Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[pull] master from istio:master #2459

Merged
merged 12 commits into from
Jun 24, 2024
Merged

[pull] master from istio:master #2459

merged 12 commits into from
Jun 24, 2024

Conversation

pull[bot]
Copy link

@pull pull bot commented Jun 22, 2024

See Commits and Changes for more details.

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

howardjohn and others added 12 commits June 21, 2024 18:47
@howardjohn
Enhancements to proxy-status (#51638)
5579419 
* Enhancements to proxy-status

* add note
@istio-testing
Automator: update proxy@master in istio/istio@master (#51669)
a9e76f6
@istio-testing
Automator: update go-control-plane in istio/istio@master (#51670)
d7f0dc8
@istio-testing
Automator: update proxy@master in istio/istio@master (#51671)
1b507c2
@istio-testing
Automator: update proxy@master in istio/istio@master (#51672)
72872a9
@timonwong
manifests: fix gateways.securityContext not work (#51654)
aede410 
* manifests: fix gateways.securityContext not work

Signed-off-by: Tianpeng Wang <[email protected]>

* make gen

---------

Signed-off-by: Tianpeng Wang <[email protected]>
@howardjohn
ambient: add service unit tests (#51665)
4f3cd79
@spacewander
spot a release note pretending to be from the future (#51667)
9efdb09 
Signed-off-by: spacewander <[email protected]>
@howardjohn
Fix sidecar DNS proxying with dual stack (#51609)
476572c 
* Fix sidecar DNS proxying with dual stack

Fixes #51608

* Add test
@my-git9
Remove pilot/pkg/model/wasm.go (#51668)
3b43bd2 
Signed-off-by: xin.li <[email protected]>
@howardjohn
ambient: properly mark pod as not ready when it is shutting down (#51650
ce19d23 
)

I am aware there are no automated tests on this; I am working to add
these but it is very challenging to automate these types of tests that
there is zero-downtime on rollout. I think its best to get this in
in-parallel to test development.
@morepork
Don't reset the jwks refresh ticker on URI fetch errors (#51637)
efbfe15 
* Don't reset the jwks refresh ticker on URI fetch errors

When there is an error fetching a JWKS URI in the main flow (i.e. when
generating configuration), an immediate background refresh is triggered.
However this is only a partial refresh and will only fetch URIs that don't have
an entry in the cache, i.e. the URIs that had errors, in the hope that the
requests will succeed and the keys can be sent to the affected proxies.

When this partial refresh was triggered, the background refresh ticker was
being reset. So there would be a longer delay before any URIs already in the
cache would be fetched again to see if there are any changes.

The default interval between refreshes is 20 minutes, and there is exponential
backoff on failure up to 60 minutes, so in the case of a busy istiod, and a
single invalid URI, there may never be an interval that doesn't trigger this
partial refresh. In this case the cached entries never end up getting updated.

This change makes it so that the partial refresh triggered on an error does
not reset the ticker used for the full background refresh.

* Add release notes

* Log instead of fail in goroutine (found by lint)

* Fix data race by using different variable in test
@pull pull bot merged commit efbfe15 into Skarlso:master Jun 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
6 participants
@howardjohn @istio-testing @timonwong @spacewander @my-git9 @morepork