Updating istio version #136
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Jenkins job istio/presubmit passed |
sebastienvas
approved these changes
Apr 13, 2017
|
Jenkins job istio/presubmit passed |
mandarjog
pushed a commit
that referenced
this pull request
Oct 31, 2017
Mostly about wrapping up long lines
mandarjog
pushed a commit
that referenced
this pull request
Nov 2, 2017
Mostly about wrapping up long lines
guptasu
pushed a commit
to guptasu/istio
that referenced
this pull request
Jun 11, 2018
rajusharma
pushed a commit
to rajusharma/istio
that referenced
this pull request
Jul 2, 2019
- Extend default test timeout from 3m to 5m
howardjohn
pushed a commit
to howardjohn/istio
that referenced
this pull request
Jan 12, 2020
* support wait for manifest apply. * apply comments.
vikaschoudhary16
pushed a commit
to vikaschoudhary16/istio
that referenced
this pull request
Feb 12, 2021
Signed-off-by: Liam White <[email protected]>
vikaschoudhary16
pushed a commit
to vikaschoudhary16/istio
that referenced
this pull request
Feb 12, 2021
* Automator: update common-files@master in istio/istio@master (#25583) * echo: sort headers (#25582) * echo: sort headers Currently the response bounces around a lot as header order is not defined which makes debugging annoying sometimes * format * Add release note for adding release notes process (#25509) * Add release note for adding release notes process * Add readme * Fix readme * Fix linter errors * Updates based on PR comments * Moved 25519 into the notes directory * Added 25519.yaml * Updated 25519.yaml to v2 * Update add-release-notes-generation.yaml * Update add-release-notes-generation.yaml * GCP instance labels support (#24687) * added gcp labels support * labels are only retrieved for gce vm instances, changed timeout behavior * handle no instance labels case * don't pull labels if running on kubernetes * cleaned up platform interface * cache metadata inside gcpEnv * Revert "cache metadata inside gcpEnv" This reverts commit 361ff7fbaa609c62af4987b708890ff068899aef. * restructured cache metadata inside gcpEnv * minor fixes Co-authored-by: Justin Wei <[email protected]> * fix dns rules on v4 only system (#25590) Signed-off-by: Yuchen Dai <[email protected]> * Automator: update common-files@master in istio/istio@master (#25593) * add uninstall by revision change (#25076) * add uninstall change * add test * add filename flag, refactor * refactor, move common function from cmd/mesh to pkg * clean up the pruning and deleting approaches * address comment * address comments * add --purge option and prune_test * clean up code and add tests * address more comments * update label logic * rebase * update label logic * address comments and fix lint * fix test * Update proxy SHA (#25594) * update istio proxy sha * fix test * lint * Allow users to delay application start until proxy is ready (#24737) * Reenable GatewayTLSOrigination Test (#25424) * renable test * switch back ports * fix test * tests pass locally * make gen * add subset for route to gateway * add sni * change timeout * Update egress_gateway_origination_test.go * split virtual service * add more wait * more wait * I think this works * decrease sleep time * remove sleep and increase timeout * rename foreign instances to workload instances (#25605) * rename foreign instances to workload instances Signed-off-by: Rama Chavali <[email protected]> * fix race Signed-off-by: Rama Chavali <[email protected]> * Update template.yaml (#25608) * Config file and env var for istioctl --istioNamespace, --xds-address, and --cert-dir (#25280) * Config file and env var for some istioctl CLI options * ISTIOCONFIG variable for overriding default istioctl configuration * 'prefer-experimental' option for commands with regular and experimental variants * Defaults for --xds-san and --insecure * Column for 'istioctl x config list' that lets users tell defaults from configured values * Fail if user supplies invalid ISTIOCONFIG env var * Don't fail if config file does not exist * Initialize defaults in tests * Show origin of config var; move defaulting close to command so tests work * Use Istio RegisterXXXVar for environment overrides to istioctl * Allow user to make XDS-based proxy-status the default with env or config setting * Added release note * Sort 'x config list' output * release note fix * Egress Gateway TLS Origination fix (#25588) * add tlsMode=istio label to egress gateway * Revert "add tlsMode=istio label to egress gateway" This reverts commit a8310ddf0b21db928abbf83a5df34194ab76bd48. * clean out TransportSocketMatches on subsequent applyTrafficPolicy calls * sidecar scope matches ns for envoy filter and authn/z (#25430) * sidecar scope matches ns for envoy filter and authn/z * format * remove peer authn * Optimize memory usage of SDS cluster config generation (#25511) * Add TLS to bench tests * Apply optimizations for SDS generation * Fix tests * fix test * update MutatingWebhook apiVersion to v1 and other minor fixes (#24723) Co-authored-by: John Howard <[email protected]> Co-authored-by: John Howard <[email protected]> * Add testcase/documentation for add entry to unset list (#25604) * Add testcase/documentation for add entry to unset list Signed-off-by: Liam White <[email protected]> * fix broken test and ensure we test want Signed-off-by: Liam White <[email protected]> * TLS Origination using SDS Integration Test Suite (#25520) * init test * clear clutter * tests pass * add copyrights * fix pilt * not sure what this gen check error is * try removing pilot * make gen * lint * comment code * init mutual TLS mode * add unknown secret test * finish mtls test draft * lint * new test * add more tests * verify client cert * lint * refactor * make genn * increase retry * fix env * remove timeout * try this * add wait * sleep is good * test failing * verifycert * another try * fix template * decrease to reasonable time * revert old * reduce time hack * revert client file * remove sleep and increase timeout * fix comment * listener: rewrite passthrough filter chain (#23071) * listener: rewrite passthrough filter chain filter chain Signed-off-by: Yuchen Dai <[email protected]> * delete appendListenerFallthroughRoute Signed-off-by: Yuchen Dai <[email protected]> * erase the concept of merging and testing fallthroughfilterchain Signed-off-by: Yuchen Dai <[email protected]> * add better transport security iptables rules Signed-off-by: Yuchen Dai <[email protected]> * lint Signed-off-by: Yuchen Dai <[email protected]> * address comment Signed-off-by: Yuchen Dai <[email protected]> * typo Signed-off-by: Yuchen Dai <[email protected]> * Enable the workload cert rotate automatically (#25526) * add rorate feature * add certificate for response * add add reconnect features * refactor to use interface (cherry picked from commit 3055ad8cfd79d8ba1ba1da76746f0e39e5b8115e) * reset GetClientCertificate logic * ret the public type code * fix lint * address comment * fix when key,cert not loaded successfully * refactor and remove interface logic to simplify code * remove useless function * fix err (cherry picked from commit ad1c4c8bf70378b6361bd11f0a5342873a9303c0) * refactor to use reconnect logic * remove useless releaseResourceCode * fix lint * add unit test * fix lint and address comments * add release note * address comments * address comments * add retry logic * address comments * address comment * address comment * fix lint * Fix listener generation for passthrough services (#25620) * temp Signed-off-by: Shriram Rajagopalan <[email protected]> * fixes Signed-off-by: Shriram Rajagopalan <[email protected]> * fixes Signed-off-by: Shriram Rajagopalan <[email protected]> * tests Signed-off-by: Shriram Rajagopalan <[email protected]> * test fixes Signed-off-by: Shriram Rajagopalan <[email protected]> * ads: handle reconnect with empty resources (#25629) * handle previous info nil Signed-off-by: Rama Chavali <[email protected]> * handle previous info nil Signed-off-by: Rama Chavali <[email protected]> * add tests Signed-off-by: Rama Chavali <[email protected]> * log level Signed-off-by: Rama Chavali <[email protected]> * lint Signed-off-by: Rama Chavali <[email protected]> * minor refactor Signed-off-by: Rama Chavali <[email protected]> * remove useless import (#25639) Signed-off-by: Xiang Dai <[email protected]> * Output in kubernetes style format for debug/configz (#25541) * Output in kubernetes style format for debug/configz Fixes https://github.com/istio/istio/issues/24651 * fix lint * lint * log only virtualservice's name and namespace (#25647) * verify if namespace exists during bookinfo cleanup (#25649) * verify if namespace exists during bookinfo cleanup * fix lint * fix broken multicluster tests (#25633) * test framework: temporarily deploy istio synchronously * Revert "test framework: temporarily deploy istio synchronously" This reverts commit 3914a15d6578ad3f1d8985fcf89efbeacd208d18. * remove viper default (breaks mc tests) * revert test * fix table indent in test * Add wait for proxy to be built to upadte_proxy.sh (#25651) * Incorrect handling of 'istioctl experimental version --revision <x>' (#25615) * The default label selector changed * Add release note * No need for release notes; change is not user-facing * Port Install CNI to golang (#25332) * Port CNI installer from shell to golang * Capitalize acronyms in constant names * Decouple environment variables from functions * Make variable and function names more clear * Convert array to set * Fix filepath bug in tests * Wait until main CNI config file exists to intall Istio CNI as a chained CNI plugin * Add check install and cleanup; Keep container alive * Cleanup on SIGINT and SIGTERM caused by killing container * Refactor, clean up, add comments * Sort test data JSON map keys and update cniVersions * Remove unnecessary prefix characters for creating temp dirs * Fix and clean up unit tests * Extend context to createCNIConfigFile; Add unit test * Remove relative paths and clean up CNI config e2e tests * Fix lint errors * Fix kubeconfig template; Add unit tests for creating kubeconfig file * Remove install-cni.sh and dependencies; Update Dockerfile and charts * Write kubeconfig file with default 0600 permissions * Test script restart in CNI config integration test; cleanup * Add unit test for checkInstall * Add helper functions to handle json unmarshalling panic; add unit tests * Address PR comments; cleanup * Add test cases for standalone CNI plugin in integration tests * Add make target for install-cni integration test * Address PR comments; cleanup * Decouple signal handling from install process * Add Installer struct and refactor * Fix lint error * Remove absolute path to install-cni binary Co-authored-by: Jonh Wendell <[email protected]> * pilot tests: move config generation tests out of kube integration tests (#25655) * initial * more tests * remove dead code * cleanup * fix license * fix lint * Track deprecated Istio types (#25454) * Track deprecated Istio types * Include QuotaSpec and QuotaSpecBinding * Regenerate collections * Test generated code * Export all environment variables in sidecar.env (#25546) * Export all environment variables in sidecar.env Currently we only export a few variables, making it impossible to configure a large set of options in the agent * debug * more debug * fixes * Add tests and fix named target port for WE (#25576) This adds some tests for selecting pods/workload entries with target ports. As far as I know this covers all combinations. In the process, I found a bug/unimplemented feature, where named target ports were not working. * Backfill some release notes (#25609) * Add --file param to proxy-status (#25627) * Add --file param to proxy-status * fmt * make file flag optional * add missing feature label * add example * release note * remove dead prow scripts (#25631) * Build in push and parallel (#25637) * Build in push and parallel * Setup builder * enable experimental * Automator: update common-files@master in istio/istio@master (#25663) * fix spelling mistake in file init.sh (#25665) * mixer-telemetry chart should not depend on global.yaml (#25394) * mixer-telemetry chart should not depend on global.yaml * Important values that affect multiple charts should be called out explicitly * Code review comments * Remove istio-policy chart depdency on global.yaml (#25393) * Remove istio-policy chart depdency on global.yaml * Important values that affect multiple charts should be called out explicitly * Code review comments * Change to comma separated value for app_container (#25441) * Change to comma separated value for app_container Signed-off-by: gargnupur <[email protected]> Run make gen Signed-off-by: gargnupur <[email protected]> Add test for container name Signed-off-by: gargnupur <[email protected]> Update VM test files Signed-off-by: gargnupur <[email protected]> Change to comma separated value for app_container Signed-off-by: gargnupur <[email protected]> Run make gen Signed-off-by: gargnupur <[email protected]> Add test for container name Signed-off-by: gargnupur <[email protected]> * Fix vm test Signed-off-by: gargnupur <[email protected]> * remove endpoint ready check (#25461) * remove endpoint ready check * fix lint * integration tests: share echo deployment between many tests (#25636) * most done * disable grpc log * Add istioctl tests * add comments * fix reference * lint * fix merge conflict * Add stableNamespaces option to test framework (#25673) Especially combined with https://github.com/istio/istio/pull/25636, this makes local test development *much* faster. There is a basically no overhead of test setup, so most tests which are of the form apply config,send traffic, check result can run completely in under 1s. * Move Viper default setting to init() (#25664) * Add endpoint builder to define EDS dependencies (#25598) * Add endpoint builder to define EDS dependencies Goals: * Scope down the set of inputs to the EDS pipeline so it doesn't depend on proxy * Compute some things up front to reduce recomputation * Define a key that can be used for caching EDS responses (future PR) * Fix lint * fix misleading names * fix merge conflict * enhance Makefile (#25607) * Refactor kube controller (#25527) * Refactor kube controller * refactor kube controller * Enable make deb/docker from CI or local build environment (#25682) * Update Proxy SHA (#25686) * Update Proxy SHA * fix test Signed-off-by: gargnupur <[email protected]> * listener: fix listener comments (#25679) * change listener comments Signed-off-by: Rama Chavali <[email protected]> * correct comment Signed-off-by: Rama Chavali <[email protected]> * tests: allow pilot suite to run with more than one cluster (#25432) * setup topology with multi-primary and remote clusters * DRY creating pilots for each control plane cluster * allow root of tests/pilot/ to run in multicluster * cleanup pilot helper * util methods for istio instnace * remove pilot usages * format * Expose istio-agent metrics and remodel error handling (#25668) * Expose istio-agent metrics and remodel error handling Co-authored-by: Aditya Prerepa <[email protected]> This is a superset of https://github.com/istio/istio/pull/24798 https://github.com/istio/istio/pull/22318#discussion_r456887079. If its controversial we can split the two out, but there is a lot of overlapping code between the two so I kept them together. Basically, this adds istio agent metrics. Because of conflicts with applications, we do some special things to export them with istio_agent_ prefix to avoid collisions. Additionally, we stop returning errors if envoy or the app return errors in the scrape. This avoids the situation where we suddenly drop envoy metrics because the app is down or vis-versa, making the situation even worse as we lose visibility. To add some extra visibility into this, we also add metrics for total scrapes and failed scrapes. * bad metric * add discovery host as sni host to xds-grpc cluster (#25691) * add discovery host * remove log * add relnote * feat(testing): Add traces and edge validation for Stackdriver testing (#25443) * Add traces and edge validation for Stackdriver testing * remove unnecessary bits * add license for meshtelemetry proto (set to same as istio/istio) * add proper license, fix tests * remove pilot sampling config * remove forced tracing, rely on pilot trace sampling * make gen update * remove fake module * 'istioctl experimental proxy-status': use --authority instead of --xds-san (#25617) * Use --authority instead of --xds-san * Added release note * Reformat release note * Don't need to check in release notes for non-user-facing change * New expected output * Analyze deprecated crs (#25694) * CR deprecation analyzer * Detect deprecated CRs and removed CRDs * Lint * Disable debug logging in CI (#25638) This may just be personal preference, but in my opinion the debug logging obscures the logs we want to look for during failures, and I often find people who are not experts in the integration tests being confused by them. Up until ~1 month ago we did not have debug logging, which I think was the right move personally. * Update Proxy SHA (#25705) Signed-off-by: gargnupur <[email protected]> * Wait for .wasm file before continuing in update_proxy.sh (#25708) * Update CA API repo and incorporate API changes in Sidecar resource (#25677) * Point the CA proto to istio/api repo. * Merging changes from #25585. * Revert assets.gen.go. * Small fix. * Move the istio/api repo reference back. * Pin to the newest istio/api repo. * test framework: ensure centralistio patched pods are ready (#25710) * Update dependencies (#25707) * update dependencies * remove api and proxy update * make gen * rebase * Set release managers as CODEOWNERS for release-1.7 (#25715) * Automator: update istio/[email protected] dependency in istio/[email protected] (#25717) * Update files for 1.7 (#25759) * update files for 1.7 * change latest to 1.7-dev * update branches in files * Stop publishing latest tags (#25764) * update files for 1.7 * change latest to 1.7-dev * update branches in files * Stop publishing latest tags * Bump proxy SHA (#25772) * [release-1.7] add support of revision for operator commands (#25729) * add support of revision for operator commands * address comments * fix lint Co-authored-by: Xinnan Wen <[email protected]> * Remove ISTIO_CNI variables, they are not used anywhere (#25767) Co-authored-by: Jonh Wendell <[email protected]> * Automator: update istio/[email protected] dependency in istio/[email protected] (#25776) * Automator: update [email protected] in istio/[email protected] (#25775) * Automator: update [email protected] in istio/[email protected] (#25777) * [release-1.7] Use standard base image and remove unused dependencies in install-cni Dockerfile (#25756) * Use istio base image for install-cni * Remove use of jq in install-cni e2e tests * Remove unused istio-cni.conf.default file Co-authored-by: Brian Cheung <[email protected]> * add releasenotes for istioctl change for multiple control plane upgrade (#25758) Co-authored-by: Xinnan Wen <[email protected]> * [release-1.7] Set transport version for SDS as well (#25762) * Set transport version for SDS as well * update tests Co-authored-by: John Howard <[email protected]> * create dynamic release tar url for verify and upgrade msg (#25799) Co-authored-by: shamsher31 <[email protected]> * Update base image (#25805) * Automator: update [email protected] in istio/[email protected] (#25810) * update istio-operator version to 1.7 (#25828) Co-authored-by: shamsher31 <[email protected]> * Automator: update [email protected] in istio/[email protected] (#25836) * Automator: update istio/[email protected] dependency in istio/[email protected] (#25838) * [release-1.7] Fix a few bugs in security code. (#25856) * Fix a few bugs in security code. 1. isJwtExpired is using the wrong claim. Fixed it and fixed the corresponding test. 2. Token exchanger plugin was not set. 3. Token rotation using old cert should check if CA supports the feature. 4. UseLocalJwt was set incorrectly (should not depend on the value of certPath). * Add unit test for sds agent. * Add UseTokenForCSR flag. * Fix format. Co-authored-by: Limin Wang <[email protected]> * Automator: update [email protected] in istio/[email protected] (#25865) * Remove DNS hacks in dns listener (#25619) (#25795) * fix dns hack Signed-off-by: Shriram Rajagopalan <[email protected]> * enable dns in tests by default Signed-off-by: Shriram Rajagopalan <[email protected]> * fixes and debug Signed-off-by: Shriram Rajagopalan <[email protected]> * remove ignore case Signed-off-by: Shriram Rajagopalan <[email protected]> * checking vm grpc Signed-off-by: Shriram Rajagopalan <[email protected]> * undo test change Signed-off-by: Shriram Rajagopalan <[email protected]> * more undo Signed-off-by: Shriram Rajagopalan <[email protected]> * Revert "checking vm grpc" This reverts commit 9c61504f51b61a8480eea0df3e44ca36078b54e0. * Revert "undo test change" This reverts commit 128db7cb23ea260ad800fc3858c69fa6381964af. * temp hack Signed-off-by: Shriram Rajagopalan <[email protected]> * fix tests Signed-off-by: Shriram Rajagopalan <[email protected]> * [release-1.7] Avoid Sidecar Cluster Config Generation for UpstreamClusters when CredentialName is set (#25902) * hack * add tests * lint Co-authored-by: nschhina <[email protected]> * Update deps (#25881) * [release-1.7] add integration test for operator revision and update uninstall output (#25905) * add integration test for operator revision * fix test * update uninstall output format Co-authored-by: Xinnan Wen <[email protected]> * Fix inaccurate endpointsPendingPodUpdate metric (#25907) This currently will be outdate when an update comes in, and is only updated when the error is retriggered Co-authored-by: John Howard <[email protected]> * [release-1.7] Remove deprecated manifest apply for 1.7 (#25908) * Remove deprecated manifest apply * Add release note * Update release note Co-authored-by: Brian Avery <[email protected]> * Fix test and comments Co-authored-by: shamsher31 <[email protected]> Co-authored-by: Brian Avery <[email protected]> * Use strict YAML parsing in validate (#25903) Co-authored-by: Ed Snible <[email protected]> * Automator: update [email protected] in istio/[email protected] (#25941) * Explicitly error on cases that can lead to recurisve scraping (#25938) Co-authored-by: John Howard <[email protected]> * remove (#25948) Co-authored-by: nschhina <[email protected]> * [release-1.7] Add prometheus operator ServiceMonitor samples (#25953) * Add prometheus operator ServiceMonitor samples * lint * Just istio configs Co-authored-by: John Howard <[email protected]> * Fix deprecated setting in demo profile (#25958) Partial backport of a massive PR in master. This fixes the deprecation warning when installing with demo profile, and adds a regression test. this has no impact on the generated manifests; the option does nothing. * Fix merge conflict (#25972) * [release-1.7] Manual cherry pick 25927 (#25957) * Use encoding/json to decode JSON * Use encoding/json to decode mixer JSON * [release-1.7] Fix the lifetime format used by accesstoken request. (#25994) * Fix the lifetime format used by accesstoken request. * Fix lint and not use the protobuf struct in a struct that is marshalled with json.Marshal Co-authored-by: Tao He <[email protected]> * [release-1.7] [kiali] use kiali helm chart when generating the demo addons script (#25984) * use kiali helm chart when generating the demo addons script This converts the gen.sh script to now use the Kiali Helm Chart. The Kiali Helm Chart is currently under review. There is a test chart published that this PR uses. When the first release of the true Kiali Helm Chart is done, we'll change this PR to point to that first release rather than the test SNAPSHOT this PR is currently using. However, because this PR uses a test chart that is published, it can be tested and reviewed for correctness. See the Kiali Operator PR #93 that is introducing the new Helm Chart. [ ] Configuration Infrastructure [ ] Docs [x] Installation [ ] Networking [ ] Performance and Scalability [ ] Policies and Telemetry [ ] Security [ ] Test and Release [ ] User Experience [ ] Developer Infrastructure * add generated kiali.yaml * use the first official helm chart v1.22.0 Co-authored-by: John Mazzitelli <[email protected]> * Fix regression for Endpoints without pod reference (#25978) (#25985) (cherry picked from commit d5ab2ebfa13107099a6fed596b5201f88ad28d24) * Expand endpoints before pod test to check pod (#26033) This ensures we are actually getting the right pod, and populating the correct service account information. It doesn't fix any bug - the code works today, just expanding the testing Co-authored-by: John Howard <[email protected]> * fixing dns resolution issues (#25964) (#26044) * fixing dns resolution issues Signed-off-by: Shriram Rajagopalan <[email protected]> * more debug Signed-off-by: Shriram Rajagopalan <[email protected]> * wildcard dns listener * shorter timeouts * dns iptables fix * Undo * ndots = 1 Signed-off-by: Shriram Rajagopalan <[email protected]> * lint Signed-off-by: Shriram Rajagopalan <[email protected]> * undo Signed-off-by: Shriram Rajagopalan <[email protected]> * undo * trying dns agent * undo * restore costin's vodoo iptables Signed-off-by: Shriram Rajagopalan <[email protected]> * try envoy dns Signed-off-by: Shriram Rajagopalan <[email protected]> * iptables hack/fix * wildcard dns * qualify tcp vs udp * Revert "qualify tcp vs udp" This reverts commit 307143c9f1ab511a3afd6344ca4bc8b9750fb976. * snat fixes Signed-off-by: Shriram Rajagopalan <[email protected]> * undo Signed-off-by: Shriram Rajagopalan <[email protected]> * wildcard Signed-off-by: Shriram Rajagopalan <[email protected]> * unspam Signed-off-by: Shriram Rajagopalan <[email protected]> * add more tools to base image * fix istioctl * fix iptables - add uid return * remove dot hack in pilot tests * report actual host in test failures * fix vm test dns * global options to enable/disable dns Signed-off-by: Shriram Rajagopalan <[email protected]> * release notes * undo defaults Signed-off-by: Shriram Rajagopalan <[email protected]> * leftover Signed-off-by: Shriram Rajagopalan <[email protected]> * undo * fixups Signed-off-by: Shriram Rajagopalan <[email protected]> * more undo * more undo * make gen Signed-off-by: Shriram Rajagopalan <[email protected]> * exclude uid 0 Signed-off-by: Shriram Rajagopalan <[email protected]> * how about include all uid/gids? Signed-off-by: Shriram Rajagopalan <[email protected]> * Add credential fetcher in istio agent (#25614) (#26047) * Add credential fetcher in istio agent. In addition, 1. add logic to handle platform difference in cert provisioning flow. 2. Fix the cert rotation logic to handle token expiration. 3. Fix a bug in isJwtExpired function and fix the correpsonding test. * Move CredFetcher to security option. * pick 937732161 Add credential fetcher in istio agent. pick ce170cb69 Move CredFetcher to security option. * Fix format. * Fix setting platform. * Fixes a few places that set security configuration incorrectly. * Address comments. * Additional fix and formating. * Fix lint. * Fix lint. * Fit typo. * Refactor code. * Fix secretcache test. * Rebase and fix format. * Addressed William's comment. * Reverted unneeded chagnes in help.go. * Address John's comments. * Fix lint and address comments. * Fix lint. * Remove trust domain related changes. * Remove k8s as a credential fetcher type. * Clean up comments and unneeded code. * Fix format. * Update comments. * Fix lint error. * Fit test jwt formating. * Fix format. * Clean up unneeded line. * Fix format. * Removed checking for GCE platform. * Fix networking.HTTPMatchRequest.WithoutHeaders conflict detect (#26065) Co-authored-by: xuzhonghu <[email protected]> * Automator: update [email protected] in istio/[email protected] (#26067) * Automator: update istio/[email protected] dependency in istio/[email protected] (#26069) * [release-1.7] properly drain gateway listeners (#26054) * drain all listeners for gateway Signed-off-by: Rama Chavali <[email protected]> * lint Signed-off-by: Rama Chavali <[email protected]> Co-authored-by: Rama Chavali <[email protected]> * Automator: update [email protected] in istio/[email protected] (#26076) * [release-1.7] Update Mixer server to enable Ext-Authz and Access Log Service (#25624) * draft update * copyright * formatting updates * fixed changes * remove print * lint * lint * changes * integration test draft * addressing comments * remove throttler * spacing fix: * renamed getters * minor change * flags * response flags * extra fle * test fix * fix test * fix test * small change * headers * grpc protocol detection * fixes from review * cleaned names * import names * increased unit tests * condensed protobag functionality * clean up member variables * fixed small conversion error * simplified formatting * final small changes * gofmt responseFlagParser * final touches * small change Co-authored-by: Jonathan Kogan <[email protected]> * [release-1.7] DestinationRule Analyzer against no caCertificates (#26088) * add test * add release note * oops * add upgradeNotes * update * change to securityNotes Co-authored-by: nschhina <[email protected]> * Namespace all addons (#26093) https://github.com/istio/istio/issues/26037 Co-authored-by: John Howard <[email protected]> * [release-1.7] Add ParseToken flag (#26096) * Add ParseToken flag. 1. Parsing token content only if ParseToken flag is true. 2. Simplify getToken logic. 3. Remove redundant secOps in secretCache. * Updated comments. Co-authored-by: Limin Wang <[email protected]> * Update deps (#26114) * Update installation guide URL for download Istio candidate (#26113) Co-authored-by: shamsher31 <[email protected]> * Fix pilot race errors (#26077) (#26120) (cherry picked from commit 54204592e9d3f3f90cfc9f8c18b503acc9d6d214) * Fix issues in manifests (#26124) Broken out of https://github.com/istio/istio/pull/25363 Helm template was dependant on the current kube-config namespace, and there was an indent issue in the injection Co-authored-by: John Howard <[email protected]> * Don't claim 'istioctl validate' is deprecated; we can't yet (#26117) Co-authored-by: Ed Snible <[email protected]> * ApplyMeshConfig allow overriding with default value (#26129) Fixes https://github.com/istio/istio/issues/25503 Co-authored-by: John Howard <[email protected]> * [Release 1.7] Manual cherrypick of #25818 (#26137) * manual cherrypick * make gen * release notes * missing newline * [release-1.7] manual add an example of using holdApplicationUntilProxyStarts #26022 (#26149) * manual cherry pick * manual cherry pick - make gen * [release-1.7] fix operator remove (#26156) * fix operator remove * fix test Co-authored-by: Xinnan Wen <[email protected]> * Automator: update [email protected] in istio/[email protected] (#26165) * Automator: update istio/[email protected] dependency in istio/[email protected] (#26166) * [kiali] use the new kiali server helm chart (#26163) (#26170) (cherry picked from commit f03d473014b78797700f12a2f91b7bffa7fc3572) # Conflicts: # manifests/addons/values-kiali.yaml # samples/addons/kiali.yaml * Rename manifest apply to install (#26167) Co-authored-by: shamsher31 <[email protected]> * add mwc v1beta1 api to runtime scheme (#26193) Co-authored-by: Tariq Ibrahim <[email protected]> * Automator: update [email protected] in istio/[email protected] (#26179) * [release-1.7] add max program size back (#26196) * add max program length back Signed-off-by: Rama Chavali <[email protected]> * fix test Signed-off-by: Rama Chavali <[email protected]> * add docs Signed-off-by: Rama Chavali <[email protected]> Co-authored-by: Rama Chavali <[email protected]> * Remove SDS Timeout for default and root case (#26194) Co-authored-by: Aditya Prerepa <[email protected]> * [release-1.7] Extra Envoy Access Log Attribute and Bag Preprocess Fix (#26197) * initial update * improved comment * comment nit Co-authored-by: Jonathan Kogan <[email protected]> * remove istio-validation container when running istioctl rm (#26190) Co-authored-by: Tariq Ibrahim <[email protected]> * Automator: update [email protected] in istio/[email protected] (#26207) * [release-1.7] Fix duplicate SDS resource (#26241) * Fix duplicate SDS resource * fix golden Co-authored-by: John Howard <[email protected]> * update version of prune list (#26245) Co-authored-by: Xinnan Wen <[email protected]> * [release-1.7] Refresh token periodically through credential fetcher (#26251) * Refresh token periodically through credential fetcher. * Format. * Updated error message. Co-authored-by: Limin Wang <[email protected]> * Automator: update istio/[email protected] dependency in istio/[email protected] (#26247) * [Release-1.7] Enable TCP Telemetry v2 export via Stackdriver filter (#25646) (#26268) * Enable TCP Telemetry v2 export via Stackdriver filter (#25646) * Enable TCP Telemetry v2 export via Stackdriver filter Fix context and vm_id Add test using fake SD and telemetryv2_1.8.yaml Enable TCP Telemetry v2 export via Stackdriver filter Fix context and vm_id Fix istio.deps added Enable TCP Telemetry v2 export via Stackdriver filter Fix context and vm_id Add test using fake SD and telemetryv2_1.8.yaml Enable TCP Telemetry v2 export via Stackdriver filter Fix context and vm_id Fixed based on feedback Debug TCP test.. * Fix lint error * Debug test * Fix test after rebase * fix test * Automator: update [email protected] in istio/[email protected] (#26272) * Automator: update [email protected] in istio/[email protected] (#26278) * added grpc keepalive params to gcp_envoy_bootstrap (#26274) Signed-off-by: Yutong Li <[email protected]> Co-authored-by: Yutong Li <[email protected]> * Automator: update istio/[email protected] dependency in istio/[email protected] (#26279) * [Release-1.7] Update Proxy SHA (#26030) (#26269) * Update Proxy SHA (#26030) Signed-off-by: gargnupur <[email protected]> Update Proxy SHA after the fix in proxy Signed-off-by: gargnupur <[email protected]> * Add extra fields in tcp test too Signed-off-by: gargnupur <[email protected]> * Update SHA * [release-1.7] change the PARSE_TOKEN to skipParseTokenEnv and fix the isTokenExpired logic issue (#26295) * set the PARSE_TOKEN default value to true * change parse Token to skipparsetoken and use default value false * fix lint * add testexpiredtoken * rephrase description * fix lint * fix lint Co-authored-by: williamaronli <[email protected]> * Automator: update [email protected] in istio/[email protected] (#26288) * Revert "update MutatingWebhook apiVersion to v1 and other minor fixes (#24723)" (#26285) (#26310) Retain "add mwc v1beta1 api to runtime scheme (#26187)" This reverts commit 1772c281 (cherry picked from commit 02210d3452acdc782cd842f1560621c8504d50c2) * Don't parse null IstioOperator overlays (#26305) Co-authored-by: Ed Snible <[email protected]> * add namespace flag for istioctl dashboard (#26319) Co-authored-by: Xinnan Wen <[email protected]> * Update dependencies (#26322) * [release-1.7] Update kiali in profiles (#26326) Matching what is in addons * Fix release notes (#26342) * Automator: update [email protected] in istio/[email protected] (#26344) * Add filter configuration override to telemetry v2 (#26286) (#26351) * Add filter configuration override to telemetry v2 * fix * Fix regression in gateway name resolution (#26353) Fixes https://github.com/istio/istio/issues/26264 Co-authored-by: John Howard <[email protected]> * Fix description for istioctl verify-install (#26359) Co-authored-by: Jonh Wendell <[email protected]> * [release-1.7] istioctl: Emit a warning if Kubernetes version is not minimum (#26364) Manual cherry-pick of https://github.com/istio/istio/pull/26145 This is to avoid proceed with the installation and present the user with criptograpyic messages like `Istio core encountered an error: failed to wait for resource: failed to verify CRD creation: the server could not find the requested resource` * [release-1.7] Change Info log to debug log to avoid log span. (#26368) * Change Info log to debug log to avoid log span. * Change error to warning if fail to get a new token. * Add logprefix. Co-authored-by: Limin Wang <[email protected]> * [release-1.7] Cherry-pick fix for CVE ISTIO-SECURITY-2020-009 (#26374) * fix authz suffix matching in TCP (#29) * update the tests (#31) * Run gofmt Co-authored-by: Yangmin Zhu <[email protected]> Co-authored-by: Jacob Delgado <[email protected]> * add forward compatibility with k8s admissions api v1 (#26312) (#26383) * add forward compatibility with k8s admissions api v1 * add support for v1 and v1beta1 AdmissionReview versions * use admission API adapter in validating webhooks (cherry picked from commit c4a14db008d6546d27b00d7318e3100eda8e2603) * Update release notes to use arrays (#26384) * Make notes arrays * Update readme * cherry pick 1.7: sync initial resources in order when starting registry (#26142) (#26394) * Refactor benchmark test (#25671) * Refactor benchmark test This aligns with the new FakeDiscoveryServer to reduce code duplication * fix * Fix index refresh (cherry picked from commit f865b0104ef189950510d498ca4682bb9143b488) * test kube ServiceRegistry in xds_test (#25698) * allow using k8s objects in xds_test * setup node for fake kube service discovery * setup mesh networks to use kube controller instead of just serviceentry * format * correct cluster name in assertions * setup network watcher and pass xds updater * fix rebase fails * more rebase fail * lint * resync endpoints to deal with race * fix rename errors * more fakeController errors * fix error text for ResyncEndpoints * formatting * allow empty ObjectString * rename * also test serviceentry * format (cherry picked from commit 9fb131793daa14e5684d66abeaa1475d0aab2187) * add: ensure envoys can only connect after caches have been synced (#25733) * add caches synced to readiness probe Signed-off-by: Rama Chavali <[email protected]> * reject connections till caches are synced Signed-off-by: Rama Chavali <[email protected]> * lint and unit tests Signed-off-by: Rama Chavali <[email protected]> * call isserver ready Signed-off-by: Rama Chavali <[email protected]> * rename Signed-off-by: Rama Chavali <[email protected]> (cherry picked from commit fbfd7ba3e885c4665bcc46bd24b831f854422bbf) * fix NodePort services for meshNetworks gateway (#25990) * create test cases for different ingress Service types * fix by NOT requiring node selector * Revert "fix by NOT requiring node selector" * fix by requiring NodeSelector annotation * add release notes * import lint (cherry picked from commit 64f0b0f07090225ce755dd10e89941bb61678128) * fix mesh network flakes (#26085) * fix race when merging Service aggregate * dont skip * re-initialize push context * force sync all k8s resources * fix contention on context (cherry picked from commit 26e59e87ffe2a7d72e6872e903c5c6f080ef4aab) * sync initial resources in order when starting registry (#26142) * remove hack for registry init in test * simple force-sync before marking ready * sync lock * wait for sync in fake * check index for latest object whe processing queue * ensure all cluster registries are synced * nil check mulitcluster * remove todosa (cherry picked from commit 096aff3545f9ccffb8ec974f2afae10775d5ae36) Co-authored-by: John Howard <[email protected]> Co-authored-by: Rama Chavali <[email protected]> * manually cherry-pick of #25589 (#26399) * Cherry-pick 1.7: Fix remote clusters when caAddress is not specified (#26334) (#26421) The installation of remote clusters now requires manually setting `caAddress`. This breaks our docs and is a general regression WRT multi-cluster installation. This change manually sets `CA_ADDR` correctly based on the existence of `caAddress`. It also reverts changes to tests to manually specify `caAddress`, so that the tests are more closely aligned with what we're telling users to do. Fixes #26325 * log warning if prune list is empty (#26417) Co-authored-by: Xinnan Wen <[email protected]> * [release-1.7] reload services and endpoints when networks change (#26236) (#26424) * reload services and endpoints when services change (#26236) (cherry picked from commit 1b626657fc015252eee12ecd71d7c4e30e9d83c4) * cleanup networks resync and add tests (#26249) (cherry picked from commit 613b95e3c56e44b5c1413490ce86a34080b34b15) * fix race when reloading kube controller networks (#26290) * fix race when reloading kube controller networks * synchronize access to env push context (cherry picked from commit eb44fe2b4c1ae45af38107e3a4bbe3b775d0bf85) * dont test reloading meshNetworks in xds_test (#26331) (cherry picked from commit 1c7c2f1b020ae21188445e4c812f01c971a554af) * Cherry-pick 1.7: Change sample cross-network port to 15443 (#26389) (#26422) Goal is to not mix TLS and mTLS on the same port. TLS is on 443, mTLS is on 15443. * cherrypick (#26441) * grant read permission to component in the same group (#26444) Co-authored-by: Jimmy Chen <[email protected]> * Log error that prevented authenticator from accepting XDS connection (#26430) Co-authored-by: Ed Snible <[email protected]> * [release-1.7] Mixer Server Integration Tests (#26363) * first changes * small fix * test renames * added tests * formatting and test name * log test * lint * field updates * lint * small change * small chaneg * als test * als test * test fix * gofmt * destination.ip fix * fmt * test new metric * fixes * gofmt * unit test fix * small fixes * added line * added line * gofmt Co-authored-by: Jonathan Kogan <[email protected]> * fix some ux problems of uninstall (#26455) Co-authored-by: Xinnan Wen <[email protected]> * Fix egressgateway ports (#26461) Cannot bind to port 80/443 since we run as non root by default Co-authored-by: John Howard <[email protected]> * Update Mongo version (#26447) Co-authored-by: Eric Van Norman <[email protected]> * add warnings for gateway during uninstall (#26490) Co-authored-by: Xinnan Wen <[email protected]> * Automator: update istio/[email protected] dependency in istio/[email protected] (#26494) * Allow unknown fields in the old-ver IstioOperator when running istioctl upgrade (#26497) * Automator: update [email protected] in istio/[email protected] (#26512) * A vm specific makefile - stright copy from 1.6.8 (#26515) This makefile has been extensively tested, 4 or 5 times, and was the original plan from the workgroup leads meeting and environments meeting. We will have two makefiles for now, until we can conslidate the various makefile operations around certs and tokens into one makefile. Co-authored-by: Steve Dake <[email protected]> * Automator: update [email protected] in istio/[email protected] (#26529) * [release-1.7] Dashboard is no longer experimental (#26560) * Dashboard is no longer experimental * Remove unused code to fix lint Co-authored-by: shamsher31 <[email protected]> * Automator: update [email protected] in istio/[email protected] (#26592) * [release-1.7] Apply standard prom annotations in manual injection mode (#26593) * implement prometheus merge and apply standard prom annotations * fix test * comment * fix test Co-authored-by: Pengyuan Bian <[email protected]> * [release-1.7]Use k8s strategic merge lib for IOP overlays (#26289) (#26521) * Use k8s strategic merge lib for IOP overlays (#26289) * Use k8s strategic merge lib for IOP overlays * Fix some tests * Restore edited values_types generated file * Lint * Add tests, some missing merge paths * Add missing gateways names to various tests * Lint * move configOverride to file directly instead of set override Co-authored-by: Xinnan Wen <[email protected]> * fix test for 1.7 * Remove some unneded fields, fix missing name key * Fix spacing Co-authored-by: Martin Ostrowski <[email protected]> * [release-1.7] add e2e tests for trust domain validation (#26659) * Fix NONE resolution ServiceEntry (#26619) (#26665) * Fix NONE resolution ServiceEntry Fixes https://github.com/istio/istio/issues/25844 * Clean up 0 instances logic for label selector (cherry picked from commit bd6d9eceb1565b6fbfb2586dec7b4ac154e2d1cc) * [1.7] Validate Gateway specs attempting to bind with <1024 port without root (#26699) (#26710) * Validate Gateway specs attempting to bind with <1024 port without root (#26699) * Add validation * Update golden files * Address comments (cherry picked from commit 02863894d52871e76364b5ae88697b2710d401eb) * fix * Bump base image (#26714) * Read GKE_CLUSTER_URL from GCP Metadata server (#26671) Co-authored-by: Tao He <[email protected]> * feat:istioctl x add-to-mesh and remove-from-mesh Should not affect OwnerReferences (#26771) Co-authored-by: tanjunchen <[email protected]> * Update auto-mtls-headless.yaml (#26525) fix a typo * Fix doc typo (#26613) Co-authored-by: Ed Snible <[email protected]> * [release-1.7] fix serviceaccount mismatch issue for operator. (#26761) * fix serviceaccount mismatch issue for operator. * fix operator tests. Co-authored-by: morvencao <[email protected]> * Fix headless svc instances scale (#26636) (#26680) * Fix configupdate for service * Add unit test * add release-note * [release-1.7] cache readiness state with TTL (#26743) * remove stats filter in readiness probe Signed-off-by: Rama Chavali <[email protected]> * cache readiness state with a TTL Signed-off-by: Rama Chavali <[email protected]> * revert the parse state change Signed-off-by: Rama Chavali <[email protected]> * rename variable Signed-off-by: Rama Chavali <[email protected]> * add tests Signed-off-by: Rama Chavali <[email protected]> * make readiness timeout configurable Signed-off-by: Rama Chavali <[email protected]> * lint Signed-off-by: Rama Chavali <[email protected]> * continuously check for readiness on failure Signed-off-by: Rama Chavali <[email protected]> * lint Signed-off-by: Rama Chavali <[email protected]> Co-authored-by: Rama Chavali <[email protected]> * manual backport of 25966 (#26768) Signed-off-by: Rama Chavali <[email protected]> * [release-1.7] allow specifying network for cluster without meshNetworks being configured (#26650) * allow specifying network without meshNetworks fully configured * remove redundant slice alloc and add safety check for clusterID * move cluster id check * set clustername to match in tests * isControllerForProxy Co-authored-by: Steven Landow <[email protected]> * filter out cross-network non mTLS lb eps (#26486) (#26723) * filter out cross-network non mTLS lb eps * release note * format * set service account on xds_test servieentry ep * remove dr * release note wording (cherry picked from commit 755e6411530817897cfb0437d44da06b150aad48) * remove all injected volumes when running remove-from-mesh/uninject (#26784) Co-authored-by: Tariq Ibrahim <[email protected]> * Automator: update istio/[email protected] dependency in istio/[email protected] (#26810) * [release-1.7] handle custom sni in bootstrap clusters (#26685) * handle custom tls sni in bootstrap Signed-off-by: Rama Chavali <[email protected]> * fix ut Signed-off-by: Rama Chavali <[email protected]> Co-authored-by: Rama Chavali <[email protected]> * remove-from-mesh should also restore rewritten app probes (#26808) Co-authored-by: Tariq Ibrahim <[email protected]> * [release-1.7] Fix RPM post-install script (#26832) * Fix RPM post-install script * fix lint * fix comments * Change location of sudoer assignment Co-authored-by: Jason Wang <[email protected]> * Automator: update istio/[email protected] dependency in istio/[email protected] (#26928) * remove cni initContainers and volumes in remove-from-mesh (#26812) (#26840) (cherry picked from commit 707b28d8b8e6dac582f55fe40403109f4d3cbb4e) * apply rewrite probe patch before re-ordering containers (#26898) (#26942) (cherry picked from commit 31213a84d95d3cc67478222b16e84fcee0c990f1) * [release-1.7] cleanup services when removing cluster secret (#26931) * cleanup services when removing cluster secret * release note Co-authored-by: Steven Landow <[email protected]> * [release 1.7] fix istioctl authz check to print authz policies applied in pod (#26676) * [release 1.7] fix istioctl authz check to print authz policies applied in pod (#26625) * fix istioctl authz check for gateway * add update permission to servicemonitor. (#26977) * Automator: update istio/[email protected] dependency in istio/[email protected] (#27000) * [Release 1.7] Fix eds: when endpoint occur later than svc, the eds cache will not updated (#26985) * Fix bug: service occur later than endpoint * add release note * Fix relase note * Several small fixes to mixer envoy ext authz and gRPC access log API support (#26952) * several small fixes to mixer envoy ext authz and gRPC access log API support. * fix test * update * Automator: update istio/[email protected] dependency in istio/[email protected] (#27051) * [release-1.7] Large index or -1 inserts at the end of list (#26896) * Large index or -1 inserts at the end of list * Fix test Co-authored-by: Martin Ostrowski <[email protected]> * Automator: update [email protected] in istio/[email protected] (#27077) * Manual cherrypick of #27075 (#27082) * [release-1.7] Update example command to use non-deprecated flags (#27124) * Update example command to use non-deprecated flags * update example Co-authored-by: shamsher31 <[email protected]> * Remove clusterrole and clusterrolebinding during istioctl operator remove (#27127) Co-authored-by: shamsher31 <[email protected]> * Revert "Remove clusterrole and clusterrolebinding during istioctl operator remove (#27127)" (#27131) This reverts commit 6eb190d5b18f5680fbc10d8d9ff74a03becb1ec6. * Fix Kiali RBAC and bump to latest stable version that is compatible with Istio 1.7+ (#27126) * Kiali: Bump minor version to 1.23 Signed-off-by: dntosas <[email protected]> * Kiali: Add rbac.istio.io apiGroup to clusterRoles Newer versions of Kiali that are compatible with Istio 1.7 require some additional permissions on the utilized clusterRoles. In this commit, we include the missing apiGroup to corresponding Kiali manifests. Signed-off-by: dntosas <[email protected]> * Kiali: Switch to anonymous auth strategy In newer versions of Kiali that are compatible with Istio 1.7, auth login strategy has been removed thus not supported. In this commit, we are migrating to anonymous auth strategy which is also Kiali's default one. Signed-off-by: dntosas <[email protected]> * Kiali: Add releaseNote Signed-off-by: dntosas <[email protected]> * Fix eds: gateways missing endpoint instances of headless service (#27120) * Automator: update [email protected] in istio/[email protected] (#27158) * Trim job suffix to extract out cron job name for workload metadata (#27195) (#27253) * special case cron job processing in webhook * update * Add quotes in log sampling config and add it in the stackdriver test (#27007) (#27212) Signed-off-by: gargnupur <[email protected]> * cache envoy readiness value (#27263) Signed-off-by: Rama Chavali <[email protected]> Co-authored-by: Rama Chavali <[email protected]> * [release-1.7] Fix and test startup probe (#27172) * Fix and test startup probe Fixes https://github.com/istio/istio/issues/26814 * Fix unit tests Co-authored-by: John Howard <[email protected]> * Automator: update istio/[email protected] dependency in istio/[email protected] (#27256) * Automator: update [email protected] in istio/[email protected] (#27258) * [release-1.7] do not apply locality load balancer settings for inbound clusters (#27352) * manual cherrypick of 27295 Signed-off-by: Rama Chavali <[email protected]> * add release notes Signed-off-by: Rama Chavali <[email protected]> * fix compile Signed-off-by: Rama Chavali <[email protected]> * manual cherry-pick of #26729 (#27366) * manual cherry-pick of #26729 * port unit tests * release note * Istiod/Pilot is the only control plane pod (#27357) Co-authored-by: Ed Snible <[email protected]> * cherry pick 27358. (#27381) * cherry pick 27358. * fix lint. * [1.7] Fix WorkloadEntry Updates (#27336) * wip * Skip if not using workload entry * Proper testing * fix lint * fix race * docs: update Istio update instructions Signed-off-by: Yaroslav Skopets <[email protected]> * fix merge mistake Signed-off-by: Yaroslav Skopets <[email protected]> * ci: former `istio/cni` has been moved into `istio/istio`; no more need in a separate build Signed-off-by: Yaroslav Skopets <[email protected]> * Patch for issue #27427 (#27460) * default min TLS version and configure cipher suites (#27613) Signed-off-by: Rama Chavali <[email protected]> * update UPSTREAM-SHA Signed-off-by: Yaroslav Skopets <[email protected]> * revert #136 and #137 in favour of upstream change #27613 Signed-off-by: Yaroslav Skopets <[email protected]> * Add security note for CVE-2020-25017 * Update istio.deps with new proxy sha * Update base image * Automator: update common-files@master in istio/istio@master (#26664) * Revert CRDs move to v1, move back to v1beta1 (#26587) * Revert 7c551404a38c3d61f7816053daede956cb4756ce * fixes * fixes * fixes * fixes * Revert setup_env.sh changes * Update CRDs * update artifacts * update analyzers * revert changes in update_crds * fix indentation in update_crds Signed-off-by: Yaroslav Skopets <[email protected]> * ci: fix build on CircleCI Signed-off-by: Yaroslav Skopets <[email protected]> * ci: build on both branches and tags Co-authored-by: Istio Automation <[email protected]> Co-authored-by: John Howard <[email protected]> Co-authored-by: Brian Avery <[email protected]> Co-authored-by: Justin Wei <[email protected]> Co-authored-by: Justin Wei <[email protected]> Co-authored-by: Yuchen Dai <[email protected]> Co-authored-by: Xinnan Wen <[email protected]> Co-authored-by: Pengyuan Bian <[email protected]> Co-authored-by: Marko Lukša <[email protected]> Co-authored-by: Navraj Singh Chhina <[email protected]> Co-authored-by: Rama Chavali <[email protected]> Co-authored-by: Ed Snible <[email protected]> Co-authored-by: Gregory Hanson <[email protected]> Co-authored-by: Steven Landow <[email protected]> Co-authored-by: Tariq Ibrahim <[email protected]> Co-authored-by: Liam White <[email protected]> Co-authored-by: williamaronli <[email protected]> Co-authored-by: Shriram Rajagopalan <[email protected]> Co-authored-by: Xiang Dai <[email protected]> Co-authored-by: Zhonghu Xu <[email protected]> Co-authored-by: Shamsher Ansari <[email protected]> Co-authored-by: Eric Van Norman <[email protected]> Co-authored-by: Brian Cheung <[email protected]> Co-authored-by: Jonh Wendell <[email protected]> Co-authored-by: Mitch Connors <[email protected]> Co-authored-by: VariableExp0rt <[email protected]> Co-authored-by: jacob-delgado <[email protected]> Co-authored-by: Nupur Garg <[email protected]> Co-authored-by: Iris <[email protected]> Co-authored-by: Steven Dake <[email protected]> Co-authored-by: Lin Sun <[email protected]> Co-authored-by: Douglas Reid <[email protected]> Co-authored-by: Oliver Liu <[email protected]> Co-authored-by: Jimmy Chen <[email protected]> Co-authored-by: Limin Wang <[email protected]> Co-authored-by: Tao He <[email protected]> Co-authored-by: John Mazzitelli <[email protected]> Co-authored-by: Jonathan Kogan <[email protected]> Co-authored-by: Jonathan Kogan <[email protected]> Co-authored-by: Aditya Prerepa <[email protected]> Co-authored-by: Yutong Li <[email protected]> Co-authored-by: williamaronli <[email protected]> Co-authored-by: Yangmin Zhu <[email protected]> Co-authored-by: mandarjog <[email protected]> Co-authored-by: Nathan Mittler <[email protected]> Co-authored-by: Jimmy Chen <[email protected]> Co-authored-by: Tao HE <[email protected]> Co-authored-by: Martin Ostrowski <[email protected]> Co-authored-by: tanjunchen <[email protected]> Co-authored-by: craigbox <[email protected]> Co-authored-by: morvencao <[email protected]> Co-authored-by: Steven Landow <[email protected]> Co-authored-by: Jason Wang <[email protected]> Co-authored-by: Jim Ntosas <[email protected]> Co-authored-by: aattuluri <[email protected]> Co-authored-by: Nikolay Pshenichnyy <[email protected]>
danehans
pushed a commit
to danehans/istio
that referenced
this pull request
Nov 2, 2021
l8huang
pushed a commit
to l8huang/istio
that referenced
this pull request
Jun 16, 2022
antonioberben
pushed a commit
to antonioberben/istio
that referenced
this pull request
Jan 29, 2024
Add clusterIP parameter to collector svc
jwendell
added a commit
that referenced
this pull request
Jun 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated with
./tests/updateVersion.sh -x docker.io/istio,2017-04-13-20.29.28Last cleanup step in the set of breaking changes around mixer config.