcloud docker calls Fixes #4797 * Add per proxy pilot querying (#5096) * Add per proxy pilot querying This is the final chunk of functionality for the base proxy-config command. It adds the ability to query Pilot for a specific proxy as well as the full mesh support. * Linting... * Correct the reference file path in galley (#5000) * Add secret controller for multicluster (#5017) * Vendor changes adding Informers and Listers * Secret Controller code * Linter detected issues * Vendor update related sha change * Adding final bits to the controller * Fixing controller startup code * Adding required RBAC rules to watch for secrets * Refactor Cluster Store initialization place * Fixing Unit test failure * Fixing Unit test failure * Addressing comments part #1 * Fixing Unit test * Switching to different type of Informer * Add create k8s_cr.Cluster object * Fixing if statement * Fixing lint error * Cosmetic changes * Fixing lint error * Tests reproing 503s (was 404s) during routerule apply - with t.Skip() until we have fix (#1041) Reproduces 3 classes of bugs. with t.Skip() for now/until they are fixed. * Multicluster deployment of Apps on remote (#5099) Automatic merge from submit-queue. Multicluster deployment of Apps on remote This change deploys the remote applications in a multicluster test. It alps fixes a couple issues with the remote.yaml and a typo from a prior PR. It makes some fixes to match up with PR5083 * Use iptables TPROXY instead of REDIRECT for inbound traffic (#4654) * Pilot: Support running Envoy with CAP_NET_ADMIN to support TPROXY Add iptables as a dependency to the istio.deb package. Signed-off-by: Romain Lenglet <romain@covalent.io> * Pilot: Support iptables TPROXY instead of REDIRECT for inbound traffic Add iproute2 as dependency to the istio.deb package and the proxy_init Docker image. Add a "-m" command-line flag to istio-ipstables.sh to select the inbound traffic interception mode ("REDIRECT" or "TPROXY"). Fix the usage doc for the other command-line options. Signed-off-by: Romain Lenglet <romain@covalent.io> * Fix deb/* Makefile targets Signed-off-by: Romain Lenglet <romain@covalent.io> * Pilot: Configure transparent proxy redirection from proxy config Configure the redirection mode (redirect vs. tproxy) in ProxyConfig. Pass the redirection mode to Pilot in the Node's metadata, in environment variable ISTIO_META_INTERCEPTION_MODE. Fix Envoy bootstrap to remove the ISTIO_META_ prefix from metadata key names, instead of ISTIO_META. Signed-off-by: Romain Lenglet <romain@covalent.io> * Pilot: Parse Node Metadata and store it in Proxy Signed-off-by: Romain Lenglet <romain@covalent.io> * Update pilot/pkg/kube/inject tests Fix pilot/pkg/kube/inject tests to use the new templates. Add unit tests for the ProxyConfig.InterceptionMode. Signed-off-by: Romain Lenglet <romain@covalent.io> * Pilot: Define sidecar.istio.io/interceptionMode annotation Define sidecar.istio.io/interceptionMode to override the ProxyConfig.InterceptionMode mesh-wide setting. Signed-off-by: Romain Lenglet <romain@covalent.io> * added missing external service definition (#5094) * Fix the node agent E2E test, manually tested. (#5063) Automatic merge from submit-queue. Fix the node agent E2E test, manually tested. Fixed several things to get it work: - Update outdated flags value. - In `start_app.sh`, retain the node agent process log, instead just run it in background. - Make sure the initial root and cert is loaded. How to test this: - `make docker && make docker.push` - `go test -v istio.io/istio/security/tests/integration/nodeAgentTest --tag $(git log -1 --format="%H") --hub gcr.io/<your-project> -kube-config ~/.kube/config --skip_cleanup` We should also figure out how to not run `apt-get` install for every test run. Will follow up with key cert generation issue and then ensure it's stability before re-enabling it. cc @wattli * Bug fix in stackdriver adapter. (#5026) Automatic merge from submit-queue. stackdriver adapter bug fixes and clean up Several bug fixes and cleanups in stackdriver adapter: - add duration type into distribution processing, which is used for latency metrics. - remove a duplicated layer of loop. - remove metric kind override since now adapter could deal with not only custom metrics. - remove a log line which overwhelms mixer logs. * Only query the specific trace using the provided x-client-trace-id tag (#5066) Automatic merge from submit-queue. Only query the specific trace using the provided x-client-trace-id tag This change should make the trace query more efficient as it should only retrieve the single required trace instance. cc @kyessenov @nmittler Signed-off-by: Gary Brown <gary@brownuk.com> * integrate circle ci with testgrid (#4649) Automatic merge from submit-queue. Integrate circle CI with Testgrid The integration will start with mixer and simple e2e tests. Will expand to other jobs in subsequent PRs. Results are now available on https://k8s-testgrid.appspot.com/istio#circleci-e2e-mixer https://k8s-testgrid.appspot.com/istio#circleci-e2e-simple Those are test results from this PR exclusively. After this is merged, the results will be more interesting. The `ci_to_gubernator` binary is built from istio/test-infra#769. Feel free to also take a look. * Fixing postsubmit (#5104) * Implement Citadel prometheus monitoring feature. (#5015) Automatic merge from submit-queue. Implement Citadel prometheus monitoring feature. This monitoring feature exposes a service (port 9093) about Citadel status to prometheus. Yaml files are changed in #5072. Tests will be added shortly. * let stackdriver adapter figure out project metadata by itself (#5057) Automatic merge from submit-queue. let stackdriver adapter figure out project metadata by itself This will make stackdriver adapter config generalized and usable for different projects. * Fix labelNames getting filled in stackdriver logging. (#5058) Automatic merge from submit-queue. Fix labelNames getting filled in stackdriver logging. Added LabelNames in testdata/stackdriver.yaml file Also, fixed that if label was not string, it was getting filled as null. * Don't attempt to qualify the wildcard domain. (#5106) * Don't attempt to qualify the wildcard domain. * fmt * pilot-agent: add a flag to disable internal telemetry (#5101) Automatic merge from submit-queue. pilot-agent: add a flag to disable internal telemetry Enabled by default, but allows to turn off telemetry. Signed-off-by: Kuat Yessenov <kuat@google.com> * Add tcp proxy support for multi-cluster environment (#4694) Automatic merge from submit-queue. tcp proxy support in a multi-cluster environment. Services need to maintain per cluster service IPs. For sidecars running in a cluster, cluster-specific service IPs should be used to build destination_ip_list for envoy listeners. * Add missing namespace to citadel template (#5108) Automatic merge from submit-queue. Add missing namespace to citadel template * prune old version resources that no longer exist (#5107) Automatic merge from submit-queue. prune old version resources that no longer exist * [vendor-change] CloudWatch Mixer adapter (#4617) Automatic merge from submit-queue. [vendor-change] CloudWatch Mixer adapter Adding an adapter to send metrics to cloudwatch * Enable Ingress/Egress gateways in Helm for bookinfo demos (#5120) Automatic merge from submit-queue. Enable Ingress/Egress gateways in Helm for bookinfo demos * Consume labeled multicluster secrets on startup (#5117) Automatic merge from submit-queue. Consume labeled multicluster secrets on startup This patch when run against istio.yaml or istio-auth.yaml runs in the new config mode using only labels rather than configmaps. The configmap functionality can be removed in 0.9. * Add a linter check to make sure types.go are generated. (#5110) Automatic merge from submit-queue. Add a linter check to make sure types.go are generated. addresses #4418 * Remove outdated manifests from install/kubernetes (#4882) * Remove orig_ manifests * Remove istio-mixer-validator and istio-mixer-with-health-check manifests * Remove unwanted manifests before archiving * Remove istio-sidecar-injector.yaml from install/README.md * Remove *one-namespace*.yaml from install/README.md * Make helm-generated manifests overwrite updateVersion_orig.sh manifests
howardjohn
added a commit
that referenced
this pull request
Sep 7, 2022
* Move go.mod to 1.18 (#40028) This enables #36308 (comment) * Remove unused attributes of WatchedResource to reduce memory (#39945) * Abstract gateway context outside of mode package (#40035) * Automator: update proxy@master in istio/istio@master (#40063) * Add a flag for app container name and retry verifyTrafficMirror (#40053) For some workloads the container name is different and the logs can be slower. So the verification of mirroring test cases is retried for 20 seconds. * use common MessageToAny method everywhere (#40041) * use common MessageToAny method everywhere * add missing reference * cleanup ioutil (#40062) Signed-off-by: yxxhero <aiopsclub@163.com> * check DNS Proxying for headless svc (#40023) * Automator: update proxy@master in istio/istio@master (#40070) * fix lint (#40056) * fix lint * make gen * istioctl: set default port from webhook (#40069) Kubernetes doesn't require port, but ADSC does. Set a default if its not there yet. * Automator: update proxy@master in istio/istio@master (#40075) * Minor comments fix (#40079) Signed-off-by: Zhonghu Xu <xuzhonghu@huawei.com> * Proxy labels should be updated when pod/wle labels updated (#40036) * Proxy labels should be updated when for example pod labels updated * make pod labels not replace all node meta labels * fixlint * Adress comments * Added localityLabel to pod label so we can get proxy locality from pod labels rather than service instances, which may not exist * Refactor: abstract setTopologyLabels * Update * update * pod label change trigger proxy update * wle label change trigger proxy update * update tests * lint * fix * handle removes (#1) * handle removes * handle removes Signed-off-by: Aditya Prerepa <adiprerepa@gmail.com> * update * refresh golden files Co-authored-by: Aditya Prerepa <adiprerepa@gmail.com> * fix typo in pilot.go (#40084) authenication -> authentication * use same xds types every where (#40088) * use same types every where Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * change delta Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * Update constant definitions for metrics (#40086) * Automator: update common-files@master in istio/istio@master (#40099) * Automator: update proxy@master in istio/istio@master (#40095) * Revert "Add a flag for app container name and retry verifyTrafficMirror (#40053)" (#40096) This reverts commit d3b1687. * move more fuzzers over to native fuzzers (#40029) * move more fuzzers over to native fuzzers * banner * lint * Automator: update istio/client-go@master dependency in istio/istio@master (#40100) * Rewrite `interface{}` to `any` (#40073) * Rewrite any to anypb * Rewrite interface{} to any * regen * Remove validation of TunnelSettings.Protocol for empty string (#40102) Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> * Revert "Proxy labels should be updated when pod/wle labels updated (#40036)" (#40098) This reverts commit 5f90e4b. * delete multi-arch selector in the gateway templates (#40068) * Refactor resolution of network gateway names for more efficiency (#39836) * Refactor resolution of network gateway names for more efficiency * Fix lint * Fix DNS record type switch * Automator: update proxy@master in istio/istio@master (#40117) * Simpler injectionPath format for cluster env value with / char (#39979) * Simpler injectionPath format for cluster env value with / char * fix lint * update comment * more comment update * improve test * Automator: update common-files@master in istio/istio@master (#40119) * Automator: update proxy@master in istio/istio@master (#40120) * Automator: update istio/client-go@master dependency in istio/istio@master (#40121) * Automator: update proxy@master in istio/istio@master (#40129) * xdstest: use some generic functions instead of hacks (#40074) * xdstest: use some generic functions instead of hacks * compile * Fix nil * license * Update copyright (#40126) * Update copyright Signed-off-by: Xiao, Ziyang <ziyang.xiao@intel.com> * remove update in meshca.pb.go Signed-off-by: Xiao, Ziyang <ziyang.xiao@intel.com> * Update Wasm Dashboard Default Time (#40130) * Update Wasm Dashboard Default Time * resolve ci errors Signed-off-by: Xunzhuo <mixdeers@gmail.com> * move send unhealthy endpoint flag to atomic bool (#40140) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * fix multi WasmPlugin with different imagePullSecrets (#40093) * fix ecds secret cache * add release-notes * address comment and fix typo * Automator: update common-files@master in istio/istio@master (#40150) * Add default validator template to istio-remote (#40149) * Automator: update istio/client-go@master dependency in istio/istio@master (#40152) * Automator: update proxy@master in istio/istio@master (#40161) * Support list type in analyze (#40085) * support list type in analyze * revise parseChunk func * refactor response checker (#40156) * improve build_push_update_images.sh (#40170) Signed-off-by: xin.li <xin.li@daocloud.io> * workload instance cause stale CDS clusters of type STRICT_DNS (#39947) * workload instance cause stale CDS clusters with of type STRICT_DNS * added release note * fewer full push triggers * code review comments for release note * extend logic for DNS_ROUND_ROBIN * update trigger reason to EndpointUpdate * add unit tests * minor refactor in gateway api (#40171) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * Automator: update istio/client-go@master dependency in istio/istio@master (#40175) * test: use `T.Setenv` to set env vars in tests (#40176) This commit replaces `os.Setenv` with `t.Setenv` in tests. The environment variable is automatically restored to its original value when the test and all its subtests complete. Reference: https://pkg.go.dev/testing#T.Setenv Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> * Update BASE_VERSION to master-2022-07-29T19-01-38 (#40179) * Automator: update common-files@master in istio/istio@master (#40180) * Automator: update istio/client-go@master dependency in istio/istio@master (#40181) * Automator: update proxy@master in istio/istio@master (#40183) * Fix ist0103 msg incorrect displaying when injection label is set to false (#40164) * fix ist0103 incorrect fireing * fix unit test * Automator: update proxy@master in istio/istio@master (#40191) * Prevent calling json.MarshalIndent and handle err, instead using writeJSON (#40197) * Automator: update common-files@master in istio/istio@master (#40200) * fuzz: attempt to fix build by working around fuzzing limitation (#40203) * fuzz: attempt to fix build by working around fuzzing limitation * Also add to owners * Automator: update istio/client-go@master dependency in istio/istio@master (#40202) * Automated branching step 1 (#40206) * Automator: update proxy@master in istio/istio@master (#40208) * Automator: update common-files@master in istio/istio@master (#40212) * Automator: update istio/client-go@master dependency in istio/istio@master (#40214) * Automator: update proxy@master in istio/istio@master (#40215) * pilot: fix issue with TLS and TCP order dependency (#40072) * pilot: fix issue with TLS and TCP order dependency Currently, tls_inspector is only added if its the first Service. If its after TCP, it is missed. example config: ```yaml apiVersion: networking.istio.io/v1beta1 kind: ServiceEntry metadata: name: tcp spec: addresses: - 10.10.10.10/24 exportTo: - . hosts: - '*.tcp' ports: - name: tcp-443 number: 443 protocol: TCP --- apiVersion: networking.istio.io/v1beta1 kind: ServiceEntry metadata: name: tls spec: exportTo: - . hosts: - tls.example.com location: MESH_EXTERNAL ports: - name: https-443 number: 443 protocol: HTTPS resolution: DNS ``` depending on the order of creation it will work/not work. * note * Make it more generic and better tested * optimize handleStats temporary big byte slice (#40109) * add global stats buffer on handleStats * remove agent errors counter * remove process metrics function * app metrics must go last * scrape agent first * process metrics without copy slice * replace with # * use multi buffer * fix build * fix comment * reader director write to response * fix problem * fix lint * fix cancel func * add benchmark Signed-off-by: Patrick <patrickjiang0530@gmail.com> * modify benchmark Signed-off-by: Patrick <patrickjiang0530@gmail.com> * fix ci lint Signed-off-by: Patrick <patrickjiang0530@gmail.com> * add copyAndProcessMetrics Signed-off-by: Patrick <patrickjiang0530@gmail.com> * fix lint and nr <= 0 Signed-off-by: Patrick <patrickjiang0530@gmail.com> * use bufPool * fix lint and problem * add copyAndProcessMetrics unit tests Signed-off-by: Patrick <patrickjiang0530@gmail.com> * fix unit test * revert server for benchmark Signed-off-by: Patrick <patrickjiang0530@gmail.com> * revert server_test for benchmark Signed-off-by: Patrick <patrickjiang0530@gmail.com> * revert server_test for benchmark Signed-off-by: Patrick <patrickjiang0530@gmail.com> * Revert "revert server_test for benchmark" This reverts commit b3551c0. * Revert "revert server_test for benchmark" This reverts commit 63be4af. * Revert "revert server for benchmark" This reverts commit 5a3fb73. * fix unit test Signed-off-by: Patrick <patrickjiang0530@gmail.com> * remove proccess metrics * remove proccess metrics * fix imports * modify benchmark * modify benchmark * revert to test benchmark * fix tests * fix unit test * fix benchmark tests * fix benchmark * Revert "revert to test benchmark" This reverts commit a2851e2. * optimize tests * remove sync pool * Use absolute path when adding file watcher (#40137) * Use absolute path when adding file watcher * add test case which checks for absolute path * add testdata for TestTryAddFileWatcher test * Automator: update common-files@master in istio/istio@master (#40228) * Fix new linter version (#40204) The new linter fixes `go vet` to properly detect these, so update the code to match * Automator: update istio/client-go@master dependency in istio/istio@master (#40233) * cleanup tunneling code (#40226) * cleanup tunneling code Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * network test Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * Fix export to logic lead to not found logic (#40244) * fix export to logic * releasenotes * gen * fix eds comments (#40242) * fix eds comments Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * minor comment Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * Automator: update istio/api@master dependency in istio/istio@master (#40248) * Automator: update common-files@master in istio/istio@master (#40247) * Automator: update istio/pkg@master dependency in istio/istio@master (#40251) * Run `make gen` (#40255) * Cleanup makefile env vars (#40252) * Cleanup some more legacy fields * fix packaging.mk * Automator: update proxy@master in istio/istio@master (#40253) * Automator: update istio/client-go@master dependency in istio/istio@master (#40249) * Automator: update proxy@master in istio/istio@master (#40261) * Documentation updates for comments in #40255 (#40258) * Support pulling multi-arch envoy binaries (#39483) * Allow no cpuinfo * allow fail * Bump kind image * debug * workaround env var * fix docker build * log * arch in build * set arch again * fix arch type * more logs * more env * Make single image architecture aware * VM per-arch * Opt out when requiring emulation * Fix jwt server * fmt * Revert env var hacks * cleanup * minor fixes * new release-builder * multi-arch * lint * fix fake v1beta1 conversion (#40240) * Remove unused fields of Agent (#40262) * Bump master to 1.16 (#40263) * Automator: update istio/api@master dependency in istio/istio@master (#40271) * Automator: update istio/client-go@master dependency in istio/istio@master (#40272) * Add qemulation to release builder (#40279) * Add qemulation to release builder VMs currently require emulation to cross compile. We previously just skipped them, but then you cannot simply run `go test ./tests/integration/...` with `gcr.io/istio-testing` since we don't have the VM images. Instead, try emulation. * Use our image * Automator: update istio/pkg@master dependency in istio/istio@master (#40287) * change log level (#40184) * change log level * add release notes * Automator: update proxy@master in istio/istio@master (#40293) * Add SkyWalking configuration samples (#40269) * do not repeat trust id in logs (#40089) * remove redundant id in spiffe logs Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * only expand trust domains for k8s services Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * service entry can select pods Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * revert Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * remove restart epoch from envoy (#40300) * wip Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * remove the concep of epoch Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * remove unnecessary change Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * some more code cleanup Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * some more cleanup Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * start admin interface earlier (#40151) * start admin interface earlier Change-Id: Icdd17bffb482f721dfd8c865a56b02835d3dbc99 * lint Change-Id: I31eba25e850738cf47bd312b8e03f23d67f23a2a * Support debug building mode (#40289) * Automator: update istio/api@master dependency in istio/istio@master (#40305) * Automator: update istio/client-go@master dependency in istio/istio@master (#40306) * Update BASE_VERSION to master-2022-08-05T19-00-49 (#40308) * security tests refactor (#40209) * security tests refactor * updated the logic to create custom configs * fix empty endpoints weight for AUTO_PASSTHROUGH gateway (#40243) * fix empty endpoints weight for AUTO_PASSTHROUGH gateway * add a test * Automator: update proxy@master in istio/istio@master (#40312) * Automator: update proxy@master in istio/istio@master (#40319) * Fix TestInsertDataToConfigMap flake (#40294) * Fix bug for for Sidecar's defaultEndpoint is IPv6 format (#40265) * fix issue#40245 for Sidecar in ipv6 defaultEndpoint format * fix the lll go lint * add unit test for sidecar's defaultEndpoint * completed this fixing according to comments * change code based on comments * add comments in code for re-trigger the C * check the IPv6 address by Net.IP to16 * check the IPv6 address by Net.IP to16 * Fix 0103 warning for non-injected pods on the host network (#40220) * Fix 0103 warning on pods on the host network * Fix newline * Add a release note * Fix typo * improve sleep-spireyaml (#40328) Signed-off-by: xin.li <xin.li@daocloud.io> * fuzzing: fix oss-fuzz build (#40315) Signed-off-by: AdamKorcz <adam@adalogics.com> * fix gateway with different bind to have same host (#40275) * fix gateway with different bind to have same host * add release note * address comments Co-authored-by: youchen <youchen@ebay.com> * improve CheckAutoScaleAndReplicaCount (#40297) * improve CheckAutoScaleAndReplicaCount * add release-notes * update release-notes * add UT * Don't gen default webhooks is operatorManageWebhooks is true (#40304) * Respect ALPN negotiation in agent prober (#40307) * Respect ALPN negotiation in agent prober Fixes #40173 This aligns with kubelet probe, to support http2 for `HTTPS` probes. Note: the request from kubelet->agent will always be HTTP/1.1 still, just the upstream is changed. * lint * unify timeout logic across service and virtual service (#40320) * unify timeout logic across service and virtual service Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * release notes Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * address comments Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * separate inbound and outobund timeouts Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * Automator: update istio/api@master dependency in istio/istio@master (#40337) * Automator: update istio/client-go@master dependency in istio/istio@master (#40338) * Automator: update proxy@master in istio/istio@master (#40345) * Remove old Envoy runtime flag (#40301) * chore: add missing templating list for datasource (#40361) * chore: add missing templating list for datasource Signed-off-by: Xunzhuo <mixdeers@gmail.com> * update Signed-off-by: Xunzhuo <mixdeers@gmail.com> * Fix Mac build, moving linux specific code to its own files (#40343) * Fix Mac build, moving linux specific code to its own files * Move full ConfigureRoutes() * Fix imports * Automator: update proxy@master in istio/istio@master (#40371) * Set ISTIO_META_GENERATOR only fro grpc (#40136) * Set ISTIO_META_GENERATOR only fro grpc * Revert change to injection to minimize risk, mixed mode will use regular template * Fix unit test * add identifier to crd client logs (#40327) * add identifier to crd client logs Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * fix log statements Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * move scope to client Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * move all scopes Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * fix comments Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * Automator: update proxy@master in istio/istio@master (#40374) * Propagate SkyWalking tracing header (#40296) * Automator: update proxy@master in istio/istio@master (#40388) * fix the bug when istio ingressgateway cannot be matched to a node (#40387) * debug interface: fix crash regression (#40393) * debug interface: fix crash regression Fixes #40384 The issue is before we had some somewhat odd ordering to apply the DebugMux to the debugGen. This changes it to be more explicit - and more importantly correct as we correctly pass it a non-nil mux * lint * Rework proxy labels update (#40186) * Rework "Proxy labels should be updated when pod/wle labels updated (#40036)" This reverts commit 2f9f3fb. * Deepcopy labels before adding istio-locality * rewrite when to recompute workload labels * client no need to send istio meta labels separately * Fix build * revert test golden files * Minor update * Add UpdateWorkloadLabel in TF * workload labels update test * update * fix * retry update * Skip vm pod label update * Fix lint * update * Fix multi cluster test: run in serial * Automator: update proxy@master in istio/istio@master (#40404) * fix multi accesslogging not working (#39521) * fix multi accesslogging not working * fix lint * fix e2e * fix UT * add more UT * add failover priorities to eds cache key (#40221) * telemetry logging: insert newlines in format, per spec (#40411) * Promoted istioctl x uninstall to istioctl uninstall (#40362) * Promoted istioctl x uninstall to istioctl uninstall fixes #40339 Signed-off-by: Tong Li <litong01@us.ibm.com> * Promoted istioctl x uninstall to istioctl uninstall fixes #40339 Signed-off-by: Tong Li <litong01@us.ibm.com> * Promoted istioctl x uninstall to istioctl uninstall Fixes #40339 Signed-off-by: Tong Li <litong01@us.ibm.com> * Promoted istioctl x uninstall to istioctl uninstall fixes #40339 Signed-off-by: Tong Li <litong01@us.ibm.com> Signed-off-by: Tong Li <litong01@us.ibm.com> * Automator: update proxy@master in istio/istio@master (#40420) * tf: Fix Istioctl XDS flakes (#40274) * tf: Fix Istioctl XDS flakes This is failing recently since we made proxy disconnect from control plane more often. This exposed that these tests fail if they happen to run when not connected. Fixes #37169 Fixes #40273 * fix build * fmt * Automator: update common-files@master in istio/istio@master (#40432) * added few more test scenarios in authz builder (#40435) * Automator: update proxy@master in istio/istio@master (#40438) * Add benchmarks for queue (#40406) * telemetry logging: refactor fileAccessLogFormat (#40442) * telemetry logging: refactor fileAccessLogFormat * fix lint * fix UT * fix lint * Refactor proxy labels: add labels fields to Proxy (#40322) * Refactor proxy labels: add labels fields to Proxy * only recompute proxy labels when initial request and proxy update * Fix rebase error * rm metadata labels * reapply node meta labels when reconnect * Add proxy labels to debug * fix bootstrap node metadata * Address comments * Fix ut and lint * Fix * Fix nil pointer * Make env with higher priority * move maxstream duration creation inside (#40449) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * cni: improve logging of istio-validation (#40412) * cni: improve logging of istio-validation currently the logging is not user friendly -- we just report validation failed, but not what it is validating or why * lint * lint * Update to istio/api before istio/api#2421 and fix lint issues (#40446) * Update latest istio/api and fix lint issues * Move back to commit before istio/api#2421 * improve the output's link (#40472) Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: xin.li <xin.li@daocloud.io> * Automator: update common-files@master in istio/istio@master (#40478) * Attempt to fix merging latest api/client-go repos (#40479) * refactor get and process functionality of queue (#40441) * refactor get and process Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * change condition Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * loose telemetry accesslogging validation (#40373) * loose telemetry accesslogging validation Signed-off-by: hejianpeng <hejianpeng2@huawei.com> * add tests Signed-off-by: hejianpeng <hejianpeng2@huawei.com> * Fix invalid use of formatting in logs (#40482) * Fix invalid use of formatting in logs * fix accidental change * bump gateway-api to support arm64 (#40476) * bump gateway-api to support arm64 * fixup some failures * bump * Automator: update proxy@master in istio/istio@master (#40484) * Update message for number of sidecars (#40437) * add support for maglev for consistent hash load balancer (#40142) * use maglev for consistent hash load balancer Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * add release notes Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * fix release notes Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * lint Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * Unify cert validity check for xds client and caClient (#40453) * Verify cert not expire for xds client as well * revert token * revert cert notBefore check * resovle redundant match (#40492) Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: xin.li <xin.li@daocloud.io> * Allow linking to artifact directly in prow logs (#40493) * Allow linking to artifact directly in prow logs * fix url * more fixes * fix build * Automator: update proxy@master in istio/istio@master (#40498) * docker: remove redundant logs (#40500) No need to log a bunch on each call * Set istiod seccompProfile to RuntimeDefault (#40115) * Set istiod seccompProfile to RuntimeDefault * Make seccompProfile configurable, with default remaining as unset * Add seccompProfile to operator/pkg/apis/istio/v1alpha1/values_types.proto * Update autogenerated files * Add release note * Add seccompProfile option to CNI and operator * Automator: update proxy@master in istio/istio@master (#40501) * Automator: update common-files@master in istio/istio@master (#40502) * Automator: update istio/client-go@master dependency in istio/istio@master (#40515) * Fix ProxyConfig merge impacting shared state (#40494) The issue was we were overriding things by setting them to pointers. These pointers are then shared, and when `proto.merge` is used they are all mutated. Instead, take deepcopies and add a test * add validation to allow only of ring hash size or hash algorithm (#40507) * add validation to allow only of ring hash size or hash algorithm Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * lint Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * review comments Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * Ignore port number in domain matching entirely (#40475) * Ignore port name in domain matching entirely Fixes #40474 This is finally available in Envoy so we can drop our hacks of adding the port, adding `:*`, etc. * fix more usages * lint * fix * Flag protect sidecar * lint * note * Update test images to multiarch supported versions (#40496) * Fix VM tests on arm64 * Update more images * fix oc * drop mem limit * Changing default value of ENABLE_LEGACY_FS_GROUP_INJECTION in charts (#40531) Signed-off-by: Faseela K <faseela.k@est.tech> Signed-off-by: Faseela K <faseela.k@est.tech> * Add file watcher for pod labels, only override xds request node when … (#40488) * Add file watcher for pod labels, only override xds request node when labels update * Add StaticLabels to node metadata to specify labels from ISTIO_METAJSON_LABELS * Fix VM test * Fix ut * Fix golden test * Claiming namespace now sets default service account image pull secret. (#40524) * kube client: use disk cache for CLI tools (#40386) * kube client: use disk cache for CLI tools When using istioctl on slow api-servers, things are super slow. The issue is *every* call does API server discovery. This process is super slow. To workaround this slowness, k8s has caching. Today, we use an in-memory cache. This is useless for CLI tools, which only run it once. Another cache exists, which is used by kubectl, to cache to disk. This PR introduces a disk based cache. This is enabled only for the `NewExtendedClient`. To make it more explicit this should only be used for CLI tools (and similar), the function is renamed to `NewCLIClient`. Note all current cases of this function are correctly used in CLIs, so this is just a renaming. Additionally, add a new `pkg/lazy` package. This facilitates lazily computing values, similar to `sync.Once` but more ergonomic and safer (ability to retry, etc). * Fix mapper to reset now that we are use cache * rename and comment * fmt * Bump gce metadata fake with arm64 (#40533) * hbone: add `hboneInsecureSkipVerify` to CLI (#40535) * hbone: add `hboneInsecureSkipVerify` to CLI This matches the proto. Its helpful for local testing since spiffe certificate verification is typically not happening * lint * Make use of Proxy.Labels instead of Meatdata.Labels (#40505) * Make use of Proxy.Labels instead of Meatdata.Labels * fix ut * rm IstioMetaLabels * Add automatic setting logic for ENABLE_LEGACY_FSGROUP_INJECTION (#40549) The previous logic was available only for IstioOperator, hence helm based integration tests on k8s 1.16 were failing. Signed-off-by: Faseela K <faseela.k@est.tech> Signed-off-by: Faseela K <faseela.k@est.tech> * CA client tls config ServerName first set to CAEndpoint host (#40452) * set tlsConfifg ServerName to CAEndpoint host * remove legacy comments * update * Remove redundant setting of ENABLE_LEGACY_FSGROUP_INJECTION (#40551) Signed-off-by: Faseela K <faseela.k@est.tech> Signed-off-by: Faseela K <faseela.k@est.tech> * Cleanup `SetForTest` types (#40545) * Automator: update proxy@master in istio/istio@master (#40563) * Automator: update proxy@master in istio/istio@master (#40567) * add stat_prefix support for virtual service api (#40503) * add stat_prefix support for virtual service api * add vhosts stats to inclusion list * remove debugs * add without stat_prefix test case * fix tests * add another test case Co-authored-by: Varun Kulkarni Somashekhar <varun.kulkarni@salesforce.com> * fix typos in pilot-discovery cmd (#40565) * reuse fileExists (#40582) * Improve istioctl options command description (#38236) * improve description * revise and add releasenotes * revise run to runE * lint * strengthen the confirmation function (#40544) Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: xin.li <xin.li@daocloud.io> * install: autodetect cniBinDir on GKE (#40547) * install: autodetect cniBinDir on GKE Makes users not need https://istio.io/latest/docs/setup/additional-setup/cni/#hosted-kubernetes-settings when installing via `helm install` or `istioctl install`. Note: `helm template` and `istioctl manifest generate` do not use version information, so this is still needed for those cases. This adds GKE detection. OpenShift detection is possible as well, I just don't have a test cluster or know how to detect OpenShift * not * fix note * Add configmap as well * lint * istio: add metric for debouncing (#40523) * istio: add metric for debouncing This CL adds metric for the delay between a first config change enters deboucing until the final merged push request is pushed into the push queue. This time plus the proxy convergence time give us an upper bound on the total delay between a config change and the change is pushed to proxies. Also increased the buckets since logging shows that the debounce time is pretty long (more than 1 minute). Change-Id: I3220f9c3188824ea6925151ff6837f91aac5a15a Reviewed-on: https://gerrit.musta.ch/c/public/istio/+/3512 Reviewed-by: Weibo He <weibo.he@airbnb.com> Reviewed-by: Ryan Smick <ryan.smick@airbnb.com> Reviewed-by: Jungho Ahn <jungho.ahn@airbnb.com> * istio: fix debounceTime typo Change-Id: I9977c597768360cc3dd485dbf21bd9afdb2f5151 Reviewed-on: https://gerrit.musta.ch/c/public/istio/+/3517 Reviewed-by: Weibo He <weibo.he@airbnb.com> * istio: handle debounce time entirely in the debounce() function To address comments in #40523, we will record after push finishes inside the debounce function. We can actually remove the DebounceStart field in the push context as a result. Also change the buckets as discussed in the PR. Change-Id: I3b7a7860590e7e5ed4f13282b4398527de089c81 Reviewed-on: https://gerrit.musta.ch/c/public/istio/+/3519 Reviewed-by: Jungho Ahn <jungho.ahn@airbnb.com> Reviewed-by: Weibo He <weibo.he@airbnb.com> * Add Tap gRPC handler to Istio Agent. (#40566) * Add Tap GRPC handler to Istio Agent. * Fix lint errors * Add the integration test * Disable CONFIG_DISTRIBUTION_TRACKING (#40561) * Disable CONFIG_DISTRIBUTION_TRACKING * release note * fix test * feat: delete unused function: HelmReconciler.DeleteAll (#40569) * minor rename to avoid confusion (#40574) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * change SetDestinationRules for testing only (#40583) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * update Kiali to 1.55 (for Istio 1.15) (#40588) * update Kiali to 1.55 (for Istio 1.15) * add release notes * Send only the Cluster ID (#40477) * Fix PushContext.sidecarIndex.rootConfig flipping issue (#40575) When a PushRequest doesn't have Service/VirtualService/DestinationRule/Sidecar change, in PushContext.updateContext(), initSidecarScopes() will not be invoked, new PushContext only copies sidecarIndex.sidecarsByNamespace from old one, sidecarIndex.rootConfig becomes nil. When workload namespace doesn't have Sidecar resource, this causes new ADS connection's SidecarScope being created by DefaultSidecarScopeForNamespace(), the global default sidecar in istio root namespace is not respected. * Initialized PR for support multiple addresses per listener to generate LDS configuration in Istio (#40539) * Support multiple addresses per listener to generate LDS configuration in Istio issue#40394 * add extra addresses for Istio service * change based on comment, just change the k8s service related * Update go modules (#40597) * Update go modules * lint * fmt * Automator: update proxy@master in istio/istio@master (#40603) * fix regex expression for stat_prefix (#40594) * fix regex expression for stat_prefix * nit: use backtick Co-authored-by: Varun Kulkarni Somashekhar <varun.kulkarni@salesforce.com> * Automator: update istio/pkg@master dependency in istio/istio@master (#40609) * cleanup some comments in ads (#40610) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * refactor hashbydestination to a separate function (#40562) * refactor hashbydestination to a separate function Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * change function Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * revert change Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * review comments Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * Fix bootstrap discovery service (#40607) * reuse fileExists * refactor bootstrap discovery client * Fix bootstrap ds thread leak * Remove duplicated * lint * Fix lint * add help output for gen-helloworld (#40614) Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: xin.li <xin.li@daocloud.io> * Always set endpoints controller (#40592) * Always set endpoints controller Fix fuzz issue, and document how to reproduce * lint * md lint * Gcp concurrent requests (#40105) * Query GCP Instance Metadata concurrently Signed-off-by: rinormaloku <rinormaloku37@gmail.com> * Checking if GCP Metadata endpoint is available Signed-off-by: rinormaloku <rinormaloku37@gmail.com> * Checking if GCP Metadata endpoint is available Signed-off-by: rinormaloku <rinormaloku37@gmail.com> Signed-off-by: rinormaloku <rinormaloku37@gmail.com> * add help output for build-services (#40616) Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: xin.li <xin.li@daocloud.io> * security tests refactoring - part 3 (#40348) * security tests refactory - part 3 * updating mtls_party_jwt test * updated test utils * refactored new ingress based tests * refactor hash load balancer route generation (#40401) * refactor hash load balancer route generation Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * lint Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * lint Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * lint Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * remove some more var Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * rearrange Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * rename Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * address review comments Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * use registerIf to disable metrics in xds cache (#40612) * use registerIf to disable metrics in xds cache Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * wrap at creation Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * cleanup unused code for envoy package (#40625) Signed-off-by: Tianpeng Wang <tpwang@alauda.io> Signed-off-by: Tianpeng Wang <tpwang@alauda.io> * improve xds proxy logs (#40631) * improve xds proxy logs Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * fix Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * Automator: update proxy@master in istio/istio@master (#40636) * Switch to official gRPC release version (#40632) Prior we bumped to master to pick up a needed fix; now we can use release version. * Switch kind image in testing to 1.25.0 (#40635) * Automator: update istio/pkg@master dependency in istio/istio@master (#40637) * Lint fixes for golangci-lint 1.49.0 (#40633) * Fix stale comments (#40641) Fixes #39147 * e2e: move wasm_modules to samples folder (#40538) * move wasm_modules to samples * add README.md * Backoff wrapper (#40629) * Add istio backoff wrapper package * Add tests * Part of revert #40631, not to hide rate limited info, it is an important signal to users (#40644) * Automator: update common-files@master in istio/istio@master (#40651) * Automator: update istio/client-go@master dependency in istio/istio@master (#40652) * improve setupkind.sh (#40656) Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: xin.li <xin.li@daocloud.io> * manifests: add variant option to select distroless (#40661) * manifests: add `variant` option to select distroless We currently have this in ProxyConfig but that only applies for injection. Add a new field to control everything. This also sets the ProxyConfig field for convenience. * gen * Build multiarch images for bookinfo (#37546) * Build multiarch images for bookinfo * Allows the user to pass a `--multiarch-images` flag to `build_push_update_images.sh` which builds and pushes a multiarch(`linux/amd64`, `linux/arm64`) image using `docker buildx build` Signed-off-by: Arko Dasgupta <arko@tetrate.io> * multiarch mysql image Signed-off-by: Arko Dasgupta <arko@tetrate.io> * multiarch mongo image Signed-off-by: Arko Dasgupta <arko@tetrate.io> * workaround for openliberty base image Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix env check Signed-off-by: Arko Dasgupta <arko@tetrate.io> * multiarch workaround Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix gevent build Signed-off-by: Arko Dasgupta <arko@tetrate.io> * release notes Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix script lint Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix release note area Signed-off-by: Arko Dasgupta <arko@tetrate.io> * undo apt-get changes, bump gevent & greenlet Signed-off-by: Arko Dasgupta <arko@tetrate.io> * prebuilt gcr.io/istio-testing/websphere-liberty Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Arko Dasgupta <arko@tetrate.io> * Automator: update proxy@master in istio/istio@master (#40663) * add additional test cases for service visibility (#40650) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * improve release/downloadIstioCandidate (#40658) Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: xin.li <xin.li@daocloud.io> * Update k8s registry (#40662) * make use of go generics to remove MostSpecificHostMatch2 (#40090) * tests: consolidate opentelemetry-collector (#40606) * tests: consolidate opentelemetry-collector * add namespace Signed-off-by: hejianpeng <hejianpeng2@huawei.com> Signed-off-by: hejianpeng <hejianpeng2@huawei.com> * analysis: optimize performance and fix dead loop (#40595) * analysis: optimize performance and fix dead loop Two fixes: 1. We are infinite loop on stop when it triggers. `break` is for the switch, not the `for`. 2. No need to use regex * flip * Automator: update istio/client-go@master dependency in istio/istio@master (#40678) * install: add `--cluster-specific` flag to generate (#40548) This allows `manifest generate` to use cluster specific settings as well. The only install method left is `helm template`; I have a bug filed in helm/helm#11240. * Automator: update istio/client-go@master dependency in istio/istio@master (#40686) * Automator: update common-files@master in istio/istio@master (#40685) * Automator: update proxy@master in istio/istio@master (#40690) * Gateway api route kind status fixes (#40697) * improve setupkind.sh (#40698) Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: xin.li <xin.li@daocloud.io> * Switch to new Register mode (#40527) * Fix sync issue in GCP platform (#40700) * Automator: update proxy@master in istio/istio@master (#40704) * tf: properly retry in TestProxyStatus (#40683) We missed a retry; this fails when the a pod hapens to be temporarily disconnected * chore: remove duplicate word in comments (#40706) Signed-off-by: Abirdcfly <fp544037857@gmail.com> Signed-off-by: Abirdcfly <fp544037857@gmail.com> * Fix merge issues * Fixup merge Signed-off-by: yxxhero <aiopsclub@163.com> Signed-off-by: Zhonghu Xu <xuzhonghu@huawei.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Jacek Ewertowski <jewertow@redhat.com> Signed-off-by: Xiao, Ziyang <ziyang.xiao@intel.com> Signed-off-by: Xunzhuo <mixdeers@gmail.com> Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Tong Li <litong01@us.ibm.com> Signed-off-by: hejianpeng <hejianpeng2@huawei.com> Signed-off-by: Faseela K <faseela.k@est.tech> Signed-off-by: rinormaloku <rinormaloku37@gmail.com> Signed-off-by: Tianpeng Wang <tpwang@alauda.io> Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Abirdcfly <fp544037857@gmail.com> Co-authored-by: Zhonghu Xu <xuzhonghu@huawei.com> Co-authored-by: Istio Automation <istio-testing-bot@google.com> Co-authored-by: Akshay J Nambiar <akshayjnambiar@users.noreply.github.com> Co-authored-by: Greg Hanson <gregory.hanson@solo.io> Co-authored-by: yxxhero <11087727+yxxhero@users.noreply.github.com> Co-authored-by: Aryan Gupta <garyan@google.com> Co-authored-by: zirain <hejianpeng2@huawei.com> Co-authored-by: Aditya Prerepa <adiprerepa@gmail.com> Co-authored-by: Ikko Ashimine <eltociear@gmail.com> Co-authored-by: Rama Chavali <rama.rao@salesforce.com> Co-authored-by: xiaomudk <xiaomudk@gmail.com> Co-authored-by: Jacek Ewertowski <jewertow@redhat.com> Co-authored-by: Zhengzhe Yang <zhengzhey@google.com> Co-authored-by: Yaroslav Zhavoronkov <yaroslav.zh@gmail.com> Co-authored-by: Frank Budinsky <frankb@ca.ibm.com> Co-authored-by: ZiyangXiao <ziyang.xiao@intel.com> Co-authored-by: Xunzhuo <mixdeers@gmail.com> Co-authored-by: Xiaopeng Han <hanxiaop8@outlook.com> Co-authored-by: my-git9 <xin.li@daocloud.io> Co-authored-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: Sam Naser <samnaser@google.com> Co-authored-by: 白泽 <patrickjiang0530@gmail.com> Co-authored-by: Anubhav <anubhavaeron@gmail.com> Co-authored-by: Eric Van Norman <ericvn@us.ibm.com> Co-authored-by: Kebe <kebe.liu@daocloud.io> Co-authored-by: kezhenxu94 <kezhenxu94@apache.org> Co-authored-by: Steven Landow <landow@google.com> Co-authored-by: bincherry <53431275+bincherry@users.noreply.github.com> Co-authored-by: Steve Zhang <huailong.zhang@intel.com> Co-authored-by: Karol Szwaj <karol.szwaj@gmail.com> Co-authored-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Co-authored-by: Chen Youxiong <youxiongchen@126.com> Co-authored-by: youchen <youchen@ebay.com> Co-authored-by: Diogo Nicoleti <diogo.nicoleti@gmail.com> Co-authored-by: Costin Manolache <costin@gmail.com> Co-authored-by: dwq <41563853+dddddai@users.noreply.github.com> Co-authored-by: Tong Li <litong01@users.noreply.github.com> Co-authored-by: hottea773 <61781404+hottea773@users.noreply.github.com> Co-authored-by: Faseela K <faseela.k@est.tech> Co-authored-by: stewartbutler <stewartbutler@google.com> Co-authored-by: varks <var.kulkarni@gmail.com> Co-authored-by: Varun Kulkarni Somashekhar <varun.kulkarni@salesforce.com> Co-authored-by: Mark4z <36187602+mark4z@users.noreply.github.com> Co-authored-by: Ying Zhu <ying.zhu@airbnb.com> Co-authored-by: Ingwon Song <102102227+ingwonsong@users.noreply.github.com> Co-authored-by: Alan Wang <ranwang@alauda.io> Co-authored-by: John Mazzitelli <mazz@redhat.com> Co-authored-by: l8huang <l8huang@users.noreply.github.com> Co-authored-by: Rinor Maloku <rinormaloku37@gmail.com> Co-authored-by: Timon Wong <tpwang@alauda.io> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Aakash2017 <aakashshukla@google.com> Co-authored-by: Abirdcfly <fp544037857@gmail.com>
16 tasks
tehlers320
pushed a commit
to tehlers320/istio
that referenced
this pull request
Jul 7, 2023
add benchmarks
2 tasks
2 tasks
antonioberben
pushed a commit
to antonioberben/istio
that referenced
this pull request
Jan 29, 2024
Update Readme for jaeger-operator chart
2 tasks
2 tasks
jewertow
added a commit
to jewertow/upstream-istio
that referenced
this pull request
Jun 3, 2025
2 tasks
16 tasks
2 tasks
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add link to mailing list
This change is