Update reference docs. #5623
Merged
Update reference docs. #5623
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
see #5590 (comment) |
Codecov Report
@@ Coverage Diff @@
## master #5623 +/- ##
=======================================
+ Coverage 73% 73% +1%
=======================================
Files 322 322
Lines 27679 27504 -175
=======================================
- Hits 20163 20062 -101
+ Misses 6724 6651 -73
+ Partials 792 791 -1
Continue to review full report at Codecov.
|
|
Second batch of changes to generate the 0.8 docs. |
- Update to latest version of protoc-gen-docs - Add sorting of debug scopes in pkg/log so that generated docs are consistent. - Update pkg/collateral to generate description: front-matter instead of overview: as per the latest changes in istio.github.io - Update protos to use $description instead of $overview: - Move template examples from appearing on the template message to appearing on the package. This ends up giving a better flow in the generated docs. - Move the location of adapter & template docs into a subdirectory on istio.io for better organization. - Document which template each adapter supports.
hklai
approved these changes
May 16, 2018
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hklai The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@geeknoid: The following tests failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
ozevren
added a commit
that referenced
this pull request
Jun 4, 2018
…9a02d10064d169 (#6019) * Generate inboundPorts for the init container (#5070) * Adde list of container ports to the injected inbound ports * Add support for helm * [test pr] check if 503s and other known bugs are fixed removing the t.Skip() Should fail in CI until we have a fix * prune old version resources that no longer exist (#5107) Automatic merge from submit-queue. prune old version resources that no longer exist * [vendor-change] CloudWatch Mixer adapter (#4617) Automatic merge from submit-queue. [vendor-change] CloudWatch Mixer adapter Adding an adapter to send metrics to cloudwatch * Enable Ingress/Egress gateways in Helm for bookinfo demos (#5120) Automatic merge from submit-queue. Enable Ingress/Egress gateways in Helm for bookinfo demos * Consume labeled multicluster secrets on startup (#5117) Automatic merge from submit-queue. Consume labeled multicluster secrets on startup This patch when run against istio.yaml or istio-auth.yaml runs in the new config mode using only labels rather than configmaps. The configmap functionality can be removed in 0.9. * Add a linter check to make sure types.go are generated. (#5110) Automatic merge from submit-queue. Add a linter check to make sure types.go are generated. addresses https://github.com/istio/istio/issues/4418 * Remove outdated manifests from install/kubernetes (#4882) * Remove orig_ manifests * Remove istio-mixer-validator and istio-mixer-with-health-check manifests * Remove unwanted manifests before archiving * Remove istio-sidecar-injector.yaml from install/README.md * Remove *one-namespace*.yaml from install/README.md * Make helm-generated manifests overwrite updateVersion_orig.sh manifests * Add support for per-metric namespace configuration to prom config (#5112) * Adding CI workflow for checking vendor diff (#5051) Automatic merge from submit-queue. Adding CI workflow for checking vendor diff This aims to help ensure that a PR contains the correct vendor change, by running `dep ensure` and seeing if git detects any changes. * Introduce galley/pkg/server (#4974) Automatic merge from submit-queue. Introduce galley/pkg/server galley/pkg/server implements logic performs both CRD synchronization, along with resource synchronization operations. The resource synchronizers are started/stopped as CRDs (of interest) are added/deleted. * [vendor change] Add metrics command to istioctl experimental cli (#4945) Automatic merge from submit-queue. [vendor change] Add metrics command to istioctl experimental cli This PR adds a new command for retrieving service-level metrics for services within an Istio service mesh. In combination with the `watch` command, this tool may be used to display a rudimentary service dashboard from the commandline. This command requires the deployment of a prometheus instance for monitoring the mesh. It discovers a prometheus pod, establishes a port-forward to that pod, and executes a series of queries to extract the metrics for display. Currently, this command pulls all metrics from the current time, calculating rates and latencies over a time window of 1 minute. In the future, it will be possible to add support for flexible time windows. Example usage (bookinfo example): ``` $ istioctl experimental metrics productpage reviews ratings details productpage: Total RPS: 7.872870 Error RPS: 0.000000 P50 Latency: 40ms P90 Latency: 80ms P99 Latency: 98ms reviews: Total RPS: 7.909235 Error RPS: 0.000000 P50 Latency: 4ms P90 Latency: 9ms P99 Latency: 21ms ratings: Total RPS: 5.309187 Error RPS: 0.000000 P50 Latency: 2ms P90 Latency: 4ms P99 Latency: 4ms details: Total RPS: 7.872870 Error RPS: 0.000000 P50 Latency: 3ms P90 Latency: 38ms P99 Latency: 48ms ``` This tool is intended primarily to aid with debugging, as discovering what is happening with a mesh and/or a particular service can be somewhat cumbersome. Reviewers: please let me know if there is a more appropriate place for such a tool and if there is more/different information that you think is relevant to display for a service. Vendor PR: https://github.com/istio/vendor-istio/pull/58 * unset IFS, minor fix for perf setup (#5124) Automatic merge from submit-queue. unset IFS, minor fix for perf setup * perf setup update: add grafana, misc fixes (#5028) * need git pull --tags to get latest_release movement, use DUR variable for duration * Add grafana ingress Doesn’t work because of mixer/telemetry split yet but almost Also had to disable mtls for grafana - this should be the default * Add annotation for no mtls in helm template * From 0.8 prometheus is already in the yaml See #5111 * Assert requried circle CI envs in ci2gubernator (#5137) Automatic merge from submit-queue. Assert requried circle CI envs in ci2gubernator There has been cases where tests on circle failed when calling ci2gubernator because `CIRCLE_PR_NUMBER` unbound. This PR asserts the existence of the circle ci envs required by ci2gubernator and resort to no op if any of those is not defined. * Add Mixer perf tests that includes the RPC path. (#5013) Automatic merge from submit-queue. Add Mixer perf tests that includes the RPC path. The perf tests included two sets of tests (proper v.s. with _R2 suffix). The tests with _R2 suffix was for testing runtime2 implementation. Now that there is only one runtime, repurposing some of the tests to include the gRpc layer as well. * verify 200 status code in addition to header value (#5163) * Add/Update Mixer e2e tests to cover more attributes sent from Envoy. (#5152) * Add/Update Mixer e2e tests to cover more attributes sent from Envoy. * Fix indent. * Assorted bug fixes for 0.8 (#5133) * assorted bug fixes Signed-off-by: Shriram Rajagopalan <[email protected]> * lint Signed-off-by: Shriram Rajagopalan <[email protected]> * Updated zipkin to 2.7 for istio. (#5155) Automatic merge from submit-queue. Updated zipkin to 2.7 for istio. This is a follow up PR for https://github.com/istio/istio/pull/4726 /cc @ldemailly * fix path for go 1.10 on perf vm (#5168) * Move mixer filter to per_filter_config (#5073) Automatic merge from submit-queue. Move mixer filter to per_filter_config Move the per route mixer filter config from the metadata field to per_filter_config and turn it into a ServiceConfig proto. * Enable test * [vendor change] Add B3 codec to Jaeger tracer to enable mixer trace to be included in… (#5116) Automatic merge from submit-queue. [vendor change] Add B3 codec to Jaeger tracer to enable mixer trace to be included in… … the application trace - and extended zipkin test to check for the mixer span Installs the B3 codec into the Jaeger tracer to enable B3 headers to be understood and therefore associate any spans with the existing application trace. The PR also updates the zipkin e2e test to check that the mixer spans are included in the application trace instance. Once an initial review of the PR has been approved I'll commit the vendor change - using "dep ensure"? Locally this has resulted in a number of dependencies being deleted under `vendor/k8s.io/client-go/`. Signed-off-by: Gary Brown <[email protected]> * remove prometheus from release archives (#5150) Automatic merge from submit-queue. remove prometheus from release archives * Add Galley command-line flags "server" and "purge" (#4977) Automatic merge from submit-queue. Add Galley command-line flags "server" and "purge" Add command-line flags for server and purge commands. * Simplify the auth test Thanks Andra for pointing out that version should fail/work the same as using pod IP directly as the destination container never sees the original cluster IP * adds guard for kube client (#5140) * adds guard for kube client - there may not always be one, especially in the case of CF. - made CF case more explicit * ci2gubernator: stop checking for unset variables * Fix single endpoint pilot ads look up (#5165) * Add an experiment subcommand rbac to istioctl. (#5093) Automatic merge from submit-queue. Add an experiment subcommand rbac to istioctl. The subcommand is used to interact with Istio RBAC policies, this PR adds the basic interface and the actual logic will be added in a later PR. See #4856. * Fixing race test failure in TestAdsEds (#5161) Automatic merge from submit-queue. Fixing race test failure in TestAdsEds introduced by https://github.com/istio/istio/pull/4694 addresses #4235 * v1alpha1 to v1alpha3 rule conversion tool bug fixes and subset merging (#5178) * v1 to v3 conversion enhancements and tests * Handle DestinationPolicy w/o labels * Remove AddJwtAuth (#5194) Automatic merge from submit-queue. Remove AddJwtAuth There is a compile error. # istio.io/istio/mixer/test/client/env ../../../../../mixer/test/client/env/mixer_filter_config.go:167:47: undefined: client.JWT ../../../../../mixer/test/client/env/mixer_filter_config.go:168:21: mfConf.PerRouteConf.EndUserAuthnSpec undefined (type *client.ServiceConfig has no field or method EndUserAuthnSpec) ../../../../../mixer/test/client/env/mixer_filter_config.go:168:42: undefined: client.EndUserAuthenticationPolicySpec ../../../../../mixer/test/client/env/mixer_filter_config.go:169:21: mfConf.PerRouteConf.EndUserAuthnSpec undefined (type *client.ServiceConfig has no field or method EndUserAuthnSpec) Remove AddJwtAuth function. cc @diemtvu * Skip bad routes instead of erroring (#5183) * Skip bad routes instead of erroring Signed-off-by: Shriram Rajagopalan <[email protected]> * nits Signed-off-by: Shriram Rajagopalan <[email protected]> * final nits Signed-off-by: Shriram Rajagopalan <[email protected]> * fix rules * BlackHole with a capital H * validate clusters false Signed-off-by: Shriram Rajagopalan <[email protected]> * Fetch/cache/refresh JWT public key, construct localJwks in sidecar filter config (#5061) Automatic merge from submit-queue. Fetch/cache/refresh JWT public key, construct localJwks in sidecar filter config https://github.com/istio/istio/issues/4917 This PR includes 1. fetch JWT public key, and cache the key. 2. key rotation - a refresher job refresh key periodically. 3. use the key to construct localJwks in sidecar filter config. * Introduce dynamic proto3 encoder (#5122) * WIP commit * Remove dead code * Rearrange code * split code into encoderUtil * Everything except ENUM * use protoc 3.5.1 to ensure json names are generated * expose internal funcs * WIP3. all dynamic and static elementry types. No repeated or packed * support packed static primitive types * use switch in place of if * primitives with eval and packed repeated * all primitives with expressions * add test with enum constants and expressions * add expressions in repeated fields * Refactor 2 * linter checks * fix linter2 * split encoder and builder * rename eval to primitive * add all dynamic tests * Add dependency for messagediff * add full dynamic test * update comment * fix linter error * Update vendor. Add messagediff.v1 for test verification * add all positive tests * improve test coverage * remove updated to lang.compiled * fix linter error * handle float64 inputs for integers * Builder.Build() takes msgName and data * WIP2 * review comments * review comments * rename messagediff to diff * add more tests * Update deps * improve test coverage * add log message while skipping fields * increase test coverage * update dep status * Add more files to gitignore (#5198) * Fix Mixer dashboard CPU reporting (#5145) Automatic merge from submit-queue. Fix Mixer dashboard CPU reporting A previous PR seems to have accidentally removed the "rate" component of the CPU calculations for the Mixer Dashboard. This results in an ever-increasing CPU graph. This PR restores a proper rate-based display for CPU calculation. It also renames the jobs in the Prometheus config to better align with the split from Mixer to Istio-Telemetry and Istio-Mixer (providing easier to understand tracking between cAdvisor metrics and the self-reported metrics. This PR should be cherry-picked onto the 0.8 branch. * fix nil reference error when mock server fails to start (#5216) * [WIP] refactor bookinfo to use different gateway definitions for envoy v1/routing v1alpha1 and envoy v2/routing v1alpha3 (#5113) * restrict the tests to either v1alpha1 or v1alpha3 * move applying defaultRules into setUpDefaultRouting * extract Ingress (Gateway) definition from bookinfo.yaml it is different for v1alpha1 and v1alpha3 * make the gateway rule first in defaultRules, so it will be applied first * fixed wrong variable names in mixer tests * fixed the location of bookinfo gateway yaml * fixed wrong variable in mixer test * add missing spec and name to destination-policy-reviews * remove comment line in samples/bookinfo/routing/bookinfo-gateway.yaml * add port 9080 to the new bookinfo gateway * remove using a special destination rule for reviews * refactor GetIngress to make it reusable for GetIngressGateway extract functions for getting Kubernetes Ingress and NodePort * remove a shadowing variable * refactor GetIngressPod, add GetIngressGateway * add IngressGateway() to framework Kube * added using IngressGateway() of framework Kube in bookinfo e2e tests * use load balancer ingress IP to get the IP of the nodeport * use ingress IP for nodeport * remove commented out line * fixed getting the ingress as the IP for a NodePort * Revert "fixed getting the ingress as the IP for a NodePort" This reverts commit 594e58d9ae9d7eb4374979b21795f0a945abdc3d. * Revert "use ingress IP for nodeport" This reverts commit 333b80f92e12aef938b8ef8d576074c8a3a2ab57. * Revert "use load balancer ingress IP to get the IP of the nodeport" This reverts commit 3c138e4819bc5cc41f3e74b9f4fd6371c103bbe8. * add generate_yaml-envoyv2_transition_loadbalancer_ingressgateway to generate istio configurations without ingress and with ingressgateway as a LoadBalancer service * use generate_yaml-envoyv2_transition_loadbalancer_ingressgateway in test/local/noauth/e2e_bookinfo_envoyv2 * added LoadBalancerServiceType and NodePortServiceType constants * rewrote the ingress related logic use LoadBalancer type for non-local and NodePort for local tests * lint fixes * fix lint errors * *sync.Locker -> sync.Locker, use interface instead of a pointer to interface * refactor: extract getServicePort() from getServiceNodePort() * add isKubernetesIngress flag to tests/util.GetIngress() * fix the destination port in the virtual service of the gateway * Revert "add isKubernetesIngress flag to tests/util.GetIngress()" This reverts commit 8dbe13cc4b0d69c0790a96c1d82c749a2c91dcae. * set different retry values for LoadBalancer and NodePort according to the original implementation * fix logging message * fix a typo * Introduce pkg/ctrlz, Istio's introspection package. (#5123) * Introduce pkg/ctrlz, Istio's introspection package. Processes that integrate with ControlZ open up a port that enables operators to connect with a web browser and interact with the process. Through the browser, the operator can adjust logging scope levels, see the process' command-line arguments and envirinment variables, see statistics about heap use, and more. Integration with ControlZ is nominally two line deal for processes. Optionally, processes can extend the base ControlZ UI and integrate their own screens into the main UI. In addition to the browser interface, there is a REST API enabling access to all the same things that the UI shows. Mixer is integrated with ControlZ but doesn't currently have custom UI. We should integrate ControlZ with our other server components in due time. * Add myself to owners. (#5039) * pod Ip is actually required Service vip doesn’t exist for non existent port and we need a non existent port to get the bad routing behavior * Expose image of each istio component for istio chart. (#5222) Automatic merge from submit-queue. Expose image of each istio component for istio chart. Make `image` for each Istio component be configurable. This is useful in case that users build or retag Istio image. /cc @gyliu513 @linsun @sdake * Undoing accidental merge to master * Adding zone/region node labeling if missing (#5164) * Fixing missing INSTANCE_IP * Fix yaml error * Rename v1alpha3.ExternalSerivce to v1alpha3.ServiceEntry (#5195) * first pass renaming v1alpha3.ExternalSerivce to v1alpha3.ServiceEntry * rename ServiceEntry.Discovery to ServiceEntry.Resolution * update vendor to latest istio/api * fix cloudfoundry copilot e2e test (#5188) * initial changes to fix both pilot endpoints * they now should be curl'ing the right things properly booting an envoy with dynamic template now new port name for building listeners Include port for Cloud Foundry services * Building listeners now requires named ports. * always run cloudfoundry tests * moves cloudfoundry circleci test to own run * adds cloudfoundry test to all * want to just use default env vars * need GOPATH/bin on path for envoy * switch to defaults which uses da container * disable zipkin test in pilot * add missing clusters to ads mesh response (#5221) * e2e test for JWT authn policy (#5144) Automatic merge from submit-queue. e2e test for JWT authn policy https://github.com/istio/istio/issues/5078 1. JWT token used here expires in year 2132 (borrowed from https://github.com/istio/proxy/blob/master/src/envoy/http/jwt_auth/sample/correct_jwt). 2. will add another e2e test for fetching JWT public key scenario after https://github.com/istio/istio/pull/5061 is in. * Set listeners h2 max streams to override nghttp2 client default of 100 (#5232) Automatic merge from submit-queue. Set listeners h2 max streams to override nghttp2 client default of 100 Reference issue: https://github.com/envoyproxy/envoy/issues/3076 Signed-off-by: Kuat Yessenov <[email protected]> * Enable ControlZ to fetch the current process' known logging scopes. (#5245) Automatic merge from submit-queue. Enable ControlZ to fetch the current process' known logging scopes. * Add more parameters to sidecar injector helm template (#5044) Automatic merge from submit-queue. Add enableCoreDump and policy parameters to sidecar injector helm template * Fixing fallout of renames in earlier commit + restore auth for e2e-simple on circle (#5241) * Fixing fallout of renames in earlier commit * Re fixing lost fix that e2e-simple should run with auth Technically it should run with both auth and no auth like on prow but if it runs only 1 mode it should be with auth * follow output log pattern for cloudfoundry e2e test (#5234) - and tee to a new file so it doesn't overwrite * bootstrapv2: Stop using deprecated cluster_names (#5225) Using cluster_names in GRPC resource config is deprecated: https://github.com/envoyproxy/envoy/commit/ad02e4ac036be359c435d33c987501477c648020 Signed-off-by: Romain Lenglet <[email protected]> * Address a few causes of Gateway/Filterchain failures (#5185) * Sort HTTP route virtual hosts before sending listeners to Envoy. Listeners with multiple filter chains containing HTTP filters require that the HTTP filters have consistent ordering due to how Envoy computes updates. * don't respond with empty listeners * address review comments * fix linter * linters, once more * use configurable paths for envoy and envoy config locations (#5248) * re-add istioctl unit tests to Makefile (#5205) * re-add istioctl unit tests to Makefile https://github.com/istio/istio/pull/3820 moved istioctl out of pilot subdirectory but forgot to re-add istioctl unit tests to top-level Makefile. Fix that problem and also the currently broken tests. * add missing test data * return an error when Envoy fails to start (#5251) mixer and backend should also do this, but that involves slightly more work. * change bookinfo test to use helm install (#5114) * add helm testing * adding a few supporting methods for helm * test: modify to invoke helm install * Revert "test: modify to invoke helm install" This reverts commit 0083f3c361acba49700a8a20e03b6cffab9c27f1. * adding a few function to install tiller * add pod name in log * customize values for helm install * try enable helm installer * change to the right time * fix build issue * fix build issue * set correct helm path and params * fix e-2-e error in helm dry run * use the correct install dir * use the correct namespace for the testing * Pilot crash in pushEDS function (#5266) * Crash fix * Adjusting the fix * check in https://github.com/istio/istio/pull/5238 to 0.8 branch (#5261) Automatic merge from submit-queue. check in https://github.com/istio/istio/pull/5238 to 0.8 branch check in https://github.com/istio/istio/pull/5238 to 0.8 branch, which is required for jwt authn policy to work in v2. * fix bookinfo v1alpha3 version migration test (#5224) * added printing unexpected version in version migration tests * print the diffs with the compared versions in case migration test fails * apply default rules after every bookinfo test in v1alpha3 there is no rule precendence, a new rule just deletes the old one there is no possibility to have two rules on the same host * apply all the default rules instead of only allRule after each test * Merge circleci fix from master (#5313) * hostname assign error (#5285) * Crash fix * Adjusting the fix * fixing Hostname assignement * Fix collateral from the change * Adding inbound to if * Enable mTLS for pilot e2e tests (#5268) * Enable mTLS for pilot e2e tests * Change generate_yaml-envoyv2_transition to output to istio-auth.yaml as test is in auth enabled mode * Add grpc ports to containerPort list as inboundPorts are limitted by these since https://github.com/istio/istio/pull/5070 * Disable rbac e2e test as it crash when authn enabled. * Disable egressgateway when mTLS enable. * Use consul node address as a backup when filtering service instances (#4195) * Fix error when running minikube (#4502) There will be error like this if this field is missing: Object 'Kind' is missing in ... * Delete custom resources before uninstalling chart. (#5279) * Improve the script to generate jwt (#5297) * Fix doc * Revert code change to pass test * Make metrics command ready for web scale. (#5289) This change makes the output denser and easier to read. Example usage (bookinfo example): $ istioctl experimental metrics productpage reviews ratings details SERVICE TOTAL RPS ERROR RPS P50 LATENCY P90 LATENCY P99 LATENCY productpage 7.873 0.000 40ms 80ms 98ms reviews 7.909 0.000 4ms 9ms 21ms ratings 5.309 0.000 2ms 4ms 4ms details 7.873 0.000 3ms 38ms 48ms Signed-off-by: Piotr Sikora <[email protected]> * prevent mixing istio-ingressgateway and istio-ingress in proxy config (#5326) * use env.Mesh.IngressService instead of hardcoded string * add definition of IngressService to the mock mesh in the proxy config test * add dot to prefix comparison of Ingress Service * Update proxy sha to latest in release-0.8 (#5314) * Update proxy sha to latest. * update to newer proxy sha * Include bookinfo gateway definition into upgrade e2e test. (#5316) * Add all circle ci tests to testgrid (#5184) * use client-go's default client config loading rules (#5336) * Fix egressgateway e2e test when mTLS enable. (#5333) * Change service entry for egressgateway to b, which is in the mesh, so that test works when authn is enabled. * Disable mTLS for service t so it can be used as fake external service. * Add missing policy yaml. * Add comment to explain the purpose of authn policy for egressgateway test. * Revert accidental revert. * Correct fix: disable mTLS for egressgateway instead. * Correct authn policy yaml file. * Correct policy target name. * bugfix: tracing operations for mixer sidecar (#5362) * Update envoy_telemetry.yaml.tmpl * Update envoy_policy.yaml.tmpl * disable flakey controller cache tests (#5337) Signed-off-by: Shriram Rajagopalan <[email protected]> * Fix v1alpha3 abort rule not working in task (#5366) * Disable rbac e2e test. (#5374) RBAC consistently failed for days - the other tests were broken in post-submit as well * eds: Hold lock for iterating on EDS clusters for logging (#5373) Fixes: https://github.com/istio/istio/issues/4903 Signed-off-by: Romain Lenglet <[email protected]> * Fix mesh expansion, add the v2 ports (#5312) * re-add flags for consul and eureka until these fields can be set by config/file (#5339) * Revert 'enable auth on the noauth test' (#5378) * Test and more bug fixes. (#5127) * Test and more bug fixes. Adding more coverage to the local tests showed that mixer can break listeners in some cases - this is a P0, we shouldn't cut release until this is in. * Remove select used for debug, too verbose message * Fix lint, format. Add few metrics on rejected configs * More debug/monitoring help * More testing and debuggability. Refactored the cluster method to allow more info in the message and simplify * Update timeout * More varz, fix lint/race * Move controller test out, seems to be interfering with the other tests * Use default timeout, add the moved controller_test * If AuthPolicy is MTLS, use the MTLS port * remove api section from istio.deps (#5375) No code change, needed to fix the branch. * Attempt to capture periodic/flaky/etc in testgrid (#5386) Branch fixing, no code change. * Per-port Destination rules and fault injection (#5055) * update Go control plane Signed-off-by: Shriram Rajagopalan <[email protected]> * enabling fault injection Signed-off-by: Shriram Rajagopalan <[email protected]> * per port destination rules Signed-off-by: Shriram Rajagopalan <[email protected]> * clearer log message Signed-off-by: Shriram Rajagopalan <[email protected]> * update proxy sha Signed-off-by: Shriram Rajagopalan <[email protected]> * update proxy sha again * dep ensure * fix tests * fix nil map * format * dep ensure * update proxy SHA Signed-off-by: Shriram Rajagopalan <[email protected]> * nit Signed-off-by: Shriram Rajagopalan <[email protected]> * fix buildprotostruct Signed-off-by: Shriram Rajagopalan <[email protected]> * more struct conversion errors Signed-off-by: Shriram Rajagopalan <[email protected]> * lint * fix up service entries * enable auth for test/local/noauth/e2e_bookinfo_envoyv2 * enable egress tests for test/local/noauth/e2e_bookinfo_envoyv2 * dep lint fix * fix validation Signed-off-by: Shriram Rajagopalan <[email protected]> * fix * update istioctl tool for new ServiceEntry.Addresses field * add generation of istio-auth.yaml to generate_yaml-envoyv2_transition_loadbalancer_ingressgateway Makefile target * Revert "enable egress tests for test/local/noauth/e2e_bookinfo_envoyv2" This reverts commit a39da0e34446c4107e21957231c3bda6a9398492. To debug it and to handle it in a separate PR. * Wildcard hostnames (#5363) * Add Hostname type to describe hostnames, and use it in Pilot's model. This will be used to provide structure for logic for hostname matching. * Implement Matches for hostnames, with support for wildcards. Update string->model.Hostname in a few places I missed. * fix a bunch of tests I missed on the first pass * Add host matching of the hosts exposed by a server on the hosts exposed by a virtual service. We skip the VirtualService if its hosts aren't matches of the server's hosts. Downgrade some noisy logging. * roll back stuff touching v1alpha1 * make the linter happy * implement sorting of hostnames, use it to determine best matches when getting destination rules for a hostname * fix linter errors * fix build failure due to bad merge * make sure *.foo.com does not match foo.com * doh, fix my own tests * add some test cases for 'odd' wildcards, e.g. *foo.com * rebase and fix conflicts * another set of merge conflicts * revert bad merge * one more bit I missed * Correct authn flags for pilot v2 e2e test. (#5394) Test infrastructure problem, no code change. * We shouldn't swallow errors without a trace (#5207) * Change number is expected to be an int (#5396) Fixing test infra, no code change. * allow 'istioctl get gateway' etc (#5395) * This PR broke mixer as its CRs were getting deleted after getting published to kubernetes config server. (#5397) Revert "Delete custom resources before uninstalling chart. (#5279)" This reverts commit d266a5ce4bb16d25867b3e145399a7f61e58739c. * Enable e2e test for mTLS enable via authn policy for both Istio install mode (enable/disable mTLS by default). (#5385) * fix incorrect upstream tls context generation (#5387) Signed-off-by: Shriram Rajagopalan <[email protected]> * Update istio.io/api dependency. (#5388) * add root CA bundle and use it for making https request in pilot (#5368) * add root CA bundle and use it for making https request in pilot * address comment - rename to secureHttpClient * let test pass if mock server fails to start (#5317) add logging/increase retry times when mock server fails to start * Add mixer tests for the Istio authn filter (#5267) Add the following Mixer tests for Istio authn filter - Test when requiring JWT for peer and binding to peer, the authn attributes in the actual check and report calls match those in the expected check call - Test when requiring JWT for peer and binding to origin, but no method specified in origin policy, the request will be rejected by Istio authn filter. - Test when when requiring JWT for origin and binding to origin, the authn attributes in the actual check and report calls match those in the expected check call. - Test when requiring JWT for origin and no binding to origin, the authn attributes in the actual check and report calls match those in the expected check call. - Test when the HTTP request is rejected by the Istio authn filter for peer JWT authentication, the response code and the response message is as expected. - Test when the HTTP request is rejected by the Istio authn filter for origin JWT authentication, the response code and the response message is as expected. - Test when the Istio authn filter requires mTLS for peer connection, the non mTLS connection is rejected and the response code and the response message are as expected. - Test when the Istio authn filter requires TLS for peer connection, the non TLS connection is rejected and the response code and the response message are as expected. * re-enable the rbac e2e test in e2e_pilot and e2e_pilotv2 (no auth). (#5402) * Enable rbac e2e tests. It's fixed in #5397. * Also enable rbac e2e for test/local/noauth/e2e_pilotv2. * Specify --rbac_enable=true explicitlly. * Use v2 in ingressgateway, pilot, mixer. Cleanup. (#5401) * Use v2 in ingressgateway, pilot, mixer. Cleanup. * Add v2 to egress, consistent pull policy * Revert pull policy default * Missed a go, found by the test * Cleanup circle zombies (#5399) * Cleanup circleci jobs: remove zombies * Move cloudfoundry test around, better capture output in dashboard Move cloudfoundry to tests * conversion to junit in makefile * istioctl convert-networking-config Ingress to Gateway (#5411) * istioctl convert-networking-config Ingress to Gateway * Remove whitespace for lint * Don't shadow err var * Don't try to improve MergedGateways output * Use the new ingressgateway selector * Revert "Add mixer tests for the Istio authn filter (#5267)" (#5426) This reverts commit 2099c15597780ae99d511274c091a746b0464feb. * Change Istio CA to Citadel in README. (#5318) * Update proxy sha (#5463) * Change GKE version from 1.9.6-gke.0 to 1.9.6-gke.1 (#5460) 1.9.6-gke.0 is not available in GCP anymore, 1.9.6-gke.1 should be used instead. Currently, GCP DM deployment fails with following error: istio-cluster: {"ResourceType":"container.v1.cluster","ResourceErrorCode":"400","ResourceErrorMessage":{"code":400,"message":"Version "1.9.6-gke.0" is invalid.","status":"INVALID_ARGUMENT","statusMessage":"Bad Request","requestPath":"https://container.googleapis.com/v1/projects/aburnos-kube-playground/zones/us-central1-a/clusters","httpMethod":"POST"}} * Add dns lookup family to the clusters (#5447) * add setting dns_lookup_family to v4_only required due to https://github.com/envoyproxy/envoy/issues/3306 in v2, the default value of dns_lookup_family changed from v4_only to auto * enable bookinfo egress tests for v1alpha3 * Revert "enable bookinfo egress tests for v1alpha3" This reverts commit 1c9d5422177d8f271c230c0fff8b9ab4b2559cb3. * Fix fault rule versions (#5471) Force merging because test failure unrelated to this change. * Revert incorrect change to fault rules (#5476) Undoing previous incorrect fix * enable mtls for ingressgateway loadbalancer istio-auth.yaml (#5405) * Remove expected error message check from test, as the message could be different depends on platform. (#5461) * Cloud Foundry service registry now supports internal routes (#5427) * can now use two envoys in same test - made proxy ports and additional http service are optional (we don't always need them) - simplifies the bootstrap template from for the CF test but can be used in other cases and is easier to read for first timers who just need dynamic discovery to happen * Bump cloudfoundry/copilot * Cloud Foundry registry supports internal routes - requires a iptables DNAT rule in our container to redirect a VIP to the physical envoy port * Fix log processing (#5485) We are missing logs in test-grid, no code change. * Fix duplicate key on helm ingress/deployment.yaml template (#5468) No code change. * Fix IPv6 iptables. (#5341) * refactor secret controller (#5445) * refactor secret controller * Removing secret bootstrap code * Race tests and more metrics around events from k8s (#5389) * More metrics, periodic push on by default * Fix the race - merged from a separate PR, to get the test passing * Finally reproduced and fixed the close race condition * Use a different ip for each test client. Fix lint * Improving the test, trying with larger numbers * Tests show another potential block, when a (broken) client is not reading. Add code to handle * Proper timeout on write * Bring the ads/eds tests to match old eds tests, refine the corner case checks * Improve hermeticity * Even more hermeticity, tests should not use same address so they can be run in parallel * Add metrics for push * Another pair of tests interfering with each other * Finally found the test flakiness problem, failing to close connections in previous tests * Fix the mixer test problem and add back the reverted authn mixer tests (#5458) * Fix the mixer test problem and add back the reverted authn mixer tests - Existing mixer tests have a problem that if multiple mixer tests run in parallel, they may cause the Envoy to crash and the failure of istio unit tests. This PR fixes such mixer test failures. - With the above mixer test problem fixed, this PR adds back the reverted authn mixer tests, which are reverted due to the aforementioned mixer test problem. * Change the code of removing the parallel running * Explicitely prohibit parallel running of the tests * Add one more flag * Add one more flag * Check the go version * Move mixer tests ahead to observe the result sooner * Enter/exit mixer directory * Place the mixer tests to its original place in Makefile * Add disable-hot-restart option for Envoy and disable hot-restart for new Mixer tests * Revert the changes to Makefile * Update proxy sha with stripped binary (#5482) * envoy_bootstrap_fix (#5450) * Create correct log dir for CloudFoundry pilot test (#5520) build change, not affecting the failed tests. * CKI-3 Use template variable for access log (#5501) * remove TLSClientConfig setting for httpclient (#5522) * Create CA certs and make citadel run with designated certs in multi-cluster (#5512) * Add bin/dump_kubernetes.sh which outputs logs and resource config YAML to a directory (#5422) * Dump resources into one large yaml * Also dumps previous logs * Add secrets and configmaps to resource dump * Do not create empty files * Move to bin/ * Rename dump.sh -> dump_kubernetes.sh * Check resource count for previous rather than ignoring errors * /bin/sh -> /bin/bash * Limit line length to 80 characters * Use `readonly` with global constants * Use local variables - declaration and assignment must be split in command substitutions * Add usage and parse_args function * Add quiet option * Use error for check_prerequisites * Add main function * Add dump_time * Pluralize ingress -> ingresses * Add events to dump_resources * make dumpsys calls bin/dump_kubernetes.sh * Add archive flag to make .tar.gz * `make dumpsys` OUT_DIR/{logs -> dump} * `make dumpsys` revert removal of tests directory * Update mixer service port names to use http/2 (#5530) * mixer: bind gRPC API locally to 9092 and use proxy on 9091 (#5370) * ignore and remove git history file (#5506) * Fix a DestinationRule for the bookinfo egress test (#5467) * enable bookinfo egress tests for v1alpha3 * name -> host in DestinationRule * helm lint check (#5406) * Use the global image pull policy in the configmap (#5465) * Make Kube Pod cache log line more helpful (#5256) * helloworld example does not include '-n istio-system' in commands for finding host:port (#4213) * enable rbac test for auth/e2e_pilotv2 (#5544) * CKI-3 Don't call DumpResponse when res is nil (#5494) Unrelated test failure. * Correct contaienr port of netcat server. (#5548) * Make DNS names case-insensitive (#5528) * Launch pilot locally failed for my kube config (#5558) * use namespace as chart name so it is unique * Revert "use namespace as chart name so it is unique" This reverts commit c144eeb9634461e7a6130031a3e8379e2556e155. * fix for #5507 launch pilot discovery failed https://github.com/istio/istio/issues/5507 * use namespace as chart name so it is unique (#5349) * Turn off logging for AZ as it is not in scope for 0.8 (#5562) * Create client using mechanism of PR 5300 (#5563) * Update api sha to release0.8 latest. (#5464) * Update api sha to release0.8 latest. * Change branch * Update Gopkg.toml too * Updated some files * update digest * Use port number instead of port name in CDS, EDS (for v2 only) (#5543) * Use port number instead of port name in CDS, EDS (for v2 only) Also fixes issues such as inability to route from one service to another, inability to rewrite destination port (80->443). Signed-off-by: Shriram Rajagopalan <[email protected]> * lint fix * fixes for consul unit test * bug fixes for external service registry and unit tests * lint fix * update destinations to use port number instead of name * bug fix for eds_test * bug fix for xds test * ads fixes * use service port for default clustername if service only has one port defined * gateway use common cluster name building function * lint fix * defaultPort->listenerPort review comment * cloudfoundry patch * revert to remove cf debug lines * lint fix * lint fix again * lint fix grumble grumble * set max_concurrent_streams to 1073741824 (#5570) * Buid, packaging, script fixes. (#5533) - update deb to v2 (no point in shipping a v1 deb, users can stick with 0.7 while upgrading) - fix iptabes - it was not cleaning up properly - fix istio-start - cp policy not matching the env - added test programs to the deb-test docker Also fix the base image for pilot to match that of the v2 sidecar, debugging is more useful at this point and we are not saving any disk. We can make a different option for 1.0 if nobody needs debugging, but we're not there. Also cleaned up a bit the build for the deb/docker. * V1 - set h2 max_concurrent_streams to 1073741824 (#5572) * use http_settings{MaxConcurrentStream: 1073741824} instead of feature=http2 * update golden images * Fix setting empty CA certificates field in gateway (#5560) * fix setting empty CA certificates field in gateway Similar to the handling in https://github.com/istio/istio/blob/release-0.8/pilot/pkg/networking/core/v1alpha3/cluster.go, applyUpstreamTLSSettings(). Empty CA certificates field causes Envoy to crash in validation - Envoy requires non-empty CA certificates string. Also Envoy requires non-empty TrustedCa struct * remove unneeded local variable * add a check that trustedCA is not nil * Update proxy to have raw JWT claims. (#5561) * Update proxy. * Fix mixer client test * attemp to fix 5564 - consistent way to create k8s client (#5566) * use namespace as chart name so it is unique * Revert "use namespace as chart name so it is unique" This reverts commit c144eeb9634461e7a6130031a3e8379e2556e155. * fix for #5507 launch pilot discovery failed https://github.com/istio/istio/issues/5507 * pilot/cmd/pilot-agent/main.go * clean up create interface * adding create Interface * fix lint error * fix unit test error * use clientcmd.BuildConfigFromFlags instead * simplify to use clientcmd.BuildConfigFromFlags * more switch to use clientcmd.BuildConfigFromFlags * address nit * correct lint err * Fix proxy config command for ingress, egressgateway and ingressgateway (#5575) * Define request.auth.claims (#5550) * add request.auth.claims attribute, regenerated attribute list * make request.auth.claims a STRING_MAP * Update_Dependencies (#5583) * Fixes for mesh expansion (#5573) * Mesh expansion doesn't handle internal ServiceEntries * More testing, finish up fixing ServiceEntry * Fix the test, add a test for the real use of the method * IMPORTANT: fix a bug in k8s selection by port. ByName is selecting the port using the name key - in the new function we still need to use the name of the service port to find the associated endpoint port (which may be different) To make the code more clear and avoid simiar issues - make the method take a single int param, there is no use in current code for multiple ports. Also add a way to specify the AZ for raw VMs, which was broken. * Fix build * Add regression test, fix remaining tests * Remove redundant config, deal with eventual consistency * Remove unused method * Change default to 60 sec push (#5593) Race test not related. Prow tests seem to pass but the job failed somehow. * Change envoy to default to log level warn #5559 (#5597) * use namespace as chart name so it is unique * Change envoy to default to log level warn #5559 * fix the bookinfo v1alpha3 test Makefile target name (#5448) * Add starting watchers for dynamically added remote clusters (#5541) * Initial fix of dynamic remote cluster configuration * Fixing Linting errors * Addressing comments part 1 * Adding Run of the dynamically created controller * Adding AppendServiceHandler AppendInstanceHandler * Add ClearCache callback when new controller starts * Additional cleanup * Rebasing to updated release-0.8 * Revert lock * Restoring Lock * Addressing comments * Fixing lock * Addressing comments * Reverting locks * Fix envoy binary used for tests on Mac (#5556) Download darwin binary when running on darwin. Since #5450 only linux binaries were downloaded (as GOOS defaults to `LOCAL_OS`). Co-authored-by: Jan von Loewenstein <[email protected]> * Adding files after running dep ensure. * Add more info to accesslog.logentry instance for telemetry (#5252) * Add more metrics to collect data in stackdriver logentry * Update severity in config.yaml to Info as otherwise with Default it shows up as null in bigquery tables. Updated labels in testdata/config/stackdriver.yaml too * Added HttpMapping to be filled in accesslogentry. Also added sentBytes and receivedBytes metrics in accesslogentry * Fix formatting in log.go * Fix lint error in log.go * Fix tee error resolving in false negative for some test jobs (#5601) * Fix indentation in makefile * Fix tee issue by creating test dir * Move to phony target * Fix typo * Disable upgrade test since it is flaky and noisy. (#5627) * Disable upgrade test since it is flaky and noise. * Fix linter * allow users to use node port for istio ingress without producing another service for lb (#5610) * use namespace as chart name so it is unique * allow user to configure istio ingress service type * allow user to specify lb ip for gateway * use the new format * fix pre-allocating slice capacity (#5585) * add support for secretVolumes in the deployment of ingressgateway (#5607) * remove generate_yaml-envoyv2_transition_auth, use generate_yaml-envoyv2_transition (#5602) * Provide default requested resources for cpu/mem for sidecar (#5584) * Added resources limits and requests to both automatic sidecar injector and the manual injector (istioctl) configuration * Removed the requested resources limits which probably cause tests to fail due to lack of resources * Removed unused global securityEnabled flag and corrected MTLS set (#5636) * error when filters cannot be marshalled (#5596) skip listener when filters cannot be marshalled * Examples should use current rule types (#5640) * Add ctrlz to Pilot (#5625) * Add Ctrlz support to Pilot (discovery & agent). This is a straight-up integration of CtrlZ to Pilot. * Fix linter issues. * Attach ctrlzOptions to serverArgs right after attaching cobra flags. * Revert agent changes. * Protect against nil CtrlzOptions in args. Test code will call server without setting this. * Dump pilot configuration from dump_kubernetes.sh (#5630) * Add pilot debug info in the dump * Add to release archive * review comments and linter issues * Istio fails to upgrade from 0.7.1 to 0.8 (#5635) Fixes: #5633 * Update to latest istio/api. (#5645) * Test fix for changes in Duration struct * Generate junit reports for all e2e jobs in Prow presubmit (#5567) * Fix e2e egress httpbin.org tests (#5637) * Fix pilot e2e tests to match httpbin.org's new format * Make lint happy * Match case-insensitive * Turn down k8senv adapter logging (#5649) * Add binding address support to ctrlz. (#5613) * More pre-release fixes cleanup (#5616) * Use the logging package, and add ctrlz to control logging * Fix TLS mode for mesh expansion, use common logging config * Revert accidental mixer change * format * type * Update makefile default from 05, add comments * Revert ctrlz, Oz submitted separate PR * Linter seems to dislike log, renamed the field to avoid confusion * Update reference docs. (#5623) - Update to latest version of protoc-gen-docs - Add sorting of debug scopes in pkg/log so that generated docs are consistent. - Update pkg/collateral to generate description: front-matter instead of overview: as per the latest changes in istio.github.io - Update protos to use $description instead of $overview: - Move template examples from appearing on the template message to appearing on the package. This ends up giving a better flow in the generated docs. - Move the location of adapter & template docs into a subdirectory on istio.io for better organization. - Document which template each adapter supports. * ALPN upgrade to http/2.0 (#5618) * Set h2 protol options * fix lint error * Only upgrade traffic within mesh. Announce ALPN if cluster is h2 * update comment * Use jaeger for zipkin service (#5656) * Switch from openzipkin to jaeger for zipkin service * Expose ui port on port 80 for zipkin service * Add e2e_mixer tests for v1alpha3 (#5417) * Add e2e_mixer tests for v1alpha3 * Review comment fixes * Remove check for external service, not required * Fix merge damage * Fix merge damage * Fix bug with listener type logic * Fix another instance of bad listener type logic * Disable TestIngressGateway503DuringRuleChange test * Add a default secure ingress volume (#5634) * add a default secure volume * change ingress to ingressgateway in ingressgateway's secret volume values * As discussed, generate an easy-to use for demo config (#5653) * Cleanup for generated configs * File still used by test. * More unmaiantained old files. * mixer: add dispatcher scope (#5621) * Add dispatcher scope Signed-off-by: Kuat Yessenov <[email protected]> * silly linter Signed-off-by: Kuat Yessenov <[email protected]> * Release-0.8: update api sha (#5655) * Limit logging response body to 512 bytes (#5505) * CKI-3 Suppress logging response body, if ... it is 10k long or longer. * Use fhttp.DebugSummary instead of conditional Co-authored-by: Jan von Loewenstein <[email protected]> * Fix formatting Co-authored-by: Jan von Loewenstein <[email protected]> * Use access log configuration in template and (#5496) Use access log configuration in template and write ... access log to a fixed file in /tmp to avoid permission problem on MacOS with /dev/stdout. Also make envoy access log configurable in TestSetup. Co-authored-by: Jan von Loewenstein <[email protected]> * Fix missing kubeconfig issue in daily release (#5688) * R0.8 (#5697) * Disable TCPMixerFilter tests. * Disable one more test. * Fix lint errors. * Fix lint errors. * Quick fix for istio gen-deploy. (#5674) * Quick fix for istio gen-deploy. The helm feature never really worked, we'll edit the values.yaml instead. Feature selection doesn't work and probably never really worked. What remains is a minimal helm template renderer, with one optional values.yaml * linter fix * Release-0.8: Update proxy sha (#5658) * Finish Span when dispatch completes. (#5693) * Don't bypass mixer report to mixer e2e. (#5695) * Updated README.md to match changes in istio-proxy container template. Fixes #5662 (#5663) * Make istioctl get/delete case insensitive by converting arg to lowercase (#5702) (#5708) * fix version for debian in dailies (#5698) * fix version for debian in dailies * check for alphabets at start of line * Update istio.mk * Update istio.mk * Update istio.mk * Update istio.mk * Temporarily disable mixer filter in gateway (#5718) Flaky v1 tests * ServiceEntry supports unix domain sockets (#5545) * ServiceEntry supports unix domain sockets Signed-off-by: Spike Curtis <[email protected]> * Fix debug MemServiceDiscovery.Instances() to accept port names Instances() is an interface and we should not modify its meaning, even in debug/test code. This fix reverts some of #5543 which broke looking up ServiceInstances by port name on the MemServiceDiscovery adapter. It returns the existing tests to using the correct v1 style naming for clusters. Signed-off-by: Spike Curtis <[email protected]> * Include helm chart option for installing jaeger specific services (#5670) * Add option for enabling jaeger specific services Signed-off-by: Gary Brown <[email protected]> * Renamed chart from zipkin to tracing * Move UI service outside jaeger specific services * Fix istioctl output format issue. (#5707) * Make istio-citadel toggable in helm like all other components (#5675) * add raw_claims to attribute manifest (#5738) * Automatically clean up old CA resources (#5736) * Clean up old CA resources. * Small fix. * Revert "ALPN upgrade to http/2.0 (#5618)" (#5684) This reverts commit 885ed99276df7a34bcb8e15cc3547b0aa18b4b6d. * Add prefixed based routing to Cloud Foundry (#5717) * Update copilot API Co-authored-by: Utako Ueda <[email protected]> * Add prefix-based routing for CF Co-authored-by: Utako Ueda <[email protected]> * Copilot: cache destination rules Co-authored-by: Utako Ueda <[email protected]> * Extract bootstrapping from copilot snapshot test Co-authored-by: Utako Ueda <[email protected]> * linting fix Co-authored-by: Utako Ueda <[email protected]> * removes invalid map type Co-authored-by: Utako Ueda <[email protected]> * Update CF service discovery to use hashed labels Co-authored-by: Utako Ueda <[email protected]> * Fix xDS failures calculation in pilot dashboard (#5690) * Remove unnecessary webhook script (#5493) Version 0.8 migrated to a helm based installation of the automatic sidecar injection, thus making this script irrelevant * Make injector-config-map top level - always installed (#5722) * error out for emitTemplate * Move sidecar-inject-config map to top level * rename sidecar-injector dir to sidecarInjectorWebhook * update hook to before creation, hook-succeeded does not work * restore inject.go * fix test path * move injector params inside global.proxy * set default resource limits * add imagename to sidecarInjectorWebhook * Added missing CRDs so that they can be managed by Helm (#5750) * Fix tracing addon missing issue in release package. (#5748) * Enhance debug logging for Mixer grpc methods (#5743) * Fix major issue with List (#5737) * Fix major issue with List - any invalid object invalidates the entire list * Fix key name, remove verbose log * Format * Dump CRDs explicitly (#5719) * Call `set_download_command` unconditionally (#5665) Co-authored-by: Jan von Loewenstein <[email protected]> * SNI header based forwarding for HTTPS ports (#5715) * sni forwarding for https ports Signed-off-by: Shriram Rajagopalan <[email protected]> * lint Signed-off-by: Shriram Rajagopalan <[email protected]> * nit * exclude empty IP 0.0.0.0 when populating routes, otherwise there are duplicate domains * fix wildcard comparison Signed-off-by: Shriram Rajagopalan <[email protected]> * format Signed-off-by: Shriram Rajagopalan <[email protected]> * skip passthrough for TLS termination Signed-off-by: Shriram Rajagopalan <[email protected]> * tests Signed-off-by: Shriram Rajagopalan <[email protected]> * cleanups and mtls on gateway Signed-off-by: Shriram Rajagopalan <[email protected]> * add extra check to verify requests go thru egress gateway * fmt nits * fix typo * remove redundant sentences about the default values (#5754) for include IP ranges/outbound ports in istioctl kube-inject, the defaults to the flag descriptions are added automatically without this PR, the messages of the flags look as follows: ... All outbound traffic can be redirected with the wildcard character '*'. Defaults to "*". (default "*") * Fix proxy-config bug with multiple Pilots (#5762) * Fix proxy-config bug with multiple Pilots Resolves #5733 * Add some tests * Adds new postsubmits for k8s 1.10 (#5756) e2e-pilot is flaky. Network working group should be looking at it. * Upload circle presubmits to different GCS path so testgrid shows results in multiple panels (#5552) * [WIP] Upload circle presubmits to different GCS path for testgrid to multiplex * revert using ci2gubernator binary from gcs and use go get * fix bootstrap destination attributes (#5766) Signed-off-by: Kuat Yessenov <[email protected]> * Add mixer cluster configuration to mixer CR jobs (#5669) * Add mixer cluster configuration to mixer CR jobs * fix config map * Add new service account and binding for cr job * Fix destination rule * Use ALPN to indicate HTTP/2 and/or in-mesh traffic. (#5776) For #5769. Signed-off-by: Piotr Sikora <[email protected]> * Add the missing file back after a bad merge. * Fix linter error * Multicluster Fixing locks for add/delete/read (#5622) * Fixing locks for add/delete/read * Adding Unit tests * Addressing comments * Addressing comments * Change locking model * Change locking model * Bookinfo Cleanup.sh should remove virtualservices, gateways and destinationrules (#5709) * Also remove virtualservices, gateways and destinationrules (#5703) * Updated following review comments * do not set full wildcard SNI domains (#5785) Signed-off-by: Shriram Rajagopalan <[email protected]> * additional context path work for cloud foundry (#5790) * context paths corrected * configs need to stay sorted * Remove comment and fix {live,readi}ness path to '/graph' on servicegraph … (#5490) This is workaround because servicegraph haven't the health check path. But the ingress-gce needs the readinessProbe path that returns 200 status, so we should get 'generic JSON serialization' body and 200(httpOK) status. * CKI-3 Fix tear down of envoy on exit (#5495) Defered funcs won't be called when os.Exit() is invoked in the same method. * Revert switch to jaeger (#5795) * Revert "Include helm chart option for installing jaeger specific services (#5670)" This reverts commit 6dbbacac0b478017179480778637c9d8d781ac25. * Revert "Use jaeger for zipkin service (#5656)" This reverts commit 7efb91dc24666803ea8dfeceaafc61088ae8b68a. * Multicluster Adding Delete logic for dynamically created controllers (#5672) * Initial Code load * Addressing unit test failure * Fixing initial controller * Addressing comments * Fixing unit tests * Fixing lint * Addressing comments * Proxy image default to v2 (#5741) * use namespace as chart name so it is unique * use proxyv2 as default * updating few values yaml in hope to get test passing * add a missing proxyv2 config * getting back needed proxyv2 to get test passing * getting back needed proxyv2 to get test passing * use proxy for old ingress * change zipkin error to log message for flaky tests (#5819) * Istioctl kube-inject requires injectConfigFile or injectConfigMapName (#5800) * force users to use injectConfigMapName or injectConfigFile * set ISTIOCTL_USE_BUILTIN_DEFAULTS in Makefile, so tests continue to work * set defaults for injectconfigmap * ensure that tag and hub are specified when using builins * Remove errant extra comma in ads response (#5832) * Replace join implementation (#5836) * Replace join implementation * Update dump_kubernetes.sh * Fix pilot_cli debug tool to work with EDS (#5531) * Fix pilot_cli debug tool to work with EDS * Clean up unused code. * Renamed the sidecar injection toggle key to match the new name (#5808) * Switch back to jaeger - revert (#5795) (#5840) This reverts commit 0e633b33928dde75ef4afd036daf80733bd016fd. * SNI, Listeners, and VHost bug fixes (#5807) * disable full wildcard for mesh Signed-off-by: Shriram Rajagopalan <[email protected]> * updates * more bug fixes and proxy sha update Signed-off-by: Shriram Rajagopalan <[email protected]> * fixes Signed-off-by: Shriram Rajagopalan <[email protected]> * undo some changes in gateway Signed-off-by: Shriram Rajagopalan <[email protected]> * patching Signed-off-by: Shriram Rajagopalan <[email protected]> * no sni hosts for plain text listeners in gateway Signed-off-by: Shriram Rajagopalan <[email protected]> * Do not set SNI for internal services Signed-off-by: Shriram Rajagopalan <[email protected]> * tcp fix Signed-off-by: Shriram Rajagopalan <[email protected]> * Do not infer Client TLSSettings based on Authentication Policy. (#5525) * Add handling of ISTIO_MUTUAL when generating cluster config. * Remove the inferences from authn policy. Also remove the accidetally included port level DR policy #5055. * respect the global configmap by changing how to build defaultTrafficPolicy * Fill in TLSSettings in advance to avoid plumbing service account. * remove dead code. * Skip override for external and support port level settings. * update dependency * restore port level settings. * remove redudant call plugins loop. * Check fields to avoid null pointer reference. * fix the lint. * Move down the H2 header since ISTIO_MUTUAL to avoid NPR. * Change cluster.go to remove TLS when it's DISABLE mode. * Add the DestinationRule to make the test passing. * Add DestinationRule to pass TestAuthnJWT test. * Remove obsolete todo * Only add DestinationRule when auth is enabled for TestAuthNJwt. * Move configmap check into the branch when no DR is available. * Remove the NIR code in cluster.go. * Add H2 back and change disable-egress-mtls.yaml for gateway. * Fix ingress e23 tests * Correct template * Apply DR template for TestRoutes. * Fix TestRouteFaultInjection * Add tls ISTIO_MUTUAL for mixer destination rules. * fix the lint in cluster.go. * Rename the fillTemplate and clarify the comments. * Change the ISTIO_MUTUAL for grpc-mixer-mtls port, instead of everything. * Wrap around adding DR before checking v1alpha3. * fix the lint and change istio-telemetry port tls. * Add ISTIO_MUTUAL in route-rule-all-v1. * Branching the route-rule-all-v1-mtls when auth_enable=true for prow test. * copy the kube/route-rule-all-v1-mtls. * Remove chgrp in tproxy that suppressed core dumps (#5846) * Fixing new linter errors. * export RESOURCE_TYPE (#5850) * missing ability to filter instances by label (#5851) Co-authored-by: Nancy Hsieh <[email protected]> * Fix values-istio-demo.yaml, empty global replace global dict with empty (#5859) * rename istio-mixer-create-cr to istio-mixer-post-install (#5857) * Bug fixes in SNI forwarding for external services (#5845) * Bug fixes in SNI forwarding for external services Signed-off-by: Shriram Rajagopalan <[email protected]> * lint Signed-off-by: Shriram Rajagopalan <[email protected]> * fix istioctl Signed-off-by: Shriram Rajagopalan <[email protected]> * nil pointer fix Signed-off-by: Shriram Rajagopalan <[email protected]> * Add mixer config info into per route (#5853) * Add mixer config info into per route * Skip gateway 503 test * Updating fortio to latest (0.11.0) (#5765) Ran ``` dep ensure --update istio.io/fortio ``` * Fixes some minor bugs in multicluster e2e tests (#5329) A few bugs with respect to error handling have been noted in the multicluster e2e tests, This change fixes these bugs. * fix cleanup.sh (#5660) * Rename Service's field: Addresses -> ClusterVIPs (#5664) * Rename Service's field: Addresses -> MulticlusterAddresses * Rename MulticlusterAddresses -> ClusterVIPs * Metrics now refresh automatically and look better. (#5615) * Reference new types from policy/v1beta1 (#5587) * Add NOTES.txt for chart. (#5906) * Cleanup some superfluous abstractions (#5740) - Delete the unused Result and CacheabilityInfo types - Delete the SetStatus/GetStatus functions, replaced with Go-idiomatic field writes - Delete the unused CheckResult.Combine method - Inline the CheckResult.CombineCheckResult method since it is used only once and its semantics were misleading (as it didn't combine the embedded status field) * Ran `dep ensure -update github.com/envoyproxy/go-control-plane` (#5889) * Adding instructions and scripts to facilitate running E2E tests locally (#5838) * Add documents and scripts for k8s+vagrant env. * update macOS setup * Update and rename setup_linux_prereqs.sh to linux_prereqs.sh * Update localregistry.yaml * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update to latest version of protoc-gen-docs
Add sorting of debug scopes in pkg/log so that generated docs are consistent.
Update pkg/collateral to generate description: front-matter instead of overview:
as per the latest changes in istio.github.io
Update protos to use $description instead of $overview:
Move template examples from appearing on the template message to appearing on the
package. This ends up giving a better flow in the generated docs.
Move the location of adapter & template docs into a subdirectory on istio.io for better
organization.
Document which template each adapter supports.