From 6df1b45f1bab6cc3cce6ae14021ee79a4a7def63 Mon Sep 17 00:00:00 2001 From: Ed Snible Date: Fri, 24 Jan 2020 11:01:16 -0500 Subject: [PATCH 01/31] Enable istioctl manifest --log_output_level (#20445) * Enable istioctl manifest --log_output_level * All new scopes for operator installer shall be 'installer' * Move translate logging completely to 'translate' scope --- istioctl/cmd/root.go | 2 ++ operator/cmd/mesh/shared.go | 2 -- operator/pkg/helm/fs_renderer.go | 6 ++---- operator/pkg/helm/helm.go | 10 ++++++--- operator/pkg/helm/urlfetcher.go | 3 +-- operator/pkg/helm/urlwatcher.go | 10 ++++----- operator/pkg/helm/vfs_renderer.go | 10 ++++----- operator/pkg/kubectlcmd/client.go | 16 +++++++++------ operator/pkg/manifest/installer.go | 32 +++++++++++++++-------------- operator/pkg/translate/translate.go | 26 +++++++++++------------ 10 files changed, 60 insertions(+), 57 deletions(-) diff --git a/istioctl/cmd/root.go b/istioctl/cmd/root.go index a221fb0b496d..9fb0733711a2 100644 --- a/istioctl/cmd/root.go +++ b/istioctl/cmd/root.go @@ -72,6 +72,8 @@ func defaultLogOptions() *log.Options { o.SetOutputLevel("processing", log.ErrorLevel) o.SetOutputLevel("source", log.ErrorLevel) o.SetOutputLevel("analysis", log.WarnLevel) + o.SetOutputLevel("installer", log.WarnLevel) + o.SetOutputLevel("translator", log.WarnLevel) return o } diff --git a/operator/cmd/mesh/shared.go b/operator/cmd/mesh/shared.go index 4fc9d7484f2e..77a8a82059bd 100644 --- a/operator/cmd/mesh/shared.go +++ b/operator/cmd/mesh/shared.go @@ -38,8 +38,6 @@ func configLogs(logToStdErr bool) error { opt := log.DefaultOptions() if logToStdErr { opt.OutputPaths = []string{"stderr"} - } else { - opt.SetOutputLevel(log.OverrideScopeName, log.NoneLevel) } return log.Configure(opt) } diff --git a/operator/pkg/helm/fs_renderer.go b/operator/pkg/helm/fs_renderer.go index 2199a8271943..3fc11b3e8383 100644 --- a/operator/pkg/helm/fs_renderer.go +++ b/operator/pkg/helm/fs_renderer.go @@ -19,8 +19,6 @@ import ( "k8s.io/helm/pkg/chartutil" "k8s.io/helm/pkg/proto/hapi/chart" - - "istio.io/pkg/log" ) // FileTemplateRenderer is a helm template renderer for a local filesystem. @@ -35,7 +33,7 @@ type FileTemplateRenderer struct { // NewFileTemplateRenderer creates a TemplateRenderer with the given parameters and returns a pointer to it. // helmChartDirPath must be an absolute file path to the root of the helm charts. func NewFileTemplateRenderer(helmChartDirPath, componentName, namespace string) *FileTemplateRenderer { - log.Infof("NewFileTemplateRenderer with helmChart=%s, componentName=%s", helmChartDirPath, componentName) + scope.Infof("NewFileTemplateRenderer with helmChart=%s, componentName=%s", helmChartDirPath, componentName) return &FileTemplateRenderer{ namespace: namespace, componentName: componentName, @@ -45,7 +43,7 @@ func NewFileTemplateRenderer(helmChartDirPath, componentName, namespace string) // Run implements the TemplateRenderer interface. func (h *FileTemplateRenderer) Run() error { - log.Infof("Run FileTemplateRenderer with helmChart=%s, componentName=%s", h.helmChartDirPath, h.componentName) + scope.Infof("Run FileTemplateRenderer with helmChart=%s, componentName=%s", h.helmChartDirPath, h.componentName) if err := h.loadChart(); err != nil { return err } diff --git a/operator/pkg/helm/helm.go b/operator/pkg/helm/helm.go index 6b0cc5fc0b8b..3dc06607e7e3 100644 --- a/operator/pkg/helm/helm.go +++ b/operator/pkg/helm/helm.go @@ -43,6 +43,10 @@ const ( NotesFileNameSuffix = ".txt" ) +var ( + scope = log.RegisterScope("installer", "installer", 0) +) + // TemplateRenderer defines a helm template renderer interface. type TemplateRenderer interface { // Run starts the renderer and should be called before using it. @@ -74,9 +78,9 @@ func ReadProfileYAML(profile string) (string, error) { var err error var globalValues string if profile == "" { - log.Infof("ReadProfileYAML for profile name: [Empty]") + scope.Infof("ReadProfileYAML for profile name: [Empty]") } else { - log.Infof("ReadProfileYAML for profile name: %s", profile) + scope.Infof("ReadProfileYAML for profile name: %s", profile) } // Get global values from profile. @@ -86,7 +90,7 @@ func ReadProfileYAML(profile string) (string, error) { return "", err } case util.IsFilePath(profile): - log.Infof("Loading values from local filesystem at path %s", profile) + scope.Infof("Loading values from local filesystem at path %s", profile) if globalValues, err = readFile(profile); err != nil { return "", err } diff --git a/operator/pkg/helm/urlfetcher.go b/operator/pkg/helm/urlfetcher.go index f50d814dcb6d..b33b0baeee52 100644 --- a/operator/pkg/helm/urlfetcher.go +++ b/operator/pkg/helm/urlfetcher.go @@ -30,7 +30,6 @@ import ( "istio.io/istio/operator/pkg/httprequest" "istio.io/istio/operator/pkg/util" - "istio.io/pkg/log" ) const ( @@ -126,7 +125,7 @@ func (f *URLFetcher) fetchChart(shaF string) error { hash := strings.Split(string(hashAll), " ")[0] h := sha256.New() if _, err := io.Copy(h, file); err != nil { - log.Error(err.Error()) + scope.Error(err.Error()) } sum := h.Sum(nil) actualHash := hex.EncodeToString(sum) diff --git a/operator/pkg/helm/urlwatcher.go b/operator/pkg/helm/urlwatcher.go index 83441d716eb6..52f5f9e194d2 100644 --- a/operator/pkg/helm/urlwatcher.go +++ b/operator/pkg/helm/urlwatcher.go @@ -20,8 +20,6 @@ import ( "os" "strings" "time" - - "istio.io/pkg/log" ) // URLPoller is used to poll files from remote url at specific internal @@ -61,10 +59,10 @@ func (p *URLPoller) checkUpdate() (bool, error) { func (p *URLPoller) poll(notify chan<- struct{}) { for t := range p.ticker.C { // When the ticker fires - log.Debugf("Tick at: %s", t) + scope.Debugf("Tick at: %s", t) updated, err := p.checkUpdate() if err != nil { - log.Errorf("Error polling charts: %v", err) + scope.Errorf("Error polling charts: %v", err) } if updated { notify <- struct{}{} @@ -90,13 +88,13 @@ func NewPoller(installationURL string, destDir string, interval time.Duration) ( func PollURL(installationURL string, interval time.Duration) (chan<- struct{}, error) { destDir, err := ioutil.TempDir("", InstallationDirectory) if err != nil { - log.Error("failed to create temp directory for charts") + scope.Error("failed to create temp directory for charts") return nil, err } po, err := NewPoller(installationURL, destDir, interval) if err != nil { - log.Fatalf("failed to create new poller for: %s", err) + scope.Fatalf("failed to create new poller for: %s", err) } updated := make(chan struct{}, 1) go po.poll(updated) diff --git a/operator/pkg/helm/vfs_renderer.go b/operator/pkg/helm/vfs_renderer.go index 7a2e9fc99499..c9f4d3c5fb2d 100644 --- a/operator/pkg/helm/vfs_renderer.go +++ b/operator/pkg/helm/vfs_renderer.go @@ -24,8 +24,6 @@ import ( "istio.io/istio/operator/pkg/util" "istio.io/istio/operator/pkg/vfs" - - "istio.io/pkg/log" ) const ( @@ -64,7 +62,7 @@ type VFSRenderer struct { // NewVFSRenderer creates a VFSRenderer with the given relative path to helm charts, component name and namespace and // a base values YAML string. func NewVFSRenderer(helmChartDirPath, componentName, namespace string) *VFSRenderer { - log.Debugf("NewVFSRenderer with helmChart=%s, componentName=%s, namespace=%s", helmChartDirPath, componentName, namespace) + scope.Debugf("NewVFSRenderer with helmChart=%s, componentName=%s, namespace=%s", helmChartDirPath, componentName, namespace) return &VFSRenderer{ namespace: namespace, componentName: componentName, @@ -74,7 +72,7 @@ func NewVFSRenderer(helmChartDirPath, componentName, namespace string) *VFSRende // Run implements the TemplateRenderer interface. func (h *VFSRenderer) Run() error { - log.Debugf("Run VFSRenderer with helmChart=%s, componentName=%s, namespace=%s", h.helmChartDirPath, h.componentName, h.namespace) + scope.Debugf("Run VFSRenderer with helmChart=%s, componentName=%s, namespace=%s", h.helmChartDirPath, h.componentName, h.namespace) if err := h.loadChart(); err != nil { return err } @@ -94,7 +92,7 @@ func (h *VFSRenderer) RenderManifest(values string) (string, error) { // LoadValuesVFS loads the compiled in file corresponding to the given profile name. func LoadValuesVFS(profileName string) (string, error) { path := filepath.Join(profilesRoot, BuiltinProfileToFilename(profileName)) - log.Infof("Loading values from compiled in VFS at path %s", path) + scope.Infof("Loading values from compiled in VFS at path %s", path) b, err := vfs.ReadFile(path) return string(b), err } @@ -126,7 +124,7 @@ func (h *VFSRenderer) loadChart() error { Data: b, } bfs = append(bfs, bf) - log.Debugf("Chart loaded: %s", bf.Name) + scope.Debugf("Chart loaded: %s", bf.Name) } h.chart, err = chartutil.LoadFiles(bfs) diff --git a/operator/pkg/kubectlcmd/client.go b/operator/pkg/kubectlcmd/client.go index b9809f908351..c53f20a73090 100644 --- a/operator/pkg/kubectlcmd/client.go +++ b/operator/pkg/kubectlcmd/client.go @@ -27,6 +27,10 @@ import ( "istio.io/pkg/log" ) +var ( + scope = log.RegisterScope("installer", "installer", 0) +) + // New creates a Client that runs kubectl available on the path with default authentication func New() *Client { return &Client{cmdSite: &console{}} @@ -71,7 +75,7 @@ type Options struct { // It returns stdout, stderr from the `kubectl` command as strings, and error for errors external to kubectl. func (c *Client) Apply(manifest string, opts *Options) (string, string, error) { if strings.TrimSpace(manifest) == "" { - log.Infof("Empty manifest, not running kubectl apply.") + scope.Infof("Empty manifest, not running kubectl apply.") return "", "", nil } subcmds := []string{"apply"} @@ -83,7 +87,7 @@ func (c *Client) Apply(manifest string, opts *Options) (string, string, error) { // It returns stdout, stderr from the `kubectl` command as strings, and error for errors external to kubectl. func (c *Client) Delete(manifest string, opts *Options) (string, string, error) { if strings.TrimSpace(manifest) == "" { - log.Infof("Empty manifest, not running kubectl delete.") + scope.Infof("Empty manifest, not running kubectl delete.") return "", "", nil } subcmds := []string{"delete"} @@ -145,20 +149,20 @@ func (c *Client) kubectl(subcmds []string, opts *Options) (string, string, error } if opts.DryRun { - log.Infof("dry run mode: would be running this cmd:\n%s\n", cmdStr) + scope.Infof("dry run mode: would be running this cmd:\n%s\n", cmdStr) return "", "", nil } - log.Infof("running command:\n%s\n", cmdStr) + scope.Infof("running command:\n%s\n", cmdStr) err := c.cmdSite.Run(cmd) csError := util.ConsolidateLog(stderr.String()) if err != nil { - log.Errorf("error running kubectl: %s", err) + scope.Errorf("error running kubectl: %s", err) return stdout.String(), csError, fmt.Errorf("error running kubectl: %s", err) } - log.Infof("command succeeded: %s", cmdStr) + scope.Infof("command succeeded: %s", cmdStr) return stdout.String(), csError, nil } diff --git a/operator/pkg/manifest/installer.go b/operator/pkg/manifest/installer.go index b2d211b0c4fd..30322e40a9ad 100644 --- a/operator/pkg/manifest/installer.go +++ b/operator/pkg/manifest/installer.go @@ -72,6 +72,8 @@ var ( istioComponentLabelStr = name.OperatorAPINamespace + "/component" // istioVersionLabelStr indicates the Istio version of the installation. istioVersionLabelStr = name.OperatorAPINamespace + "/version" + + scope = log.RegisterScope("installer", "installer", 0) ) // ComponentApplyOutput is used to capture errors and stdout/stderr outputs for a command, per component. @@ -199,11 +201,11 @@ func renderRecursive(manifests name.ManifestMap, installTree componentTree, outp // ApplyAll applies all given manifests using kubectl client. func ApplyAll(manifests name.ManifestMap, version pkgversion.Version, opts *kubectlcmd.Options) (CompositeOutput, error) { - log.Infof("Preparing manifests for these components:") + scope.Infof("Preparing manifests for these components:") for c := range manifests { - log.Infof("- %s", c) + scope.Infof("- %s", c) } - log.Infof("Component dependencies tree: \n%s", installTreeString()) + scope.Infof("Component dependencies tree: \n%s", installTreeString()) if err := InitK8SRestClient(opts.Kubeconfig, opts.Context); err != nil { return nil, err } @@ -221,9 +223,9 @@ func applyRecursive(manifests name.ManifestMap, version pkgversion.Version, opts wg.Add(1) go func() { if s := dependencyWaitCh[c]; s != nil { - log.Infof("%s is waiting on a prerequisite...", c) + scope.Infof("%s is waiting on a prerequisite...", c) <-s - log.Infof("Prerequisite for %s has completed, proceeding with install.", c) + scope.Infof("Prerequisite for %s has completed, proceeding with install.", c) } applyOut, appliedObjects := ApplyManifest(c, strings.Join(m, helm.YAMLSeparator), version.String(), *opts) mu.Lock() @@ -235,12 +237,12 @@ func applyRecursive(manifests name.ManifestMap, version pkgversion.Version, opts // For example, for the validation webhook to become ready, so we should wait for it always. if len(componentDependencies[c]) > 0 { if err := WaitForResources(appliedObjects, opts); err != nil { - log.Errorf("failed to wait for resource: %v", err) + scope.Errorf("failed to wait for resource: %v", err) } } // Signal all the components that depend on us. for _, ch := range componentDependencies[c] { - log.Infof("unblocking child %s.", ch) + scope.Infof("unblocking child %s.", ch) dependencyWaitCh[ch] <- struct{}{} } wg.Done() @@ -499,11 +501,11 @@ func objectsNotInLists(objects object.K8sObjects, lists ...object.K8sObjects) ob func waitForCRDs(objects object.K8sObjects, dryRun bool) error { if dryRun { - log.Info("Not waiting for CRDs in dry run mode.") + scope.Info("Not waiting for CRDs in dry run mode.") return nil } - log.Info("Waiting for CRDs to be applied.") + scope.Info("Waiting for CRDs to be applied.") cs, err := apiextensionsclient.NewForConfig(k8sRESTConfig) if err != nil { return fmt.Errorf("k8s client error: %s", err) @@ -525,27 +527,27 @@ func waitForCRDs(objects object.K8sObjects, dryRun bool) error { switch cond.Type { case apiextensionsv1beta1.Established: if cond.Status == apiextensionsv1beta1.ConditionTrue { - log.Infof("established CRD %q", crdName) + scope.Infof("established CRD %q", crdName) continue descriptor } case apiextensionsv1beta1.NamesAccepted: if cond.Status == apiextensionsv1beta1.ConditionFalse { - log.Warnf("name conflict: %v", cond.Reason) + scope.Warnf("name conflict: %v", cond.Reason) } } } - log.Infof("missing status condition for %q", crdName) + scope.Infof("missing status condition for %q", crdName) return false, nil } return true, nil }) if errPoll != nil { - log.Errorf("failed to verify CRD creation; %s", errPoll) + scope.Errorf("failed to verify CRD creation; %s", errPoll) return fmt.Errorf("failed to verify CRD creation: %s", errPoll) } - log.Info("Finished applying CRDs.") + scope.Info("Finished applying CRDs.") return nil } @@ -817,6 +819,6 @@ func BuildClientConfig(kubeconfig, context string) (*rest.Config, error) { func logAndPrint(v ...interface{}) { s := fmt.Sprintf(v[0].(string), v[1:]...) - log.Infof(s) + scope.Infof(s) fmt.Println(s) } diff --git a/operator/pkg/translate/translate.go b/operator/pkg/translate/translate.go index 0bd9517b53f7..64ae796d1218 100644 --- a/operator/pkg/translate/translate.go +++ b/operator/pkg/translate/translate.go @@ -47,7 +47,7 @@ const ( HelmValuesNamespaceSubpath = "namespace" // TranslateConfigFolder is the folder where we store translation configurations TranslateConfigFolder = "translateConfig" - // translateConfig is the prefix of IstioOperator's translation configuration file + // TranslateConfigPrefix is the prefix of IstioOperator's translation configuration file TranslateConfigPrefix = "translateConfig-" // ICPToIOPConfigPrefix is the prefix of IstioControPlane-to-IstioOperator translation configuration file ICPToIOPConfigPrefix = "translate-ICP-IOP-" @@ -76,7 +76,7 @@ type Translator struct { ComponentMaps map[name.ComponentName]*ComponentMaps `yaml:"componentMaps"` } -// FeatureMaps is a set of mappings for an Istio feature. +// FeatureMap is a set of mappings for an Istio feature. type FeatureMap struct { // Components contains list of components that belongs to the current feature. Components []name.ComponentName @@ -128,9 +128,9 @@ func (t *Translator) OverlayK8sSettings(yml string, iop *v1alpha1.IstioOperatorS if err != nil { return "", err } - log.Debugf("Manifest contains the following objects:") + scope.Debugf("Manifest contains the following objects:") for _, o := range objects { - log.Debugf("%s", o.HashNameKind()) + scope.Debugf("%s", o.HashNameKind()) } // om is a map of kind:name string to Object ptr. om := objects.ToNameKindMap() @@ -140,30 +140,30 @@ func (t *Translator) OverlayK8sSettings(yml string, iop *v1alpha1.IstioOperatorS return "", err } inPath = strings.Replace(inPath, "gressGateways.", "gressGateways."+fmt.Sprint(index)+".", 1) - log.Debugf("Checking for path %s in IstioOperatorSpec", inPath) + scope.Debugf("Checking for path %s in IstioOperatorSpec", inPath) m, found, err := tpath.GetFromStructPath(iop, inPath) if err != nil { return "", err } if !found { - log.Debugf("path %s not found in IstioOperatorSpec, skip mapping.", inPath) + scope.Debugf("path %s not found in IstioOperatorSpec, skip mapping.", inPath) continue } if mstr, ok := m.(string); ok && mstr == "" { - log.Debugf("path %s is empty string, skip mapping.", inPath) + scope.Debugf("path %s is empty string, skip mapping.", inPath) continue } // Zero int values are due to proto3 compiling to scalars rather than ptrs. Skip these because values of 0 are // the default in destination fields and need not be set explicitly. if mint, ok := util.ToIntValue(m); ok && mint == 0 { - log.Debugf("path %s is int 0, skip mapping.", inPath) + scope.Debugf("path %s is int 0, skip mapping.", inPath) continue } outPath, err := t.renderResourceComponentPathTemplate(v.OutPath, componentName) if err != nil { return "", err } - log.Debugf("path has value in IstioOperatorSpec, mapping to output path %s", outPath) + scope.Debugf("path has value in IstioOperatorSpec, mapping to output path %s", outPath) path := util.PathFromString(outPath) pe := path[0] // Output path must start with [kind:name], which is used to map to the object to overlay. @@ -175,7 +175,7 @@ func (t *Translator) OverlayK8sSettings(yml string, iop *v1alpha1.IstioOperatorS oo, ok := om[pe] if !ok { // skip to overlay the K8s settings if the corresponding resource doesn't exist. - log.Infof("resource Kind:name %s doesn't exist in the output manifest, skip overlay.", pe) + scope.Infof("resource Kind:name %s doesn't exist in the output manifest, skip overlay.", pe) continue } @@ -248,7 +248,7 @@ func (t *Translator) TranslateHelmValues(iop *v1alpha1.IstioOperatorSpec, compon } if devDbg { - log.Infof("Values translated from IstioOperator API:\n%s", apiValsStr) + scope.Infof("Values translated from IstioOperator API:\n%s", apiValsStr) } // Add global overlay from IstioOperatorSpec.Values/UnvalidatedValues. @@ -261,8 +261,8 @@ func (t *Translator) TranslateHelmValues(iop *v1alpha1.IstioOperatorSpec, compon return "", err } if devDbg { - log.Infof("Values from IstioOperatorSpec.Values:\n%s", util.ToYAML(globalVals)) - log.Infof("Values from IstioOperatorSpec.UnvalidatedValues:\n%s", util.ToYAML(globalUnvalidatedVals)) + scope.Infof("Values from IstioOperatorSpec.Values:\n%s", util.ToYAML(globalVals)) + scope.Infof("Values from IstioOperatorSpec.UnvalidatedValues:\n%s", util.ToYAML(globalUnvalidatedVals)) } mergedVals, err := util.OverlayTrees(apiVals, globalVals) if err != nil { From 8a6fe03abf4fbe7cd88b88d4a73b31545c36ea38 Mon Sep 17 00:00:00 2001 From: Jack Kleeman Date: Fri, 24 Jan 2020 18:07:08 +0000 Subject: [PATCH 02/31] Allow non-intercepting proxies CAP_NET_BIND_SERVICE via annotation (#20378) If you don't intercept traffic, you might still want your proxy to bind on port 80, for example. So we need CAP_NET_BIND_SERVICE. We'll gate this behaviour with sidecar.istio.io/capNetBindService or .Values.global.proxy.capNetBindService --- .../files/injection-template.yaml | 9 +++++++-- .../files/injection-template.yaml | 9 +++++++-- .../manifest-generate/output/all_on.yaml | 18 ++++++++++++++---- .../manifest-generate/output/flag_force.yaml | 9 +++++++-- .../manifest-generate/output/flag_output.yaml | 9 +++++++-- .../output/flag_output_set_profile.yaml | 9 +++++++-- .../output/flag_output_set_values.yaml | 9 +++++++-- .../output/flag_override_values.yaml | 9 +++++++-- .../output/flag_set_values.yaml | 9 +++++++-- .../output/pilot_default.yaml | 9 +++++++-- .../output/pilot_k8s_settings.yaml | 9 +++++++-- .../output/pilot_override_kubernetes.yaml | 9 +++++++-- .../output/pilot_override_values.yaml | 9 +++++++-- operator/pkg/vfs/assets.gen.go | 18 ++++++++++++++---- 14 files changed, 112 insertions(+), 32 deletions(-) diff --git a/manifests/istio-control/istio-autoinject/files/injection-template.yaml b/manifests/istio-control/istio-autoinject/files/injection-template.yaml index f3c73b8f2226..dc7c278594c0 100644 --- a/manifests/istio-control/istio-autoinject/files/injection-template.yaml +++ b/manifests/istio-control/istio-autoinject/files/injection-template.yaml @@ -321,16 +321,21 @@ template: | securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/manifests/istio-control/istio-discovery/files/injection-template.yaml b/manifests/istio-control/istio-discovery/files/injection-template.yaml index 054e5a510f76..5bbeeccdf16a 100644 --- a/manifests/istio-control/istio-discovery/files/injection-template.yaml +++ b/manifests/istio-control/istio-discovery/files/injection-template.yaml @@ -335,17 +335,22 @@ template: | securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml index 04199c8769d3..47dae0f7626e 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml @@ -9056,17 +9056,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} @@ -10188,16 +10193,21 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml index ceb3e3c89739..a169136d66a1 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml @@ -1384,17 +1384,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml index 47c857585861..e6c431b5682f 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml @@ -1387,17 +1387,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml index 53ac34987143..791a5ccfee9d 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml @@ -7137,17 +7137,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml index b2538bdf970a..1cc90a4006a5 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml @@ -7972,17 +7972,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml index b5a45fbec45f..c6ba0cd348a6 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml @@ -1381,17 +1381,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml index 1947d4cc7f69..2560896cd573 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml @@ -7971,17 +7971,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml index 48d202f3d274..99d7f78d38b5 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml @@ -1381,17 +1381,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml index a280b8b80ff8..d8c9ad6cdb30 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml @@ -1387,17 +1387,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml index 057504b549fd..2474306b74f9 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml @@ -1138,17 +1138,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml index 38e17a07f017..d6fa4e191a1e 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml @@ -1381,17 +1381,22 @@ data: securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} diff --git a/operator/pkg/vfs/assets.gen.go b/operator/pkg/vfs/assets.gen.go index a274155f2c76..2c057325ffc5 100644 --- a/operator/pkg/vfs/assets.gen.go +++ b/operator/pkg/vfs/assets.gen.go @@ -9676,16 +9676,21 @@ var _chartsIstioControlIstioAutoinjectFilesInjectionTemplateYaml = []byte(`templ securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode) `+"`"+`TPROXY`+"`"+` -}} + {{ if or (eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode) `+"`"+`TPROXY`+"`"+`) (eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/capNetBindService`+"`"+` .Values.global.proxy.capNetBindService) `+"`"+`true`+"`"+`) -}} add: + {{ if eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode) `+"`"+`TPROXY`+"`"+` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/capNetBindService`+"`"+` .Values.global.proxy.capNetBindService) `+"`"+`true`+"`"+` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 - {{ if eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode) `+"`"+`TPROXY`+"`"+` -}} + {{ if or (eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode) `+"`"+`TPROXY`+"`"+`) (eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/capNetBindService`+"`"+` .Values.global.proxy.capNetBindService) `+"`"+`true`+"`"+`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} @@ -12141,17 +12146,22 @@ template: | securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: - {{ if eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode) `+"`"+`TPROXY`+"`"+` -}} + {{ if or (eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode) `+"`"+`TPROXY`+"`"+`) (eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/capNetBindService`+"`"+` .Values.global.proxy.capNetBindService) `+"`"+`true`+"`"+`) -}} add: + {{ if eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode) `+"`"+`TPROXY`+"`"+` -}} - NET_ADMIN {{- end }} + {{ if eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/capNetBindService`+"`"+` .Values.global.proxy.capNetBindService) `+"`"+`true`+"`"+` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} drop: - ALL privileged: {{ .Values.global.proxy.privileged }} readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} runAsGroup: 1337 fsGroup: 1337 - {{ if eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode) `+"`"+`TPROXY`+"`"+` -}} + {{ if or (eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode) `+"`"+`TPROXY`+"`"+`) (eq (annotation .ObjectMeta `+"`"+`sidecar.istio.io/capNetBindService`+"`"+` .Values.global.proxy.capNetBindService) `+"`"+`true`+"`"+`) -}} runAsNonRoot: false runAsUser: 0 {{- else -}} From 834103af13556ce0541b60f761d9aee805e40e6a Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 24 Jan 2020 10:07:21 -0800 Subject: [PATCH 03/31] Deflake TestWorkloadAgentGenerateSecret (#20433) What happens is with 2s the secret gets rotated and deleted, causing test to fail --- security/pkg/nodeagent/cache/secretcache_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/pkg/nodeagent/cache/secretcache_test.go b/security/pkg/nodeagent/cache/secretcache_test.go index 9bf48d4e5e93..c2d8e2d5fed1 100644 --- a/security/pkg/nodeagent/cache/secretcache_test.go +++ b/security/pkg/nodeagent/cache/secretcache_test.go @@ -222,7 +222,7 @@ func testWorkloadAgentGenerateSecret(t *testing.T, isUsingPluginProvider bool) { opt := Options{ SecretTTL: time.Minute, RotationInterval: 300 * time.Microsecond, - EvictionDuration: 2 * time.Second, + EvictionDuration: 60 * time.Second, InitialBackoff: 10, SkipValidateCert: true, } From b3691ee2f45ff744cff38e5eb02fa993bc2cfcc6 Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 24 Jan 2020 11:11:42 -0800 Subject: [PATCH 04/31] Use consistent logging scope names (#19879) With Istiod logging scope is pretty important, as it will help us distinguish logs from XDS vs CA vs Injection, etc. This PR just renames some of these scopes for consistency. Namely, use all lower case and remove the Log suffix. I am ok with removing the other changes if others don't agree, but definitely should remove Log. It just adds noise - I have a small screen. --- pkg/test/scopes/scopes.go | 2 +- security/pkg/k8s/configmap/configmap.go | 2 +- security/pkg/k8s/controller/casecret.go | 13 ++++--------- security/pkg/k8s/controller/workloadsecret.go | 2 +- security/pkg/nodeagent/cache/secretcache.go | 2 +- .../nodeagent/caclient/providers/citadel/client.go | 2 +- .../nodeagent/caclient/providers/google/client.go | 2 +- .../nodeagent/caclient/providers/vault/client.go | 2 +- .../plugin/providers/google/stsclient/stsclient.go | 2 +- .../pkg/nodeagent/secretfetcher/secretfetcher.go | 2 +- security/pkg/pki/ca/ca.go | 2 +- security/pkg/pki/ca/selfsignedcarootcertrotator.go | 2 +- security/pkg/server/ca/server.go | 2 +- security/pkg/stsservice/server/server.go | 2 +- 14 files changed, 17 insertions(+), 22 deletions(-) diff --git a/pkg/test/scopes/scopes.go b/pkg/test/scopes/scopes.go index 7c8c45ac947d..b4deeabc9793 100644 --- a/pkg/test/scopes/scopes.go +++ b/pkg/test/scopes/scopes.go @@ -21,5 +21,5 @@ var ( Framework = log.RegisterScope("tf", "General scope for the test framework", 0) // CI system specific logging scope. - CI = log.RegisterScope("CI", "Scope for normal log reporting to be used in CI systems", 0) + CI = log.RegisterScope("ci", "Scope for normal log reporting to be used in CI systems", 0) ) diff --git a/security/pkg/k8s/configmap/configmap.go b/security/pkg/k8s/configmap/configmap.go index dd2592a9236f..7a86882fd15b 100644 --- a/security/pkg/k8s/configmap/configmap.go +++ b/security/pkg/k8s/configmap/configmap.go @@ -26,7 +26,7 @@ import ( corev1 "k8s.io/client-go/kubernetes/typed/core/v1" ) -var configMapLog = log.RegisterScope("configMapController", "ConfigMap controller log", 0) +var configMapLog = log.RegisterScope("configmapcontroller", "ConfigMap controller log", 0) const ( IstioSecurityConfigMapName = "istio-security" diff --git a/security/pkg/k8s/controller/casecret.go b/security/pkg/k8s/controller/casecret.go index 02858339ab27..05729bc2e260 100644 --- a/security/pkg/k8s/controller/casecret.go +++ b/security/pkg/k8s/controller/casecret.go @@ -20,13 +20,8 @@ import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" corev1 "k8s.io/client-go/kubernetes/typed/core/v1" - - "istio.io/pkg/log" ) -var caSecretControllerLog = log.RegisterScope("caSecretController", - "Self-signed root cert secret controller log", 0) - // CaSecretController manages the self-signed signing CA secret. type CaSecretController struct { client corev1.CoreV1Interface @@ -51,11 +46,11 @@ func (csc *CaSecretController) LoadCASecretWithRetry(secretName, namespace strin if scrtErr == nil { return caSecret, scrtErr } - caSecretControllerLog.Errorf("Failed on loading CA secret %s:%s.", + k8sControllerLog.Errorf("Failed on loading CA secret %s:%s.", namespace, secretName) if time.Since(start) > timeout { - caSecretControllerLog.Errorf("Timeout on loading CA secret %s:%s.", + k8sControllerLog.Errorf("Timeout on loading CA secret %s:%s.", namespace, secretName) return caSecret, scrtErr } @@ -72,11 +67,11 @@ func (csc *CaSecretController) UpdateCASecretWithRetry(caSecret *v1.Secret, if scrtErr == nil { return nil } - caSecretControllerLog.Errorf("Failed on updating CA secret %s:%s.", + k8sControllerLog.Errorf("Failed on updating CA secret %s:%s.", caSecret.Namespace, caSecret.Name) if time.Since(start) > timeout { - caSecretControllerLog.Errorf("Timeout on updating CA secret %s:%s.", + k8sControllerLog.Errorf("Timeout on updating CA secret %s:%s.", caSecret.Namespace, caSecret.Name) return scrtErr } diff --git a/security/pkg/k8s/controller/workloadsecret.go b/security/pkg/k8s/controller/workloadsecret.go index cf28398734a8..a2e2a15b14f5 100644 --- a/security/pkg/k8s/controller/workloadsecret.go +++ b/security/pkg/k8s/controller/workloadsecret.go @@ -82,7 +82,7 @@ const ( caPrivateKeyID = "ca-key.pem" ) -var k8sControllerLog = log.RegisterScope("k8sController", "Citadel kubernetes controller log", 0) +var k8sControllerLog = log.RegisterScope("secretcontroller", "Citadel kubernetes controller log", 0) // DNSNameEntry stores the service name and namespace to construct the DNS id. // Service accounts matching the ServiceName and Namespace will have additional DNS SANs: diff --git a/security/pkg/nodeagent/cache/secretcache.go b/security/pkg/nodeagent/cache/secretcache.go index 6632d77b5ae6..f8f4324ddf1e 100644 --- a/security/pkg/nodeagent/cache/secretcache.go +++ b/security/pkg/nodeagent/cache/secretcache.go @@ -37,7 +37,7 @@ import ( ) var ( - cacheLog = log.RegisterScope("cacheLog", "cache debugging", 0) + cacheLog = log.RegisterScope("cache", "cache debugging", 0) ) const ( diff --git a/security/pkg/nodeagent/caclient/providers/citadel/client.go b/security/pkg/nodeagent/caclient/providers/citadel/client.go index ee20179b3b67..9db3a34ccbba 100644 --- a/security/pkg/nodeagent/caclient/providers/citadel/client.go +++ b/security/pkg/nodeagent/caclient/providers/citadel/client.go @@ -37,7 +37,7 @@ const ( ) var ( - citadelClientLog = log.RegisterScope("citadelClientLog", "citadel client debugging", 0) + citadelClientLog = log.RegisterScope("citadelclient", "citadel client debugging", 0) ) type citadelClient struct { diff --git a/security/pkg/nodeagent/caclient/providers/google/client.go b/security/pkg/nodeagent/caclient/providers/google/client.go index 6167cbf85874..9376835e534c 100644 --- a/security/pkg/nodeagent/caclient/providers/google/client.go +++ b/security/pkg/nodeagent/caclient/providers/google/client.go @@ -35,7 +35,7 @@ import ( const bearerTokenPrefix = "Bearer " var ( - googleCAClientLog = log.RegisterScope("googleCAClientLog", "Google CA client debugging", 0) + googleCAClientLog = log.RegisterScope("googleca", "Google CA client debugging", 0) gkeClusterURL = env.RegisterStringVar("GKE_CLUSTER_URL", "", "The url of GKE cluster").Get() ) diff --git a/security/pkg/nodeagent/caclient/providers/vault/client.go b/security/pkg/nodeagent/caclient/providers/vault/client.go index 3a0a75185b18..5b6b95acc743 100644 --- a/security/pkg/nodeagent/caclient/providers/vault/client.go +++ b/security/pkg/nodeagent/caclient/providers/vault/client.go @@ -29,7 +29,7 @@ import ( ) var ( - vaultClientLog = log.RegisterScope("vaultClientLog", "Vault client debugging", 0) + vaultClientLog = log.RegisterScope("vault", "Vault client debugging", 0) ) type vaultClient struct { diff --git a/security/pkg/nodeagent/plugin/providers/google/stsclient/stsclient.go b/security/pkg/nodeagent/plugin/providers/google/stsclient/stsclient.go index 7d2031e48968..f63f5f53d058 100644 --- a/security/pkg/nodeagent/plugin/providers/google/stsclient/stsclient.go +++ b/security/pkg/nodeagent/plugin/providers/google/stsclient/stsclient.go @@ -37,7 +37,7 @@ var ( GKEClusterURL = env.RegisterStringVar("GKE_CLUSTER_URL", "", "The url of GKE cluster").Get() // SecureTokenEndpoint is the Endpoint the STS client calls to. SecureTokenEndpoint = "https://securetoken.googleapis.com/v1/identitybindingtoken" - stsClientLog = log.RegisterScope("stsClientLog", "STS client debugging", 0) + stsClientLog = log.RegisterScope("stsclient", "STS client debugging", 0) ) const ( diff --git a/security/pkg/nodeagent/secretfetcher/secretfetcher.go b/security/pkg/nodeagent/secretfetcher/secretfetcher.go index 5f8b16770cf2..16358ba93def 100644 --- a/security/pkg/nodeagent/secretfetcher/secretfetcher.go +++ b/security/pkg/nodeagent/secretfetcher/secretfetcher.go @@ -75,7 +75,7 @@ var ( secretControllerResyncPeriod = env.RegisterStringVar("SECRET_WATCHER_RESYNC_PERIOD", "", "").Get() // ingressFallbackSecret specifies the name of fallback secret for ingress gateway. ingressFallbackSecret = env.RegisterStringVar("INGRESS_GATEWAY_FALLBACK_SECRET", "gateway-fallback", "").Get() - secretFetcherLog = log.RegisterScope("secretFetcherLog", "secret fetcher debugging", 0) + secretFetcherLog = log.RegisterScope("secretfetcher", "secret fetcher debugging", 0) ) // SecretFetcher fetches secret via watching k8s secrets or sending CSR to CA. diff --git a/security/pkg/pki/ca/ca.go b/security/pkg/pki/ca/ca.go index e76315172e91..36800843453e 100644 --- a/security/pkg/pki/ca/ca.go +++ b/security/pkg/pki/ca/ca.go @@ -60,7 +60,7 @@ const ( caKeySize = 2048 ) -var pkiCaLog = log.RegisterScope("pkiCaLog", "Citadel CA log", 0) +var pkiCaLog = log.RegisterScope("pkica", "Citadel CA log", 0) // caTypes is the enum for the CA type. type caTypes int diff --git a/security/pkg/pki/ca/selfsignedcarootcertrotator.go b/security/pkg/pki/ca/selfsignedcarootcertrotator.go index be1f83782200..a4533f1de247 100644 --- a/security/pkg/pki/ca/selfsignedcarootcertrotator.go +++ b/security/pkg/pki/ca/selfsignedcarootcertrotator.go @@ -32,7 +32,7 @@ import ( v1 "k8s.io/api/core/v1" ) -var rootCertRotatorLog = log.RegisterScope("rootCertRotator", "Self-signed CA root cert rotator log", 0) +var rootCertRotatorLog = log.RegisterScope("rootcertrotator", "Self-signed CA root cert rotator log", 0) type SelfSignedCARootCertRotatorConfig struct { certInspector certutil.CertUtil diff --git a/security/pkg/server/ca/server.go b/security/pkg/server/ca/server.go index 280590cfb773..5486607ace9b 100644 --- a/security/pkg/server/ca/server.go +++ b/security/pkg/server/ca/server.go @@ -45,7 +45,7 @@ const ( certExpirationBuffer = time.Minute ) -var serverCaLog = log.RegisterScope("serverCaLog", "Citadel server log", 0) +var serverCaLog = log.RegisterScope("serverca", "Citadel server log", 0) type authenticator interface { Authenticate(ctx context.Context) (*authenticate.Caller, error) diff --git a/security/pkg/stsservice/server/server.go b/security/pkg/stsservice/server/server.go index 4cf6b98a2b4c..b0544dd44be3 100644 --- a/security/pkg/stsservice/server/server.go +++ b/security/pkg/stsservice/server/server.go @@ -39,7 +39,7 @@ const ( SubjectTokenType = "urn:ietf:params:oauth:token-type:jwt" ) -var stsServerLog = log.RegisterScope("stsServerLog", "STS service debugging", 0) +var stsServerLog = log.RegisterScope("stsserver", "STS service debugging", 0) // error code sent in a STS error response. A full list of error code is // defined in https://tools.ietf.org/html/rfc6749#section-5.2. From 7a2f9b98a8dd122bc3fbd105d9a3fd62bba84365 Mon Sep 17 00:00:00 2001 From: Nathan Mittler Date: Fri, 24 Jan 2020 11:11:50 -0800 Subject: [PATCH 05/31] Move schema to pkg/config (#20458) --- CODEOWNERS | 2 +- galley/pkg/config/analysis/analyzer.go | 2 +- galley/pkg/config/analysis/analyzer_test.go | 4 +- .../analyzers/analyzers_bench_test.go | 8 ++-- .../analysis/analyzers/analyzers_test.go | 7 ++-- .../analyzers/annotations/annotations.go | 4 +- .../config/analysis/analyzers/auth/mtls.go | 4 +- .../analyzers/auth/servicerolebindings.go | 4 +- .../analyzers/auth/serviceroleservices.go | 4 +- .../analysis/analyzers/deployment/services.go | 4 +- .../analyzers/deprecation/deprecation.go | 4 +- .../analysis/analyzers/gateway/gateway.go | 4 +- .../analysis/analyzers/gateway/secret.go | 4 +- .../analyzers/injection/injection-version.go | 4 +- .../analysis/analyzers/injection/injection.go | 4 +- .../analysis/analyzers/schema/validation.go | 4 +- .../analyzers/schema/validation_test.go | 6 +-- .../analysis/analyzers/service/portname.go | 4 +- .../analyzers/sidecar/defaultselector.go | 4 +- .../analysis/analyzers/sidecar/selector.go | 4 +- .../config/analysis/analyzers/util/config.go | 2 +- .../conflictingmeshgatewayhosts.go | 4 +- .../virtualservice/destinationhosts.go | 4 +- .../virtualservice/destinationrules.go | 4 +- .../analyzers/virtualservice/gateways.go | 4 +- galley/pkg/config/analysis/context.go | 2 +- galley/pkg/config/analysis/local/analyze.go | 8 ++-- .../pkg/config/analysis/local/analyze_test.go | 4 +- galley/pkg/config/analysis/local/source.go | 2 +- .../pkg/config/analysis/local/source_test.go | 2 +- galley/pkg/config/analysis/metadata.go | 2 +- .../analysis/testing/fixtures/context.go | 2 +- galley/pkg/config/collection/instance.go | 2 +- galley/pkg/config/collection/set.go | 2 +- galley/pkg/config/collection/set_test.go | 2 +- galley/pkg/config/event/event.go | 2 +- galley/pkg/config/event/event_test.go | 6 +-- galley/pkg/config/event/router.go | 2 +- galley/pkg/config/event/transformer.go | 2 +- galley/pkg/config/event/transformer_test.go | 2 +- galley/pkg/config/meshcfg/fs_test.go | 2 +- galley/pkg/config/meshcfg/inmemory.go | 3 +- galley/pkg/config/meshcfg/inmemory_test.go | 2 +- galley/pkg/config/meshcfg/metadata_test.go | 4 +- galley/pkg/config/processing/runtime_test.go | 2 +- galley/pkg/config/processing/session.go | 2 +- .../snapshotter/analyzingdistributor.go | 2 +- .../snapshotter/analyzingdistributor_test.go | 6 +-- .../snapshotter/distributor_test.go | 2 +- .../config/processing/snapshotter/snapshot.go | 2 +- .../processing/snapshotter/snapshot_test.go | 2 +- .../processing/snapshotter/snapshotoptions.go | 2 +- .../processing/snapshotter/snapshotter.go | 2 +- .../snapshotter/snapshotter_test.go | 2 +- .../config/processing/transformer/provider.go | 2 +- .../processing/transformer/provider_test.go | 2 +- galley/pkg/config/processor/build.go | 2 +- galley/pkg/config/processor/build_test.go | 4 +- galley/pkg/config/processor/groups/groups.go | 2 +- .../config/processor/groups/groups_test.go | 2 +- .../processor/transforms/authpolicy/create.go | 4 +- .../transforms/authpolicy/create_test.go | 4 +- .../processor/transforms/direct/create.go | 2 +- .../transforms/direct/create_test.go | 2 +- .../processor/transforms/ingress/gateway.go | 4 +- .../transforms/ingress/gateway_test.go | 9 ++--- .../transforms/ingress/virtualService.go | 4 +- .../transforms/ingress/virtualService_test.go | 4 +- .../transforms/serviceentry/create.go | 4 +- .../transforms/serviceentry/create_test.go | 4 +- .../serviceentry/handler_bench_test.go | 2 +- .../integration/integration_bench_test.go | 6 +-- .../transforms/serviceentry/pod/cache.go | 2 +- .../transforms/serviceentry/pod/cache_test.go | 2 +- .../transforms/serviceentry/transformer.go | 4 +- .../config/processor/transforms/transforms.go | 2 +- galley/pkg/config/resource/metadata.go | 2 +- galley/pkg/config/resource/serialization.go | 2 +- .../pkg/config/resource/serialization_test.go | 2 +- galley/pkg/config/schema/generate.go | 39 ------------------- .../pkg/config/source/inmemory/collection.go | 2 +- galley/pkg/config/source/inmemory/source.go | 2 +- .../pkg/config/source/inmemory/source_test.go | 2 +- .../config/source/kube/apiserver/options.go | 2 +- .../config/source/kube/apiserver/source.go | 4 +- .../kube/apiserver/source_builtin_test.go | 2 +- .../kube/apiserver/source_dynamic_test.go | 4 +- .../kube/apiserver/status/controller.go | 2 +- .../source/kube/apiserver/status/state.go | 2 +- .../source/kube/apiserver/status/status.go | 2 +- .../config/source/kube/apiserver/watcher.go | 2 +- galley/pkg/config/source/kube/fs/source.go | 2 +- .../pkg/config/source/kube/fs/source_test.go | 2 +- .../config/source/kube/inmemory/kubesource.go | 4 +- galley/pkg/config/source/kube/rt/dynamic.go | 2 +- .../pkg/config/source/kube/rt/dynamic_test.go | 2 +- galley/pkg/config/source/kube/rt/extract.go | 4 +- .../pkg/config/source/kube/rt/known_test.go | 2 +- galley/pkg/config/source/kube/rt/origin.go | 4 +- galley/pkg/config/source/kube/rt/provider.go | 2 +- galley/pkg/config/source/mcp/cache.go | 4 +- galley/pkg/config/source/mcp/cache_test.go | 4 +- galley/pkg/config/source/mcp/source.go | 2 +- galley/pkg/config/source/mcp/source_test.go | 2 +- .../testing/basicmeta/collections.gen.go | 4 +- .../pkg/config/testing/basicmeta/generate.go | 4 +- galley/pkg/config/testing/basicmeta/get.go | 2 +- galley/pkg/config/testing/data/collections.go | 4 +- galley/pkg/config/testing/fixtures/expect.go | 2 +- .../config/testing/fixtures/transformer.go | 2 +- .../config/testing/k8smeta/collections.gen.go | 4 +- galley/pkg/config/testing/k8smeta/generate.go | 4 +- galley/pkg/config/testing/k8smeta/get.go | 2 +- .../pkg/config/util/kuberesource/resources.go | 4 +- galley/pkg/config/util/pb/proto.go | 2 +- galley/pkg/server/components/processing.go | 6 +-- .../pkg/server/components/processing_test.go | 2 +- galley/pkg/server/components/validation.go | 2 +- galley/pkg/server/settings/args.go | 2 +- galley/tools/mcpc/main.go | 4 +- istioctl/cmd/add-to-mesh.go | 2 +- istioctl/cmd/add-to-mesh_test.go | 2 +- istioctl/cmd/analyze.go | 2 +- istioctl/cmd/authz.go | 2 +- istioctl/cmd/convert_ingress.go | 4 +- istioctl/cmd/deprecated_cmd.go | 2 +- istioctl/cmd/describe.go | 2 +- istioctl/cmd/describe_test.go | 2 +- istioctl/cmd/istioctl_test.go | 4 +- istioctl/cmd/remove-from-mesh.go | 2 +- istioctl/cmd/remove-from-mesh_test.go | 2 +- istioctl/cmd/wait.go | 4 +- istioctl/pkg/install/verify.go | 2 +- istioctl/pkg/validate/validate.go | 7 ++-- mixer/pkg/config/mcp/backend.go | 2 +- mixer/pkg/config/mcp/backend_test.go | 2 +- pilot/pkg/bootstrap/configcontroller.go | 2 +- pilot/pkg/bootstrap/server.go | 4 +- pilot/pkg/bootstrap/validation.go | 7 ++-- pilot/pkg/config/aggregate/config.go | 5 +-- pilot/pkg/config/aggregate/config_test.go | 4 +- .../aggregate/fakes/config_store_cache.gen.go | 4 +- pilot/pkg/config/kube/crd/codegen/types.go | 4 +- .../pkg/config/kube/crd/codegen/types.go.tmpl | 10 ++--- .../pkg/config/kube/crd/controller/client.go | 17 ++++---- .../config/kube/crd/controller/controller.go | 4 +- pilot/pkg/config/kube/crd/conversion.go | 6 +-- pilot/pkg/config/kube/crd/conversion_test.go | 2 +- pilot/pkg/config/kube/crd/types.gen.go | 6 +-- pilot/pkg/config/kube/ingress/controller.go | 7 ++-- pilot/pkg/config/memory/config.go | 7 ++-- pilot/pkg/config/memory/config_test.go | 2 +- pilot/pkg/config/memory/controller.go | 4 +- pilot/pkg/config/memory/controller_test.go | 2 +- pilot/pkg/config/memory/monitor.go | 2 +- pilot/pkg/config/memory/monitor_test.go | 2 +- pilot/pkg/config/monitor/file_snapshot.go | 6 +-- .../pkg/config/monitor/file_snapshot_test.go | 4 +- pilot/pkg/config/monitor/monitor_test.go | 4 +- pilot/pkg/model/authentication.go | 2 +- pilot/pkg/model/authentication_test.go | 2 +- pilot/pkg/model/authorization.go | 2 +- pilot/pkg/model/authorization_test.go | 7 ++-- pilot/pkg/model/config.go | 7 ++-- pilot/pkg/model/config_test.go | 6 +-- pilot/pkg/model/conversion_test.go | 2 +- pilot/pkg/model/push_context.go | 4 +- pilot/pkg/model/push_context_test.go | 6 +-- .../networking/core/v1alpha3/cluster_test.go | 5 +-- .../envoyfilter/listener_patch_test.go | 5 +-- .../fakes/fake_istio_config_store.gen.go | 4 +- .../networking/core/v1alpha3/gateway_test.go | 5 +-- .../core/v1alpha3/httproute_test.go | 2 +- .../networking/core/v1alpha3/listener_test.go | 5 +-- .../loadbalancer/loadbalancer_test.go | 2 +- .../core/v1alpha3/route/route_test.go | 2 +- pilot/pkg/proxy/envoy/v2/ads.go | 3 +- pilot/pkg/proxy/envoy/v2/ads_common.go | 2 +- pilot/pkg/proxy/envoy/v2/ads_common_test.go | 4 +- pilot/pkg/proxy/envoy/v2/bench_test.go | 2 +- pilot/pkg/proxy/envoy/v2/debug.go | 2 +- pilot/pkg/proxy/envoy/v2/eds.go | 5 +-- .../security/authz/builder/builder_test.go | 2 +- pilot/pkg/security/authz/policy/helper.go | 2 +- .../external/controller_test.go | 4 +- .../external/servicediscovery.go | 4 +- .../external/servicediscovery_test.go | 2 +- .../kube/controller/endpointsdiscovery.go | 5 +-- .../kube/controller/multicluster.go | 5 +-- pilot/pkg/serviceregistry/mcp/controller.go | 7 ++-- .../serviceregistry/mcp/controller_test.go | 4 +- .../syntheticserviceentrycontroller.go | 7 ++-- .../syntheticserviceentrycontroller_test.go | 2 +- pilot/test/mock/config.go | 7 ++-- {galley/pkg => pkg}/config/schema/ast/ast.go | 0 .../pkg => pkg}/config/schema/ast/ast_test.go | 0 .../config/schema/codegen/collections.go | 6 +-- .../config/schema/codegen/collections_test.go | 6 +-- .../config/schema/codegen/common.go | 0 .../config/schema/codegen/common_test.go | 0 .../config/schema/codegen/snapshots.go | 2 +- .../config/schema/codegen/snapshots_test.go | 2 +- .../config/schema/codegen/staticinit.go | 2 +- .../config/schema/codegen/staticinit_test.go | 2 +- .../schema/codegen/tools/collections.main.go | 6 +-- .../schema/codegen/tools/snapshots.main.go | 6 +-- .../schema/codegen/tools/staticinit.main.go | 6 +-- .../config/schema/collection/name.go | 0 .../config/schema/collection/name_test.go | 0 .../config/schema/collection/names.go | 0 .../config/schema/collection/names_test.go | 2 +- .../config/schema/collection/schema.go | 2 +- .../config/schema/collection/schema_test.go | 4 +- .../config/schema/collection/schemas.go | 2 +- .../config/schema/collection/schemas_test.go | 4 +- .../schema/collections/collections.gen.go | 4 +- .../schema/collections/collections_test.go | 2 +- .../config/schema/collections/mock.go | 4 +- .../schema/collections/staticinit.gen.go | 0 pkg/config/schema/generate.go | 39 +++++++++++++++++++ {galley/pkg => pkg}/config/schema/get.go | 0 .../pkg => pkg}/config/schema/kindmapping.go | 0 .../pkg => pkg}/config/schema/metadata.gen.go | 0 .../pkg => pkg}/config/schema/metadata.yaml | 0 .../config/schema/resource/schema.go | 0 .../config/schema/resource/schema_test.go | 0 {galley/pkg => pkg}/config/schema/schema.go | 6 +-- .../pkg => pkg}/config/schema/schema_test.go | 6 +-- .../config/schema/snapshots/snapshots.gen.go | 0 .../config/schema/snapshots/staticinit.gen.go | 0 .../config/schema/staticinit.gen.go | 0 .../components/echo/docker/service.go | 2 +- pkg/webhooks/validation/server/server.go | 7 ++-- pkg/webhooks/validation/server/server_test.go | 2 +- tests/e2e/tests/controller/controller_test.go | 4 +- tests/e2e/tests/pilot/mcp_test.go | 4 +- .../pilot/performance/serviceentry_test.go | 2 +- tests/integration/conformance/sanity_test.go | 4 +- tests/integration/galley/conversion_test.go | 4 +- tests/integration/galley/validation_test.go | 2 +- .../pilot/mcp/synthetic_serviceentry_test.go | 4 +- 241 files changed, 418 insertions(+), 435 deletions(-) delete mode 100644 galley/pkg/config/schema/generate.go rename {galley/pkg => pkg}/config/schema/ast/ast.go (100%) rename {galley/pkg => pkg}/config/schema/ast/ast_test.go (100%) rename {galley/pkg => pkg}/config/schema/codegen/collections.go (95%) rename {galley/pkg => pkg}/config/schema/codegen/collections_test.go (96%) rename {galley/pkg => pkg}/config/schema/codegen/common.go (100%) rename {galley/pkg => pkg}/config/schema/codegen/common_test.go (100%) rename {galley/pkg => pkg}/config/schema/codegen/snapshots.go (97%) rename {galley/pkg => pkg}/config/schema/codegen/snapshots_test.go (97%) rename {galley/pkg => pkg}/config/schema/codegen/staticinit.go (97%) rename {galley/pkg => pkg}/config/schema/codegen/staticinit_test.go (97%) rename {galley/pkg => pkg}/config/schema/codegen/tools/collections.main.go (91%) rename {galley/pkg => pkg}/config/schema/codegen/tools/snapshots.main.go (91%) rename {galley/pkg => pkg}/config/schema/codegen/tools/staticinit.main.go (92%) rename {galley/pkg => pkg}/config/schema/collection/name.go (100%) rename {galley/pkg => pkg}/config/schema/collection/name_test.go (100%) rename {galley/pkg => pkg}/config/schema/collection/names.go (100%) rename {galley/pkg => pkg}/config/schema/collection/names_test.go (95%) rename {galley/pkg => pkg}/config/schema/collection/schema.go (98%) rename {galley/pkg => pkg}/config/schema/collection/schema_test.go (95%) rename {galley/pkg => pkg}/config/schema/collection/schemas.go (99%) rename {galley/pkg => pkg}/config/schema/collection/schemas_test.go (98%) rename {galley/pkg => pkg}/config/schema/collections/collections.gen.go (99%) rename {galley/pkg => pkg}/config/schema/collections/collections_test.go (95%) rename {galley/pkg => pkg}/config/schema/collections/mock.go (93%) rename {galley/pkg => pkg}/config/schema/collections/staticinit.gen.go (100%) create mode 100644 pkg/config/schema/generate.go rename {galley/pkg => pkg}/config/schema/get.go (100%) rename {galley/pkg => pkg}/config/schema/kindmapping.go (100%) rename {galley/pkg => pkg}/config/schema/metadata.gen.go (100%) rename {galley/pkg => pkg}/config/schema/metadata.yaml (100%) rename {galley/pkg => pkg}/config/schema/resource/schema.go (100%) rename {galley/pkg => pkg}/config/schema/resource/schema_test.go (100%) rename {galley/pkg => pkg}/config/schema/schema.go (98%) rename {galley/pkg => pkg}/config/schema/schema_test.go (98%) rename {galley/pkg => pkg}/config/schema/snapshots/snapshots.gen.go (100%) rename {galley/pkg => pkg}/config/schema/snapshots/staticinit.gen.go (100%) rename {galley/pkg => pkg}/config/schema/staticinit.gen.go (100%) diff --git a/CODEOWNERS b/CODEOWNERS index 64692aa4b550..76fd128535be 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -20,7 +20,7 @@ /pilot/pkg/proxy @istio/wg-networking-maintainers-pilot /pkg/adsc/ @istio/wg-networking-maintainers /pkg/bootstrap/ @istio/wg-environments-maintainers -/pkg/config/ @istio/wg-networking-maintainers +/pkg/config/ @istio/wg-config-maintainers @istio/wg-networking-maintainers /pkg/envoy/ @istio/wg-networking-maintainers /pkg/istio-agent/ @istio/wg-networking-maintainers /pkg/keepalive/ @istio/wg-networking-maintainers diff --git a/galley/pkg/config/analysis/analyzer.go b/galley/pkg/config/analysis/analyzer.go index cf1e11158e2f..f2615a251c25 100644 --- a/galley/pkg/config/analysis/analyzer.go +++ b/galley/pkg/config/analysis/analyzer.go @@ -16,8 +16,8 @@ package analysis import ( "istio.io/istio/galley/pkg/config/processing/transformer" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" ) // Analyzer is an interface for analyzing configuration. diff --git a/galley/pkg/config/analysis/analyzer_test.go b/galley/pkg/config/analysis/analyzer_test.go index 8e819cf44bed..20c2ef3ddd37 100644 --- a/galley/pkg/config/analysis/analyzer_test.go +++ b/galley/pkg/config/analysis/analyzer_test.go @@ -24,8 +24,8 @@ import ( "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processing/transformer" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - resource2 "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + resource2 "istio.io/istio/pkg/config/schema/resource" ) type analyzer struct { diff --git a/galley/pkg/config/analysis/analyzers/analyzers_bench_test.go b/galley/pkg/config/analysis/analyzers/analyzers_bench_test.go index 0df414ada637..08ede7fd7b1c 100644 --- a/galley/pkg/config/analysis/analyzers/analyzers_bench_test.go +++ b/galley/pkg/config/analysis/analyzers/analyzers_bench_test.go @@ -24,10 +24,10 @@ import ( "istio.io/istio/galley/pkg/config/analysis/diag" coll "istio.io/istio/galley/pkg/config/collection" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" - "istio.io/istio/galley/pkg/config/schema/snapshots" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/snapshots" ) type context struct { diff --git a/galley/pkg/config/analysis/analyzers/analyzers_test.go b/galley/pkg/config/analysis/analyzers/analyzers_test.go index 37def640e8c2..7d922ddd2d71 100644 --- a/galley/pkg/config/analysis/analyzers/analyzers_test.go +++ b/galley/pkg/config/analysis/analyzers/analyzers_test.go @@ -25,6 +25,8 @@ import ( . "github.com/onsi/gomega" + "istio.io/pkg/log" + "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/analyzers/annotations" "istio.io/istio/galley/pkg/config/analysis/analyzers/auth" @@ -39,10 +41,9 @@ import ( "istio.io/istio/galley/pkg/config/analysis/local" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/processing/snapshotter" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" - "istio.io/pkg/log" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collection" ) type message struct { diff --git a/galley/pkg/config/analysis/analyzers/annotations/annotations.go b/galley/pkg/config/analysis/analyzers/annotations/annotations.go index 8c147153f518..d5cbd3b11c28 100644 --- a/galley/pkg/config/analysis/analyzers/annotations/annotations.go +++ b/galley/pkg/config/analysis/analyzers/annotations/annotations.go @@ -22,8 +22,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // K8sAnalyzer checks for misplaced and invalid Istio annotations in K8s resources diff --git a/galley/pkg/config/analysis/analyzers/auth/mtls.go b/galley/pkg/config/analysis/analyzers/auth/mtls.go index 4b6694491356..3a1a4f885afe 100644 --- a/galley/pkg/config/analysis/analyzers/auth/mtls.go +++ b/galley/pkg/config/analysis/analyzers/auth/mtls.go @@ -28,8 +28,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) const missingResourceName = "(none)" diff --git a/galley/pkg/config/analysis/analyzers/auth/servicerolebindings.go b/galley/pkg/config/analysis/analyzers/auth/servicerolebindings.go index 581d5f63a4c7..8d85ebe1247e 100644 --- a/galley/pkg/config/analysis/analyzers/auth/servicerolebindings.go +++ b/galley/pkg/config/analysis/analyzers/auth/servicerolebindings.go @@ -20,8 +20,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // ServiceRoleBindingAnalyzer checks the validity of service role bindings diff --git a/galley/pkg/config/analysis/analyzers/auth/serviceroleservices.go b/galley/pkg/config/analysis/analyzers/auth/serviceroleservices.go index 6f751a7c10a1..18509490ad83 100644 --- a/galley/pkg/config/analysis/analyzers/auth/serviceroleservices.go +++ b/galley/pkg/config/analysis/analyzers/auth/serviceroleservices.go @@ -23,8 +23,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // ServiceRoleServicesAnalyzer checks the validity of services referred in a service role diff --git a/galley/pkg/config/analysis/analyzers/deployment/services.go b/galley/pkg/config/analysis/analyzers/deployment/services.go index 3569cf63d8a5..88e95fbd910a 100644 --- a/galley/pkg/config/analysis/analyzers/deployment/services.go +++ b/galley/pkg/config/analysis/analyzers/deployment/services.go @@ -24,8 +24,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers/injection" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) type ServiceAssociationAnalyzer struct{} diff --git a/galley/pkg/config/analysis/analyzers/deprecation/deprecation.go b/galley/pkg/config/analysis/analyzers/deprecation/deprecation.go index c2a729eb9b4e..3faf8e2abfd8 100644 --- a/galley/pkg/config/analysis/analyzers/deprecation/deprecation.go +++ b/galley/pkg/config/analysis/analyzers/deprecation/deprecation.go @@ -23,8 +23,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // FieldAnalyzer checks for deprecated Istio types and fields diff --git a/galley/pkg/config/analysis/analyzers/gateway/gateway.go b/galley/pkg/config/analysis/analyzers/gateway/gateway.go index 63dd0bbe0cba..ac7db12398d5 100644 --- a/galley/pkg/config/analysis/analyzers/gateway/gateway.go +++ b/galley/pkg/config/analysis/analyzers/gateway/gateway.go @@ -23,8 +23,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // IngressGatewayPortAnalyzer checks a gateway's ports against the gateway's Kubernetes service ports. diff --git a/galley/pkg/config/analysis/analyzers/gateway/secret.go b/galley/pkg/config/analysis/analyzers/gateway/secret.go index a347a70a7ebe..84d5fd81c01c 100644 --- a/galley/pkg/config/analysis/analyzers/gateway/secret.go +++ b/galley/pkg/config/analysis/analyzers/gateway/secret.go @@ -23,8 +23,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // SecretAnalyzer checks a gateway's referenced secrets for correctness diff --git a/galley/pkg/config/analysis/analyzers/injection/injection-version.go b/galley/pkg/config/analysis/analyzers/injection/injection-version.go index fec54f70c7cc..63ca29000d75 100644 --- a/galley/pkg/config/analysis/analyzers/injection/injection-version.go +++ b/galley/pkg/config/analysis/analyzers/injection/injection-version.go @@ -22,8 +22,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // VersionAnalyzer checks the version of auto-injection configured with the running proxies on pods. diff --git a/galley/pkg/config/analysis/analyzers/injection/injection.go b/galley/pkg/config/analysis/analyzers/injection/injection.go index 42962f658deb..afdea0227077 100644 --- a/galley/pkg/config/analysis/analyzers/injection/injection.go +++ b/galley/pkg/config/analysis/analyzers/injection/injection.go @@ -25,8 +25,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // Analyzer checks conditions related to Istio sidecar injection. diff --git a/galley/pkg/config/analysis/analyzers/schema/validation.go b/galley/pkg/config/analysis/analyzers/schema/validation.go index a7daad7cd42e..f886404d9c0e 100644 --- a/galley/pkg/config/analysis/analyzers/schema/validation.go +++ b/galley/pkg/config/analysis/analyzers/schema/validation.go @@ -21,8 +21,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // ValidationAnalyzer runs schema validation as an analyzer and reports any violations as messages diff --git a/galley/pkg/config/analysis/analyzers/schema/validation_test.go b/galley/pkg/config/analysis/analyzers/schema/validation_test.go index cc66caaebc7e..43fee009f3b0 100644 --- a/galley/pkg/config/analysis/analyzers/schema/validation_test.go +++ b/galley/pkg/config/analysis/analyzers/schema/validation_test.go @@ -27,9 +27,9 @@ import ( "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/analysis/testing/fixtures" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" - resource2 "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + resource2 "istio.io/istio/pkg/config/schema/resource" ) func TestCorrectArgs(t *testing.T) { diff --git a/galley/pkg/config/analysis/analyzers/service/portname.go b/galley/pkg/config/analysis/analyzers/service/portname.go index faeaf66d3bfd..45251649e8a0 100644 --- a/galley/pkg/config/analysis/analyzers/service/portname.go +++ b/galley/pkg/config/analysis/analyzers/service/portname.go @@ -19,9 +19,9 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" configKube "istio.io/istio/pkg/config/kube" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" v1 "k8s.io/api/core/v1" ) diff --git a/galley/pkg/config/analysis/analyzers/sidecar/defaultselector.go b/galley/pkg/config/analysis/analyzers/sidecar/defaultselector.go index 1de7dfc002e5..379eedaff2a9 100644 --- a/galley/pkg/config/analysis/analyzers/sidecar/defaultselector.go +++ b/galley/pkg/config/analysis/analyzers/sidecar/defaultselector.go @@ -19,8 +19,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // DefaultSelectorAnalyzer validates, per namespace, that there aren't multiple diff --git a/galley/pkg/config/analysis/analyzers/sidecar/selector.go b/galley/pkg/config/analysis/analyzers/sidecar/selector.go index 76c66a725c6d..ea1011888b0b 100644 --- a/galley/pkg/config/analysis/analyzers/sidecar/selector.go +++ b/galley/pkg/config/analysis/analyzers/sidecar/selector.go @@ -22,8 +22,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // SelectorAnalyzer validates, per namespace, that: diff --git a/galley/pkg/config/analysis/analyzers/util/config.go b/galley/pkg/config/analysis/analyzers/util/config.go index 38d31e4c2f0a..7f2d8f00957e 100644 --- a/galley/pkg/config/analysis/analyzers/util/config.go +++ b/galley/pkg/config/analysis/analyzers/util/config.go @@ -19,7 +19,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collections" ) // MeshConfig returns the mesh configuration object associated with the context diff --git a/galley/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go b/galley/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go index 54dff51f1ac2..8cf62c4266d8 100644 --- a/galley/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go +++ b/galley/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go @@ -23,8 +23,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // ConflictingMeshGatewayHostsAnalyzer checks if multiple virtual services diff --git a/galley/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go b/galley/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go index c469de5b9d06..17dc35de0d99 100644 --- a/galley/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go +++ b/galley/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go @@ -24,8 +24,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // DestinationHostAnalyzer checks the destination hosts associated with each virtual service diff --git a/galley/pkg/config/analysis/analyzers/virtualservice/destinationrules.go b/galley/pkg/config/analysis/analyzers/virtualservice/destinationrules.go index 873a45dc1270..aa3fc594a005 100644 --- a/galley/pkg/config/analysis/analyzers/virtualservice/destinationrules.go +++ b/galley/pkg/config/analysis/analyzers/virtualservice/destinationrules.go @@ -23,8 +23,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // DestinationRuleAnalyzer checks the destination rules associated with each virtual service diff --git a/galley/pkg/config/analysis/analyzers/virtualservice/gateways.go b/galley/pkg/config/analysis/analyzers/virtualservice/gateways.go index c8f7c4626961..242b54bb978e 100644 --- a/galley/pkg/config/analysis/analyzers/virtualservice/gateways.go +++ b/galley/pkg/config/analysis/analyzers/virtualservice/gateways.go @@ -21,8 +21,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // GatewayAnalyzer checks the gateways associated with each virtual service diff --git a/galley/pkg/config/analysis/context.go b/galley/pkg/config/analysis/context.go index 8a239b0b5bf4..94f54d57aa13 100644 --- a/galley/pkg/config/analysis/context.go +++ b/galley/pkg/config/analysis/context.go @@ -17,7 +17,7 @@ package analysis import ( "istio.io/istio/galley/pkg/config/analysis/diag" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // IteratorFn is used to iterate over a set of collection entries. It must return true to keep iterating. diff --git a/galley/pkg/config/analysis/local/analyze.go b/galley/pkg/config/analysis/local/analyze.go index cf46acd1a010..cd4b5df85b4f 100644 --- a/galley/pkg/config/analysis/local/analyze.go +++ b/galley/pkg/config/analysis/local/analyze.go @@ -36,16 +36,16 @@ import ( "istio.io/istio/galley/pkg/config/processor" "istio.io/istio/galley/pkg/config/processor/transforms" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" - "istio.io/istio/galley/pkg/config/schema/snapshots" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/config/source/kube/apiserver" "istio.io/istio/galley/pkg/config/source/kube/inmemory" "istio.io/istio/galley/pkg/config/util/kuberesource" "istio.io/istio/pkg/config/mesh" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/snapshots" ) const ( diff --git a/galley/pkg/config/analysis/local/analyze_test.go b/galley/pkg/config/analysis/local/analyze_test.go index a07277d4ea8f..ac90298ffa6d 100644 --- a/galley/pkg/config/analysis/local/analyze_test.go +++ b/galley/pkg/config/analysis/local/analyze_test.go @@ -30,8 +30,6 @@ import ( "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/source/kube/apiserver" "istio.io/istio/galley/pkg/config/source/kube/inmemory" "istio.io/istio/galley/pkg/config/testing/basicmeta" @@ -39,6 +37,8 @@ import ( "istio.io/istio/galley/pkg/config/testing/k8smeta" "istio.io/istio/galley/pkg/config/util/kubeyaml" "istio.io/istio/galley/pkg/testing/mock" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collection" ) type testAnalyzer struct { diff --git a/galley/pkg/config/analysis/local/source.go b/galley/pkg/config/analysis/local/source.go index 2572aea88d37..b1468558a8b6 100644 --- a/galley/pkg/config/analysis/local/source.go +++ b/galley/pkg/config/analysis/local/source.go @@ -19,7 +19,7 @@ import ( "sync" "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // precedenceSource is a processor.Source implementation that combines multiple sources in precedence order diff --git a/galley/pkg/config/analysis/local/source_test.go b/galley/pkg/config/analysis/local/source_test.go index 7d7c5ecbe202..a68e4f083bc1 100644 --- a/galley/pkg/config/analysis/local/source_test.go +++ b/galley/pkg/config/analysis/local/source_test.go @@ -19,9 +19,9 @@ import ( . "github.com/onsi/gomega" "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collection" ) func TestBasicSingleSource(t *testing.T) { diff --git a/galley/pkg/config/analysis/metadata.go b/galley/pkg/config/analysis/metadata.go index fc029a8ae8ad..d159e8473471 100644 --- a/galley/pkg/config/analysis/metadata.go +++ b/galley/pkg/config/analysis/metadata.go @@ -15,7 +15,7 @@ package analysis import ( - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // Metadata represents metadata for an analyzer diff --git a/galley/pkg/config/analysis/testing/fixtures/context.go b/galley/pkg/config/analysis/testing/fixtures/context.go index 3d8627e2d209..c44d5c167a29 100644 --- a/galley/pkg/config/analysis/testing/fixtures/context.go +++ b/galley/pkg/config/analysis/testing/fixtures/context.go @@ -18,7 +18,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/diag" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // Context is a test fixture of analysis.Context diff --git a/galley/pkg/config/collection/instance.go b/galley/pkg/config/collection/instance.go index 338eb4d1dc03..eb13feadd279 100644 --- a/galley/pkg/config/collection/instance.go +++ b/galley/pkg/config/collection/instance.go @@ -18,7 +18,7 @@ import ( "sync" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // ChangeNotifierFn is called when a collection instance changes. diff --git a/galley/pkg/config/collection/set.go b/galley/pkg/config/collection/set.go index a1d3322a37f3..9aac912a7504 100644 --- a/galley/pkg/config/collection/set.go +++ b/galley/pkg/config/collection/set.go @@ -18,7 +18,7 @@ import ( "sort" "strings" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // Set of collections diff --git a/galley/pkg/config/collection/set_test.go b/galley/pkg/config/collection/set_test.go index f325dbca8f8a..12352731e55e 100644 --- a/galley/pkg/config/collection/set_test.go +++ b/galley/pkg/config/collection/set_test.go @@ -20,8 +20,8 @@ import ( . "github.com/onsi/gomega" coll "istio.io/istio/galley/pkg/config/collection" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/testing/basicmeta" + "istio.io/istio/pkg/config/schema/collection" ) func TestNewSet(t *testing.T) { diff --git a/galley/pkg/config/event/event.go b/galley/pkg/config/event/event.go index 7b7b362194ea..b38a3e3d2082 100644 --- a/galley/pkg/config/event/event.go +++ b/galley/pkg/config/event/event.go @@ -18,7 +18,7 @@ import ( "fmt" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) var _ fmt.Stringer = Event{} diff --git a/galley/pkg/config/event/event_test.go b/galley/pkg/config/event/event_test.go index 4e883494707e..7f5b59636aca 100644 --- a/galley/pkg/config/event/event_test.go +++ b/galley/pkg/config/event/event_test.go @@ -18,12 +18,12 @@ import ( "strings" "testing" + . "github.com/onsi/gomega" + "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/testing/data" - - . "github.com/onsi/gomega" + "istio.io/istio/pkg/config/schema/collection" "github.com/gogo/protobuf/types" ) diff --git a/galley/pkg/config/event/router.go b/galley/pkg/config/event/router.go index cb70c09b4db7..566f3c676740 100644 --- a/galley/pkg/config/event/router.go +++ b/galley/pkg/config/event/router.go @@ -17,8 +17,8 @@ package event import ( "fmt" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" ) // Router distributes events to different handlers, based on collection name. diff --git a/galley/pkg/config/event/transformer.go b/galley/pkg/config/event/transformer.go index a2ad5d161faa..79ac367f9c20 100644 --- a/galley/pkg/config/event/transformer.go +++ b/galley/pkg/config/event/transformer.go @@ -17,8 +17,8 @@ package event import ( "sync/atomic" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" ) // Transformer is a Processor that transforms input events from one or more collections to a set of output events to diff --git a/galley/pkg/config/event/transformer_test.go b/galley/pkg/config/event/transformer_test.go index 194b84662e03..74e045eada29 100644 --- a/galley/pkg/config/event/transformer_test.go +++ b/galley/pkg/config/event/transformer_test.go @@ -20,9 +20,9 @@ import ( . "github.com/onsi/gomega" "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collection" ) func TestTransformer_Basics(t *testing.T) { diff --git a/galley/pkg/config/meshcfg/fs_test.go b/galley/pkg/config/meshcfg/fs_test.go index fb4ddcbb3671..f370e340f7ac 100644 --- a/galley/pkg/config/meshcfg/fs_test.go +++ b/galley/pkg/config/meshcfg/fs_test.go @@ -29,8 +29,8 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collections" ) func TestFsSource_NoInitialFile(t *testing.T) { diff --git a/galley/pkg/config/meshcfg/inmemory.go b/galley/pkg/config/meshcfg/inmemory.go index 804eb6c8741d..a6ef277f5407 100644 --- a/galley/pkg/config/meshcfg/inmemory.go +++ b/galley/pkg/config/meshcfg/inmemory.go @@ -20,9 +20,10 @@ import ( "github.com/gogo/protobuf/proto" "istio.io/api/mesh/v1alpha1" + "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collections" ) // InMemorySource is an event.InMemorySource implementation for meshconfig. When the mesh config is first set, add & fullsync events diff --git a/galley/pkg/config/meshcfg/inmemory_test.go b/galley/pkg/config/meshcfg/inmemory_test.go index fdd91c4ff498..19297219455c 100644 --- a/galley/pkg/config/meshcfg/inmemory_test.go +++ b/galley/pkg/config/meshcfg/inmemory_test.go @@ -21,8 +21,8 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collections" ) func TestInMemorySource_Empty(t *testing.T) { diff --git a/galley/pkg/config/meshcfg/metadata_test.go b/galley/pkg/config/meshcfg/metadata_test.go index dabe0b6620f2..56c680dacfce 100644 --- a/galley/pkg/config/meshcfg/metadata_test.go +++ b/galley/pkg/config/meshcfg/metadata_test.go @@ -17,8 +17,8 @@ package meshcfg import ( "testing" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collections" ) func TestMeshConfigNameValidity(t *testing.T) { diff --git a/galley/pkg/config/processing/runtime_test.go b/galley/pkg/config/processing/runtime_test.go index 6734283fea6e..a589502db255 100644 --- a/galley/pkg/config/processing/runtime_test.go +++ b/galley/pkg/config/processing/runtime_test.go @@ -27,11 +27,11 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/inmemory" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collections" ) func init() { diff --git a/galley/pkg/config/processing/session.go b/galley/pkg/config/processing/session.go index b23fb20eac74..d7b8a81f469c 100644 --- a/galley/pkg/config/processing/session.go +++ b/galley/pkg/config/processing/session.go @@ -24,8 +24,8 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collections" ) type sessionState string diff --git a/galley/pkg/config/processing/snapshotter/analyzingdistributor.go b/galley/pkg/config/processing/snapshotter/analyzingdistributor.go index 66f69ad4b750..4ef6e1366418 100644 --- a/galley/pkg/config/processing/snapshotter/analyzingdistributor.go +++ b/galley/pkg/config/processing/snapshotter/analyzingdistributor.go @@ -26,8 +26,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis/diag" coll "istio.io/istio/galley/pkg/config/collection" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" ) // CollectionReporterFn is a hook function called whenever a collection is accessed through the AnalyzingDistributor's context diff --git a/galley/pkg/config/processing/snapshotter/analyzingdistributor_test.go b/galley/pkg/config/processing/snapshotter/analyzingdistributor_test.go index 2502e34f8c33..4115f3364535 100644 --- a/galley/pkg/config/processing/snapshotter/analyzingdistributor_test.go +++ b/galley/pkg/config/processing/snapshotter/analyzingdistributor_test.go @@ -26,11 +26,11 @@ import ( "istio.io/istio/galley/pkg/config/analysis/msg" coll "istio.io/istio/galley/pkg/config/collection" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - resource2 "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/istio/galley/pkg/config/schema/snapshots" "istio.io/istio/galley/pkg/config/source/kube/rt" "istio.io/istio/galley/pkg/config/testing/basicmeta" + "istio.io/istio/pkg/config/schema/collection" + resource2 "istio.io/istio/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/snapshots" "istio.io/istio/pkg/mcp/snapshot" ) diff --git a/galley/pkg/config/processing/snapshotter/distributor_test.go b/galley/pkg/config/processing/snapshotter/distributor_test.go index b784eaad2cca..4285c54f5799 100644 --- a/galley/pkg/config/processing/snapshotter/distributor_test.go +++ b/galley/pkg/config/processing/snapshotter/distributor_test.go @@ -18,7 +18,7 @@ import ( "testing" "istio.io/istio/galley/pkg/config/collection" - collection2 "istio.io/istio/galley/pkg/config/schema/collection" + collection2 "istio.io/istio/pkg/config/schema/collection" ) func TestDistributor_Distribute(t *testing.T) { diff --git a/galley/pkg/config/processing/snapshotter/snapshot.go b/galley/pkg/config/processing/snapshotter/snapshot.go index 1254882a4d42..746b3c8354b5 100644 --- a/galley/pkg/config/processing/snapshotter/snapshot.go +++ b/galley/pkg/config/processing/snapshotter/snapshot.go @@ -24,8 +24,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" coll "istio.io/istio/galley/pkg/config/collection" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/mcp/snapshot" ) diff --git a/galley/pkg/config/processing/snapshotter/snapshot_test.go b/galley/pkg/config/processing/snapshotter/snapshot_test.go index 90aa3e6396f8..11830222fb3b 100644 --- a/galley/pkg/config/processing/snapshotter/snapshot_test.go +++ b/galley/pkg/config/processing/snapshotter/snapshot_test.go @@ -21,10 +21,10 @@ import ( coll "istio.io/istio/galley/pkg/config/collection" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collection" ) func TestSnapshot_Basics(t *testing.T) { diff --git a/galley/pkg/config/processing/snapshotter/snapshotoptions.go b/galley/pkg/config/processing/snapshotter/snapshotoptions.go index d790c210a9a3..17e09e0a1bfb 100644 --- a/galley/pkg/config/processing/snapshotter/snapshotoptions.go +++ b/galley/pkg/config/processing/snapshotter/snapshotoptions.go @@ -16,7 +16,7 @@ package snapshotter import ( "istio.io/istio/galley/pkg/config/processing/snapshotter/strategy" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // SnapshotOptions is settings for a single snapshotImpl target. diff --git a/galley/pkg/config/processing/snapshotter/snapshotter.go b/galley/pkg/config/processing/snapshotter/snapshotter.go index cea47a5e14af..b9b36dc65c08 100644 --- a/galley/pkg/config/processing/snapshotter/snapshotter.go +++ b/galley/pkg/config/processing/snapshotter/snapshotter.go @@ -24,8 +24,8 @@ import ( "istio.io/istio/galley/pkg/config/monitoring" "istio.io/istio/galley/pkg/config/processing/snapshotter/strategy" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" ) // Snapshotter is a processor that handles input events and creates snapshotImpl collections. diff --git a/galley/pkg/config/processing/snapshotter/snapshotter_test.go b/galley/pkg/config/processing/snapshotter/snapshotter_test.go index a03d27443fee..94109777729f 100644 --- a/galley/pkg/config/processing/snapshotter/snapshotter_test.go +++ b/galley/pkg/config/processing/snapshotter/snapshotter_test.go @@ -21,10 +21,10 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing/snapshotter/strategy" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collection" ) func TestSnapshotter_Basic(t *testing.T) { diff --git a/galley/pkg/config/processing/transformer/provider.go b/galley/pkg/config/processing/transformer/provider.go index ee08d0f3f8be..7b7009613dd5 100644 --- a/galley/pkg/config/processing/transformer/provider.go +++ b/galley/pkg/config/processing/transformer/provider.go @@ -20,7 +20,7 @@ package transformer import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // Provider includes the basic schema and a function to create a Transformer diff --git a/galley/pkg/config/processing/transformer/provider_test.go b/galley/pkg/config/processing/transformer/provider_test.go index b6aa2efc1898..cdb80eef0309 100644 --- a/galley/pkg/config/processing/transformer/provider_test.go +++ b/galley/pkg/config/processing/transformer/provider_test.go @@ -21,9 +21,9 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collection" ) func TestSimpleTransformerProvider(t *testing.T) { diff --git a/galley/pkg/config/processor/build.go b/galley/pkg/config/processor/build.go index 34fc164d520d..412998d2cd35 100644 --- a/galley/pkg/config/processor/build.go +++ b/galley/pkg/config/processor/build.go @@ -20,7 +20,7 @@ import ( "istio.io/istio/galley/pkg/config/processing/snapshotter" "istio.io/istio/galley/pkg/config/processing/snapshotter/strategy" "istio.io/istio/galley/pkg/config/processing/transformer" - "istio.io/istio/galley/pkg/config/schema" + "istio.io/istio/pkg/config/schema" ) // Settings is the settings that are needed for creating a config processing pipeline that can read diff --git a/galley/pkg/config/processor/build_test.go b/galley/pkg/config/processor/build_test.go index 2404b83b5a6e..49f54fb5c982 100644 --- a/galley/pkg/config/processor/build_test.go +++ b/galley/pkg/config/processor/build_test.go @@ -24,9 +24,9 @@ import ( "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processing/snapshotter" "istio.io/istio/galley/pkg/config/processor/transforms" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/snapshots" "istio.io/istio/galley/pkg/config/source/kube/inmemory" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/snapshots" ) const yml = ` diff --git a/galley/pkg/config/processor/groups/groups.go b/galley/pkg/config/processor/groups/groups.go index ce055a1ba106..fc6cb34cc184 100644 --- a/galley/pkg/config/processor/groups/groups.go +++ b/galley/pkg/config/processor/groups/groups.go @@ -17,7 +17,7 @@ package groups import ( mcp "istio.io/api/mcp/v1alpha1" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/mcp/snapshot" ) diff --git a/galley/pkg/config/processor/groups/groups_test.go b/galley/pkg/config/processor/groups/groups_test.go index 471b483de6e9..2b994a50802d 100644 --- a/galley/pkg/config/processor/groups/groups_test.go +++ b/galley/pkg/config/processor/groups/groups_test.go @@ -20,7 +20,7 @@ import ( . "github.com/onsi/gomega" "istio.io/istio/galley/pkg/config/processor/groups" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collections" ) func TestDefault(t *testing.T) { diff --git a/galley/pkg/config/processor/transforms/authpolicy/create.go b/galley/pkg/config/processor/transforms/authpolicy/create.go index 15ba54ac8a9d..df0337862f18 100644 --- a/galley/pkg/config/processor/transforms/authpolicy/create.go +++ b/galley/pkg/config/processor/transforms/authpolicy/create.go @@ -21,9 +21,9 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing/transformer" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // GetProviders returns transformer providers for auth policy transformers diff --git a/galley/pkg/config/processor/transforms/authpolicy/create_test.go b/galley/pkg/config/processor/transforms/authpolicy/create_test.go index 6fbee933b5e1..b36139f2cfca 100644 --- a/galley/pkg/config/processor/transforms/authpolicy/create_test.go +++ b/galley/pkg/config/processor/transforms/authpolicy/create_test.go @@ -25,9 +25,9 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) func TestAuthPolicy_Input_Output(t *testing.T) { diff --git a/galley/pkg/config/processor/transforms/direct/create.go b/galley/pkg/config/processor/transforms/direct/create.go index 01ad2e1afdb8..58a45c078ee7 100644 --- a/galley/pkg/config/processor/transforms/direct/create.go +++ b/galley/pkg/config/processor/transforms/direct/create.go @@ -17,7 +17,7 @@ package direct import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing/transformer" - "istio.io/istio/galley/pkg/config/schema" + "istio.io/istio/pkg/config/schema" ) // GetProviders creates a transformer provider for each direct transform in the metadata diff --git a/galley/pkg/config/processor/transforms/direct/create_test.go b/galley/pkg/config/processor/transforms/direct/create_test.go index 06bc826a12b1..d11e06b8df36 100644 --- a/galley/pkg/config/processor/transforms/direct/create_test.go +++ b/galley/pkg/config/processor/transforms/direct/create_test.go @@ -21,10 +21,10 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collection" ) func TestDirect_Input_Output(t *testing.T) { diff --git a/galley/pkg/config/processor/transforms/ingress/gateway.go b/galley/pkg/config/processor/transforms/ingress/gateway.go index 39438687ae0f..c0e96ed4a058 100644 --- a/galley/pkg/config/processor/transforms/ingress/gateway.go +++ b/galley/pkg/config/processor/transforms/ingress/gateway.go @@ -28,9 +28,9 @@ import ( "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processing/transformer" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/synthesize" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) type gatewayXform struct { diff --git a/galley/pkg/config/processor/transforms/ingress/gateway_test.go b/galley/pkg/config/processor/transforms/ingress/gateway_test.go index 91caebbef39d..6309cb8698ae 100644 --- a/galley/pkg/config/processor/transforms/ingress/gateway_test.go +++ b/galley/pkg/config/processor/transforms/ingress/gateway_test.go @@ -19,16 +19,15 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processing" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/source/kube/rt" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) var ( diff --git a/galley/pkg/config/processor/transforms/ingress/virtualService.go b/galley/pkg/config/processor/transforms/ingress/virtualService.go index 924fff40c714..f554d12bd810 100644 --- a/galley/pkg/config/processor/transforms/ingress/virtualService.go +++ b/galley/pkg/config/processor/transforms/ingress/virtualService.go @@ -30,9 +30,9 @@ import ( "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processing/transformer" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) type virtualServiceXform struct { diff --git a/galley/pkg/config/processor/transforms/ingress/virtualService_test.go b/galley/pkg/config/processor/transforms/ingress/virtualService_test.go index 79f8e62e8aed..24b35de12509 100644 --- a/galley/pkg/config/processor/transforms/ingress/virtualService_test.go +++ b/galley/pkg/config/processor/transforms/ingress/virtualService_test.go @@ -22,9 +22,9 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processing" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) func TestVirtualService_Input_Output(t *testing.T) { diff --git a/galley/pkg/config/processor/transforms/serviceentry/create.go b/galley/pkg/config/processor/transforms/serviceentry/create.go index 263112a25e35..b44e7ab1dce6 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/create.go +++ b/galley/pkg/config/processor/transforms/serviceentry/create.go @@ -18,8 +18,8 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" xformer "istio.io/istio/galley/pkg/config/processing/transformer" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // GetProviders creates transformer providers for Synthetic Service entries diff --git a/galley/pkg/config/processor/transforms/serviceentry/create_test.go b/galley/pkg/config/processor/transforms/serviceentry/create_test.go index 0e487e10666d..8de5e399a74c 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/create_test.go +++ b/galley/pkg/config/processor/transforms/serviceentry/create_test.go @@ -38,10 +38,10 @@ import ( "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/testing/fixtures" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/mcp/snapshot" coreV1 "k8s.io/api/core/v1" diff --git a/galley/pkg/config/processor/transforms/serviceentry/handler_bench_test.go b/galley/pkg/config/processor/transforms/serviceentry/handler_bench_test.go index 4bb1e387ae5f..64fc357df3d0 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/handler_bench_test.go +++ b/galley/pkg/config/processor/transforms/serviceentry/handler_bench_test.go @@ -24,7 +24,7 @@ import ( "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collections" coreV1 "k8s.io/api/core/v1" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/galley/pkg/config/processor/transforms/serviceentry/integration/integration_bench_test.go b/galley/pkg/config/processor/transforms/serviceentry/integration/integration_bench_test.go index 5e6e2adebd8e..e192ee119d01 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/integration/integration_bench_test.go +++ b/galley/pkg/config/processor/transforms/serviceentry/integration/integration_bench_test.go @@ -30,12 +30,12 @@ import ( "istio.io/istio/galley/pkg/config/processor/transforms" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/snapshots" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/config/source/kube/apiserver" "istio.io/istio/galley/pkg/testing/mock" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/snapshots" ) const ( diff --git a/galley/pkg/config/processor/transforms/serviceentry/pod/cache.go b/galley/pkg/config/processor/transforms/serviceentry/pod/cache.go index dc7c12ffe9af..174a1940aeed 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/pod/cache.go +++ b/galley/pkg/config/processor/transforms/serviceentry/pod/cache.go @@ -20,7 +20,7 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/spiffe" coreV1 "k8s.io/api/core/v1" diff --git a/galley/pkg/config/processor/transforms/serviceentry/pod/cache_test.go b/galley/pkg/config/processor/transforms/serviceentry/pod/cache_test.go index be906aadf14f..e1d7d52a7248 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/pod/cache_test.go +++ b/galley/pkg/config/processor/transforms/serviceentry/pod/cache_test.go @@ -26,7 +26,7 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collections" ) const ( diff --git a/galley/pkg/config/processor/transforms/serviceentry/transformer.go b/galley/pkg/config/processor/transforms/serviceentry/transformer.go index f7f892cd68d2..b5fc358639d5 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/transformer.go +++ b/galley/pkg/config/processor/transforms/serviceentry/transformer.go @@ -30,9 +30,9 @@ import ( "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/converter" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) type serviceEntryTransformer struct { diff --git a/galley/pkg/config/processor/transforms/transforms.go b/galley/pkg/config/processor/transforms/transforms.go index 70156e3b822e..0b393baf207c 100644 --- a/galley/pkg/config/processor/transforms/transforms.go +++ b/galley/pkg/config/processor/transforms/transforms.go @@ -22,7 +22,7 @@ import ( "istio.io/istio/galley/pkg/config/processor/transforms/direct" "istio.io/istio/galley/pkg/config/processor/transforms/ingress" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry" - "istio.io/istio/galley/pkg/config/schema" + "istio.io/istio/pkg/config/schema" ) //Providers builds and returns a list of all transformer objects diff --git a/galley/pkg/config/resource/metadata.go b/galley/pkg/config/resource/metadata.go index 13d02d012152..bd7eb7794d62 100644 --- a/galley/pkg/config/resource/metadata.go +++ b/galley/pkg/config/resource/metadata.go @@ -17,7 +17,7 @@ package resource import ( "time" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/resource" ) // Metadata about a resource. diff --git a/galley/pkg/config/resource/serialization.go b/galley/pkg/config/resource/serialization.go index e106d3f44ac4..d72ca500ce2f 100644 --- a/galley/pkg/config/resource/serialization.go +++ b/galley/pkg/config/resource/serialization.go @@ -23,7 +23,7 @@ import ( mcp "istio.io/api/mcp/v1alpha1" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/resource" ) var scope = log.RegisterScope("resource", "Core resource model scope", 0) diff --git a/galley/pkg/config/resource/serialization_test.go b/galley/pkg/config/resource/serialization_test.go index 103aa75abeb6..64810063502a 100644 --- a/galley/pkg/config/resource/serialization_test.go +++ b/galley/pkg/config/resource/serialization_test.go @@ -28,8 +28,8 @@ import ( "github.com/gogo/protobuf/types" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collections" ) var ( diff --git a/galley/pkg/config/schema/generate.go b/galley/pkg/config/schema/generate.go deleted file mode 100644 index 664e686baa37..000000000000 --- a/galley/pkg/config/schema/generate.go +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright 2019 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package schema - -// Embed the core metadata file containing the collections as a resource -//go:generate go-bindata --nocompress --nometadata --pkg schema -o metadata.gen.go metadata.yaml - -// Create static initializers files in each of the output directories -//go:generate go run $REPO_ROOT/galley/pkg/config/schema/codegen/tools/staticinit.main.go schema metadata.yaml staticinit.gen.go -// nolint: lll -//go:generate go run $REPO_ROOT/galley/pkg/config/schema/codegen/tools/staticinit.main.go collections metadata.yaml "$REPO_ROOT/galley/pkg/config/schema/collections/staticinit.gen.go" -// nolint: lll -//go:generate go run $REPO_ROOT/galley/pkg/config/schema/codegen/tools/staticinit.main.go snapshots metadata.yaml "$REPO_ROOT/galley/pkg/config/schema/snapshots/staticinit.gen.go" - -// Create collection constants -// nolint: lll -//go:generate go run $REPO_ROOT/galley/pkg/config/schema/codegen/tools/collections.main.go collections metadata.yaml "$REPO_ROOT/galley/pkg/config/schema/collections/collections.gen.go" - -// Create snapshot constants -// nolint: lll -//go:generate go run $REPO_ROOT/galley/pkg/config/schema/codegen/tools/snapshots.main.go snapshots metadata.yaml "$REPO_ROOT/galley/pkg/config/schema/snapshots/snapshots.gen.go" - -//go:generate goimports -w -local istio.io "$REPO_ROOT/galley/pkg/config/schema/collections/collections.gen.go" -//go:generate goimports -w -local istio.io "$REPO_ROOT/galley/pkg/config/schema/snapshots/snapshots.gen.go" -//go:generate goimports -w -local istio.io "$REPO_ROOT/galley/pkg/config/schema/staticinit.gen.go" -//go:generate goimports -w -local istio.io "$REPO_ROOT/galley/pkg/config/schema/collections/staticinit.gen.go" -//go:generate goimports -w -local istio.io "$REPO_ROOT/galley/pkg/config/schema/snapshots/staticinit.gen.go" diff --git a/galley/pkg/config/source/inmemory/collection.go b/galley/pkg/config/source/inmemory/collection.go index e78f3cf944bd..66c88d9d541c 100644 --- a/galley/pkg/config/source/inmemory/collection.go +++ b/galley/pkg/config/source/inmemory/collection.go @@ -21,8 +21,8 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" ) // Collection is an in-memory collection that implements event.Source diff --git a/galley/pkg/config/source/inmemory/source.go b/galley/pkg/config/source/inmemory/source.go index eb9b388350f7..ffce5a3c5303 100644 --- a/galley/pkg/config/source/inmemory/source.go +++ b/galley/pkg/config/source/inmemory/source.go @@ -19,8 +19,8 @@ import ( "sync" "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" ) var inMemoryNameDiscriminator int64 diff --git a/galley/pkg/config/source/inmemory/source_test.go b/galley/pkg/config/source/inmemory/source_test.go index 98b1abb022e0..65f1eeed2412 100644 --- a/galley/pkg/config/source/inmemory/source_test.go +++ b/galley/pkg/config/source/inmemory/source_test.go @@ -21,10 +21,10 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collection" "github.com/gogo/protobuf/types" ) diff --git a/galley/pkg/config/source/kube/apiserver/options.go b/galley/pkg/config/source/kube/apiserver/options.go index 136d11fd4520..0d18a6a497e3 100644 --- a/galley/pkg/config/source/kube/apiserver/options.go +++ b/galley/pkg/config/source/kube/apiserver/options.go @@ -17,9 +17,9 @@ package apiserver import ( "time" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/config/source/kube/apiserver/status" + "istio.io/istio/pkg/config/schema/collection" ) // Options for the kube controller diff --git a/galley/pkg/config/source/kube/apiserver/source.go b/galley/pkg/config/source/kube/apiserver/source.go index b6ddac0166b4..61cc68da7b54 100644 --- a/galley/pkg/config/source/kube/apiserver/source.go +++ b/galley/pkg/config/source/kube/apiserver/source.go @@ -25,11 +25,11 @@ import ( "istio.io/istio/galley/pkg/config/analysis/diag" "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing/snapshotter" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/apiserver/status" "istio.io/istio/galley/pkg/config/source/kube/rt" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) var ( diff --git a/galley/pkg/config/source/kube/apiserver/source_builtin_test.go b/galley/pkg/config/source/kube/apiserver/source_builtin_test.go index db184d3737de..5456a51ad077 100644 --- a/galley/pkg/config/source/kube/apiserver/source_builtin_test.go +++ b/galley/pkg/config/source/kube/apiserver/source_builtin_test.go @@ -26,11 +26,11 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - resource2 "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/testing/fixtures" "istio.io/istio/galley/pkg/config/testing/k8smeta" "istio.io/istio/galley/pkg/testing/mock" + resource2 "istio.io/istio/pkg/config/schema/resource" ) const ( diff --git a/galley/pkg/config/source/kube/apiserver/source_dynamic_test.go b/galley/pkg/config/source/kube/apiserver/source_dynamic_test.go index 905d59f20400..95aa73bb2a66 100644 --- a/galley/pkg/config/source/kube/apiserver/source_dynamic_test.go +++ b/galley/pkg/config/source/kube/apiserver/source_dynamic_test.go @@ -25,8 +25,6 @@ import ( "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - resource2 "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/config/source/kube/apiserver" "istio.io/istio/galley/pkg/config/source/kube/apiserver/status" @@ -34,6 +32,8 @@ import ( "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/fixtures" "istio.io/istio/galley/pkg/testing/mock" + "istio.io/istio/pkg/config/schema/collection" + resource2 "istio.io/istio/pkg/config/schema/resource" "github.com/gogo/protobuf/types" . "github.com/onsi/gomega" diff --git a/galley/pkg/config/source/kube/apiserver/status/controller.go b/galley/pkg/config/source/kube/apiserver/status/controller.go index d78259dae6e8..882ead98677c 100644 --- a/galley/pkg/config/source/kube/apiserver/status/controller.go +++ b/galley/pkg/config/source/kube/apiserver/status/controller.go @@ -22,9 +22,9 @@ import ( "istio.io/istio/galley/pkg/config/analysis/diag" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/rt" + "istio.io/istio/pkg/config/schema/collection" ) // Controller is the interface for a status controller. It is mainly used to separate implementation from diff --git a/galley/pkg/config/source/kube/apiserver/status/state.go b/galley/pkg/config/source/kube/apiserver/status/state.go index 338d763dcf69..b0e29b3c1937 100644 --- a/galley/pkg/config/source/kube/apiserver/status/state.go +++ b/galley/pkg/config/source/kube/apiserver/status/state.go @@ -18,7 +18,7 @@ import ( "sync" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // use a sentinel value as the last item in a work queue. This allows doing a simple null check on the next to diff --git a/galley/pkg/config/source/kube/apiserver/status/status.go b/galley/pkg/config/source/kube/apiserver/status/status.go index 451e7efd0ead..44052c6d006a 100644 --- a/galley/pkg/config/source/kube/apiserver/status/status.go +++ b/galley/pkg/config/source/kube/apiserver/status/status.go @@ -19,7 +19,7 @@ import ( "sync" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // Status state for a given resource. This contains both desired and last known status of the resource. It also acts diff --git a/galley/pkg/config/source/kube/apiserver/watcher.go b/galley/pkg/config/source/kube/apiserver/watcher.go index 0d5fc7361a95..66307c27cc78 100644 --- a/galley/pkg/config/source/kube/apiserver/watcher.go +++ b/galley/pkg/config/source/kube/apiserver/watcher.go @@ -21,12 +21,12 @@ import ( "k8s.io/client-go/tools/cache" "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/apiserver/stats" "istio.io/istio/galley/pkg/config/source/kube/apiserver/status" "istio.io/istio/galley/pkg/config/source/kube/apiserver/tombstone" "istio.io/istio/galley/pkg/config/source/kube/rt" + "istio.io/istio/pkg/config/schema/collection" ) type watcher struct { diff --git a/galley/pkg/config/source/kube/fs/source.go b/galley/pkg/config/source/kube/fs/source.go index dc0175e2043b..b4f6d10e7448 100644 --- a/galley/pkg/config/source/kube/fs/source.go +++ b/galley/pkg/config/source/kube/fs/source.go @@ -25,9 +25,9 @@ import ( "istio.io/pkg/appsignals" "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/inmemory" + "istio.io/istio/pkg/config/schema/collection" ) var ( diff --git a/galley/pkg/config/source/kube/fs/source_test.go b/galley/pkg/config/source/kube/fs/source_test.go index 3463ddaa247b..1b31b7c5cc51 100644 --- a/galley/pkg/config/source/kube/fs/source_test.go +++ b/galley/pkg/config/source/kube/fs/source_test.go @@ -27,12 +27,12 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema" "istio.io/istio/galley/pkg/config/source/kube/fs" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" "istio.io/istio/galley/pkg/config/testing/k8smeta" + "istio.io/istio/pkg/config/schema" ) func TestNew(t *testing.T) { diff --git a/galley/pkg/config/source/kube/inmemory/kubesource.go b/galley/pkg/config/source/kube/inmemory/kubesource.go index 98d963789b19..54812bc902fe 100644 --- a/galley/pkg/config/source/kube/inmemory/kubesource.go +++ b/galley/pkg/config/source/kube/inmemory/kubesource.go @@ -30,11 +30,11 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - schemaresource "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/inmemory" "istio.io/istio/galley/pkg/config/source/kube/rt" + "istio.io/istio/pkg/config/schema/collection" + schemaresource "istio.io/istio/pkg/config/schema/resource" ) var inMemoryKubeNameDiscriminator int64 diff --git a/galley/pkg/config/source/kube/rt/dynamic.go b/galley/pkg/config/source/kube/rt/dynamic.go index d6f86d7b4179..999c80481be8 100644 --- a/galley/pkg/config/source/kube/rt/dynamic.go +++ b/galley/pkg/config/source/kube/rt/dynamic.go @@ -25,8 +25,8 @@ import ( "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/tools/cache" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/util/pb" + "istio.io/istio/pkg/config/schema/resource" ) func (p *Provider) getDynamicAdapter(r resource.Schema) *Adapter { diff --git a/galley/pkg/config/source/kube/rt/dynamic_test.go b/galley/pkg/config/source/kube/rt/dynamic_test.go index fc4321cb5242..6e702ec89648 100644 --- a/galley/pkg/config/source/kube/rt/dynamic_test.go +++ b/galley/pkg/config/source/kube/rt/dynamic_test.go @@ -24,7 +24,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/util/yaml" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/source/kube/rt" "istio.io/istio/galley/pkg/config/testing/basicmeta" diff --git a/galley/pkg/config/source/kube/rt/extract.go b/galley/pkg/config/source/kube/rt/extract.go index f10ccf1a86b5..9704a1a5b4ce 100644 --- a/galley/pkg/config/source/kube/rt/extract.go +++ b/galley/pkg/config/source/kube/rt/extract.go @@ -20,8 +20,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - resource2 "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + resource2 "istio.io/istio/pkg/config/schema/resource" ) // ToResource converts the given object and proto to a resource.Instance diff --git a/galley/pkg/config/source/kube/rt/known_test.go b/galley/pkg/config/source/kube/rt/known_test.go index e4a72babab9e..aee619300de2 100644 --- a/galley/pkg/config/source/kube/rt/known_test.go +++ b/galley/pkg/config/source/kube/rt/known_test.go @@ -22,7 +22,7 @@ import ( . "github.com/onsi/gomega" "k8s.io/api/extensions/v1beta1" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/resource" appsV1 "k8s.io/api/apps/v1" coreV1 "k8s.io/api/core/v1" diff --git a/galley/pkg/config/source/kube/rt/origin.go b/galley/pkg/config/source/kube/rt/origin.go index d9fc81df72b4..fddf35bcb326 100644 --- a/galley/pkg/config/source/kube/rt/origin.go +++ b/galley/pkg/config/source/kube/rt/origin.go @@ -19,8 +19,8 @@ import ( "strings" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // Origin is a K8s specific implementation of resource.Origin diff --git a/galley/pkg/config/source/kube/rt/provider.go b/galley/pkg/config/source/kube/rt/provider.go index 5fe0bacf0af4..ceffe53ba5ef 100644 --- a/galley/pkg/config/source/kube/rt/provider.go +++ b/galley/pkg/config/source/kube/rt/provider.go @@ -23,8 +23,8 @@ import ( "k8s.io/client-go/dynamic" "k8s.io/client-go/informers" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/source/kube" + "istio.io/istio/pkg/config/schema/resource" ) var ( diff --git a/galley/pkg/config/source/mcp/cache.go b/galley/pkg/config/source/mcp/cache.go index 3ecf6f17e60f..5f77b57a94ff 100644 --- a/galley/pkg/config/source/mcp/cache.go +++ b/galley/pkg/config/source/mcp/cache.go @@ -20,9 +20,9 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - resource2 "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/schema/collection" + resource2 "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/mcp/sink" ) diff --git a/galley/pkg/config/source/mcp/cache_test.go b/galley/pkg/config/source/mcp/cache_test.go index 368b8e5c4eee..513c773f918e 100644 --- a/galley/pkg/config/source/mcp/cache_test.go +++ b/galley/pkg/config/source/mcp/cache_test.go @@ -28,9 +28,9 @@ import ( "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - resource2 "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/collection" + resource2 "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/mcp/sink" ) diff --git a/galley/pkg/config/source/mcp/source.go b/galley/pkg/config/source/mcp/source.go index 4d2ed1f6f291..f1a830c97103 100644 --- a/galley/pkg/config/source/mcp/source.go +++ b/galley/pkg/config/source/mcp/source.go @@ -18,7 +18,7 @@ import ( "fmt" "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/mcp/sink" ) diff --git a/galley/pkg/config/source/mcp/source_test.go b/galley/pkg/config/source/mcp/source_test.go index cd02b28f89ca..e7b0af77877d 100644 --- a/galley/pkg/config/source/mcp/source_test.go +++ b/galley/pkg/config/source/mcp/source_test.go @@ -20,7 +20,7 @@ import ( . "github.com/onsi/gomega" "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/mcp/sink" ) diff --git a/galley/pkg/config/testing/basicmeta/collections.gen.go b/galley/pkg/config/testing/basicmeta/collections.gen.go index 143f27f46643..4298b13d0020 100755 --- a/galley/pkg/config/testing/basicmeta/collections.gen.go +++ b/galley/pkg/config/testing/basicmeta/collections.gen.go @@ -4,8 +4,8 @@ package basicmeta import ( - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/config/validation" ) diff --git a/galley/pkg/config/testing/basicmeta/generate.go b/galley/pkg/config/testing/basicmeta/generate.go index 8d7d38adca75..a36d5b08663a 100644 --- a/galley/pkg/config/testing/basicmeta/generate.go +++ b/galley/pkg/config/testing/basicmeta/generate.go @@ -18,10 +18,10 @@ package basicmeta //go:generate go-bindata --nocompress --nometadata --pkg basicmeta -o basicmeta.gen.go basicmeta.yaml basicmeta2.yaml // Create static initializers file -//go:generate go run $REPO_ROOT/galley/pkg/config/schema/codegen/tools/staticinit.main.go basicmeta basicmeta.yaml staticinit.gen.go +//go:generate go run $REPO_ROOT/pkg/config/schema/codegen/tools/staticinit.main.go basicmeta basicmeta.yaml staticinit.gen.go // Create collection constants -//go:generate go run $REPO_ROOT/galley/pkg/config/schema/codegen/tools/collections.main.go basicmeta basicmeta.yaml collections.gen.go +//go:generate go run $REPO_ROOT/pkg/config/schema/codegen/tools/collections.main.go basicmeta basicmeta.yaml collections.gen.go //go:generate goimports -w -local istio.io "$REPO_ROOT/galley/pkg/config/testing/basicmeta/collections.gen.go" //go:generate goimports -w -local istio.io "$REPO_ROOT/galley/pkg/config/testing/basicmeta/staticinit.gen.go" diff --git a/galley/pkg/config/testing/basicmeta/get.go b/galley/pkg/config/testing/basicmeta/get.go index 3b4388c4ff8a..ded4c164c041 100644 --- a/galley/pkg/config/testing/basicmeta/get.go +++ b/galley/pkg/config/testing/basicmeta/get.go @@ -17,7 +17,7 @@ package basicmeta import ( "fmt" - "istio.io/istio/galley/pkg/config/schema" + "istio.io/istio/pkg/config/schema" ) // Get returns the contained baiscmeta.yaml file, in parsed form. diff --git a/galley/pkg/config/testing/data/collections.go b/galley/pkg/config/testing/data/collections.go index b480379ff9e9..51680ad2b93d 100644 --- a/galley/pkg/config/testing/data/collections.go +++ b/galley/pkg/config/testing/data/collections.go @@ -15,9 +15,9 @@ package data import ( - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/testing/basicmeta" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) var ( diff --git a/galley/pkg/config/testing/fixtures/expect.go b/galley/pkg/config/testing/fixtures/expect.go index 2341f541ed16..a38865e96cde 100644 --- a/galley/pkg/config/testing/fixtures/expect.go +++ b/galley/pkg/config/testing/fixtures/expect.go @@ -25,7 +25,7 @@ import ( "github.com/onsi/gomega" "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/test/util/retry" ) diff --git a/galley/pkg/config/testing/fixtures/transformer.go b/galley/pkg/config/testing/fixtures/transformer.go index 381a895877f0..8fce366f6784 100644 --- a/galley/pkg/config/testing/fixtures/transformer.go +++ b/galley/pkg/config/testing/fixtures/transformer.go @@ -16,7 +16,7 @@ package fixtures import ( "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" ) // Transformer implements event.Transformer for testing purposes. diff --git a/galley/pkg/config/testing/k8smeta/collections.gen.go b/galley/pkg/config/testing/k8smeta/collections.gen.go index 6721cc770e83..18d81cd34453 100755 --- a/galley/pkg/config/testing/k8smeta/collections.gen.go +++ b/galley/pkg/config/testing/k8smeta/collections.gen.go @@ -4,8 +4,8 @@ package k8smeta import ( - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/config/validation" ) diff --git a/galley/pkg/config/testing/k8smeta/generate.go b/galley/pkg/config/testing/k8smeta/generate.go index 6987636d8f98..ab3d5e34b020 100644 --- a/galley/pkg/config/testing/k8smeta/generate.go +++ b/galley/pkg/config/testing/k8smeta/generate.go @@ -18,10 +18,10 @@ package k8smeta //go:generate go-bindata --nocompress --nometadata --pkg k8smeta -o k8smeta.gen.go k8smeta.yaml // Create static initializers file -//go:generate go run $REPO_ROOT/galley/pkg/config/schema/codegen/tools/staticinit.main.go k8smeta k8smeta.yaml staticinit.gen.go +//go:generate go run $REPO_ROOT/pkg/config/schema/codegen/tools/staticinit.main.go k8smeta k8smeta.yaml staticinit.gen.go // Create collection constants -//go:generate go run $REPO_ROOT/galley/pkg/config/schema/codegen/tools/collections.main.go k8smeta k8smeta.yaml collections.gen.go +//go:generate go run $REPO_ROOT/pkg/config/schema/codegen/tools/collections.main.go k8smeta k8smeta.yaml collections.gen.go //go:generate goimports -w -local istio.io "$REPO_ROOT/galley/pkg/config/testing/k8smeta/collections.gen.go" //go:generate goimports -w -local istio.io "$REPO_ROOT/galley/pkg/config/testing/k8smeta/staticinit.gen.go" diff --git a/galley/pkg/config/testing/k8smeta/get.go b/galley/pkg/config/testing/k8smeta/get.go index 2298e34397c0..28554fcc4866 100644 --- a/galley/pkg/config/testing/k8smeta/get.go +++ b/galley/pkg/config/testing/k8smeta/get.go @@ -17,7 +17,7 @@ package k8smeta import ( "fmt" - "istio.io/istio/galley/pkg/config/schema" + "istio.io/istio/pkg/config/schema" ) // Get returns the contained k8smeta.yaml file, in parsed form. diff --git a/galley/pkg/config/util/kuberesource/resources.go b/galley/pkg/config/util/kuberesource/resources.go index c2fc4934121b..07f4026dbc73 100644 --- a/galley/pkg/config/util/kuberesource/resources.go +++ b/galley/pkg/config/util/kuberesource/resources.go @@ -16,9 +16,9 @@ package kuberesource import ( "istio.io/istio/galley/pkg/config/processing/transformer" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/source/kube/rt" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collection" ) // DisableExcludedCollections is a helper that filters collection.Schemas to disable some resources diff --git a/galley/pkg/config/util/pb/proto.go b/galley/pkg/config/util/pb/proto.go index efb97bacd08a..9b19001e251a 100644 --- a/galley/pkg/config/util/pb/proto.go +++ b/galley/pkg/config/util/pb/proto.go @@ -24,7 +24,7 @@ import ( "github.com/hashicorp/go-multierror" yaml2 "gopkg.in/yaml.v2" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/util/gogoprotomarshal" ) diff --git a/galley/pkg/server/components/processing.go b/galley/pkg/server/components/processing.go index 3aac938e2f27..8a9b810231c6 100644 --- a/galley/pkg/server/components/processing.go +++ b/galley/pkg/server/components/processing.go @@ -39,9 +39,6 @@ import ( "istio.io/istio/galley/pkg/config/processor" "istio.io/istio/galley/pkg/config/processor/groups" "istio.io/istio/galley/pkg/config/processor/transforms" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/snapshots" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/config/source/kube/apiserver" "istio.io/istio/galley/pkg/config/source/kube/apiserver/status" @@ -49,6 +46,9 @@ import ( "istio.io/istio/galley/pkg/envvar" "istio.io/istio/galley/pkg/server/process" "istio.io/istio/galley/pkg/server/settings" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/snapshots" configz "istio.io/istio/pkg/mcp/configz/server" "istio.io/istio/pkg/mcp/creds" "istio.io/istio/pkg/mcp/monitoring" diff --git a/galley/pkg/server/components/processing_test.go b/galley/pkg/server/components/processing_test.go index afe13cbf9011..1d25e3c36730 100644 --- a/galley/pkg/server/components/processing_test.go +++ b/galley/pkg/server/components/processing_test.go @@ -30,10 +30,10 @@ import ( "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processor" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/server/settings" "istio.io/istio/galley/pkg/testing/mock" + "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/mcp/monitoring" mcptestmon "istio.io/istio/pkg/mcp/testing/monitoring" ) diff --git a/galley/pkg/server/components/validation.go b/galley/pkg/server/components/validation.go index 8900c0d36cb5..22739807fe4a 100644 --- a/galley/pkg/server/components/validation.go +++ b/galley/pkg/server/components/validation.go @@ -23,9 +23,9 @@ import ( "sync/atomic" "time" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/server/process" "istio.io/istio/mixer/pkg/validate" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/webhooks/validation/controller" "istio.io/istio/pkg/webhooks/validation/server" diff --git a/galley/pkg/server/settings/args.go b/galley/pkg/server/settings/args.go index 81b087184b4b..9ccad4a91d6f 100644 --- a/galley/pkg/server/settings/args.go +++ b/galley/pkg/server/settings/args.go @@ -27,8 +27,8 @@ import ( "istio.io/pkg/ctrlz" "istio.io/pkg/probe" - "istio.io/istio/galley/pkg/config/schema/snapshots" "istio.io/istio/galley/pkg/config/util/kuberesource" + "istio.io/istio/pkg/config/schema/snapshots" "istio.io/istio/pkg/keepalive" "istio.io/istio/pkg/mcp/creds" "istio.io/istio/pkg/webhooks/validation/controller" diff --git a/galley/tools/mcpc/main.go b/galley/tools/mcpc/main.go index ec1e1e5472bb..18b770464fa5 100644 --- a/galley/tools/mcpc/main.go +++ b/galley/tools/mcpc/main.go @@ -34,8 +34,8 @@ import ( mcp "istio.io/api/mcp/v1alpha1" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/snapshots" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/snapshots" "istio.io/istio/pkg/mcp/sink" "istio.io/istio/pkg/mcp/testing/monitoring" ) diff --git a/istioctl/cmd/add-to-mesh.go b/istioctl/cmd/add-to-mesh.go index 4eef198ab6e4..817b7a422e00 100644 --- a/istioctl/cmd/add-to-mesh.go +++ b/istioctl/cmd/add-to-mesh.go @@ -38,12 +38,12 @@ import ( "istio.io/api/networking/v1alpha3" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/istioctl/pkg/util/handlers" "istio.io/istio/pilot/pkg/model" kube_registry "istio.io/istio/pilot/pkg/serviceregistry/kube" "istio.io/istio/pkg/config/mesh" istioProtocol "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/kube" "istio.io/istio/pkg/kube/inject" ) diff --git a/istioctl/cmd/add-to-mesh_test.go b/istioctl/cmd/add-to-mesh_test.go index 1500701878b6..9672eadf8170 100644 --- a/istioctl/cmd/add-to-mesh_test.go +++ b/istioctl/cmd/add-to-mesh_test.go @@ -29,7 +29,7 @@ import ( "k8s.io/client-go/dynamic" "k8s.io/client-go/dynamic/fake" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collections" ) type testcase struct { diff --git a/istioctl/cmd/analyze.go b/istioctl/cmd/analyze.go index b64b620b733c..df3e2cd52182 100644 --- a/istioctl/cmd/analyze.go +++ b/istioctl/cmd/analyze.go @@ -38,9 +38,9 @@ import ( "istio.io/istio/galley/pkg/config/analysis/diag" "istio.io/istio/galley/pkg/config/analysis/local" "istio.io/istio/galley/pkg/config/resource" - "istio.io/istio/galley/pkg/config/schema" cfgKube "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/istioctl/pkg/util/handlers" + "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/kube" ) diff --git a/istioctl/cmd/authz.go b/istioctl/cmd/authz.go index 2d6b0f43993b..30c96b8f5c54 100644 --- a/istioctl/cmd/authz.go +++ b/istioctl/cmd/authz.go @@ -30,7 +30,6 @@ import ( "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/istioctl/pkg/authz" "istio.io/istio/istioctl/pkg/kubernetes" "istio.io/istio/istioctl/pkg/util/configdump" @@ -40,6 +39,7 @@ import ( "istio.io/istio/pilot/pkg/model" v2 "istio.io/istio/pilot/pkg/proxy/envoy/v2" "istio.io/istio/pilot/pkg/security/authz/converter" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/kube" ) diff --git a/istioctl/cmd/convert_ingress.go b/istioctl/cmd/convert_ingress.go index 21e1ed674046..f29692baddc1 100644 --- a/istioctl/cmd/convert_ingress.go +++ b/istioctl/cmd/convert_ingress.go @@ -28,11 +28,11 @@ import ( "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/istioctl/pkg/convert" "istio.io/istio/pilot/pkg/config/kube/crd" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/config/validation" ) diff --git a/istioctl/cmd/deprecated_cmd.go b/istioctl/cmd/deprecated_cmd.go index 427223e853c8..f72d17e0031a 100644 --- a/istioctl/cmd/deprecated_cmd.go +++ b/istioctl/cmd/deprecated_cmd.go @@ -17,9 +17,9 @@ package cmd import ( - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/kube/crd/controller" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collections" ) var ( diff --git a/istioctl/cmd/describe.go b/istioctl/cmd/describe.go index 6cac5eba2a44..c1623807d169 100644 --- a/istioctl/cmd/describe.go +++ b/istioctl/cmd/describe.go @@ -41,7 +41,6 @@ import ( "istio.io/api/networking/v1alpha3" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collections" istioctl_kubernetes "istio.io/istio/istioctl/pkg/kubernetes" "istio.io/istio/istioctl/pkg/util/configdump" "istio.io/istio/istioctl/pkg/util/handlers" @@ -53,6 +52,7 @@ import ( pilotcontroller "istio.io/istio/pilot/pkg/serviceregistry/kube/controller" "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/kube/inject" ) diff --git a/istioctl/cmd/describe_test.go b/istioctl/cmd/describe_test.go index 467ff3cecf05..bd95326dbda7 100644 --- a/istioctl/cmd/describe_test.go +++ b/istioctl/cmd/describe_test.go @@ -29,9 +29,9 @@ import ( networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/test/util" + "istio.io/istio/pkg/config/schema/collections" ) // execAndK8sConfigTestCase lets a test case hold some Envoy, Istio, and Kubernetes configuration diff --git a/istioctl/cmd/istioctl_test.go b/istioctl/cmd/istioctl_test.go index 016a4c92d833..0128a0fc4e51 100644 --- a/istioctl/cmd/istioctl_test.go +++ b/istioctl/cmd/istioctl_test.go @@ -21,11 +21,11 @@ import ( "strings" "testing" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/pilot/pkg/config/memory" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/test/util" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) // sortedConfigStore lets us facade any ConfigStore (such as memory.Make()'s) providing diff --git a/istioctl/cmd/remove-from-mesh.go b/istioctl/cmd/remove-from-mesh.go index 4630e52a3206..6b46171e3ab4 100644 --- a/istioctl/cmd/remove-from-mesh.go +++ b/istioctl/cmd/remove-from-mesh.go @@ -29,8 +29,8 @@ import ( "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/istioctl/pkg/util/handlers" + "istio.io/istio/pkg/config/schema/collections" ) func removeFromMeshCmd() *cobra.Command { diff --git a/istioctl/cmd/remove-from-mesh_test.go b/istioctl/cmd/remove-from-mesh_test.go index a680c04c99cf..395b7f35a1de 100644 --- a/istioctl/cmd/remove-from-mesh_test.go +++ b/istioctl/cmd/remove-from-mesh_test.go @@ -26,7 +26,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collections" ) var ( diff --git a/istioctl/cmd/wait.go b/istioctl/cmd/wait.go index a3b5becbb4ea..e54d5eb4e615 100644 --- a/istioctl/cmd/wait.go +++ b/istioctl/cmd/wait.go @@ -28,12 +28,12 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/dynamic" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/istioctl/pkg/kubernetes" "istio.io/istio/istioctl/pkg/util/handlers" "istio.io/istio/pilot/pkg/model" v2 "istio.io/istio/pilot/pkg/proxy/envoy/v2" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) var ( diff --git a/istioctl/pkg/install/verify.go b/istioctl/pkg/install/verify.go index 5ec6c25f0749..e485e3b2bb42 100644 --- a/istioctl/pkg/install/verify.go +++ b/istioctl/pkg/install/verify.go @@ -30,8 +30,8 @@ import ( "k8s.io/cli-runtime/pkg/resource" "k8s.io/client-go/kubernetes/scheme" - "istio.io/istio/galley/pkg/config/schema" "istio.io/istio/pilot/pkg/serviceregistry/kube/controller" + "istio.io/istio/pkg/config/schema" ) var ( diff --git a/istioctl/pkg/validate/validate.go b/istioctl/pkg/validate/validate.go index f613b7153d58..89049851cc38 100644 --- a/istioctl/pkg/validate/validate.go +++ b/istioctl/pkg/validate/validate.go @@ -26,12 +26,8 @@ import ( "github.com/spf13/cobra" "gopkg.in/yaml.v2" - "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" mixercrd "istio.io/istio/mixer/pkg/config/crd" mixerstore "istio.io/istio/mixer/pkg/config/store" "istio.io/istio/mixer/pkg/runtime/config/constant" @@ -39,6 +35,9 @@ import ( "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/serviceregistry/kube/controller" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/util/gogoprotomarshal" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" diff --git a/mixer/pkg/config/mcp/backend.go b/mixer/pkg/config/mcp/backend.go index 2bdc6130c596..6a0bee508bec 100644 --- a/mixer/pkg/config/mcp/backend.go +++ b/mixer/pkg/config/mcp/backend.go @@ -31,8 +31,8 @@ import ( "istio.io/pkg/log" "istio.io/pkg/probe" - "istio.io/istio/galley/pkg/config/schema" "istio.io/istio/mixer/pkg/config/store" + "istio.io/istio/pkg/config/schema" configz "istio.io/istio/pkg/mcp/configz/client" "istio.io/istio/pkg/mcp/creds" "istio.io/istio/pkg/mcp/monitoring" diff --git a/mixer/pkg/config/mcp/backend_test.go b/mixer/pkg/config/mcp/backend_test.go index 45b3817f39ac..236cf8455ad0 100644 --- a/mixer/pkg/config/mcp/backend_test.go +++ b/mixer/pkg/config/mcp/backend_test.go @@ -28,9 +28,9 @@ import ( "istio.io/api/policy/v1beta1" - "istio.io/istio/galley/pkg/config/schema" "istio.io/istio/mixer/pkg/config/store" "istio.io/istio/mixer/pkg/runtime/config/constant" + "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/mcp/snapshot" "istio.io/istio/pkg/mcp/source" mcptest "istio.io/istio/pkg/mcp/testing" diff --git a/pilot/pkg/bootstrap/configcontroller.go b/pilot/pkg/bootstrap/configcontroller.go index 30e63b637d92..1f16703e27d5 100644 --- a/pilot/pkg/bootstrap/configcontroller.go +++ b/pilot/pkg/bootstrap/configcontroller.go @@ -34,7 +34,6 @@ import ( networkingapi "istio.io/api/networking/v1alpha3" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collections" configaggregate "istio.io/istio/pilot/pkg/config/aggregate" "istio.io/istio/pilot/pkg/config/kube/crd/controller" "istio.io/istio/pilot/pkg/config/kube/ingress" @@ -44,6 +43,7 @@ import ( "istio.io/istio/pilot/pkg/serviceregistry/mcp" "istio.io/istio/pilot/pkg/serviceregistry/synthetic/serviceentry" "istio.io/istio/pkg/config/constants" + "istio.io/istio/pkg/config/schema/collections" configz "istio.io/istio/pkg/mcp/configz/client" "istio.io/istio/pkg/mcp/creds" "istio.io/istio/pkg/mcp/monitoring" diff --git a/pilot/pkg/bootstrap/server.go b/pilot/pkg/bootstrap/server.go index e225a2c0953b..0d7bbb0e761f 100644 --- a/pilot/pkg/bootstrap/server.go +++ b/pilot/pkg/bootstrap/server.go @@ -45,8 +45,6 @@ import ( "istio.io/pkg/log" "istio.io/pkg/version" - "istio.io/istio/galley/pkg/config/schema/collections" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/plugin" @@ -57,6 +55,8 @@ import ( "istio.io/istio/pilot/pkg/serviceregistry/external" kubecontroller "istio.io/istio/pilot/pkg/serviceregistry/kube/controller" "istio.io/istio/pkg/config/constants" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" istiokeepalive "istio.io/istio/pkg/keepalive" kubelib "istio.io/istio/pkg/kube" "istio.io/istio/pkg/kube/inject" diff --git a/pilot/pkg/bootstrap/validation.go b/pilot/pkg/bootstrap/validation.go index 1dc372b6a18c..9efe0dab7852 100644 --- a/pilot/pkg/bootstrap/validation.go +++ b/pilot/pkg/bootstrap/validation.go @@ -19,15 +19,16 @@ import ( "path/filepath" "strings" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/pkg/env" + "istio.io/pkg/log" + "istio.io/istio/mixer/pkg/validate" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pkg/config/labels" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/kube" "istio.io/istio/pkg/webhooks/validation/controller" "istio.io/istio/pkg/webhooks/validation/server" - "istio.io/pkg/env" - "istio.io/pkg/log" ) var ( diff --git a/pilot/pkg/config/aggregate/config.go b/pilot/pkg/config/aggregate/config.go index 0637f917cb79..d88057a1eb27 100644 --- a/pilot/pkg/config/aggregate/config.go +++ b/pilot/pkg/config/aggregate/config.go @@ -21,10 +21,9 @@ import ( "github.com/hashicorp/go-multierror" - "istio.io/istio/galley/pkg/config/schema/resource" - - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) var errorUnsupported = errors.New("unsupported operation: the config aggregator is read-only") diff --git a/pilot/pkg/config/aggregate/config_test.go b/pilot/pkg/config/aggregate/config_test.go index c8095a0a21ca..fd9ac0c919d4 100644 --- a/pilot/pkg/config/aggregate/config_test.go +++ b/pilot/pkg/config/aggregate/config_test.go @@ -20,12 +20,12 @@ import ( "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/galley/pkg/config/testing/fixtures" "istio.io/istio/pilot/pkg/config/aggregate" "istio.io/istio/pilot/pkg/config/aggregate/fakes" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) func TestAggregateStoreBasicMake(t *testing.T) { diff --git a/pilot/pkg/config/aggregate/fakes/config_store_cache.gen.go b/pilot/pkg/config/aggregate/fakes/config_store_cache.gen.go index 52016cb6cf30..8e200644063b 100644 --- a/pilot/pkg/config/aggregate/fakes/config_store_cache.gen.go +++ b/pilot/pkg/config/aggregate/fakes/config_store_cache.gen.go @@ -4,9 +4,9 @@ package fakes import ( "sync" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) type ConfigStoreCache struct { diff --git a/pilot/pkg/config/kube/crd/codegen/types.go b/pilot/pkg/config/kube/crd/codegen/types.go index 08cd428234f0..c3ea618b77de 100644 --- a/pilot/pkg/config/kube/crd/codegen/types.go +++ b/pilot/pkg/config/kube/crd/codegen/types.go @@ -26,8 +26,8 @@ import ( "log" "text/template" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) // ConfigData is data struct to feed to types.go template. diff --git a/pilot/pkg/config/kube/crd/codegen/types.go.tmpl b/pilot/pkg/config/kube/crd/codegen/types.go.tmpl index cb7a8eb14fe4..e2dbb5621c89 100644 --- a/pilot/pkg/config/kube/crd/codegen/types.go.tmpl +++ b/pilot/pkg/config/kube/crd/codegen/types.go.tmpl @@ -22,12 +22,12 @@ package crd // as declared in the Istio config model. import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) type SchemaType struct { diff --git a/pilot/pkg/config/kube/crd/controller/client.go b/pilot/pkg/config/kube/crd/controller/client.go index eea567bb5f24..692a43f16f51 100644 --- a/pilot/pkg/config/kube/crd/controller/client.go +++ b/pilot/pkg/config/kube/crd/controller/client.go @@ -20,29 +20,28 @@ import ( "fmt" "time" + "github.com/hashicorp/go-multierror" + apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" apiextensionsclient "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/util/wait" - - "istio.io/istio/galley/pkg/config/schema/collections" - "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/pkg/ledger" - - "github.com/hashicorp/go-multierror" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" kubeSchema "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" // import GKE cluster authentication plugin + "k8s.io/apimachinery/pkg/runtime/serializer" // import GKE cluster authentication plugin + "k8s.io/apimachinery/pkg/util/wait" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" // import OIDC cluster authentication plugin, e.g. for Tectonic _ "k8s.io/client-go/plugin/pkg/client/auth/oidc" "k8s.io/client-go/rest" + "istio.io/pkg/ledger" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/pilot/pkg/config/kube/crd" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" kubecfg "istio.io/istio/pkg/kube" ) diff --git a/pilot/pkg/config/kube/crd/controller/controller.go b/pilot/pkg/config/kube/crd/controller/controller.go index 0b1c71ead9e3..3a9c8f68e87d 100644 --- a/pilot/pkg/config/kube/crd/controller/controller.go +++ b/pilot/pkg/config/kube/crd/controller/controller.go @@ -25,17 +25,17 @@ import ( "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/tools/cache" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/resource" "istio.io/pkg/log" "istio.io/pkg/monitoring" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/pilot/pkg/config/kube/crd" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/serviceregistry/kube" controller2 "istio.io/istio/pilot/pkg/serviceregistry/kube/controller" + "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/queue" ) diff --git a/pilot/pkg/config/kube/crd/conversion.go b/pilot/pkg/config/kube/crd/conversion.go index 5f4fcc256799..c256d74db382 100644 --- a/pilot/pkg/config/kube/crd/conversion.go +++ b/pilot/pkg/config/kube/crd/conversion.go @@ -26,13 +26,13 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" kubeyaml "k8s.io/apimachinery/pkg/util/yaml" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/resource" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/util/gogoprotomarshal" ) diff --git a/pilot/pkg/config/kube/crd/conversion_test.go b/pilot/pkg/config/kube/crd/conversion_test.go index b150663750d7..fb71c554cb1b 100644 --- a/pilot/pkg/config/kube/crd/conversion_test.go +++ b/pilot/pkg/config/kube/crd/conversion_test.go @@ -18,9 +18,9 @@ import ( "reflect" "testing" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/test/mock" + "istio.io/istio/pkg/config/schema/collections" ) func TestConvert(t *testing.T) { diff --git a/pilot/pkg/config/kube/crd/types.gen.go b/pilot/pkg/config/kube/crd/types.gen.go index 7379dd8f8327..890464cce57b 100644 --- a/pilot/pkg/config/kube/crd/types.gen.go +++ b/pilot/pkg/config/kube/crd/types.gen.go @@ -25,9 +25,9 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) type SchemaType struct { diff --git a/pilot/pkg/config/kube/ingress/controller.go b/pilot/pkg/config/kube/ingress/controller.go index 6a7b41a243df..1b760555fdcf 100644 --- a/pilot/pkg/config/kube/ingress/controller.go +++ b/pilot/pkg/config/kube/ingress/controller.go @@ -26,18 +26,17 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" - "istio.io/istio/galley/pkg/config/schema/resource" - meshconfig "istio.io/api/mesh/v1alpha1" "istio.io/pkg/env" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/serviceregistry/kube" kubecontroller "istio.io/istio/pilot/pkg/serviceregistry/kube/controller" "istio.io/istio/pkg/config/constants" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/queue" ) diff --git a/pilot/pkg/config/memory/config.go b/pilot/pkg/config/memory/config.go index 36cd39788f44..7caebe9dc97a 100644 --- a/pilot/pkg/config/memory/config.go +++ b/pilot/pkg/config/memory/config.go @@ -20,13 +20,12 @@ import ( "sync" "time" - "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/pkg/log" - "istio.io/pkg/ledger" + "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) var ( diff --git a/pilot/pkg/config/memory/config_test.go b/pilot/pkg/config/memory/config_test.go index b11048cb9847..8970a1827ca8 100644 --- a/pilot/pkg/config/memory/config_test.go +++ b/pilot/pkg/config/memory/config_test.go @@ -17,9 +17,9 @@ package memory_test import ( "testing" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/memory" "istio.io/istio/pilot/test/mock" + "istio.io/istio/pkg/config/schema/collections" ) func TestStoreInvariant(t *testing.T) { diff --git a/pilot/pkg/config/memory/controller.go b/pilot/pkg/config/memory/controller.go index ad17a753fd3e..2c2cff12d38c 100644 --- a/pilot/pkg/config/memory/controller.go +++ b/pilot/pkg/config/memory/controller.go @@ -17,9 +17,9 @@ package memory import ( "errors" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) type controller struct { diff --git a/pilot/pkg/config/memory/controller_test.go b/pilot/pkg/config/memory/controller_test.go index 8d83198658a3..ac0dd5c7f3b3 100644 --- a/pilot/pkg/config/memory/controller_test.go +++ b/pilot/pkg/config/memory/controller_test.go @@ -17,9 +17,9 @@ package memory_test import ( "testing" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/memory" "istio.io/istio/pilot/test/mock" + "istio.io/istio/pkg/config/schema/collections" ) const ( diff --git a/pilot/pkg/config/memory/monitor.go b/pilot/pkg/config/memory/monitor.go index 6eb490a29d41..d20197be23b4 100644 --- a/pilot/pkg/config/memory/monitor.go +++ b/pilot/pkg/config/memory/monitor.go @@ -15,10 +15,10 @@ package memory import ( - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/pkg/log" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/resource" ) const ( diff --git a/pilot/pkg/config/memory/monitor_test.go b/pilot/pkg/config/memory/monitor_test.go index 98c30311eca3..ee6bc2242901 100644 --- a/pilot/pkg/config/memory/monitor_test.go +++ b/pilot/pkg/config/memory/monitor_test.go @@ -18,10 +18,10 @@ import ( "sync" "testing" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/memory" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/test/mock" + "istio.io/istio/pkg/config/schema/collections" ) func TestEventConsistency(t *testing.T) { diff --git a/pilot/pkg/config/monitor/file_snapshot.go b/pilot/pkg/config/monitor/file_snapshot.go index 95ad3fed7ff0..d58d81c5ddb8 100644 --- a/pilot/pkg/config/monitor/file_snapshot.go +++ b/pilot/pkg/config/monitor/file_snapshot.go @@ -20,13 +20,13 @@ import ( "path/filepath" "sort" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/kube/crd" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) var ( diff --git a/pilot/pkg/config/monitor/file_snapshot_test.go b/pilot/pkg/config/monitor/file_snapshot_test.go index 41fb19816b33..ddaeb05ce7a5 100644 --- a/pilot/pkg/config/monitor/file_snapshot_test.go +++ b/pilot/pkg/config/monitor/file_snapshot_test.go @@ -24,9 +24,9 @@ import ( networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/monitor" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) var gatewayYAML = ` diff --git a/pilot/pkg/config/monitor/monitor_test.go b/pilot/pkg/config/monitor/monitor_test.go index efb54234c1f3..72548f15d12c 100644 --- a/pilot/pkg/config/monitor/monitor_test.go +++ b/pilot/pkg/config/monitor/monitor_test.go @@ -23,11 +23,11 @@ import ( networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/memory" "istio.io/istio/pilot/pkg/config/monitor" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) const checkInterval = 100 * time.Millisecond diff --git a/pilot/pkg/model/authentication.go b/pilot/pkg/model/authentication.go index 6b98b945ceca..d760dc966ce0 100644 --- a/pilot/pkg/model/authentication.go +++ b/pilot/pkg/model/authentication.go @@ -17,8 +17,8 @@ package model import ( "istio.io/api/security/v1beta1" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pkg/config/labels" + "istio.io/istio/pkg/config/schema/collections" ) // MutualTLSMode is the mutule TLS mode specified by authentication policy. diff --git a/pilot/pkg/model/authentication_test.go b/pilot/pkg/model/authentication_test.go index 5ade7dfd08d4..0e6c899d3a14 100644 --- a/pilot/pkg/model/authentication_test.go +++ b/pilot/pkg/model/authentication_test.go @@ -23,9 +23,9 @@ import ( securityBeta "istio.io/api/security/v1beta1" selectorpb "istio.io/api/type/v1beta1" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pkg/config/labels" "istio.io/istio/pkg/config/mesh" + "istio.io/istio/pkg/config/schema/collections" ) const ( diff --git a/pilot/pkg/model/authorization.go b/pilot/pkg/model/authorization.go index 2ae8ed4705d9..2e461f81ea01 100644 --- a/pilot/pkg/model/authorization.go +++ b/pilot/pkg/model/authorization.go @@ -20,8 +20,8 @@ import ( istiolog "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pkg/config/labels" + "istio.io/istio/pkg/config/schema/collections" ) var ( diff --git a/pilot/pkg/model/authorization_test.go b/pilot/pkg/model/authorization_test.go index 8648691b59ff..7feea4848e84 100644 --- a/pilot/pkg/model/authorization_test.go +++ b/pilot/pkg/model/authorization_test.go @@ -23,17 +23,16 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" - "istio.io/istio/galley/pkg/config/schema/resource" - meshconfig "istio.io/api/mesh/v1alpha1" rbacproto "istio.io/api/rbac/v1alpha1" authpb "istio.io/api/security/v1beta1" selectorpb "istio.io/api/type/v1beta1" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pkg/config/labels" "istio.io/istio/pkg/config/mesh" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) func TestGetAuthorizationPolicies(t *testing.T) { diff --git a/pilot/pkg/model/config.go b/pilot/pkg/model/config.go index 528996658ca9..166a4944b34b 100644 --- a/pilot/pkg/model/config.go +++ b/pilot/pkg/model/config.go @@ -23,18 +23,17 @@ import ( udpa "github.com/cncf/udpa/go/udpa/type/v1" "github.com/mitchellh/copystructure" - "istio.io/istio/galley/pkg/config/schema/resource" - "github.com/gogo/protobuf/proto" mccpb "istio.io/api/mixer/v1/config/client" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pkg/config/constants" "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/labels" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) var ( diff --git a/pilot/pkg/model/config_test.go b/pilot/pkg/model/config_test.go index fd2743959912..dd562fc447ad 100644 --- a/pilot/pkg/model/config_test.go +++ b/pilot/pkg/model/config_test.go @@ -30,9 +30,6 @@ import ( authz "istio.io/api/security/v1beta1" api "istio.io/api/type/v1beta1" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/pilot/pkg/config/memory" "istio.io/istio/pilot/pkg/model" mock_config "istio.io/istio/pilot/test/mock" @@ -40,6 +37,9 @@ import ( "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/labels" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) // getByMessageName finds a schema by message name if it is available diff --git a/pilot/pkg/model/conversion_test.go b/pilot/pkg/model/conversion_test.go index b285e3904b30..19e253edb42c 100644 --- a/pilot/pkg/model/conversion_test.go +++ b/pilot/pkg/model/conversion_test.go @@ -27,8 +27,8 @@ import ( mccpb "istio.io/api/mixer/v1/config/client" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/kube/crd" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/util/gogoprotomarshal" ) diff --git a/pilot/pkg/model/push_context.go b/pilot/pkg/model/push_context.go index 5e5414357e59..e742aac69185 100644 --- a/pilot/pkg/model/push_context.go +++ b/pilot/pkg/model/push_context.go @@ -24,15 +24,15 @@ import ( authn "istio.io/api/authentication/v1alpha1" meshconfig "istio.io/api/mesh/v1alpha1" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/pkg/monitoring" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pkg/config/constants" "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/labels" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/config/visibility" ) diff --git a/pilot/pkg/model/push_context_test.go b/pilot/pkg/model/push_context_test.go index d36c38ba9cfc..911d17063cbd 100644 --- a/pilot/pkg/model/push_context_test.go +++ b/pilot/pkg/model/push_context_test.go @@ -24,15 +24,15 @@ import ( authn "istio.io/api/authentication/v1alpha1" meshconfig "istio.io/api/mesh/v1alpha1" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model/test" "istio.io/istio/pkg/config/constants" "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/labels" "istio.io/istio/pkg/config/mesh" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) func TestMergeUpdateRequest(t *testing.T) { diff --git a/pilot/pkg/networking/core/v1alpha3/cluster_test.go b/pilot/pkg/networking/core/v1alpha3/cluster_test.go index e34af8e7c576..0cc5288983c2 100644 --- a/pilot/pkg/networking/core/v1alpha3/cluster_test.go +++ b/pilot/pkg/networking/core/v1alpha3/cluster_test.go @@ -24,8 +24,6 @@ import ( envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - "istio.io/istio/galley/pkg/config/schema/resource" - "github.com/golang/protobuf/ptypes" "github.com/golang/protobuf/ptypes/wrappers" @@ -41,7 +39,6 @@ import ( "istio.io/api/networking/v1alpha3" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/core/v1alpha3/fakes" @@ -52,6 +49,8 @@ import ( "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/mesh" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) type ConfigType int diff --git a/pilot/pkg/networking/core/v1alpha3/envoyfilter/listener_patch_test.go b/pilot/pkg/networking/core/v1alpha3/envoyfilter/listener_patch_test.go index 74995e7fc755..9b8fa214c2a8 100644 --- a/pilot/pkg/networking/core/v1alpha3/envoyfilter/listener_patch_test.go +++ b/pilot/pkg/networking/core/v1alpha3/envoyfilter/listener_patch_test.go @@ -31,8 +31,6 @@ import ( "github.com/gogo/protobuf/proto" "github.com/golang/protobuf/ptypes" - "istio.io/istio/galley/pkg/config/schema/resource" - "github.com/gogo/protobuf/jsonpb" "github.com/gogo/protobuf/types" "github.com/google/go-cmp/cmp" @@ -40,12 +38,13 @@ import ( meshconfig "istio.io/api/mesh/v1alpha1" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/kube/crd" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/core/v1alpha3/fakes" "istio.io/istio/pilot/pkg/networking/util" "istio.io/istio/pkg/config/mesh" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/test/env" ) diff --git a/pilot/pkg/networking/core/v1alpha3/fakes/fake_istio_config_store.gen.go b/pilot/pkg/networking/core/v1alpha3/fakes/fake_istio_config_store.gen.go index 374476b7fe52..b72205e2f862 100644 --- a/pilot/pkg/networking/core/v1alpha3/fakes/fake_istio_config_store.gen.go +++ b/pilot/pkg/networking/core/v1alpha3/fakes/fake_istio_config_store.gen.go @@ -4,10 +4,10 @@ package fakes import ( "sync" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pkg/config/labels" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) type IstioConfigStore struct { diff --git a/pilot/pkg/networking/core/v1alpha3/gateway_test.go b/pilot/pkg/networking/core/v1alpha3/gateway_test.go index 6a74d2612ed1..13c02486eb2d 100644 --- a/pilot/pkg/networking/core/v1alpha3/gateway_test.go +++ b/pilot/pkg/networking/core/v1alpha3/gateway_test.go @@ -22,11 +22,8 @@ import ( core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" http_conn "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2" - "istio.io/istio/galley/pkg/config/schema/resource" - networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/features" pilot_model "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/core/v1alpha3/fakes" @@ -35,6 +32,8 @@ import ( "istio.io/istio/pilot/pkg/security/model" "istio.io/istio/pkg/config/constants" "istio.io/istio/pkg/config/mesh" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/proto" ) diff --git a/pilot/pkg/networking/core/v1alpha3/httproute_test.go b/pilot/pkg/networking/core/v1alpha3/httproute_test.go index 43fecd346fce..c77fe5a38c11 100644 --- a/pilot/pkg/networking/core/v1alpha3/httproute_test.go +++ b/pilot/pkg/networking/core/v1alpha3/httproute_test.go @@ -26,7 +26,6 @@ import ( meshapi "istio.io/api/mesh/v1alpha1" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/plugin" @@ -34,6 +33,7 @@ import ( "istio.io/istio/pilot/pkg/serviceregistry" "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/config/visibility" ) diff --git a/pilot/pkg/networking/core/v1alpha3/listener_test.go b/pilot/pkg/networking/core/v1alpha3/listener_test.go index 2c1dbdffded6..abc4b6dd8865 100644 --- a/pilot/pkg/networking/core/v1alpha3/listener_test.go +++ b/pilot/pkg/networking/core/v1alpha3/listener_test.go @@ -35,13 +35,10 @@ import ( "github.com/golang/protobuf/ptypes/wrappers" "github.com/google/go-cmp/cmp" - "istio.io/istio/galley/pkg/config/schema/resource" - meshconfig "istio.io/api/mesh/v1alpha1" "istio.io/api/networking/v1alpha3" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/core/v1alpha3/fakes" @@ -52,6 +49,8 @@ import ( "istio.io/istio/pkg/config/labels" "istio.io/istio/pkg/config/mesh" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) const ( diff --git a/pilot/pkg/networking/core/v1alpha3/loadbalancer/loadbalancer_test.go b/pilot/pkg/networking/core/v1alpha3/loadbalancer/loadbalancer_test.go index 4fd5e1e51eae..7874d13ab647 100644 --- a/pilot/pkg/networking/core/v1alpha3/loadbalancer/loadbalancer_test.go +++ b/pilot/pkg/networking/core/v1alpha3/loadbalancer/loadbalancer_test.go @@ -27,11 +27,11 @@ import ( meshconfig "istio.io/api/mesh/v1alpha1" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/core/v1alpha3/fakes" "istio.io/istio/pkg/config/mesh" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collections" ) func TestApplyLocalitySetting(t *testing.T) { diff --git a/pilot/pkg/networking/core/v1alpha3/route/route_test.go b/pilot/pkg/networking/core/v1alpha3/route/route_test.go index 75fb012cae7d..d6d8feeaf2c6 100644 --- a/pilot/pkg/networking/core/v1alpha3/route/route_test.go +++ b/pilot/pkg/networking/core/v1alpha3/route/route_test.go @@ -25,12 +25,12 @@ import ( networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/core/v1alpha3/route" "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/mesh" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collections" ) func TestBuildHTTPRoutes(t *testing.T) { diff --git a/pilot/pkg/proxy/envoy/v2/ads.go b/pilot/pkg/proxy/envoy/v2/ads.go index 4206a75c948b..07ff589c900f 100644 --- a/pilot/pkg/proxy/envoy/v2/ads.go +++ b/pilot/pkg/proxy/envoy/v2/ads.go @@ -28,13 +28,12 @@ import ( "google.golang.org/grpc/peer" "google.golang.org/grpc/status" - "istio.io/istio/galley/pkg/config/schema/resource" - istiolog "istio.io/pkg/log" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/util" "istio.io/istio/pilot/pkg/util/sets" + "istio.io/istio/pkg/config/schema/resource" ) var ( diff --git a/pilot/pkg/proxy/envoy/v2/ads_common.go b/pilot/pkg/proxy/envoy/v2/ads_common.go index 4875ee0c0713..ad861e49da12 100644 --- a/pilot/pkg/proxy/envoy/v2/ads_common.go +++ b/pilot/pkg/proxy/envoy/v2/ads_common.go @@ -15,9 +15,9 @@ package v2 import ( - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collections" ) func ProxyNeedsPush(proxy *model.Proxy, pushEv *XdsEvent) bool { diff --git a/pilot/pkg/proxy/envoy/v2/ads_common_test.go b/pilot/pkg/proxy/envoy/v2/ads_common_test.go index e02c8b7ab1e6..67fafe1c79c8 100644 --- a/pilot/pkg/proxy/envoy/v2/ads_common_test.go +++ b/pilot/pkg/proxy/envoy/v2/ads_common_test.go @@ -19,9 +19,9 @@ import ( "strconv" "testing" - "istio.io/istio/galley/pkg/config/schema/collections" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) func TestProxyNeedsPush(t *testing.T) { diff --git a/pilot/pkg/proxy/envoy/v2/bench_test.go b/pilot/pkg/proxy/envoy/v2/bench_test.go index 4e3fd9efb632..72578f4957ab 100644 --- a/pilot/pkg/proxy/envoy/v2/bench_test.go +++ b/pilot/pkg/proxy/envoy/v2/bench_test.go @@ -24,7 +24,6 @@ import ( networking "istio.io/api/networking/v1alpha3" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/memory" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/networking/core/v1alpha3/loadbalancer" @@ -33,6 +32,7 @@ import ( "istio.io/istio/pilot/pkg/serviceregistry/aggregate" "istio.io/istio/pilot/pkg/serviceregistry/external" "istio.io/istio/pkg/config/mesh" + "istio.io/istio/pkg/config/schema/collections" ) // SetupDiscoveryServer creates a DiscoveryServer with the provided configs using the mem registry diff --git a/pilot/pkg/proxy/envoy/v2/debug.go b/pilot/pkg/proxy/envoy/v2/debug.go index dfb0a3334fdd..c344877f5c00 100644 --- a/pilot/pkg/proxy/envoy/v2/debug.go +++ b/pilot/pkg/proxy/envoy/v2/debug.go @@ -23,7 +23,7 @@ import ( "net/http/pprof" "sort" - "istio.io/istio/galley/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/kube/inject" "istio.io/istio/pilot/pkg/features" diff --git a/pilot/pkg/proxy/envoy/v2/eds.go b/pilot/pkg/proxy/envoy/v2/eds.go index 8e188ec6f5cd..a6137807a899 100644 --- a/pilot/pkg/proxy/envoy/v2/eds.go +++ b/pilot/pkg/proxy/envoy/v2/eds.go @@ -25,11 +25,8 @@ import ( endpoint "github.com/envoyproxy/go-control-plane/envoy/api/v2/endpoint" "github.com/golang/protobuf/ptypes/wrappers" - "istio.io/istio/galley/pkg/config/schema/resource" - networkingapi "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" networking "istio.io/istio/pilot/pkg/networking/core/v1alpha3" "istio.io/istio/pilot/pkg/networking/core/v1alpha3/loadbalancer" @@ -40,6 +37,8 @@ import ( "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/labels" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) // EDS returns the list of endpoints (IP:port and in future labels) associated with a real diff --git a/pilot/pkg/security/authz/builder/builder_test.go b/pilot/pkg/security/authz/builder/builder_test.go index b1e2134d0c4b..f7955a4c8ee0 100644 --- a/pilot/pkg/security/authz/builder/builder_test.go +++ b/pilot/pkg/security/authz/builder/builder_test.go @@ -24,12 +24,12 @@ import ( istioRbacPb "istio.io/api/rbac/v1alpha1" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" authzModel "istio.io/istio/pilot/pkg/security/authz/model" "istio.io/istio/pilot/pkg/security/authz/policy" "istio.io/istio/pilot/pkg/security/trustdomain" "istio.io/istio/pkg/config/host" + "istio.io/istio/pkg/config/schema/collections" ) func newService(hostname string, labels map[string]string, t *testing.T) *model.ServiceInstance { diff --git a/pilot/pkg/security/authz/policy/helper.go b/pilot/pkg/security/authz/policy/helper.go index ba06a70c63f2..e67a190e181c 100644 --- a/pilot/pkg/security/authz/policy/helper.go +++ b/pilot/pkg/security/authz/policy/helper.go @@ -26,11 +26,11 @@ import ( istioRbacPb "istio.io/api/rbac/v1alpha1" istioSecurityPb "istio.io/api/security/v1beta1" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/memory" "istio.io/istio/pilot/pkg/model" authzModel "istio.io/istio/pilot/pkg/security/authz/model" "istio.io/istio/pkg/config/host" + "istio.io/istio/pkg/config/schema/collections" ) // We cannot import `testing` here, as it will bring extra test flags into the binary. Instead, just include the interface here diff --git a/pilot/pkg/serviceregistry/external/controller_test.go b/pilot/pkg/serviceregistry/external/controller_test.go index 33d040140e35..f57314b217ff 100644 --- a/pilot/pkg/serviceregistry/external/controller_test.go +++ b/pilot/pkg/serviceregistry/external/controller_test.go @@ -20,11 +20,11 @@ import ( networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/memory" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/serviceregistry/external" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) var ( diff --git a/pilot/pkg/serviceregistry/external/servicediscovery.go b/pilot/pkg/serviceregistry/external/servicediscovery.go index c3f0abbc9f34..687ca432e35a 100644 --- a/pilot/pkg/serviceregistry/external/servicediscovery.go +++ b/pilot/pkg/serviceregistry/external/servicediscovery.go @@ -19,14 +19,14 @@ import ( "sync" "time" - "istio.io/istio/galley/pkg/config/schema/resource" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/serviceregistry" "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/labels" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) // TODO: move this out of 'external' package. Either 'serviceentry' package or diff --git a/pilot/pkg/serviceregistry/external/servicediscovery_test.go b/pilot/pkg/serviceregistry/external/servicediscovery_test.go index 4021f9f708e0..e845822a554f 100644 --- a/pilot/pkg/serviceregistry/external/servicediscovery_test.go +++ b/pilot/pkg/serviceregistry/external/servicediscovery_test.go @@ -21,12 +21,12 @@ import ( networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/config/memory" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pkg/config/constants" "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/labels" + "istio.io/istio/pkg/config/schema/collections" ) func createServiceEntries(configs []*model.Config, store model.IstioConfigStore, t *testing.T) { diff --git a/pilot/pkg/serviceregistry/kube/controller/endpointsdiscovery.go b/pilot/pkg/serviceregistry/kube/controller/endpointsdiscovery.go index 39a5b27f07db..cea701ded08d 100644 --- a/pilot/pkg/serviceregistry/kube/controller/endpointsdiscovery.go +++ b/pilot/pkg/serviceregistry/kube/controller/endpointsdiscovery.go @@ -18,15 +18,14 @@ import ( v1 "k8s.io/api/core/v1" "k8s.io/client-go/tools/cache" - "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/features" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/serviceregistry/kube" "istio.io/istio/pkg/config/labels" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) // Pilot can get EDS information from Kubernetes from two mutually exclusive sources, Endpoints and diff --git a/pilot/pkg/serviceregistry/kube/controller/multicluster.go b/pilot/pkg/serviceregistry/kube/controller/multicluster.go index 0d6c5048cc57..636d7fb46231 100644 --- a/pilot/pkg/serviceregistry/kube/controller/multicluster.go +++ b/pilot/pkg/serviceregistry/kube/controller/multicluster.go @@ -20,14 +20,13 @@ import ( "k8s.io/client-go/kubernetes" - "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/serviceregistry/aggregate" "istio.io/istio/pkg/config/mesh" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/kube/secretcontroller" ) diff --git a/pilot/pkg/serviceregistry/mcp/controller.go b/pilot/pkg/serviceregistry/mcp/controller.go index 6324a93d3530..e01bdab6bf1e 100644 --- a/pilot/pkg/serviceregistry/mcp/controller.go +++ b/pilot/pkg/serviceregistry/mcp/controller.go @@ -23,15 +23,14 @@ import ( "github.com/gogo/protobuf/types" - "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/pkg/ledger" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/serviceregistry/kube" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/mcp/sink" ) diff --git a/pilot/pkg/serviceregistry/mcp/controller_test.go b/pilot/pkg/serviceregistry/mcp/controller_test.go index 1cdff94ee2d3..78c134c9464c 100644 --- a/pilot/pkg/serviceregistry/mcp/controller_test.go +++ b/pilot/pkg/serviceregistry/mcp/controller_test.go @@ -24,15 +24,15 @@ import ( "github.com/gogo/protobuf/types" . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/resource" authn "istio.io/api/authentication/v1alpha1" mcpapi "istio.io/api/mcp/v1alpha1" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/serviceregistry/mcp" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/mcp/sink" ) diff --git a/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller.go b/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller.go index 69309436ac99..47312ae339e8 100644 --- a/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller.go +++ b/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller.go @@ -25,16 +25,15 @@ import ( "github.com/gogo/protobuf/types" - "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/api/annotation" networking "istio.io/api/networking/v1alpha3" "istio.io/pkg/ledger" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/mcp/sink" ) diff --git a/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller_test.go b/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller_test.go index e63aab7c7438..ecf0caa59be9 100644 --- a/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller_test.go +++ b/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller_test.go @@ -26,9 +26,9 @@ import ( mcpapi "istio.io/api/mcp/v1alpha1" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pilot/pkg/serviceregistry/synthetic/serviceentry" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/mcp/sink" ) diff --git a/pilot/test/mock/config.go b/pilot/test/mock/config.go index d9bc76e50634..809cfa69fd72 100644 --- a/pilot/test/mock/config.go +++ b/pilot/test/mock/config.go @@ -24,8 +24,6 @@ import ( "github.com/gogo/protobuf/proto" "go.uber.org/atomic" - "istio.io/istio/galley/pkg/config/schema/resource" - authn "istio.io/api/authentication/v1alpha1" mpb "istio.io/api/mixer/v1" mccpb "istio.io/api/mixer/v1/config/client" @@ -35,10 +33,11 @@ import ( api "istio.io/api/type/v1beta1" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/pilot/pkg/model" "istio.io/istio/pkg/config/constants" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" pkgtest "istio.io/istio/pkg/test" "istio.io/istio/pkg/test/config" ) diff --git a/galley/pkg/config/schema/ast/ast.go b/pkg/config/schema/ast/ast.go similarity index 100% rename from galley/pkg/config/schema/ast/ast.go rename to pkg/config/schema/ast/ast.go diff --git a/galley/pkg/config/schema/ast/ast_test.go b/pkg/config/schema/ast/ast_test.go similarity index 100% rename from galley/pkg/config/schema/ast/ast_test.go rename to pkg/config/schema/ast/ast_test.go diff --git a/galley/pkg/config/schema/codegen/collections.go b/pkg/config/schema/codegen/collections.go similarity index 95% rename from galley/pkg/config/schema/codegen/collections.go rename to pkg/config/schema/codegen/collections.go index 39d2c8ed71b0..c5494aa48a59 100644 --- a/galley/pkg/config/schema/codegen/collections.go +++ b/pkg/config/schema/codegen/collections.go @@ -19,7 +19,7 @@ import ( "sort" "strings" - "istio.io/istio/galley/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/ast" ) const staticCollectionsTemplate = ` @@ -29,8 +29,8 @@ const staticCollectionsTemplate = ` package {{.PackageName}} import ( - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/config/validation" ) diff --git a/galley/pkg/config/schema/codegen/collections_test.go b/pkg/config/schema/codegen/collections_test.go similarity index 96% rename from galley/pkg/config/schema/codegen/collections_test.go rename to pkg/config/schema/codegen/collections_test.go index 2f8277802d80..1bce4fa212cf 100644 --- a/galley/pkg/config/schema/codegen/collections_test.go +++ b/pkg/config/schema/codegen/collections_test.go @@ -21,7 +21,7 @@ import ( "github.com/google/go-cmp/cmp" . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/ast" ) func TestStaticCollections(t *testing.T) { @@ -82,8 +82,8 @@ func TestStaticCollections(t *testing.T) { package pkg import ( - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/config/validation" ) diff --git a/galley/pkg/config/schema/codegen/common.go b/pkg/config/schema/codegen/common.go similarity index 100% rename from galley/pkg/config/schema/codegen/common.go rename to pkg/config/schema/codegen/common.go diff --git a/galley/pkg/config/schema/codegen/common_test.go b/pkg/config/schema/codegen/common_test.go similarity index 100% rename from galley/pkg/config/schema/codegen/common_test.go rename to pkg/config/schema/codegen/common_test.go diff --git a/galley/pkg/config/schema/codegen/snapshots.go b/pkg/config/schema/codegen/snapshots.go similarity index 97% rename from galley/pkg/config/schema/codegen/snapshots.go rename to pkg/config/schema/codegen/snapshots.go index e89ce80665a6..f2f4b1b78108 100644 --- a/galley/pkg/config/schema/codegen/snapshots.go +++ b/pkg/config/schema/codegen/snapshots.go @@ -18,7 +18,7 @@ import ( "sort" "strings" - "istio.io/istio/galley/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/ast" ) const staticSnapshotsTemplate = ` diff --git a/galley/pkg/config/schema/codegen/snapshots_test.go b/pkg/config/schema/codegen/snapshots_test.go similarity index 97% rename from galley/pkg/config/schema/codegen/snapshots_test.go rename to pkg/config/schema/codegen/snapshots_test.go index 124bc3c02657..a6a77dbc589c 100644 --- a/galley/pkg/config/schema/codegen/snapshots_test.go +++ b/pkg/config/schema/codegen/snapshots_test.go @@ -20,7 +20,7 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/ast" ) func TestStaticSnapshots(t *testing.T) { diff --git a/galley/pkg/config/schema/codegen/staticinit.go b/pkg/config/schema/codegen/staticinit.go similarity index 97% rename from galley/pkg/config/schema/codegen/staticinit.go rename to pkg/config/schema/codegen/staticinit.go index f107c26064d8..a9119cb2b88d 100644 --- a/galley/pkg/config/schema/codegen/staticinit.go +++ b/pkg/config/schema/codegen/staticinit.go @@ -17,7 +17,7 @@ package codegen import ( "sort" - "istio.io/istio/galley/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/ast" ) const importInitTemplate = ` diff --git a/galley/pkg/config/schema/codegen/staticinit_test.go b/pkg/config/schema/codegen/staticinit_test.go similarity index 97% rename from galley/pkg/config/schema/codegen/staticinit_test.go rename to pkg/config/schema/codegen/staticinit_test.go index 51bdc3c6826c..a8218dc1ec7e 100644 --- a/galley/pkg/config/schema/codegen/staticinit_test.go +++ b/pkg/config/schema/codegen/staticinit_test.go @@ -20,7 +20,7 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/ast" ) func TestStaticInit(t *testing.T) { diff --git a/galley/pkg/config/schema/codegen/tools/collections.main.go b/pkg/config/schema/codegen/tools/collections.main.go similarity index 91% rename from galley/pkg/config/schema/codegen/tools/collections.main.go rename to pkg/config/schema/codegen/tools/collections.main.go index d79ed2c15b5a..33499ae4c6e3 100644 --- a/galley/pkg/config/schema/codegen/tools/collections.main.go +++ b/pkg/config/schema/codegen/tools/collections.main.go @@ -21,9 +21,9 @@ import ( "io/ioutil" "os" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/ast" - "istio.io/istio/galley/pkg/config/schema/codegen" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/codegen" ) // Utility for generating collections.gen.go. Called from gen.go diff --git a/galley/pkg/config/schema/codegen/tools/snapshots.main.go b/pkg/config/schema/codegen/tools/snapshots.main.go similarity index 91% rename from galley/pkg/config/schema/codegen/tools/snapshots.main.go rename to pkg/config/schema/codegen/tools/snapshots.main.go index fa78b2f6b818..5db746a8dfb8 100644 --- a/galley/pkg/config/schema/codegen/tools/snapshots.main.go +++ b/pkg/config/schema/codegen/tools/snapshots.main.go @@ -21,9 +21,9 @@ import ( "io/ioutil" "os" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/ast" - "istio.io/istio/galley/pkg/config/schema/codegen" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/codegen" ) // Utility for generating snapshots.gen.go. Called from gen.go diff --git a/galley/pkg/config/schema/codegen/tools/staticinit.main.go b/pkg/config/schema/codegen/tools/staticinit.main.go similarity index 92% rename from galley/pkg/config/schema/codegen/tools/staticinit.main.go rename to pkg/config/schema/codegen/tools/staticinit.main.go index 65a8d3f64551..e67ddb9a53f3 100644 --- a/galley/pkg/config/schema/codegen/tools/staticinit.main.go +++ b/pkg/config/schema/codegen/tools/staticinit.main.go @@ -21,9 +21,9 @@ import ( "io/ioutil" "os" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/ast" - "istio.io/istio/galley/pkg/config/schema/codegen" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/codegen" ) // Utility for generating staticinit.gen.go. Called from gen.go diff --git a/galley/pkg/config/schema/collection/name.go b/pkg/config/schema/collection/name.go similarity index 100% rename from galley/pkg/config/schema/collection/name.go rename to pkg/config/schema/collection/name.go diff --git a/galley/pkg/config/schema/collection/name_test.go b/pkg/config/schema/collection/name_test.go similarity index 100% rename from galley/pkg/config/schema/collection/name_test.go rename to pkg/config/schema/collection/name_test.go diff --git a/galley/pkg/config/schema/collection/names.go b/pkg/config/schema/collection/names.go similarity index 100% rename from galley/pkg/config/schema/collection/names.go rename to pkg/config/schema/collection/names.go diff --git a/galley/pkg/config/schema/collection/names_test.go b/pkg/config/schema/collection/names_test.go similarity index 95% rename from galley/pkg/config/schema/collection/names_test.go rename to pkg/config/schema/collection/names_test.go index ab79f2a05a9a..6a3e60866874 100644 --- a/galley/pkg/config/schema/collection/names_test.go +++ b/pkg/config/schema/collection/names_test.go @@ -19,9 +19,9 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/schema/collection" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" + "istio.io/istio/pkg/config/schema/collection" ) func TestNames_Clone(t *testing.T) { diff --git a/galley/pkg/config/schema/collection/schema.go b/pkg/config/schema/collection/schema.go similarity index 98% rename from galley/pkg/config/schema/collection/schema.go rename to pkg/config/schema/collection/schema.go index 77369f96204f..7322b31d1fae 100644 --- a/galley/pkg/config/schema/collection/schema.go +++ b/pkg/config/schema/collection/schema.go @@ -17,7 +17,7 @@ package collection import ( "fmt" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/resource" ) // Schema for a collection. diff --git a/galley/pkg/config/schema/collection/schema_test.go b/pkg/config/schema/collection/schema_test.go similarity index 95% rename from galley/pkg/config/schema/collection/schema_test.go rename to pkg/config/schema/collection/schema_test.go index f10547e8292f..35f72c28e0f1 100644 --- a/galley/pkg/config/schema/collection/schema_test.go +++ b/pkg/config/schema/collection/schema_test.go @@ -19,8 +19,8 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) func TestSchema_NewSchema(t *testing.T) { diff --git a/galley/pkg/config/schema/collection/schemas.go b/pkg/config/schema/collection/schemas.go similarity index 99% rename from galley/pkg/config/schema/collection/schemas.go rename to pkg/config/schema/collection/schemas.go index 3d6c9765fe6b..4ffafadec999 100644 --- a/galley/pkg/config/schema/collection/schemas.go +++ b/pkg/config/schema/collection/schemas.go @@ -22,7 +22,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/hashicorp/go-multierror" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/resource" ) // Schemas contains metadata about configuration resources. diff --git a/galley/pkg/config/schema/collection/schemas_test.go b/pkg/config/schema/collection/schemas_test.go similarity index 98% rename from galley/pkg/config/schema/collection/schemas_test.go rename to pkg/config/schema/collection/schemas_test.go index 2a7133394dac..832c9324b73a 100644 --- a/galley/pkg/config/schema/collection/schemas_test.go +++ b/pkg/config/schema/collection/schemas_test.go @@ -20,8 +20,8 @@ import ( _ "github.com/gogo/protobuf/types" . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) var ( diff --git a/galley/pkg/config/schema/collections/collections.gen.go b/pkg/config/schema/collections/collections.gen.go similarity index 99% rename from galley/pkg/config/schema/collections/collections.gen.go rename to pkg/config/schema/collections/collections.gen.go index d12910df8413..30eff83898af 100755 --- a/galley/pkg/config/schema/collections/collections.gen.go +++ b/pkg/config/schema/collections/collections.gen.go @@ -4,8 +4,8 @@ package collections import ( - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/config/validation" ) diff --git a/galley/pkg/config/schema/collections/collections_test.go b/pkg/config/schema/collections/collections_test.go similarity index 95% rename from galley/pkg/config/schema/collections/collections_test.go rename to pkg/config/schema/collections/collections_test.go index a1a50e543e4c..e64031ec4267 100644 --- a/galley/pkg/config/schema/collections/collections_test.go +++ b/pkg/config/schema/collections/collections_test.go @@ -17,7 +17,7 @@ package collections import ( "testing" - "istio.io/istio/galley/pkg/config/schema" + "istio.io/istio/pkg/config/schema" ) func TestCollectionNames(t *testing.T) { diff --git a/galley/pkg/config/schema/collections/mock.go b/pkg/config/schema/collections/mock.go similarity index 93% rename from galley/pkg/config/schema/collections/mock.go rename to pkg/config/schema/collections/mock.go index 29b60d7bdc56..086c8b3ce9bb 100644 --- a/galley/pkg/config/schema/collections/mock.go +++ b/pkg/config/schema/collections/mock.go @@ -19,8 +19,8 @@ import ( "github.com/gogo/protobuf/proto" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/test/config" ) diff --git a/galley/pkg/config/schema/collections/staticinit.gen.go b/pkg/config/schema/collections/staticinit.gen.go similarity index 100% rename from galley/pkg/config/schema/collections/staticinit.gen.go rename to pkg/config/schema/collections/staticinit.gen.go diff --git a/pkg/config/schema/generate.go b/pkg/config/schema/generate.go new file mode 100644 index 000000000000..785970e5b00a --- /dev/null +++ b/pkg/config/schema/generate.go @@ -0,0 +1,39 @@ +// Copyright 2019 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package schema + +// Embed the core metadata file containing the collections as a resource +//go:generate go-bindata --nocompress --nometadata --pkg schema -o metadata.gen.go metadata.yaml + +// Create static initializers files in each of the output directories +//go:generate go run $REPO_ROOT/pkg/config/schema/codegen/tools/staticinit.main.go schema metadata.yaml staticinit.gen.go +// nolint: lll +//go:generate go run $REPO_ROOT/pkg/config/schema/codegen/tools/staticinit.main.go collections metadata.yaml "$REPO_ROOT/pkg/config/schema/collections/staticinit.gen.go" +// nolint: lll +//go:generate go run $REPO_ROOT/pkg/config/schema/codegen/tools/staticinit.main.go snapshots metadata.yaml "$REPO_ROOT/pkg/config/schema/snapshots/staticinit.gen.go" + +// Create collection constants +// nolint: lll +//go:generate go run $REPO_ROOT/pkg/config/schema/codegen/tools/collections.main.go collections metadata.yaml "$REPO_ROOT/pkg/config/schema/collections/collections.gen.go" + +// Create snapshot constants +// nolint: lll +//go:generate go run $REPO_ROOT/pkg/config/schema/codegen/tools/snapshots.main.go snapshots metadata.yaml "$REPO_ROOT/pkg/config/schema/snapshots/snapshots.gen.go" + +//go:generate goimports -w -local istio.io "$REPO_ROOT/pkg/config/schema/collections/collections.gen.go" +//go:generate goimports -w -local istio.io "$REPO_ROOT/pkg/config/schema/snapshots/snapshots.gen.go" +//go:generate goimports -w -local istio.io "$REPO_ROOT/pkg/config/schema/staticinit.gen.go" +//go:generate goimports -w -local istio.io "$REPO_ROOT/pkg/config/schema/collections/staticinit.gen.go" +//go:generate goimports -w -local istio.io "$REPO_ROOT/pkg/config/schema/snapshots/staticinit.gen.go" diff --git a/galley/pkg/config/schema/get.go b/pkg/config/schema/get.go similarity index 100% rename from galley/pkg/config/schema/get.go rename to pkg/config/schema/get.go diff --git a/galley/pkg/config/schema/kindmapping.go b/pkg/config/schema/kindmapping.go similarity index 100% rename from galley/pkg/config/schema/kindmapping.go rename to pkg/config/schema/kindmapping.go diff --git a/galley/pkg/config/schema/metadata.gen.go b/pkg/config/schema/metadata.gen.go similarity index 100% rename from galley/pkg/config/schema/metadata.gen.go rename to pkg/config/schema/metadata.gen.go diff --git a/galley/pkg/config/schema/metadata.yaml b/pkg/config/schema/metadata.yaml similarity index 100% rename from galley/pkg/config/schema/metadata.yaml rename to pkg/config/schema/metadata.yaml diff --git a/galley/pkg/config/schema/resource/schema.go b/pkg/config/schema/resource/schema.go similarity index 100% rename from galley/pkg/config/schema/resource/schema.go rename to pkg/config/schema/resource/schema.go diff --git a/galley/pkg/config/schema/resource/schema_test.go b/pkg/config/schema/resource/schema_test.go similarity index 100% rename from galley/pkg/config/schema/resource/schema_test.go rename to pkg/config/schema/resource/schema_test.go diff --git a/galley/pkg/config/schema/schema.go b/pkg/config/schema/schema.go similarity index 98% rename from galley/pkg/config/schema/schema.go rename to pkg/config/schema/schema.go index c89b38692d69..1899f25fa921 100644 --- a/galley/pkg/config/schema/schema.go +++ b/pkg/config/schema/schema.go @@ -21,9 +21,9 @@ import ( "github.com/google/go-cmp/cmp" - "istio.io/istio/galley/pkg/config/schema/ast" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" + "istio.io/istio/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/config/validation" "istio.io/istio/pkg/util/strcase" ) diff --git a/galley/pkg/config/schema/schema_test.go b/pkg/config/schema/schema_test.go similarity index 98% rename from galley/pkg/config/schema/schema_test.go rename to pkg/config/schema/schema_test.go index 0dcec8bfb67b..12b73db46359 100644 --- a/galley/pkg/config/schema/schema_test.go +++ b/pkg/config/schema/schema_test.go @@ -19,10 +19,10 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/schema/ast" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/schema/ast" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" ) var ( diff --git a/galley/pkg/config/schema/snapshots/snapshots.gen.go b/pkg/config/schema/snapshots/snapshots.gen.go similarity index 100% rename from galley/pkg/config/schema/snapshots/snapshots.gen.go rename to pkg/config/schema/snapshots/snapshots.gen.go diff --git a/galley/pkg/config/schema/snapshots/staticinit.gen.go b/pkg/config/schema/snapshots/staticinit.gen.go similarity index 100% rename from galley/pkg/config/schema/snapshots/staticinit.gen.go rename to pkg/config/schema/snapshots/staticinit.gen.go diff --git a/galley/pkg/config/schema/staticinit.gen.go b/pkg/config/schema/staticinit.gen.go similarity index 100% rename from galley/pkg/config/schema/staticinit.gen.go rename to pkg/config/schema/staticinit.gen.go diff --git a/pkg/test/framework/components/echo/docker/service.go b/pkg/test/framework/components/echo/docker/service.go index d3368cdcb0a3..8ab111ba3c49 100644 --- a/pkg/test/framework/components/echo/docker/service.go +++ b/pkg/test/framework/components/echo/docker/service.go @@ -19,7 +19,7 @@ import ( "text/template" "time" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/test/framework/components/echo" "istio.io/istio/pkg/test/framework/components/galley" "istio.io/istio/pkg/test/framework/components/namespace" diff --git a/pkg/webhooks/validation/server/server.go b/pkg/webhooks/validation/server/server.go index 9ed4a70003df..4168c1774971 100644 --- a/pkg/webhooks/validation/server/server.go +++ b/pkg/webhooks/validation/server/server.go @@ -34,16 +34,15 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" - "istio.io/istio/galley/pkg/config/schema/resource" - "istio.io/pkg/filewatcher" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/mixer/pkg/config/store" "istio.io/istio/pilot/pkg/config/kube/crd" "istio.io/istio/pkg/config/constants" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema/resource" ) var scope = log.RegisterScope("validationServer", "validation webhook server", 0) diff --git a/pkg/webhooks/validation/server/server_test.go b/pkg/webhooks/validation/server/server_test.go index 584c3fad49d5..855156174e3d 100644 --- a/pkg/webhooks/validation/server/server_test.go +++ b/pkg/webhooks/validation/server/server_test.go @@ -37,8 +37,8 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/mixer/pkg/config/store" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/mcp/testing/testcerts" "istio.io/istio/pkg/test/config" ) diff --git a/tests/e2e/tests/controller/controller_test.go b/tests/e2e/tests/controller/controller_test.go index 27e5473c016c..6da26581588b 100644 --- a/tests/e2e/tests/controller/controller_test.go +++ b/tests/e2e/tests/controller/controller_test.go @@ -23,14 +23,14 @@ import ( "github.com/hashicorp/go-multierror" - "istio.io/istio/galley/pkg/config/schema/collection" - "istio.io/istio/galley/pkg/config/schema/resource" crd2 "istio.io/istio/pilot/pkg/config/kube/crd" crd "istio.io/istio/pilot/pkg/config/kube/crd/controller" "istio.io/istio/pilot/pkg/model" kube "istio.io/istio/pilot/pkg/serviceregistry/kube/controller" "istio.io/istio/pilot/test/mock" "istio.io/istio/pilot/test/util" + "istio.io/istio/pkg/config/schema/collection" + "istio.io/istio/pkg/config/schema/resource" ) // Package controller tests the pilot controller using a k8s cluster or standalone apiserver. diff --git a/tests/e2e/tests/pilot/mcp_test.go b/tests/e2e/tests/pilot/mcp_test.go index cec54d9db23f..c877e8d6fb66 100644 --- a/tests/e2e/tests/pilot/mcp_test.go +++ b/tests/e2e/tests/pilot/mcp_test.go @@ -28,16 +28,16 @@ import ( meshconfig "istio.io/api/mesh/v1alpha1" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" mixerEnv "istio.io/istio/mixer/test/client/env" "istio.io/istio/pilot/pkg/bootstrap" srmemory "istio.io/istio/pilot/pkg/serviceregistry/memory" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/mcp/source" "istio.io/istio/pkg/mcp/testing/groups" "istio.io/istio/tests/util" // Import the resource package to pull in all proto types. - _ "istio.io/istio/galley/pkg/config/schema" + _ "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/mcp/snapshot" mcptesting "istio.io/istio/pkg/mcp/testing" "istio.io/istio/pkg/test/env" diff --git a/tests/e2e/tests/pilot/performance/serviceentry_test.go b/tests/e2e/tests/pilot/performance/serviceentry_test.go index c6cda67acfa8..26b3324d3415 100644 --- a/tests/e2e/tests/pilot/performance/serviceentry_test.go +++ b/tests/e2e/tests/pilot/performance/serviceentry_test.go @@ -35,10 +35,10 @@ import ( meshconfig "istio.io/api/mesh/v1alpha1" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/schema/collections" mixerEnv "istio.io/istio/mixer/test/client/env" "istio.io/istio/pilot/pkg/bootstrap" "istio.io/istio/pkg/adsc" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/mcp/snapshot" "istio.io/istio/pkg/mcp/source" mcptest "istio.io/istio/pkg/mcp/testing" diff --git a/tests/integration/conformance/sanity_test.go b/tests/integration/conformance/sanity_test.go index 8e0d1b3ceeb0..bb3500b1b158 100644 --- a/tests/integration/conformance/sanity_test.go +++ b/tests/integration/conformance/sanity_test.go @@ -17,8 +17,8 @@ package conformance import ( "testing" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/snapshots" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/snapshots" "istio.io/istio/pkg/test/framework" ) diff --git a/tests/integration/galley/conversion_test.go b/tests/integration/galley/conversion_test.go index 7a43eee3944a..d3bf32d0ee4b 100644 --- a/tests/integration/galley/conversion_test.go +++ b/tests/integration/galley/conversion_test.go @@ -19,9 +19,9 @@ import ( "testing" "time" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collections" "istio.io/istio/galley/testdatasets/conversion" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/test/framework/components/environment" "istio.io/istio/pkg/test/framework/components/namespace" "istio.io/istio/pkg/test/framework/resource" diff --git a/tests/integration/galley/validation_test.go b/tests/integration/galley/validation_test.go index 8a40e169f0d3..40e5198605e7 100644 --- a/tests/integration/galley/validation_test.go +++ b/tests/integration/galley/validation_test.go @@ -22,8 +22,8 @@ import ( "gopkg.in/square/go-jose.v2/json" "sigs.k8s.io/yaml" - "istio.io/istio/galley/pkg/config/schema" "istio.io/istio/galley/testdatasets/validation" + "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/test/util/yml" "istio.io/istio/pkg/test/framework" diff --git a/tests/integration/pilot/mcp/synthetic_serviceentry_test.go b/tests/integration/pilot/mcp/synthetic_serviceentry_test.go index 026e7cd88b08..de350d0f4321 100644 --- a/tests/integration/pilot/mcp/synthetic_serviceentry_test.go +++ b/tests/integration/pilot/mcp/synthetic_serviceentry_test.go @@ -23,8 +23,8 @@ import ( xdsapi "github.com/envoyproxy/go-control-plane/envoy/api/v2" kubeApiMeta "k8s.io/apimachinery/pkg/apis/meta/v1" - "istio.io/istio/galley/pkg/config/schema" - "istio.io/istio/galley/pkg/config/schema/collections" + "istio.io/istio/pkg/config/schema" + "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/test/framework" "istio.io/istio/pkg/test/framework/components/echo" "istio.io/istio/pkg/test/framework/components/echo/echoboot" From bc00fd60d10137e662390edb3831a51b92915544 Mon Sep 17 00:00:00 2001 From: lei-tang <32078630+lei-tang@users.noreply.github.com> Date: Fri, 24 Jan 2020 11:11:58 -0800 Subject: [PATCH 06/31] Fix two integration tests when jwtPolicy=first-party-jwt (#20467) * Fix two integration tests when jwtPolicy=first-party-jwt - Fix two integration tests when jwtPolicy=first-party-jwt - Fix a wrong log of Pilot grpc server - Update golden files of unit-tests_istio * Set jwtPolicy=third-party-jwt after jwtPolicy=first-party-jwt passing tests --- pilot/pkg/bootstrap/server.go | 4 ++-- tests/integration/security/mtls/main_test.go | 1 - tests/integration/security/mtls_k8s_ca/main_test.go | 3 +-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/pilot/pkg/bootstrap/server.go b/pilot/pkg/bootstrap/server.go index 0d7bbb0e761f..ba94daad09a3 100644 --- a/pilot/pkg/bootstrap/server.go +++ b/pilot/pkg/bootstrap/server.go @@ -560,7 +560,7 @@ func (s *Server) initSecureGrpcServer(options *istiokeepalive.Options) error { return nil } -// initialize secureGRPCServer - using K8S DNS certs +// initialize secureGRPCServer - using DNS certs func (s *Server) initSecureGrpcServerDNS(port string, keepalive *istiokeepalive.Options) error { certDir := dnsCertDir @@ -620,7 +620,7 @@ func (s *Server) initSecureGrpcServerDNS(port string, keepalive *istiokeepalive. return } - log.Infof("starting K8S-signed grpc=%s", dnsGrpc) + log.Infof("starting DNS cert based grpc=%s", dnsGrpc) // This seems the only way to call setupHTTP2 - it may also be possible to set NextProto // on a listener err := s.secureHTTPServerDNS.ServeTLS(secureGrpcListener, "", "") diff --git a/tests/integration/security/mtls/main_test.go b/tests/integration/security/mtls/main_test.go index ff8857b94047..dcede6d01c36 100644 --- a/tests/integration/security/mtls/main_test.go +++ b/tests/integration/security/mtls/main_test.go @@ -57,5 +57,4 @@ func setupConfig(cfg *istio.Config) { return } cfg.Values["global.mtls.auto"] = "true" - cfg.Values["global.controlPlaneSecurityEnabled"] = "true" } diff --git a/tests/integration/security/mtls_k8s_ca/main_test.go b/tests/integration/security/mtls_k8s_ca/main_test.go index a8bfe041c159..c2fd679c4e88 100644 --- a/tests/integration/security/mtls_k8s_ca/main_test.go +++ b/tests/integration/security/mtls_k8s_ca/main_test.go @@ -34,7 +34,7 @@ var ( func TestMain(m *testing.M) { framework. - NewSuite("mtls", m). + NewSuite("mtls_k8s_ca", m). RequireEnvironment(environment.Kube). Label(label.CustomSetup). SetupOnEnv(environment.Kube, istio.Setup(&inst, setupConfig)). @@ -58,5 +58,4 @@ func setupConfig(cfg *istio.Config) { } cfg.Values["global.pilotCertProvider"] = "kubernetes" cfg.Values["global.mtls.auto"] = "true" - cfg.Values["global.controlPlaneSecurityEnabled"] = "true" } From 9d9fbff5bdbd8f59fefc6b106f8124945436c63c Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 24 Jan 2020 12:11:48 -0800 Subject: [PATCH 07/31] Determine default values for operator based on environment (#20393) * Determine default values for operator based on environment An adoption of https://github.com/istio/operator/pull/699/files Partially implements istio/istio#19182 This PR adds the ability for certain values to be configured based on the currently Kubernetes environment. This should be perfectly reliable for apply and operator, the only problems may arise are with generate. For now, this just skips these custom modifications. In the future, if needed, we can add a flag for generate to read from in cluster config as well, although its a bit suspect because we may generate with one cluster config and apply to another. As an initial implementation, this adds support for detecting whether or not trustworthy jwt tokens are enabled For https://github.com/istio/istio/issues/20178 * Fix build * Fix lint --- operator/cmd/mesh/manifest-common.go | 19 ++++-- operator/cmd/mesh/manifest-generate.go | 5 +- operator/cmd/mesh/manifest-generate_test.go | 2 +- operator/cmd/mesh/operator-init.go | 19 +++--- operator/cmd/mesh/operator-remove.go | 2 +- operator/cmd/mesh/profile-common.go | 64 ++++++++++++++++++++- operator/cmd/mesh/profile-dump.go | 4 +- operator/cmd/mesh/upgrade.go | 15 +++-- operator/pkg/manifest/installer.go | 12 ++-- pkg/kube/inject/webhook_test.go | 2 +- 10 files changed, 107 insertions(+), 37 deletions(-) diff --git a/operator/cmd/mesh/manifest-common.go b/operator/cmd/mesh/manifest-common.go index c661061fc0a9..218437c8a9c1 100644 --- a/operator/cmd/mesh/manifest-common.go +++ b/operator/cmd/mesh/manifest-common.go @@ -22,6 +22,7 @@ import ( "time" "github.com/ghodss/yaml" + "k8s.io/client-go/rest" "istio.io/api/operator/v1alpha1" "istio.io/istio/operator/pkg/component/controlplane" @@ -50,10 +51,6 @@ func genApplyManifests(setOverlay []string, inFilename []string, force bool, dry return fmt.Errorf("failed to generate tree from the set overlay, error: %v", err) } - manifests, iops, err := GenManifests(inFilename, overlayFromSet, force, l) - if err != nil { - return fmt.Errorf("failed to generate manifest: %v", err) - } opts := &kubectlcmd.Options{ DryRun: dryRun, Verbose: verbose, @@ -63,6 +60,16 @@ func genApplyManifests(setOverlay []string, inFilename []string, force bool, dry Context: context, } + kubeconfig, err := manifest.InitK8SRestClient(opts.Kubeconfig, opts.Context) + if err != nil { + return err + } + + manifests, iops, err := GenManifests(inFilename, overlayFromSet, force, kubeconfig, l) + if err != nil { + return fmt.Errorf("failed to generate manifest: %v", err) + } + for _, cn := range name.DeprecatedNames { DeprecatedComponentManifest := fmt.Sprintf("# %s component has been deprecated.\n", cn) manifests[cn] = append(manifests[cn], DeprecatedComponentManifest) @@ -112,8 +119,8 @@ func genApplyManifests(setOverlay []string, inFilename []string, force bool, dry } // GenManifests generate manifest from input file and setOverLay -func GenManifests(inFilename []string, setOverlayYAML string, force bool, l *Logger) (name.ManifestMap, *v1alpha1.IstioOperatorSpec, error) { - mergedYAML, err := genProfile(false, inFilename, "", setOverlayYAML, "", force, l) +func GenManifests(inFilename []string, setOverlayYAML string, force bool, kubeConfig *rest.Config, l *Logger) (name.ManifestMap, *v1alpha1.IstioOperatorSpec, error) { + mergedYAML, err := genProfile(false, inFilename, "", setOverlayYAML, "", force, kubeConfig, l) if err != nil { return nil, nil, err } diff --git a/operator/cmd/mesh/manifest-generate.go b/operator/cmd/mesh/manifest-generate.go index 2b0ec195665b..96859dbc377c 100644 --- a/operator/cmd/mesh/manifest-generate.go +++ b/operator/cmd/mesh/manifest-generate.go @@ -74,7 +74,10 @@ func manifestGenerate(args *rootArgs, mgArgs *manifestGenerateArgs, l *Logger) e if err != nil { return err } - manifests, _, err := GenManifests(mgArgs.inFilename, overlayFromSet, mgArgs.force, l) + + // For generate, we may not have access to the kube cluster, so don't rely on kubeconfig + // TODO: support optional kubeconfig reading + manifests, _, err := GenManifests(mgArgs.inFilename, overlayFromSet, mgArgs.force, nil, l) if err != nil { return err } diff --git a/operator/cmd/mesh/manifest-generate_test.go b/operator/cmd/mesh/manifest-generate_test.go index d3cf746f97e2..c22314f51296 100644 --- a/operator/cmd/mesh/manifest-generate_test.go +++ b/operator/cmd/mesh/manifest-generate_test.go @@ -209,7 +209,7 @@ func TestLDFlags(t *testing.T) { version.DockerInfo.Hub = "testHub" version.DockerInfo.Tag = "testTag" l := NewLogger(true, os.Stdout, os.Stderr) - _, iops, err := genIOPS(nil, "default", "", "", true, l) + _, iops, err := genIOPS(nil, "default", "", "", true, nil, l) if err != nil { t.Fatal(err) } diff --git a/operator/cmd/mesh/operator-init.go b/operator/cmd/mesh/operator-init.go index cb763b99face..a5fec3356d7f 100644 --- a/operator/cmd/mesh/operator-init.go +++ b/operator/cmd/mesh/operator-init.go @@ -22,6 +22,7 @@ import ( "time" "github.com/spf13/cobra" + "k8s.io/client-go/rest" "k8s.io/utils/pointer" "istio.io/istio/operator/pkg/helm" @@ -125,12 +126,6 @@ func operatorInit(args *rootArgs, oiArgs *operatorInitArgs, l *Logger, apply man log.Infof("Using the following manifest to install operator:\n%s\n", mstr) - // If CR was passed, we must create a namespace for it and install CR into it. - customResource, istioNamespace, err := getCRAndNamespaceFromFile(oiArgs.inFilename, l) - if err != nil { - l.logAndFatal(err) - } - opts := &kubectlcmd.Options{ DryRun: args.dryRun, Verbose: args.verbose, @@ -139,8 +134,14 @@ func operatorInit(args *rootArgs, oiArgs *operatorInitArgs, l *Logger, apply man Kubeconfig: oiArgs.kubeConfigPath, Context: oiArgs.context, } + kubeconfig, err := manifest.InitK8SRestClient(opts.Kubeconfig, opts.Context) + if err != nil { + l.logAndFatal(err) + } - if err := manifest.InitK8SRestClient(opts.Kubeconfig, opts.Context); err != nil { + // If CR was passed, we must create a namespace for it and install CR into it. + customResource, istioNamespace, err := getCRAndNamespaceFromFile(oiArgs.inFilename, kubeconfig, l) + if err != nil { l.logAndFatal(err) } @@ -195,12 +196,12 @@ func applyManifest(manifestStr, componentName string, opts *kubectlcmd.Options, return success } -func getCRAndNamespaceFromFile(filePath string, l *Logger) (customResource string, istioNamespace string, err error) { +func getCRAndNamespaceFromFile(filePath string, kubeconfig *rest.Config, l *Logger) (customResource string, istioNamespace string, err error) { if filePath == "" { return "", "", nil } - mergedYAML, err := genProfile(false, []string{filePath}, "", "", "", true, l) + mergedYAML, err := genProfile(false, []string{filePath}, "", "", "", true, kubeconfig, l) if err != nil { return "", "", err } diff --git a/operator/cmd/mesh/operator-remove.go b/operator/cmd/mesh/operator-remove.go index 4a16e3e630aa..f73ef6f3b7ae 100644 --- a/operator/cmd/mesh/operator-remove.go +++ b/operator/cmd/mesh/operator-remove.go @@ -88,7 +88,7 @@ func operatorRemove(args *rootArgs, orArgs *operatorRemoveArgs, l *Logger, delet Context: orArgs.context, } - if err := manifest.InitK8SRestClient(opts.Kubeconfig, opts.Context); err != nil { + if _, err := manifest.InitK8SRestClient(opts.Kubeconfig, opts.Context); err != nil { l.logAndFatal(err) } diff --git a/operator/cmd/mesh/profile-common.go b/operator/cmd/mesh/profile-common.go index 8a04332e51fd..c19378e8c2bc 100644 --- a/operator/cmd/mesh/profile-common.go +++ b/operator/cmd/mesh/profile-common.go @@ -19,6 +19,10 @@ import ( "path/filepath" "github.com/ghodss/yaml" + "k8s.io/client-go/discovery" + "k8s.io/client-go/rest" + + "istio.io/pkg/log" "istio.io/api/operator/v1alpha1" "istio.io/istio/operator/pkg/helm" @@ -31,6 +35,8 @@ import ( pkgversion "istio.io/pkg/version" ) +var scope = log.RegisterScope("installer", "installer", 0) + // getIOPS creates an IstioOperatorSpec from the following sources, overlaid sequentially: // 1. Compiled in base, or optionally base from paths pointing to one or multiple ICP files at inFilename. // 2. Profile overlay, if non-default overlay is selected. This also comes either from compiled in or path specified in IOP contained in inFilename. @@ -41,7 +47,7 @@ import ( // ones that are compiled in. If it does, the starting point will be the base and profile YAMLs at that file path. // Otherwise it will be the compiled in profile YAMLs. // In step 3, the remaining fields in the same user overlay are applied on the resulting profile base. -func genIOPS(inFilename []string, profile, setOverlayYAML, ver string, force bool, l *Logger) (string, *v1alpha1.IstioOperatorSpec, error) { +func genIOPS(inFilename []string, profile, setOverlayYAML, ver string, force bool, kubeConfig *rest.Config, l *Logger) (string, *v1alpha1.IstioOperatorSpec, error) { overlayYAML := "" var overlayIOPS *v1alpha1.IstioOperatorSpec set := make(map[string]interface{}) @@ -137,6 +143,18 @@ func genIOPS(inFilename []string, profile, setOverlayYAML, ver string, force boo } } + if kubeConfig != nil { + kubeOverrides, err := getClusterSpecificValues(kubeConfig, force, l) + if err != nil { + return "", nil, err + } + scope.Infof("Applying Cluster specific settings: %v", kubeOverrides) + baseYAML, err = util.OverlayYAML(baseYAML, kubeOverrides) + if err != nil { + return "", nil, err + } + } + // Merge base and overlay. mergedYAML, err := util.OverlayYAML(baseYAML, overlayYAML) if err != nil { @@ -159,8 +177,48 @@ func genIOPS(inFilename []string, profile, setOverlayYAML, ver string, force boo return finalYAML, finalIOPS, nil } -func genProfile(helmValues bool, inFilename []string, profile, setOverlayYAML, configPath string, force bool, l *Logger) (string, error) { - finalYAML, finalIOPS, err := genIOPS(inFilename, profile, setOverlayYAML, "", force, l) +func getClusterSpecificValues(config *rest.Config, force bool, l *Logger) (string, error) { + overlays := []string{} + + jwt, err := getJwtTypeOverlay(config, l) + if err != nil { + if force { + l.logAndPrint(err) + } else { + return "", err + } + } else { + overlays = append(overlays, jwt) + } + + return MakeTreeFromSetList(overlays, false, l) + +} + +func getJwtTypeOverlay(config *rest.Config, l *Logger) (string, error) { + d, err := discovery.NewDiscoveryClientForConfig(config) + if err != nil { + return "", fmt.Errorf("failed to determine JWT policy support. Use the --force flag to ignore this: %v", err) + } + _, s, err := d.ServerGroupsAndResources() + if err != nil { + return "", fmt.Errorf("failed to determine JWT policy support. Use the --force flag to ignore this: %v", err) + } + for _, res := range s { + for _, api := range res.APIResources { + // Appearance of this API indicates we do support third party jwt token + if api.Name == "serviceaccounts/token" { + return "values.global.jwtPolicy=third-party-jwt", nil + } + } + } + // TODO link to istio.io doc on how to secure this + l.logAndPrint("Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT") + return "values.global.jwtPolicy=first-party-jwt", nil +} + +func genProfile(helmValues bool, inFilename []string, profile, setOverlayYAML, configPath string, force bool, kubeConfig *rest.Config, l *Logger) (string, error) { + finalYAML, finalIOPS, err := genIOPS(inFilename, profile, setOverlayYAML, "", force, kubeConfig, l) if err != nil { return "", err } diff --git a/operator/cmd/mesh/profile-dump.go b/operator/cmd/mesh/profile-dump.go index 256130542493..cc1a286d82ef 100644 --- a/operator/cmd/mesh/profile-dump.go +++ b/operator/cmd/mesh/profile-dump.go @@ -66,7 +66,9 @@ func profileDump(args []string, rootArgs *rootArgs, pdArgs *profileDumpArgs, l * if len(args) == 1 { profile = args[0] } - y, err := genProfile(pdArgs.helmValues, pdArgs.inFilename, profile, "", pdArgs.configPath, true, l) + // For profile dump, we may not have access to the kube cluster, so don't rely on kubeconfig + // TODO: support optional kubeconfig reading + y, err := genProfile(pdArgs.helmValues, pdArgs.inFilename, profile, "", pdArgs.configPath, true, nil, l) if err != nil { return err } diff --git a/operator/cmd/mesh/upgrade.go b/operator/cmd/mesh/upgrade.go index 5d0e991e4f7f..52948511f6a8 100644 --- a/operator/cmd/mesh/upgrade.go +++ b/operator/cmd/mesh/upgrade.go @@ -113,8 +113,13 @@ func UpgradeCmd() *cobra.Command { // upgrade is the main function for Upgrade command func upgrade(rootArgs *rootArgs, args *upgradeArgs, l *Logger) (err error) { + // Create a kube client from args.kubeConfigPath and args.context + kubeClient, err := manifest.NewClient(args.kubeConfigPath, args.context) + if err != nil { + return fmt.Errorf("failed to connect Kubernetes API server, error: %v", err) + } // Generate IOPS objects - targetIOPSYaml, targetIOPS, err := genIOPS(args.inFilename, "", "", "", args.force, l) + targetIOPSYaml, targetIOPS, err := genIOPS(args.inFilename, "", "", "", args.force, kubeClient.Config, l) if err != nil { return fmt.Errorf("failed to generate IOPS from file %s, error: %s", args.inFilename, err) } @@ -129,12 +134,6 @@ func upgrade(rootArgs *rootArgs, args *upgradeArgs, l *Logger) (err error) { } } - // Create a kube client from args.kubeConfigPath and args.context - kubeClient, err := manifest.NewClient(args.kubeConfigPath, args.context) - if err != nil { - return fmt.Errorf("failed to connect Kubernetes API server, error: %v", err) - } - // Get Istio control plane namespace //TODO(elfinhe): support components distributed in multiple namespaces istioNamespace := targetIOPS.MeshConfig.RootNamespace @@ -165,7 +164,7 @@ func upgrade(rootArgs *rootArgs, args *upgradeArgs, l *Logger) (err error) { // Generates IOPS for args.inFilename IOP specs yaml. Param force is set to true to // skip the validation because the code only has the validation proto for the // target version. - currentIOPSYaml, _, err := genIOPS(args.inFilename, "", "", currentVersion, true, l) + currentIOPSYaml, _, err := genIOPS(args.inFilename, "", "", currentVersion, true, kubeClient.Config, l) if err != nil { return fmt.Errorf("failed to generate IOPS from file: %s for the current version: %s, error: %v", args.inFilename, currentVersion, err) diff --git a/operator/pkg/manifest/installer.go b/operator/pkg/manifest/installer.go index 30322e40a9ad..dfc7e6d4f499 100644 --- a/operator/pkg/manifest/installer.go +++ b/operator/pkg/manifest/installer.go @@ -206,7 +206,7 @@ func ApplyAll(manifests name.ManifestMap, version pkgversion.Version, opts *kube scope.Infof("- %s", c) } scope.Infof("Component dependencies tree: \n%s", installTreeString()) - if err := InitK8SRestClient(opts.Kubeconfig, opts.Context); err != nil { + if _, err := InitK8SRestClient(opts.Kubeconfig, opts.Context); err != nil { return nil, err } return applyRecursive(manifests, version, opts) @@ -376,7 +376,7 @@ func GetKubectlGetItems(stdoutGet string) ([]interface{}, error) { } func DeploymentExists(kubeconfig, context, namespace, name string) (bool, error) { - if err := InitK8SRestClient(kubeconfig, context); err != nil { + if _, err := InitK8SRestClient(kubeconfig, context); err != nil { return false, err } @@ -761,18 +761,18 @@ func buildInstallTreeString(componentName name.ComponentName, prefix string, sb } } -func InitK8SRestClient(kubeconfig, context string) error { +func InitK8SRestClient(kubeconfig, context string) (*rest.Config, error) { var err error if kubeconfig == currentKubeconfig && context == currentContext && k8sRESTConfig != nil { - return nil + return k8sRESTConfig, nil } currentKubeconfig, currentContext = kubeconfig, context k8sRESTConfig, err = defaultRestConfig(kubeconfig, context) if err != nil { - return err + return nil, err } - return nil + return k8sRESTConfig, nil } func defaultRestConfig(kubeconfig, configContext string) (*rest.Config, error) { diff --git a/pkg/kube/inject/webhook_test.go b/pkg/kube/inject/webhook_test.go index 6bbc5f9a0773..198466d9499b 100644 --- a/pkg/kube/inject/webhook_test.go +++ b/pkg/kube/inject/webhook_test.go @@ -872,7 +872,7 @@ func createTestWebhookFromHelmConfigMap(t *testing.T) (*Webhook, func()) { // This allows us to fully simulate what will actually happen at run time. func loadInjectionConfigMap(t testing.TB, settings string) (template *Config, values string) { t.Helper() - manifests, _, err := operator.GenManifests(nil, settings, false, nil) + manifests, _, err := operator.GenManifests(nil, settings, false, nil, nil) if err != nil { t.Fatalf("failed to generate manifests: %v", err) } From fef29f3d45be9943f0a637e9a14931e29c70e53f Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 24 Jan 2020 14:00:46 -0800 Subject: [PATCH 08/31] Make pilot-agent 15mb smaller (#20481) * Make pilot-agent 15mb smaller Drop a constant import to avoid importing all of pilot * Move to constants --- pilot/pkg/bootstrap/namespacecontroller.go | 14 +++++++------- pkg/config/constants/constants.go | 3 +++ pkg/istio-agent/sds-agent.go | 7 ++++--- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/pilot/pkg/bootstrap/namespacecontroller.go b/pilot/pkg/bootstrap/namespacecontroller.go index faa80e8a75a3..058a51a37c52 100644 --- a/pilot/pkg/bootstrap/namespacecontroller.go +++ b/pilot/pkg/bootstrap/namespacecontroller.go @@ -17,6 +17,8 @@ package bootstrap import ( "time" + "istio.io/istio/pkg/config/constants" + "istio.io/istio/security/pkg/pki/ca" v1 "k8s.io/api/core/v1" @@ -37,11 +39,9 @@ const ( // can update its CA certificate in a ConfigMap in every namespace. namespaceResyncPeriod = time.Second * 30 // The name of the ConfigMap in each namespace storing the root cert of non-Kube CA. - CACertNamespaceConfigMap = "istio-ca-root-cert" - // The data name in the ConfigMap of each namespace storing the root cert of non-Kube CA. - CACertNamespaceConfigMapDataName = "ca-cert-ns.pem" - CACertNamespaceInsertInterval = time.Second - CACertNamespaceInsertTimeout = time.Second * 2 + CACertNamespaceConfigMap = "istio-ca-root-cert" + CACertNamespaceInsertInterval = time.Second + CACertNamespaceInsertTimeout = time.Second * 2 ) // NamespaceController manages the CA certificate in each namespace. @@ -92,7 +92,7 @@ func (nc *NamespaceController) namespaceAdded(obj interface{}) { if ok { rootCert := nc.ca.GetCAKeyCertBundle().GetRootCertPem() err := certutil.InsertDataToConfigMapWithRetry(nc.core, ns.GetName(), string(rootCert), CACertNamespaceConfigMap, - CACertNamespaceConfigMapDataName, CACertNamespaceInsertInterval, CACertNamespaceInsertTimeout) + constants.CACertNamespaceConfigMapDataName, CACertNamespaceInsertInterval, CACertNamespaceInsertTimeout) if err != nil { log.Errorf("error when inserting CA cert to configmap: %v", err) } else { @@ -114,7 +114,7 @@ func (nc *NamespaceController) namespaceUpdated(oldObj, newObj interface{}) { // For simplifying the implementation and no overhead for reading the certificate from the ConfigMap, // simply updates the ConfigMap to the current Citadel CA certificate. err := certutil.InsertDataToConfigMapWithRetry(nc.core, ns.GetName(), string(rootCert), CACertNamespaceConfigMap, - CACertNamespaceConfigMapDataName, CACertNamespaceInsertInterval, CACertNamespaceInsertTimeout) + constants.CACertNamespaceConfigMapDataName, CACertNamespaceInsertInterval, CACertNamespaceInsertTimeout) if err != nil { log.Errorf("error when updating CA cert in configmap: %v", err) } else { diff --git a/pkg/config/constants/constants.go b/pkg/config/constants/constants.go index 73ff6abb91ed..97dfce5f0b5c 100644 --- a/pkg/config/constants/constants.go +++ b/pkg/config/constants/constants.go @@ -85,4 +85,7 @@ const ( // IstioMeshGateway is the built in gateway for all sidecars IstioMeshGateway = "mesh" + + // The data name in the ConfigMap of each namespace storing the root cert of non-Kube CA. + CACertNamespaceConfigMapDataName = "ca-cert-ns.pem" ) diff --git a/pkg/istio-agent/sds-agent.go b/pkg/istio-agent/sds-agent.go index 8f15b6739c96..b80a0c9b5ba8 100644 --- a/pkg/istio-agent/sds-agent.go +++ b/pkg/istio-agent/sds-agent.go @@ -23,7 +23,8 @@ import ( "strings" "time" - "istio.io/istio/pilot/pkg/bootstrap" + "istio.io/istio/pkg/config/constants" + "istio.io/istio/pilot/pkg/security/model" "istio.io/istio/pkg/kube" caClientInterface "istio.io/istio/security/pkg/nodeagent/caclient/interface" @@ -350,7 +351,7 @@ func newSecretCache(serverOptions sds.Options) (workloadSecretCache *cache.Secre if serverOptions.PilotCertProvider == "citadel" { log.Info("istiod uses self-issued certificate") - if rootCert, err = ioutil.ReadFile(path.Join(CitadelCACertPath, bootstrap.CACertNamespaceConfigMapDataName)); err != nil { + if rootCert, err = ioutil.ReadFile(path.Join(CitadelCACertPath, constants.CACertNamespaceConfigMapDataName)); err != nil { certReadErr = true } else { log.Infof("the CA cert of istiod is: %v", string(rootCert)) @@ -384,7 +385,7 @@ func newSecretCache(serverOptions sds.Options) (workloadSecretCache *cache.Secre } else if strings.HasSuffix(serverOptions.CAEndpoint, ":15012") { if serverOptions.PilotCertProvider == "citadel" { log.Info("istiod uses self-issued certificate") - if rootCert, err = ioutil.ReadFile(path.Join(CitadelCACertPath, bootstrap.CACertNamespaceConfigMapDataName)); err != nil { + if rootCert, err = ioutil.ReadFile(path.Join(CitadelCACertPath, constants.CACertNamespaceConfigMapDataName)); err != nil { certReadErr = true } else { log.Infof("the CA cert of istiod is: %v", string(rootCert)) From a1c23e288117eeb77d94334755edd2b0fe0b63d6 Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 24 Jan 2020 14:00:55 -0800 Subject: [PATCH 09/31] Improvements to test framework debug-ability (#20486) * Decrease deployment timeout Currently if we fail to deploy, the timeout is 600min, which causes the test to timeout and abruptly stop without error messages: https://prow.istio.io/view/gcs/istio-prow/pr-logs/pull/istio_istio/20458/integ-pilot-k8s-tests_istio/6910 * Dump namespaces as well --- .../components/echo/common/config.go | 5 ++- .../framework/components/namespace/kube.go | 38 ++++++++++++++++++- 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/pkg/test/framework/components/echo/common/config.go b/pkg/test/framework/components/echo/common/config.go index 69d6982edd8d..bca889edeaa7 100644 --- a/pkg/test/framework/components/echo/common/config.go +++ b/pkg/test/framework/components/echo/common/config.go @@ -94,9 +94,10 @@ func FillInDefaults(ctx resource.Context, defaultDomain string, c *echo.Config) } } - // If readiness probe is specified by a test, we wait almost forever. + // If readiness probe is not specified by a test, wait a long time + // Waiting forever would cause the test to timeout and lose logs if c.ReadinessTimeout == 0 { - c.ReadinessTimeout = time.Second * 36000 + c.ReadinessTimeout = time.Minute * 10 } return nil diff --git a/pkg/test/framework/components/namespace/kube.go b/pkg/test/framework/components/namespace/kube.go index 1d476cf9c29c..beea81255b50 100644 --- a/pkg/test/framework/components/namespace/kube.go +++ b/pkg/test/framework/components/namespace/kube.go @@ -17,7 +17,10 @@ package namespace import ( "fmt" "io" + "io/ioutil" "math/rand" + "os" + "path" "sync" "time" @@ -39,11 +42,44 @@ type kubeNamespace struct { id resource.ID name string a *k.Accessor + ctx resource.Context +} + +func (n *kubeNamespace) Dump() { + scopes.CI.Errorf("=== Dumping Namespace %s State...", n.name) + + d, err := n.ctx.CreateTmpDirectory(n.name + "-state") + if err != nil { + scopes.CI.Errorf("Unable to create directory for dumping %s contents: %v", n.name, err) + return + } + + pods, err := n.a.GetPods(n.name) + if err != nil { + scopes.CI.Errorf("Unable to get pods from the namespace: %v", err) + return + } + + for _, pod := range pods { + for _, container := range pod.Spec.Containers { + l, err := n.a.Logs(pod.Namespace, pod.Name, container.Name, false /* previousLog */) + if err != nil { + scopes.CI.Errorf("Unable to get logs for pod/container: %s/%s/%s", pod.Namespace, pod.Name, container.Name) + continue + } + + fname := path.Join(d, fmt.Sprintf("%s-%s.log", pod.Name, container.Name)) + if err = ioutil.WriteFile(fname, []byte(l), os.ModePerm); err != nil { + scopes.CI.Errorf("Unable to write logs for pod/container: %s/%s/%s", pod.Namespace, pod.Name, container.Name) + } + } + } } var _ Instance = &kubeNamespace{} var _ io.Closer = &kubeNamespace{} var _ resource.Resource = &kubeNamespace{} +var _ resource.Dumper = &kubeNamespace{} func (n *kubeNamespace) Name() string { return n.name @@ -103,7 +139,7 @@ func newKube(ctx resource.Context, nsConfig *Config) (Instance, error) { return nil, err } - n := &kubeNamespace{name: ns, a: env.Accessor} + n := &kubeNamespace{name: ns, a: env.Accessor, ctx: ctx} id := ctx.TrackResource(n) n.id = id From eaae4fbbab9903a3a4f1328cd8a8046f3b4f9a3b Mon Sep 17 00:00:00 2001 From: Nathan Mittler Date: Fri, 24 Jan 2020 14:01:03 -0800 Subject: [PATCH 10/31] Move Galley resource and event to pkg/config (#20488) This is the core part of the Galley event pipeline API. It is generic and needs to be moved to a common area so that it may be leveraged in istiod. --- galley/pkg/config/analysis/analyzer_test.go | 4 ++-- galley/pkg/config/analysis/analyzers/analyzers_bench_test.go | 2 +- .../pkg/config/analysis/analyzers/annotations/annotations.go | 2 +- galley/pkg/config/analysis/analyzers/auth/mtls.go | 2 +- .../analysis/analyzers/auth/mtls/destination_rule_checker.go | 2 +- .../config/analysis/analyzers/auth/mtls/policy_checker.go | 2 +- .../analysis/analyzers/auth/mtls/policy_checker_test.go | 5 ++--- .../config/analysis/analyzers/auth/servicerolebindings.go | 2 +- .../config/analysis/analyzers/auth/serviceroleservices.go | 2 +- galley/pkg/config/analysis/analyzers/deployment/services.go | 2 +- .../pkg/config/analysis/analyzers/deprecation/deprecation.go | 2 +- galley/pkg/config/analysis/analyzers/gateway/gateway.go | 2 +- galley/pkg/config/analysis/analyzers/gateway/secret.go | 2 +- .../config/analysis/analyzers/injection/injection-version.go | 2 +- galley/pkg/config/analysis/analyzers/injection/injection.go | 2 +- galley/pkg/config/analysis/analyzers/schema/validation.go | 2 +- .../pkg/config/analysis/analyzers/schema/validation_test.go | 2 +- galley/pkg/config/analysis/analyzers/service/portname.go | 2 +- .../pkg/config/analysis/analyzers/sidecar/defaultselector.go | 2 +- galley/pkg/config/analysis/analyzers/sidecar/selector.go | 2 +- galley/pkg/config/analysis/analyzers/sidecar/util.go | 2 +- galley/pkg/config/analysis/analyzers/util/config.go | 2 +- galley/pkg/config/analysis/analyzers/util/hosts.go | 2 +- galley/pkg/config/analysis/analyzers/util/hosts_test.go | 2 +- .../analyzers/virtualservice/conflictingmeshgatewayhosts.go | 2 +- .../analysis/analyzers/virtualservice/destinationhosts.go | 2 +- .../analysis/analyzers/virtualservice/destinationrules.go | 2 +- .../pkg/config/analysis/analyzers/virtualservice/gateways.go | 2 +- galley/pkg/config/analysis/context.go | 2 +- galley/pkg/config/analysis/diag/helper_test.go | 2 +- galley/pkg/config/analysis/diag/message.go | 2 +- galley/pkg/config/analysis/diag/message_test.go | 2 +- galley/pkg/config/analysis/diag/messages_test.go | 2 +- galley/pkg/config/analysis/local/analyze.go | 2 +- galley/pkg/config/analysis/local/analyze_test.go | 2 +- galley/pkg/config/analysis/local/helpers_test.go | 4 ++-- galley/pkg/config/analysis/local/source.go | 2 +- galley/pkg/config/analysis/local/source_test.go | 2 +- galley/pkg/config/analysis/msg/generate.main.go | 2 +- galley/pkg/config/analysis/msg/messages.gen.go | 2 +- galley/pkg/config/analysis/testing/fixtures/context.go | 2 +- galley/pkg/config/collection/instance.go | 2 +- galley/pkg/config/collection/instance_test.go | 2 +- galley/pkg/config/meshcfg/const.go | 2 +- galley/pkg/config/meshcfg/fs.go | 2 +- galley/pkg/config/meshcfg/fs_test.go | 4 ++-- galley/pkg/config/meshcfg/inmemory.go | 4 ++-- galley/pkg/config/meshcfg/inmemory_test.go | 4 ++-- galley/pkg/config/processing/processor.go | 2 +- galley/pkg/config/processing/runtime.go | 2 +- galley/pkg/config/processing/runtime_test.go | 4 ++-- galley/pkg/config/processing/session.go | 2 +- .../config/processing/snapshotter/analyzingdistributor.go | 2 +- .../processing/snapshotter/analyzingdistributor_test.go | 2 +- galley/pkg/config/processing/snapshotter/snapshot.go | 2 +- galley/pkg/config/processing/snapshotter/snapshot_test.go | 2 +- galley/pkg/config/processing/snapshotter/snapshotter.go | 4 ++-- galley/pkg/config/processing/snapshotter/snapshotter_test.go | 2 +- galley/pkg/config/processing/transformer/provider.go | 2 +- galley/pkg/config/processing/transformer/provider_test.go | 2 +- galley/pkg/config/processor/build.go | 2 +- galley/pkg/config/processor/build_test.go | 2 +- galley/pkg/config/processor/transforms/authpolicy/create.go | 2 +- .../config/processor/transforms/authpolicy/create_test.go | 4 ++-- galley/pkg/config/processor/transforms/direct/create.go | 2 +- galley/pkg/config/processor/transforms/direct/create_test.go | 2 +- galley/pkg/config/processor/transforms/ingress/common.go | 3 ++- .../pkg/config/processor/transforms/ingress/dataset_test.go | 3 ++- galley/pkg/config/processor/transforms/ingress/gateway.go | 4 ++-- .../pkg/config/processor/transforms/ingress/gateway_test.go | 2 +- .../processor/transforms/ingress/syntheticVirtualService.go | 2 +- .../config/processor/transforms/ingress/virtualService.go | 4 ++-- .../processor/transforms/ingress/virtualService_test.go | 2 +- .../processor/transforms/serviceentry/converter/instance.go | 2 +- .../transforms/serviceentry/converter/instance_bench_test.go | 2 +- .../transforms/serviceentry/converter/instance_test.go | 2 +- .../pkg/config/processor/transforms/serviceentry/create.go | 2 +- .../config/processor/transforms/serviceentry/create_test.go | 4 ++-- .../processor/transforms/serviceentry/handler_bench_test.go | 4 ++-- .../serviceentry/integration/integration_bench_test.go | 4 ++-- .../config/processor/transforms/serviceentry/pod/cache.go | 4 ++-- .../processor/transforms/serviceentry/pod/cache_test.go | 4 ++-- .../config/processor/transforms/serviceentry/transformer.go | 4 ++-- galley/pkg/config/source/inmemory/collection.go | 4 ++-- galley/pkg/config/source/inmemory/collection_test.go | 4 ++-- galley/pkg/config/source/inmemory/source.go | 2 +- galley/pkg/config/source/inmemory/source_test.go | 4 ++-- galley/pkg/config/source/kube/apiserver/source.go | 2 +- .../pkg/config/source/kube/apiserver/source_builtin_test.go | 4 ++-- .../pkg/config/source/kube/apiserver/source_dynamic_test.go | 4 ++-- galley/pkg/config/source/kube/apiserver/status/controller.go | 2 +- .../config/source/kube/apiserver/status/controller_test.go | 2 +- galley/pkg/config/source/kube/apiserver/status/state.go | 2 +- galley/pkg/config/source/kube/apiserver/status/state_test.go | 2 +- galley/pkg/config/source/kube/apiserver/status/status.go | 2 +- galley/pkg/config/source/kube/apiserver/watcher.go | 2 +- galley/pkg/config/source/kube/fs/source.go | 2 +- galley/pkg/config/source/kube/fs/source_test.go | 4 ++-- galley/pkg/config/source/kube/inmemory/kubesource.go | 4 ++-- galley/pkg/config/source/kube/inmemory/kubesource_test.go | 4 ++-- galley/pkg/config/source/kube/rt/adapter.go | 2 +- galley/pkg/config/source/kube/rt/extract.go | 2 +- galley/pkg/config/source/kube/rt/origin.go | 2 +- galley/pkg/config/source/mcp/cache.go | 4 ++-- galley/pkg/config/source/mcp/cache_test.go | 4 ++-- galley/pkg/config/source/mcp/origin.go | 2 +- galley/pkg/config/source/mcp/origin_test.go | 2 +- galley/pkg/config/source/mcp/source.go | 2 +- galley/pkg/config/source/mcp/source_test.go | 2 +- galley/pkg/config/synthesize/version.go | 3 ++- galley/pkg/config/synthesize/version_test.go | 2 +- galley/pkg/config/testing/data/events.go | 2 +- galley/pkg/config/testing/data/resources.go | 2 +- galley/pkg/config/testing/fixtures/accumulator.go | 2 +- galley/pkg/config/testing/fixtures/accumulator_test.go | 2 +- galley/pkg/config/testing/fixtures/expect.go | 2 +- galley/pkg/config/testing/fixtures/filters.go | 2 +- galley/pkg/config/testing/fixtures/filters_test.go | 4 ++-- galley/pkg/config/testing/fixtures/listener.go | 2 +- galley/pkg/config/testing/fixtures/listener_test.go | 2 +- galley/pkg/config/testing/fixtures/source.go | 2 +- galley/pkg/config/testing/fixtures/source_test.go | 2 +- galley/pkg/config/testing/fixtures/transformer.go | 2 +- galley/pkg/server/components/patchtable.go | 5 +++-- galley/pkg/server/components/processing.go | 2 +- galley/pkg/server/components/processing_test.go | 2 +- istioctl/cmd/analyze.go | 2 +- {galley/pkg => pkg}/config/event/buffer.go | 0 {galley/pkg => pkg}/config/event/buffer_test.go | 2 +- {galley/pkg => pkg}/config/event/dispatcher.go | 0 {galley/pkg => pkg}/config/event/event.go | 2 +- {galley/pkg => pkg}/config/event/event_test.go | 4 ++-- {galley/pkg => pkg}/config/event/handler.go | 0 {galley/pkg => pkg}/config/event/handler_test.go | 4 ++-- {galley/pkg => pkg}/config/event/handlers.go | 0 {galley/pkg => pkg}/config/event/handlers_test.go | 2 +- {galley/pkg => pkg}/config/event/kind.go | 0 {galley/pkg => pkg}/config/event/kind_test.go | 2 +- {galley/pkg => pkg}/config/event/processor.go | 0 {galley/pkg => pkg}/config/event/queue.go | 0 {galley/pkg => pkg}/config/event/queue_test.go | 2 +- {galley/pkg => pkg}/config/event/router.go | 0 {galley/pkg => pkg}/config/event/router_test.go | 2 +- {galley/pkg => pkg}/config/event/source.go | 0 {galley/pkg => pkg}/config/event/source_test.go | 2 +- {galley/pkg => pkg}/config/event/transformer.go | 0 {galley/pkg => pkg}/config/event/transformer_test.go | 2 +- {galley/pkg => pkg}/config/resource/instance.go | 0 {galley/pkg => pkg}/config/resource/instance_test.go | 0 {galley/pkg => pkg}/config/resource/metadata.go | 0 {galley/pkg => pkg}/config/resource/metadata_test.go | 0 {galley/pkg => pkg}/config/resource/name.go | 0 {galley/pkg => pkg}/config/resource/name_test.go | 0 {galley/pkg => pkg}/config/resource/origin.go | 0 {galley/pkg => pkg}/config/resource/serialization.go | 0 {galley/pkg => pkg}/config/resource/serialization_test.go | 2 +- {galley/pkg => pkg}/config/resource/stringmap.go | 0 {galley/pkg => pkg}/config/resource/stringmap_test.go | 0 {galley/pkg => pkg}/config/resource/version.go | 0 pkg/test/framework/components/galley/snapshot.go | 2 +- 160 files changed, 174 insertions(+), 171 deletions(-) rename {galley/pkg => pkg}/config/event/buffer.go (100%) rename {galley/pkg => pkg}/config/event/buffer_test.go (98%) rename {galley/pkg => pkg}/config/event/dispatcher.go (100%) rename {galley/pkg => pkg}/config/event/event.go (98%) rename {galley/pkg => pkg}/config/event/event_test.go (98%) rename {galley/pkg => pkg}/config/event/handler.go (100%) rename {galley/pkg => pkg}/config/event/handler_test.go (97%) rename {galley/pkg => pkg}/config/event/handlers.go (100%) rename {galley/pkg => pkg}/config/event/handlers_test.go (98%) rename {galley/pkg => pkg}/config/event/kind.go (100%) rename {galley/pkg => pkg}/config/event/kind_test.go (96%) rename {galley/pkg => pkg}/config/event/processor.go (100%) rename {galley/pkg => pkg}/config/event/queue.go (100%) rename {galley/pkg => pkg}/config/event/queue_test.go (98%) rename {galley/pkg => pkg}/config/event/router.go (100%) rename {galley/pkg => pkg}/config/event/router_test.go (99%) rename {galley/pkg => pkg}/config/event/source.go (100%) rename {galley/pkg => pkg}/config/event/source_test.go (97%) rename {galley/pkg => pkg}/config/event/transformer.go (100%) rename {galley/pkg => pkg}/config/event/transformer_test.go (99%) rename {galley/pkg => pkg}/config/resource/instance.go (100%) rename {galley/pkg => pkg}/config/resource/instance_test.go (100%) rename {galley/pkg => pkg}/config/resource/metadata.go (100%) rename {galley/pkg => pkg}/config/resource/metadata_test.go (100%) rename {galley/pkg => pkg}/config/resource/name.go (100%) rename {galley/pkg => pkg}/config/resource/name_test.go (100%) rename {galley/pkg => pkg}/config/resource/origin.go (100%) rename {galley/pkg => pkg}/config/resource/serialization.go (100%) rename {galley/pkg => pkg}/config/resource/serialization_test.go (99%) rename {galley/pkg => pkg}/config/resource/stringmap.go (100%) rename {galley/pkg => pkg}/config/resource/stringmap_test.go (100%) rename {galley/pkg => pkg}/config/resource/version.go (100%) diff --git a/galley/pkg/config/analysis/analyzer_test.go b/galley/pkg/config/analysis/analyzer_test.go index 20c2ef3ddd37..2242b9f43867 100644 --- a/galley/pkg/config/analysis/analyzer_test.go +++ b/galley/pkg/config/analysis/analyzer_test.go @@ -20,10 +20,10 @@ import ( . "github.com/onsi/gomega" "istio.io/istio/galley/pkg/config/analysis/diag" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processing/transformer" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" resource2 "istio.io/istio/pkg/config/schema/resource" ) diff --git a/galley/pkg/config/analysis/analyzers/analyzers_bench_test.go b/galley/pkg/config/analysis/analyzers/analyzers_bench_test.go index 08ede7fd7b1c..e8c2039cd55b 100644 --- a/galley/pkg/config/analysis/analyzers/analyzers_bench_test.go +++ b/galley/pkg/config/analysis/analyzers/analyzers_bench_test.go @@ -23,7 +23,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/diag" coll "istio.io/istio/galley/pkg/config/collection" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" diff --git a/galley/pkg/config/analysis/analyzers/annotations/annotations.go b/galley/pkg/config/analysis/analyzers/annotations/annotations.go index d5cbd3b11c28..a2fe180195f6 100644 --- a/galley/pkg/config/analysis/analyzers/annotations/annotations.go +++ b/galley/pkg/config/analysis/analyzers/annotations/annotations.go @@ -21,7 +21,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/auth/mtls.go b/galley/pkg/config/analysis/analyzers/auth/mtls.go index 3a1a4f885afe..8f05d553f5cb 100644 --- a/galley/pkg/config/analysis/analyzers/auth/mtls.go +++ b/galley/pkg/config/analysis/analyzers/auth/mtls.go @@ -27,7 +27,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers/auth/mtls" "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/auth/mtls/destination_rule_checker.go b/galley/pkg/config/analysis/analyzers/auth/mtls/destination_rule_checker.go index 4390f1befc2f..bc5eb06a3d40 100644 --- a/galley/pkg/config/analysis/analyzers/auth/mtls/destination_rule_checker.go +++ b/galley/pkg/config/analysis/analyzers/auth/mtls/destination_rule_checker.go @@ -20,8 +20,8 @@ import ( "istio.io/api/networking/v1alpha3" "istio.io/istio/galley/pkg/config/analysis/analyzers/util" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/pkg/config/host" + "istio.io/istio/pkg/config/resource" ) // DestinationRuleChecker computes whether or not MTLS is used according to diff --git a/galley/pkg/config/analysis/analyzers/auth/mtls/policy_checker.go b/galley/pkg/config/analysis/analyzers/auth/mtls/policy_checker.go index b5659224d474..1e4acf26a03d 100644 --- a/galley/pkg/config/analysis/analyzers/auth/mtls/policy_checker.go +++ b/galley/pkg/config/analysis/analyzers/auth/mtls/policy_checker.go @@ -19,7 +19,7 @@ import ( "istio.io/api/authentication/v1alpha1" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/galley/pkg/config/analysis/analyzers/util" ) diff --git a/galley/pkg/config/analysis/analyzers/auth/mtls/policy_checker_test.go b/galley/pkg/config/analysis/analyzers/auth/mtls/policy_checker_test.go index 70d5d56c48d7..ce0748b91423 100644 --- a/galley/pkg/config/analysis/analyzers/auth/mtls/policy_checker_test.go +++ b/galley/pkg/config/analysis/analyzers/auth/mtls/policy_checker_test.go @@ -19,13 +19,12 @@ import ( "fmt" "testing" + "github.com/ghodss/yaml" "github.com/gogo/protobuf/jsonpb" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/api/authentication/v1alpha1" - - "github.com/ghodss/yaml" ) func TestMTLSPolicyChecker_singleResource(t *testing.T) { diff --git a/galley/pkg/config/analysis/analyzers/auth/servicerolebindings.go b/galley/pkg/config/analysis/analyzers/auth/servicerolebindings.go index 8d85ebe1247e..3816b9cb8a77 100644 --- a/galley/pkg/config/analysis/analyzers/auth/servicerolebindings.go +++ b/galley/pkg/config/analysis/analyzers/auth/servicerolebindings.go @@ -19,7 +19,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/auth/serviceroleservices.go b/galley/pkg/config/analysis/analyzers/auth/serviceroleservices.go index 18509490ad83..6de1408350a0 100644 --- a/galley/pkg/config/analysis/analyzers/auth/serviceroleservices.go +++ b/galley/pkg/config/analysis/analyzers/auth/serviceroleservices.go @@ -22,7 +22,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/deployment/services.go b/galley/pkg/config/analysis/analyzers/deployment/services.go index 88e95fbd910a..cc93ccffc38e 100644 --- a/galley/pkg/config/analysis/analyzers/deployment/services.go +++ b/galley/pkg/config/analysis/analyzers/deployment/services.go @@ -23,7 +23,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/analyzers/injection" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/deprecation/deprecation.go b/galley/pkg/config/analysis/analyzers/deprecation/deprecation.go index 3faf8e2abfd8..57e9b211050b 100644 --- a/galley/pkg/config/analysis/analyzers/deprecation/deprecation.go +++ b/galley/pkg/config/analysis/analyzers/deprecation/deprecation.go @@ -22,7 +22,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/gateway/gateway.go b/galley/pkg/config/analysis/analyzers/gateway/gateway.go index ac7db12398d5..b0fa60effb9c 100644 --- a/galley/pkg/config/analysis/analyzers/gateway/gateway.go +++ b/galley/pkg/config/analysis/analyzers/gateway/gateway.go @@ -22,7 +22,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/gateway/secret.go b/galley/pkg/config/analysis/analyzers/gateway/secret.go index 84d5fd81c01c..9753f97c18ac 100644 --- a/galley/pkg/config/analysis/analyzers/gateway/secret.go +++ b/galley/pkg/config/analysis/analyzers/gateway/secret.go @@ -22,7 +22,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/injection/injection-version.go b/galley/pkg/config/analysis/analyzers/injection/injection-version.go index 63ca29000d75..b07ccf983606 100644 --- a/galley/pkg/config/analysis/analyzers/injection/injection-version.go +++ b/galley/pkg/config/analysis/analyzers/injection/injection-version.go @@ -21,7 +21,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/injection/injection.go b/galley/pkg/config/analysis/analyzers/injection/injection.go index afdea0227077..b8dc67182ca4 100644 --- a/galley/pkg/config/analysis/analyzers/injection/injection.go +++ b/galley/pkg/config/analysis/analyzers/injection/injection.go @@ -24,7 +24,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/schema/validation.go b/galley/pkg/config/analysis/analyzers/schema/validation.go index f886404d9c0e..88f7ad366a97 100644 --- a/galley/pkg/config/analysis/analyzers/schema/validation.go +++ b/galley/pkg/config/analysis/analyzers/schema/validation.go @@ -20,7 +20,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/schema/validation_test.go b/galley/pkg/config/analysis/analyzers/schema/validation_test.go index 43fee009f3b0..3fcfe96457c4 100644 --- a/galley/pkg/config/analysis/analyzers/schema/validation_test.go +++ b/galley/pkg/config/analysis/analyzers/schema/validation_test.go @@ -26,7 +26,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/analysis/testing/fixtures" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" resource2 "istio.io/istio/pkg/config/schema/resource" diff --git a/galley/pkg/config/analysis/analyzers/service/portname.go b/galley/pkg/config/analysis/analyzers/service/portname.go index 45251649e8a0..82da1df6cbb7 100644 --- a/galley/pkg/config/analysis/analyzers/service/portname.go +++ b/galley/pkg/config/analysis/analyzers/service/portname.go @@ -18,8 +18,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" configKube "istio.io/istio/pkg/config/kube" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" diff --git a/galley/pkg/config/analysis/analyzers/sidecar/defaultselector.go b/galley/pkg/config/analysis/analyzers/sidecar/defaultselector.go index 379eedaff2a9..f75b55a2a396 100644 --- a/galley/pkg/config/analysis/analyzers/sidecar/defaultselector.go +++ b/galley/pkg/config/analysis/analyzers/sidecar/defaultselector.go @@ -18,7 +18,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/sidecar/selector.go b/galley/pkg/config/analysis/analyzers/sidecar/selector.go index ea1011888b0b..5f947e2e4125 100644 --- a/galley/pkg/config/analysis/analyzers/sidecar/selector.go +++ b/galley/pkg/config/analysis/analyzers/sidecar/selector.go @@ -21,7 +21,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/sidecar/util.go b/galley/pkg/config/analysis/analyzers/sidecar/util.go index dcd5f161dcc6..ec6c25e7c0e0 100644 --- a/galley/pkg/config/analysis/analyzers/sidecar/util.go +++ b/galley/pkg/config/analysis/analyzers/sidecar/util.go @@ -13,7 +13,7 @@ // limitations under the License. package sidecar -import "istio.io/istio/galley/pkg/config/resource" +import "istio.io/istio/pkg/config/resource" func getNames(entries []*resource.Instance) []string { names := make([]string, 0, len(entries)) diff --git a/galley/pkg/config/analysis/analyzers/util/config.go b/galley/pkg/config/analysis/analyzers/util/config.go index 7f2d8f00957e..4c4341335310 100644 --- a/galley/pkg/config/analysis/analyzers/util/config.go +++ b/galley/pkg/config/analysis/analyzers/util/config.go @@ -18,7 +18,7 @@ import ( "istio.io/api/mesh/v1alpha1" "istio.io/istio/galley/pkg/config/analysis" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/util/hosts.go b/galley/pkg/config/analysis/analyzers/util/hosts.go index a0a3e74baf22..095bbe8f0417 100644 --- a/galley/pkg/config/analysis/analyzers/util/hosts.go +++ b/galley/pkg/config/analysis/analyzers/util/hosts.go @@ -17,7 +17,7 @@ package util import ( "strings" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) type ScopedFqdn string diff --git a/galley/pkg/config/analysis/analyzers/util/hosts_test.go b/galley/pkg/config/analysis/analyzers/util/hosts_test.go index 14093887a25e..d59ff8e0d15f 100644 --- a/galley/pkg/config/analysis/analyzers/util/hosts_test.go +++ b/galley/pkg/config/analysis/analyzers/util/hosts_test.go @@ -19,7 +19,7 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) func TestGetResourceNameFromHost(t *testing.T) { diff --git a/galley/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go b/galley/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go index 8cf62c4266d8..86ab2fb6c8b1 100644 --- a/galley/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go +++ b/galley/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go @@ -22,7 +22,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go b/galley/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go index 17dc35de0d99..50679967b93d 100644 --- a/galley/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go +++ b/galley/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go @@ -23,7 +23,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/virtualservice/destinationrules.go b/galley/pkg/config/analysis/analyzers/virtualservice/destinationrules.go index aa3fc594a005..881d0706a751 100644 --- a/galley/pkg/config/analysis/analyzers/virtualservice/destinationrules.go +++ b/galley/pkg/config/analysis/analyzers/virtualservice/destinationrules.go @@ -22,7 +22,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/analyzers/virtualservice/gateways.go b/galley/pkg/config/analysis/analyzers/virtualservice/gateways.go index 242b54bb978e..588f7de24c7f 100644 --- a/galley/pkg/config/analysis/analyzers/virtualservice/gateways.go +++ b/galley/pkg/config/analysis/analyzers/virtualservice/gateways.go @@ -20,7 +20,7 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/analyzers/util" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/analysis/context.go b/galley/pkg/config/analysis/context.go index 94f54d57aa13..6ff61c76a277 100644 --- a/galley/pkg/config/analysis/context.go +++ b/galley/pkg/config/analysis/context.go @@ -16,7 +16,7 @@ package analysis import ( "istio.io/istio/galley/pkg/config/analysis/diag" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/analysis/diag/helper_test.go b/galley/pkg/config/analysis/diag/helper_test.go index 84927d0cdc05..9bc4b6d95558 100644 --- a/galley/pkg/config/analysis/diag/helper_test.go +++ b/galley/pkg/config/analysis/diag/helper_test.go @@ -15,7 +15,7 @@ package diag import ( - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) var _ resource.Origin = testOrigin("") diff --git a/galley/pkg/config/analysis/diag/message.go b/galley/pkg/config/analysis/diag/message.go index 8dd428d3cca4..f7c1ab53f0a1 100644 --- a/galley/pkg/config/analysis/diag/message.go +++ b/galley/pkg/config/analysis/diag/message.go @@ -18,7 +18,7 @@ import ( "encoding/json" "fmt" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) // DocPrefix is the root URL for validation message docs diff --git a/galley/pkg/config/analysis/diag/message_test.go b/galley/pkg/config/analysis/diag/message_test.go index 9df56c50b612..cb9d766a284a 100644 --- a/galley/pkg/config/analysis/diag/message_test.go +++ b/galley/pkg/config/analysis/diag/message_test.go @@ -18,7 +18,7 @@ import ( "encoding/json" "testing" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" . "github.com/onsi/gomega" ) diff --git a/galley/pkg/config/analysis/diag/messages_test.go b/galley/pkg/config/analysis/diag/messages_test.go index 21a55c0db5a8..2661368cbf5f 100644 --- a/galley/pkg/config/analysis/diag/messages_test.go +++ b/galley/pkg/config/analysis/diag/messages_test.go @@ -19,7 +19,7 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) func TestMessages_Sort(t *testing.T) { diff --git a/galley/pkg/config/analysis/local/analyze.go b/galley/pkg/config/analysis/local/analyze.go index cd4b5df85b4f..4aefe9019d7d 100644 --- a/galley/pkg/config/analysis/local/analyze.go +++ b/galley/pkg/config/analysis/local/analyze.go @@ -35,13 +35,13 @@ import ( "istio.io/istio/galley/pkg/config/processing/transformer" "istio.io/istio/galley/pkg/config/processor" "istio.io/istio/galley/pkg/config/processor/transforms" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/config/source/kube/apiserver" "istio.io/istio/galley/pkg/config/source/kube/inmemory" "istio.io/istio/galley/pkg/config/util/kuberesource" "istio.io/istio/pkg/config/mesh" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" diff --git a/galley/pkg/config/analysis/local/analyze_test.go b/galley/pkg/config/analysis/local/analyze_test.go index ac90298ffa6d..01abe8b634c8 100644 --- a/galley/pkg/config/analysis/local/analyze_test.go +++ b/galley/pkg/config/analysis/local/analyze_test.go @@ -29,7 +29,6 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/msg" "istio.io/istio/galley/pkg/config/meshcfg" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/source/kube/apiserver" "istio.io/istio/galley/pkg/config/source/kube/inmemory" "istio.io/istio/galley/pkg/config/testing/basicmeta" @@ -37,6 +36,7 @@ import ( "istio.io/istio/galley/pkg/config/testing/k8smeta" "istio.io/istio/galley/pkg/config/util/kubeyaml" "istio.io/istio/galley/pkg/testing/mock" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/analysis/local/helpers_test.go b/galley/pkg/config/analysis/local/helpers_test.go index f052f1e214ac..f9a7ecea2888 100644 --- a/galley/pkg/config/analysis/local/helpers_test.go +++ b/galley/pkg/config/analysis/local/helpers_test.go @@ -20,10 +20,10 @@ import ( "github.com/gogo/protobuf/types" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/source/kube/rt" "istio.io/istio/galley/pkg/config/testing/basicmeta" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" ) func createTestEvent(t *testing.T, k event.Kind, r *resource.Instance) event.Event { diff --git a/galley/pkg/config/analysis/local/source.go b/galley/pkg/config/analysis/local/source.go index b1468558a8b6..5ce22ae614b3 100644 --- a/galley/pkg/config/analysis/local/source.go +++ b/galley/pkg/config/analysis/local/source.go @@ -18,7 +18,7 @@ import ( "fmt" "sync" - "istio.io/istio/galley/pkg/config/event" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/analysis/local/source_test.go b/galley/pkg/config/analysis/local/source_test.go index a68e4f083bc1..2ad4d6f6de6c 100644 --- a/galley/pkg/config/analysis/local/source_test.go +++ b/galley/pkg/config/analysis/local/source_test.go @@ -18,9 +18,9 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/analysis/msg/generate.main.go b/galley/pkg/config/analysis/msg/generate.main.go index 7ddf4354b030..5d2063587321 100644 --- a/galley/pkg/config/analysis/msg/generate.main.go +++ b/galley/pkg/config/analysis/msg/generate.main.go @@ -122,7 +122,7 @@ package msg import ( "istio.io/istio/galley/pkg/config/analysis/diag" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) var ( diff --git a/galley/pkg/config/analysis/msg/messages.gen.go b/galley/pkg/config/analysis/msg/messages.gen.go index 6b9c788c46a9..88b2bcbbde1f 100755 --- a/galley/pkg/config/analysis/msg/messages.gen.go +++ b/galley/pkg/config/analysis/msg/messages.gen.go @@ -5,7 +5,7 @@ package msg import ( "istio.io/istio/galley/pkg/config/analysis/diag" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) var ( diff --git a/galley/pkg/config/analysis/testing/fixtures/context.go b/galley/pkg/config/analysis/testing/fixtures/context.go index c44d5c167a29..6cdd8721c59a 100644 --- a/galley/pkg/config/analysis/testing/fixtures/context.go +++ b/galley/pkg/config/analysis/testing/fixtures/context.go @@ -17,7 +17,7 @@ package fixtures import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/diag" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/collection/instance.go b/galley/pkg/config/collection/instance.go index eb13feadd279..04119453d320 100644 --- a/galley/pkg/config/collection/instance.go +++ b/galley/pkg/config/collection/instance.go @@ -17,7 +17,7 @@ package collection import ( "sync" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/collection/instance_test.go b/galley/pkg/config/collection/instance_test.go index 36313b8440e8..79f3dc3dc1fd 100644 --- a/galley/pkg/config/collection/instance_test.go +++ b/galley/pkg/config/collection/instance_test.go @@ -20,9 +20,9 @@ import ( . "github.com/onsi/gomega" "istio.io/istio/galley/pkg/config/collection" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" + "istio.io/istio/pkg/config/resource" ) func TestInstance_Basics(t *testing.T) { diff --git a/galley/pkg/config/meshcfg/const.go b/galley/pkg/config/meshcfg/const.go index b067cdb52440..3e40e0d59df4 100644 --- a/galley/pkg/config/meshcfg/const.go +++ b/galley/pkg/config/meshcfg/const.go @@ -15,7 +15,7 @@ package meshcfg import ( - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) // ResourceName for the Istio Mesh Config resource diff --git a/galley/pkg/config/meshcfg/fs.go b/galley/pkg/config/meshcfg/fs.go index 8e41ae8b70ae..729214df45a4 100644 --- a/galley/pkg/config/meshcfg/fs.go +++ b/galley/pkg/config/meshcfg/fs.go @@ -23,8 +23,8 @@ import ( "istio.io/pkg/filewatcher" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/event" ) // FsSource is a event.InMemorySource implementation that reads mesh from file. diff --git a/galley/pkg/config/meshcfg/fs_test.go b/galley/pkg/config/meshcfg/fs_test.go index f370e340f7ac..2593eb53ae26 100644 --- a/galley/pkg/config/meshcfg/fs_test.go +++ b/galley/pkg/config/meshcfg/fs_test.go @@ -27,9 +27,9 @@ import ( "istio.io/api/mesh/v1alpha1" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/meshcfg/inmemory.go b/galley/pkg/config/meshcfg/inmemory.go index a6ef277f5407..383bf1767413 100644 --- a/galley/pkg/config/meshcfg/inmemory.go +++ b/galley/pkg/config/meshcfg/inmemory.go @@ -21,8 +21,8 @@ import ( "istio.io/api/mesh/v1alpha1" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/meshcfg/inmemory_test.go b/galley/pkg/config/meshcfg/inmemory_test.go index 19297219455c..3a56cf41b5da 100644 --- a/galley/pkg/config/meshcfg/inmemory_test.go +++ b/galley/pkg/config/meshcfg/inmemory_test.go @@ -19,9 +19,9 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/processing/processor.go b/galley/pkg/config/processing/processor.go index d956bcbfab50..10d7d78477e1 100644 --- a/galley/pkg/config/processing/processor.go +++ b/galley/pkg/config/processing/processor.go @@ -17,7 +17,7 @@ package processing import ( "istio.io/api/mesh/v1alpha1" - "istio.io/istio/galley/pkg/config/event" + "istio.io/istio/pkg/config/event" ) // ProcessorOptions are options that are passed to event.Processors during startup. diff --git a/galley/pkg/config/processing/runtime.go b/galley/pkg/config/processing/runtime.go index 4563e616a094..ef072835011a 100644 --- a/galley/pkg/config/processing/runtime.go +++ b/galley/pkg/config/processing/runtime.go @@ -18,8 +18,8 @@ import ( "sync" "sync/atomic" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/event" ) // RuntimeOptions is options for Runtime diff --git a/galley/pkg/config/processing/runtime_test.go b/galley/pkg/config/processing/runtime_test.go index a589502db255..ecda18cc5bf2 100644 --- a/galley/pkg/config/processing/runtime_test.go +++ b/galley/pkg/config/processing/runtime_test.go @@ -24,13 +24,13 @@ import ( "istio.io/api/mesh/v1alpha1" "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/inmemory" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/processing/session.go b/galley/pkg/config/processing/session.go index d7b8a81f469c..d3ebfe7b99bc 100644 --- a/galley/pkg/config/processing/session.go +++ b/galley/pkg/config/processing/session.go @@ -22,9 +22,9 @@ import ( "istio.io/api/mesh/v1alpha1" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/processing/snapshotter/analyzingdistributor.go b/galley/pkg/config/processing/snapshotter/analyzingdistributor.go index 4ef6e1366418..9c3d785fa663 100644 --- a/galley/pkg/config/processing/snapshotter/analyzingdistributor.go +++ b/galley/pkg/config/processing/snapshotter/analyzingdistributor.go @@ -25,8 +25,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" "istio.io/istio/galley/pkg/config/analysis/diag" coll "istio.io/istio/galley/pkg/config/collection" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/processing/snapshotter/analyzingdistributor_test.go b/galley/pkg/config/processing/snapshotter/analyzingdistributor_test.go index 4115f3364535..2410c1c9391b 100644 --- a/galley/pkg/config/processing/snapshotter/analyzingdistributor_test.go +++ b/galley/pkg/config/processing/snapshotter/analyzingdistributor_test.go @@ -25,9 +25,9 @@ import ( "istio.io/istio/galley/pkg/config/analysis/diag" "istio.io/istio/galley/pkg/config/analysis/msg" coll "istio.io/istio/galley/pkg/config/collection" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/source/kube/rt" "istio.io/istio/galley/pkg/config/testing/basicmeta" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" resource2 "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/config/schema/snapshots" diff --git a/galley/pkg/config/processing/snapshotter/snapshot.go b/galley/pkg/config/processing/snapshotter/snapshot.go index 746b3c8354b5..b6c8a7ce022f 100644 --- a/galley/pkg/config/processing/snapshotter/snapshot.go +++ b/galley/pkg/config/processing/snapshotter/snapshot.go @@ -23,8 +23,8 @@ import ( "istio.io/istio/galley/pkg/config/analysis" coll "istio.io/istio/galley/pkg/config/collection" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/mcp/snapshot" ) diff --git a/galley/pkg/config/processing/snapshotter/snapshot_test.go b/galley/pkg/config/processing/snapshotter/snapshot_test.go index 11830222fb3b..0c3cf75c2630 100644 --- a/galley/pkg/config/processing/snapshotter/snapshot_test.go +++ b/galley/pkg/config/processing/snapshotter/snapshot_test.go @@ -20,10 +20,10 @@ import ( . "github.com/onsi/gomega" coll "istio.io/istio/galley/pkg/config/collection" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/processing/snapshotter/snapshotter.go b/galley/pkg/config/processing/snapshotter/snapshotter.go index b9b36dc65c08..b58141d2b7a9 100644 --- a/galley/pkg/config/processing/snapshotter/snapshotter.go +++ b/galley/pkg/config/processing/snapshotter/snapshotter.go @@ -20,11 +20,11 @@ import ( "time" coll "istio.io/istio/galley/pkg/config/collection" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/monitoring" "istio.io/istio/galley/pkg/config/processing/snapshotter/strategy" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/processing/snapshotter/snapshotter_test.go b/galley/pkg/config/processing/snapshotter/snapshotter_test.go index 94109777729f..c29486016d64 100644 --- a/galley/pkg/config/processing/snapshotter/snapshotter_test.go +++ b/galley/pkg/config/processing/snapshotter/snapshotter_test.go @@ -19,11 +19,11 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing/snapshotter/strategy" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/processing/transformer/provider.go b/galley/pkg/config/processing/transformer/provider.go index 7b7009613dd5..637271d65737 100644 --- a/galley/pkg/config/processing/transformer/provider.go +++ b/galley/pkg/config/processing/transformer/provider.go @@ -18,8 +18,8 @@ package transformer import ( - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/processing/transformer/provider_test.go b/galley/pkg/config/processing/transformer/provider_test.go index cdb80eef0309..c911365b7d7b 100644 --- a/galley/pkg/config/processing/transformer/provider_test.go +++ b/galley/pkg/config/processing/transformer/provider_test.go @@ -19,10 +19,10 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/processor/build.go b/galley/pkg/config/processor/build.go index 412998d2cd35..03cd9cfdb708 100644 --- a/galley/pkg/config/processor/build.go +++ b/galley/pkg/config/processor/build.go @@ -15,11 +15,11 @@ package processor import ( - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processing/snapshotter" "istio.io/istio/galley/pkg/config/processing/snapshotter/strategy" "istio.io/istio/galley/pkg/config/processing/transformer" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema" ) diff --git a/galley/pkg/config/processor/build_test.go b/galley/pkg/config/processor/build_test.go index 49f54fb5c982..3ac339101da9 100644 --- a/galley/pkg/config/processor/build_test.go +++ b/galley/pkg/config/processor/build_test.go @@ -20,11 +20,11 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processing/snapshotter" "istio.io/istio/galley/pkg/config/processor/transforms" "istio.io/istio/galley/pkg/config/source/kube/inmemory" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/config/schema/snapshots" ) diff --git a/galley/pkg/config/processor/transforms/authpolicy/create.go b/galley/pkg/config/processor/transforms/authpolicy/create.go index df0337862f18..54b2c1a6344b 100644 --- a/galley/pkg/config/processor/transforms/authpolicy/create.go +++ b/galley/pkg/config/processor/transforms/authpolicy/create.go @@ -19,9 +19,9 @@ import ( authn "istio.io/api/authentication/v1alpha1" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing/transformer" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/processor/transforms/authpolicy/create_test.go b/galley/pkg/config/processor/transforms/authpolicy/create_test.go index b36139f2cfca..7b44374018e9 100644 --- a/galley/pkg/config/processor/transforms/authpolicy/create_test.go +++ b/galley/pkg/config/processor/transforms/authpolicy/create_test.go @@ -22,10 +22,10 @@ import ( authn "istio.io/api/authentication/v1alpha1" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/processor/transforms/direct/create.go b/galley/pkg/config/processor/transforms/direct/create.go index 58a45c078ee7..25ef7510d75f 100644 --- a/galley/pkg/config/processor/transforms/direct/create.go +++ b/galley/pkg/config/processor/transforms/direct/create.go @@ -15,8 +15,8 @@ package direct import ( - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing/transformer" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema" ) diff --git a/galley/pkg/config/processor/transforms/direct/create_test.go b/galley/pkg/config/processor/transforms/direct/create_test.go index d11e06b8df36..3b83278aa972 100644 --- a/galley/pkg/config/processor/transforms/direct/create_test.go +++ b/galley/pkg/config/processor/transforms/direct/create_test.go @@ -19,11 +19,11 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/processor/transforms/ingress/common.go b/galley/pkg/config/processor/transforms/ingress/common.go index fb324820d804..cc6b163b1546 100644 --- a/galley/pkg/config/processor/transforms/ingress/common.go +++ b/galley/pkg/config/processor/transforms/ingress/common.go @@ -17,8 +17,9 @@ package ingress import ( "istio.io/api/annotation" meshconfig "istio.io/api/mesh/v1alpha1" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/resource" ) const ( diff --git a/galley/pkg/config/processor/transforms/ingress/dataset_test.go b/galley/pkg/config/processor/transforms/ingress/dataset_test.go index e8a1b3800ed9..ac717e23c098 100644 --- a/galley/pkg/config/processor/transforms/ingress/dataset_test.go +++ b/galley/pkg/config/processor/transforms/ingress/dataset_test.go @@ -22,9 +22,10 @@ import ( "istio.io/api/mesh/v1alpha1" "istio.io/api/networking/v1alpha3" + "istio.io/istio/galley/pkg/config/meshcfg" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/source/kube/rt" + "istio.io/istio/pkg/config/resource" ) func ingress1() *resource.Instance { diff --git a/galley/pkg/config/processor/transforms/ingress/gateway.go b/galley/pkg/config/processor/transforms/ingress/gateway.go index c0e96ed4a058..987d30b6d9c1 100644 --- a/galley/pkg/config/processor/transforms/ingress/gateway.go +++ b/galley/pkg/config/processor/transforms/ingress/gateway.go @@ -24,11 +24,11 @@ import ( meshconfig "istio.io/api/mesh/v1alpha1" "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processing/transformer" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/synthesize" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/processor/transforms/ingress/gateway_test.go b/galley/pkg/config/processor/transforms/ingress/gateway_test.go index 6309cb8698ae..7683bc4c8950 100644 --- a/galley/pkg/config/processor/transforms/ingress/gateway_test.go +++ b/galley/pkg/config/processor/transforms/ingress/gateway_test.go @@ -19,11 +19,11 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/source/kube/rt" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" diff --git a/galley/pkg/config/processor/transforms/ingress/syntheticVirtualService.go b/galley/pkg/config/processor/transforms/ingress/syntheticVirtualService.go index f8b828892c1b..1bc18bd9b20b 100644 --- a/galley/pkg/config/processor/transforms/ingress/syntheticVirtualService.go +++ b/galley/pkg/config/processor/transforms/ingress/syntheticVirtualService.go @@ -23,9 +23,9 @@ import ( "istio.io/api/annotation" "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/synthesize" + "istio.io/istio/pkg/config/resource" ) // syntheticVirtualService represents an in-memory state that maps ingress resources to a synthesized Virtual Service. diff --git a/galley/pkg/config/processor/transforms/ingress/virtualService.go b/galley/pkg/config/processor/transforms/ingress/virtualService.go index f554d12bd810..fa94744c4139 100644 --- a/galley/pkg/config/processor/transforms/ingress/virtualService.go +++ b/galley/pkg/config/processor/transforms/ingress/virtualService.go @@ -26,11 +26,11 @@ import ( meshconfig "istio.io/api/mesh/v1alpha1" "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processing/transformer" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/processor/transforms/ingress/virtualService_test.go b/galley/pkg/config/processor/transforms/ingress/virtualService_test.go index 24b35de12509..b36815c2d8ca 100644 --- a/galley/pkg/config/processor/transforms/ingress/virtualService_test.go +++ b/galley/pkg/config/processor/transforms/ingress/virtualService_test.go @@ -19,10 +19,10 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/processor/transforms/serviceentry/converter/instance.go b/galley/pkg/config/processor/transforms/serviceentry/converter/instance.go index 4a0515876146..ed17b9d09494 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/converter/instance.go +++ b/galley/pkg/config/processor/transforms/serviceentry/converter/instance.go @@ -25,10 +25,10 @@ import ( networking "istio.io/api/networking/v1alpha3" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/pkg/config/constants" configKube "istio.io/istio/pkg/config/kube" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/validation" ) diff --git a/galley/pkg/config/processor/transforms/serviceentry/converter/instance_bench_test.go b/galley/pkg/config/processor/transforms/serviceentry/converter/instance_bench_test.go index b020de9f3a5f..a31d2ebaaa22 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/converter/instance_bench_test.go +++ b/galley/pkg/config/processor/transforms/serviceentry/converter/instance_bench_test.go @@ -22,7 +22,7 @@ import ( "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/converter" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" coreV1 "k8s.io/api/core/v1" ) diff --git a/galley/pkg/config/processor/transforms/serviceentry/converter/instance_test.go b/galley/pkg/config/processor/transforms/serviceentry/converter/instance_test.go index 1176af1f30c1..0e6a1b0a0312 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/converter/instance_test.go +++ b/galley/pkg/config/processor/transforms/serviceentry/converter/instance_test.go @@ -29,9 +29,9 @@ import ( "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/converter" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/pkg/config/constants" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/validation" ) diff --git a/galley/pkg/config/processor/transforms/serviceentry/create.go b/galley/pkg/config/processor/transforms/serviceentry/create.go index b44e7ab1dce6..463ba1e73061 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/create.go +++ b/galley/pkg/config/processor/transforms/serviceentry/create.go @@ -15,9 +15,9 @@ package serviceentry import ( - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" xformer "istio.io/istio/galley/pkg/config/processing/transformer" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/processor/transforms/serviceentry/create_test.go b/galley/pkg/config/processor/transforms/serviceentry/create_test.go index 8de5e399a74c..194a3802c1ba 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/create_test.go +++ b/galley/pkg/config/processor/transforms/serviceentry/create_test.go @@ -30,16 +30,16 @@ import ( mcp "istio.io/api/mcp/v1alpha1" networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processing/snapshotter" "istio.io/istio/galley/pkg/config/processing/snapshotter/strategy" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/protocol" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/mcp/snapshot" diff --git a/galley/pkg/config/processor/transforms/serviceentry/handler_bench_test.go b/galley/pkg/config/processor/transforms/serviceentry/handler_bench_test.go index 64fc357df3d0..d0565fefae1b 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/handler_bench_test.go +++ b/galley/pkg/config/processor/transforms/serviceentry/handler_bench_test.go @@ -18,12 +18,12 @@ import ( "strconv" "testing" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collections" coreV1 "k8s.io/api/core/v1" diff --git a/galley/pkg/config/processor/transforms/serviceentry/integration/integration_bench_test.go b/galley/pkg/config/processor/transforms/serviceentry/integration/integration_bench_test.go index e192ee119d01..d798d4f00d72 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/integration/integration_bench_test.go +++ b/galley/pkg/config/processor/transforms/serviceentry/integration/integration_bench_test.go @@ -24,15 +24,15 @@ import ( metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing/snapshotter" "istio.io/istio/galley/pkg/config/processor" "istio.io/istio/galley/pkg/config/processor/transforms" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/config/source/kube/apiserver" "istio.io/istio/galley/pkg/testing/mock" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/snapshots" diff --git a/galley/pkg/config/processor/transforms/serviceentry/pod/cache.go b/galley/pkg/config/processor/transforms/serviceentry/pod/cache.go index 174a1940aeed..753f9262c03a 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/pod/cache.go +++ b/galley/pkg/config/processor/transforms/serviceentry/pod/cache.go @@ -18,8 +18,8 @@ import ( "fmt" "reflect" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collections" "istio.io/istio/pkg/spiffe" diff --git a/galley/pkg/config/processor/transforms/serviceentry/pod/cache_test.go b/galley/pkg/config/processor/transforms/serviceentry/pod/cache_test.go index e1d7d52a7248..07d832f80d44 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/pod/cache_test.go +++ b/galley/pkg/config/processor/transforms/serviceentry/pod/cache_test.go @@ -23,9 +23,9 @@ import ( coreV1 "k8s.io/api/core/v1" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/processor/transforms/serviceentry/transformer.go b/galley/pkg/config/processor/transforms/serviceentry/transformer.go index b5fc358639d5..b4284652d846 100644 --- a/galley/pkg/config/processor/transforms/serviceentry/transformer.go +++ b/galley/pkg/config/processor/transforms/serviceentry/transformer.go @@ -24,13 +24,13 @@ import ( networking "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/monitoring" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/converter" "istio.io/istio/galley/pkg/config/processor/transforms/serviceentry/pod" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/source/inmemory/collection.go b/galley/pkg/config/source/inmemory/collection.go index 66c88d9d541c..03e648a5a064 100644 --- a/galley/pkg/config/source/inmemory/collection.go +++ b/galley/pkg/config/source/inmemory/collection.go @@ -19,9 +19,9 @@ import ( "strings" "sync" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/source/inmemory/collection_test.go b/galley/pkg/config/source/inmemory/collection_test.go index 52e05b48acdb..893a25fcca88 100644 --- a/galley/pkg/config/source/inmemory/collection_test.go +++ b/galley/pkg/config/source/inmemory/collection_test.go @@ -21,12 +21,12 @@ import ( "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" ) func TestCollection_Start_Empty(t *testing.T) { diff --git a/galley/pkg/config/source/inmemory/source.go b/galley/pkg/config/source/inmemory/source.go index ffce5a3c5303..10686d04bbd3 100644 --- a/galley/pkg/config/source/inmemory/source.go +++ b/galley/pkg/config/source/inmemory/source.go @@ -18,8 +18,8 @@ import ( "fmt" "sync" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/source/inmemory/source_test.go b/galley/pkg/config/source/inmemory/source_test.go index 65f1eeed2412..0fdbc16d4702 100644 --- a/galley/pkg/config/source/inmemory/source_test.go +++ b/galley/pkg/config/source/inmemory/source_test.go @@ -19,11 +19,11 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "github.com/gogo/protobuf/types" diff --git a/galley/pkg/config/source/kube/apiserver/source.go b/galley/pkg/config/source/kube/apiserver/source.go index 61cc68da7b54..01f62289ec47 100644 --- a/galley/pkg/config/source/kube/apiserver/source.go +++ b/galley/pkg/config/source/kube/apiserver/source.go @@ -23,11 +23,11 @@ import ( "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" "istio.io/istio/galley/pkg/config/analysis/diag" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing/snapshotter" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/apiserver/status" "istio.io/istio/galley/pkg/config/source/kube/rt" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/resource" ) diff --git a/galley/pkg/config/source/kube/apiserver/source_builtin_test.go b/galley/pkg/config/source/kube/apiserver/source_builtin_test.go index 5456a51ad077..4fd5108f0955 100644 --- a/galley/pkg/config/source/kube/apiserver/source_builtin_test.go +++ b/galley/pkg/config/source/kube/apiserver/source_builtin_test.go @@ -24,12 +24,12 @@ import ( "istio.io/pkg/log" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/testing/fixtures" "istio.io/istio/galley/pkg/config/testing/k8smeta" "istio.io/istio/galley/pkg/testing/mock" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" resource2 "istio.io/istio/pkg/config/schema/resource" ) diff --git a/galley/pkg/config/source/kube/apiserver/source_dynamic_test.go b/galley/pkg/config/source/kube/apiserver/source_dynamic_test.go index 95aa73bb2a66..3c0b2eff452e 100644 --- a/galley/pkg/config/source/kube/apiserver/source_dynamic_test.go +++ b/galley/pkg/config/source/kube/apiserver/source_dynamic_test.go @@ -23,8 +23,6 @@ import ( "istio.io/istio/galley/pkg/config/analysis/diag" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/config/source/kube/apiserver" "istio.io/istio/galley/pkg/config/source/kube/apiserver/status" @@ -32,6 +30,8 @@ import ( "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/fixtures" "istio.io/istio/galley/pkg/testing/mock" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" resource2 "istio.io/istio/pkg/config/schema/resource" diff --git a/galley/pkg/config/source/kube/apiserver/status/controller.go b/galley/pkg/config/source/kube/apiserver/status/controller.go index 882ead98677c..2b03e4d56d98 100644 --- a/galley/pkg/config/source/kube/apiserver/status/controller.go +++ b/galley/pkg/config/source/kube/apiserver/status/controller.go @@ -21,9 +21,9 @@ import ( "k8s.io/client-go/dynamic" "istio.io/istio/galley/pkg/config/analysis/diag" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/rt" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/source/kube/apiserver/status/controller_test.go b/galley/pkg/config/source/kube/apiserver/status/controller_test.go index 0861f49962b4..c57c7dcf6974 100644 --- a/galley/pkg/config/source/kube/apiserver/status/controller_test.go +++ b/galley/pkg/config/source/kube/apiserver/status/controller_test.go @@ -27,10 +27,10 @@ import ( "istio.io/istio/galley/pkg/config/analysis/diag" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/source/kube/rt" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/testing/mock" + "istio.io/istio/pkg/config/resource" ) const subfield = "testMessages" diff --git a/galley/pkg/config/source/kube/apiserver/status/state.go b/galley/pkg/config/source/kube/apiserver/status/state.go index b0e29b3c1937..77d2dcabbc78 100644 --- a/galley/pkg/config/source/kube/apiserver/status/state.go +++ b/galley/pkg/config/source/kube/apiserver/status/state.go @@ -17,7 +17,7 @@ package status import ( "sync" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/source/kube/apiserver/status/state_test.go b/galley/pkg/config/source/kube/apiserver/status/state_test.go index df9fa358a822..4127103c6b0e 100644 --- a/galley/pkg/config/source/kube/apiserver/status/state_test.go +++ b/galley/pkg/config/source/kube/apiserver/status/state_test.go @@ -23,10 +23,10 @@ import ( "istio.io/istio/galley/pkg/config/analysis/diag" "istio.io/istio/galley/pkg/config/analysis/msg" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/source/kube/rt" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" + "istio.io/istio/pkg/config/resource" ) func TestState_SetLastKnown_NoEntry(t *testing.T) { diff --git a/galley/pkg/config/source/kube/apiserver/status/status.go b/galley/pkg/config/source/kube/apiserver/status/status.go index 44052c6d006a..719e9c6c0033 100644 --- a/galley/pkg/config/source/kube/apiserver/status/status.go +++ b/galley/pkg/config/source/kube/apiserver/status/status.go @@ -18,7 +18,7 @@ import ( "reflect" "sync" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/source/kube/apiserver/watcher.go b/galley/pkg/config/source/kube/apiserver/watcher.go index 66307c27cc78..46672b592706 100644 --- a/galley/pkg/config/source/kube/apiserver/watcher.go +++ b/galley/pkg/config/source/kube/apiserver/watcher.go @@ -20,12 +20,12 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/apiserver/stats" "istio.io/istio/galley/pkg/config/source/kube/apiserver/status" "istio.io/istio/galley/pkg/config/source/kube/apiserver/tombstone" "istio.io/istio/galley/pkg/config/source/kube/rt" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/source/kube/fs/source.go b/galley/pkg/config/source/kube/fs/source.go index b4f6d10e7448..000fe2cebdbc 100644 --- a/galley/pkg/config/source/kube/fs/source.go +++ b/galley/pkg/config/source/kube/fs/source.go @@ -24,9 +24,9 @@ import ( "istio.io/pkg/appsignals" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/inmemory" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/source/kube/fs/source_test.go b/galley/pkg/config/source/kube/fs/source_test.go index 1b31b7c5cc51..aa057ec123c3 100644 --- a/galley/pkg/config/source/kube/fs/source_test.go +++ b/galley/pkg/config/source/kube/fs/source_test.go @@ -25,13 +25,13 @@ import ( "istio.io/pkg/appsignals" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/source/kube/fs" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" "istio.io/istio/galley/pkg/config/testing/k8smeta" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema" ) diff --git a/galley/pkg/config/source/kube/inmemory/kubesource.go b/galley/pkg/config/source/kube/inmemory/kubesource.go index 54812bc902fe..e98a748d1942 100644 --- a/galley/pkg/config/source/kube/inmemory/kubesource.go +++ b/galley/pkg/config/source/kube/inmemory/kubesource.go @@ -28,11 +28,11 @@ import ( "github.com/hashicorp/go-multierror" kubeJson "k8s.io/apimachinery/pkg/runtime/serializer/json" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/inmemory" "istio.io/istio/galley/pkg/config/source/kube/rt" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" schemaresource "istio.io/istio/pkg/config/schema/resource" ) diff --git a/galley/pkg/config/source/kube/inmemory/kubesource_test.go b/galley/pkg/config/source/kube/inmemory/kubesource_test.go index d565c451abdb..4b75ded0f034 100644 --- a/galley/pkg/config/source/kube/inmemory/kubesource_test.go +++ b/galley/pkg/config/source/kube/inmemory/kubesource_test.go @@ -19,13 +19,13 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" "istio.io/istio/galley/pkg/config/testing/k8smeta" "istio.io/istio/galley/pkg/config/util/kubeyaml" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" ) func TestKubeSource_ApplyContent(t *testing.T) { diff --git a/galley/pkg/config/source/kube/rt/adapter.go b/galley/pkg/config/source/kube/rt/adapter.go index 25a4a7a66374..b2752a1212e9 100644 --- a/galley/pkg/config/source/kube/rt/adapter.go +++ b/galley/pkg/config/source/kube/rt/adapter.go @@ -22,9 +22,9 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" "istio.io/istio/galley/pkg/config/source/kube/apiserver/stats" + "istio.io/istio/pkg/config/resource" ) // Adapter provides core functions that are necessary to interact with a Kubernetes resource. diff --git a/galley/pkg/config/source/kube/rt/extract.go b/galley/pkg/config/source/kube/rt/extract.go index 9704a1a5b4ce..b1ce07d566e0 100644 --- a/galley/pkg/config/source/kube/rt/extract.go +++ b/galley/pkg/config/source/kube/rt/extract.go @@ -19,7 +19,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" resource2 "istio.io/istio/pkg/config/schema/resource" ) diff --git a/galley/pkg/config/source/kube/rt/origin.go b/galley/pkg/config/source/kube/rt/origin.go index fddf35bcb326..070ca9bd0f20 100644 --- a/galley/pkg/config/source/kube/rt/origin.go +++ b/galley/pkg/config/source/kube/rt/origin.go @@ -18,7 +18,7 @@ import ( "fmt" "strings" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/source/mcp/cache.go b/galley/pkg/config/source/mcp/cache.go index 5f77b57a94ff..ea43d4d3b775 100644 --- a/galley/pkg/config/source/mcp/cache.go +++ b/galley/pkg/config/source/mcp/cache.go @@ -18,9 +18,9 @@ import ( "fmt" "sync" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/scope" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" resource2 "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/mcp/sink" diff --git a/galley/pkg/config/source/mcp/cache_test.go b/galley/pkg/config/source/mcp/cache_test.go index 513c773f918e..f8534eb1e470 100644 --- a/galley/pkg/config/source/mcp/cache_test.go +++ b/galley/pkg/config/source/mcp/cache_test.go @@ -26,9 +26,9 @@ import ( mcp "istio.io/api/mcp/v1alpha1" "istio.io/api/networking/v1alpha3" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" resource2 "istio.io/istio/pkg/config/schema/resource" "istio.io/istio/pkg/mcp/sink" diff --git a/galley/pkg/config/source/mcp/origin.go b/galley/pkg/config/source/mcp/origin.go index 8ca6c2640cd2..2cad620ac2e5 100644 --- a/galley/pkg/config/source/mcp/origin.go +++ b/galley/pkg/config/source/mcp/origin.go @@ -15,7 +15,7 @@ package mcp import ( - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) const ( diff --git a/galley/pkg/config/source/mcp/origin_test.go b/galley/pkg/config/source/mcp/origin_test.go index 3632884ff7e0..45d308d68f1c 100644 --- a/galley/pkg/config/source/mcp/origin_test.go +++ b/galley/pkg/config/source/mcp/origin_test.go @@ -19,7 +19,7 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) func TestOrigin(t *testing.T) { diff --git a/galley/pkg/config/source/mcp/source.go b/galley/pkg/config/source/mcp/source.go index f1a830c97103..0538134625b6 100644 --- a/galley/pkg/config/source/mcp/source.go +++ b/galley/pkg/config/source/mcp/source.go @@ -17,7 +17,7 @@ package mcp import ( "fmt" - "istio.io/istio/galley/pkg/config/event" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/mcp/sink" ) diff --git a/galley/pkg/config/source/mcp/source_test.go b/galley/pkg/config/source/mcp/source_test.go index e7b0af77877d..118c7aabbc36 100644 --- a/galley/pkg/config/source/mcp/source_test.go +++ b/galley/pkg/config/source/mcp/source_test.go @@ -19,7 +19,7 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/mcp/sink" ) diff --git a/galley/pkg/config/synthesize/version.go b/galley/pkg/config/synthesize/version.go index 00f0a32ec4a6..3012504b833a 100644 --- a/galley/pkg/config/synthesize/version.go +++ b/galley/pkg/config/synthesize/version.go @@ -18,8 +18,9 @@ import ( "crypto/sha256" "encoding/base64" - "istio.io/istio/galley/pkg/config/resource" "istio.io/pkg/pool" + + "istio.io/istio/pkg/config/resource" ) // Version synthesizes a new resource version from existing resource versions. There needs to be at least one version diff --git a/galley/pkg/config/synthesize/version_test.go b/galley/pkg/config/synthesize/version_test.go index ba56978519b5..f3ff026028f1 100644 --- a/galley/pkg/config/synthesize/version_test.go +++ b/galley/pkg/config/synthesize/version_test.go @@ -20,7 +20,7 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) func TestVersion(t *testing.T) { diff --git a/galley/pkg/config/testing/data/events.go b/galley/pkg/config/testing/data/events.go index ceae25ae2c94..3aa41e52397e 100644 --- a/galley/pkg/config/testing/data/events.go +++ b/galley/pkg/config/testing/data/events.go @@ -15,8 +15,8 @@ package data import ( - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/testing/basicmeta" + "istio.io/istio/pkg/config/event" ) var ( diff --git a/galley/pkg/config/testing/data/resources.go b/galley/pkg/config/testing/data/resources.go index 869a4aafee00..7abf94ce5678 100644 --- a/galley/pkg/config/testing/data/resources.go +++ b/galley/pkg/config/testing/data/resources.go @@ -20,8 +20,8 @@ import ( "github.com/gogo/protobuf/jsonpb" "github.com/gogo/protobuf/types" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/basicmeta" + "istio.io/istio/pkg/config/resource" ) var ( diff --git a/galley/pkg/config/testing/fixtures/accumulator.go b/galley/pkg/config/testing/fixtures/accumulator.go index 1bc56f1108a4..54ad999fbffc 100644 --- a/galley/pkg/config/testing/fixtures/accumulator.go +++ b/galley/pkg/config/testing/fixtures/accumulator.go @@ -18,7 +18,7 @@ import ( "fmt" "sync" - "istio.io/istio/galley/pkg/config/event" + "istio.io/istio/pkg/config/event" ) // Accumulator accumulates events that is dispatched to it. diff --git a/galley/pkg/config/testing/fixtures/accumulator_test.go b/galley/pkg/config/testing/fixtures/accumulator_test.go index a8b74562ab98..77ee9145710d 100644 --- a/galley/pkg/config/testing/fixtures/accumulator_test.go +++ b/galley/pkg/config/testing/fixtures/accumulator_test.go @@ -19,8 +19,8 @@ import ( "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/testing/data" + "istio.io/istio/pkg/config/event" ) func TestAccumulator(t *testing.T) { diff --git a/galley/pkg/config/testing/fixtures/expect.go b/galley/pkg/config/testing/fixtures/expect.go index a38865e96cde..a0ccd3898158 100644 --- a/galley/pkg/config/testing/fixtures/expect.go +++ b/galley/pkg/config/testing/fixtures/expect.go @@ -24,7 +24,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/test/util/retry" ) diff --git a/galley/pkg/config/testing/fixtures/filters.go b/galley/pkg/config/testing/fixtures/filters.go index f407cde170a1..b44246eb642d 100644 --- a/galley/pkg/config/testing/fixtures/filters.go +++ b/galley/pkg/config/testing/fixtures/filters.go @@ -19,7 +19,7 @@ import ( "sort" "strings" - "istio.io/istio/galley/pkg/config/event" + "istio.io/istio/pkg/config/event" ) // FilterFn is a function for filtering events diff --git a/galley/pkg/config/testing/fixtures/filters_test.go b/galley/pkg/config/testing/fixtures/filters_test.go index c628f1e57af9..04cb8f909842 100644 --- a/galley/pkg/config/testing/fixtures/filters_test.go +++ b/galley/pkg/config/testing/fixtures/filters_test.go @@ -19,10 +19,10 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" ) func TestNoVersions(t *testing.T) { diff --git a/galley/pkg/config/testing/fixtures/listener.go b/galley/pkg/config/testing/fixtures/listener.go index f6701d0f1d0c..a820e70b9d36 100644 --- a/galley/pkg/config/testing/fixtures/listener.go +++ b/galley/pkg/config/testing/fixtures/listener.go @@ -15,7 +15,7 @@ package fixtures import ( - "istio.io/istio/galley/pkg/config/event" + "istio.io/istio/pkg/config/event" ) // Listener is a simple event.Dispatcher implementation for testing. diff --git a/galley/pkg/config/testing/fixtures/listener_test.go b/galley/pkg/config/testing/fixtures/listener_test.go index a34eb50120c6..cf9adaac04f1 100644 --- a/galley/pkg/config/testing/fixtures/listener_test.go +++ b/galley/pkg/config/testing/fixtures/listener_test.go @@ -19,8 +19,8 @@ import ( "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/testing/data" + "istio.io/istio/pkg/config/event" ) func TestDispatcher(t *testing.T) { diff --git a/galley/pkg/config/testing/fixtures/source.go b/galley/pkg/config/testing/fixtures/source.go index afe2e9186b5a..c9763f48dda3 100644 --- a/galley/pkg/config/testing/fixtures/source.go +++ b/galley/pkg/config/testing/fixtures/source.go @@ -14,7 +14,7 @@ package fixtures -import "istio.io/istio/galley/pkg/config/event" +import "istio.io/istio/pkg/config/event" // Source is a test implementation of event.Source type Source struct { diff --git a/galley/pkg/config/testing/fixtures/source_test.go b/galley/pkg/config/testing/fixtures/source_test.go index 53939b29c5bf..ea18b6b4e4eb 100644 --- a/galley/pkg/config/testing/fixtures/source_test.go +++ b/galley/pkg/config/testing/fixtures/source_test.go @@ -19,8 +19,8 @@ import ( "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/testing/basicmeta" + "istio.io/istio/pkg/config/event" ) func TestSource(t *testing.T) { diff --git a/galley/pkg/config/testing/fixtures/transformer.go b/galley/pkg/config/testing/fixtures/transformer.go index 8fce366f6784..6794b7e8bb4e 100644 --- a/galley/pkg/config/testing/fixtures/transformer.go +++ b/galley/pkg/config/testing/fixtures/transformer.go @@ -15,7 +15,7 @@ package fixtures import ( - "istio.io/istio/galley/pkg/config/event" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/server/components/patchtable.go b/galley/pkg/server/components/patchtable.go index d2c90a9c8b5e..43dd57a8e880 100644 --- a/galley/pkg/server/components/patchtable.go +++ b/galley/pkg/server/components/patchtable.go @@ -18,13 +18,14 @@ import ( "io/ioutil" "net" - "istio.io/istio/galley/pkg/config/event" + "istio.io/pkg/filewatcher" + "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processor" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/config/source/kube/fs" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/mcp/monitoring" - "istio.io/pkg/filewatcher" ) // The patch table for external dependencies for code in components. diff --git a/galley/pkg/server/components/processing.go b/galley/pkg/server/components/processing.go index 8a9b810231c6..cb1354a89140 100644 --- a/galley/pkg/server/components/processing.go +++ b/galley/pkg/server/components/processing.go @@ -33,7 +33,6 @@ import ( "istio.io/pkg/version" "istio.io/istio/galley/pkg/config/analysis/analyzers" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processing/snapshotter" "istio.io/istio/galley/pkg/config/processor" @@ -46,6 +45,7 @@ import ( "istio.io/istio/galley/pkg/envvar" "istio.io/istio/galley/pkg/server/process" "istio.io/istio/galley/pkg/server/settings" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/config/schema/snapshots" diff --git a/galley/pkg/server/components/processing_test.go b/galley/pkg/server/components/processing_test.go index 1d25e3c36730..b738bb1e3a37 100644 --- a/galley/pkg/server/components/processing_test.go +++ b/galley/pkg/server/components/processing_test.go @@ -26,13 +26,13 @@ import ( k8sRuntime "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/dynamic/fake" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/meshcfg" "istio.io/istio/galley/pkg/config/processing" "istio.io/istio/galley/pkg/config/processor" "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/galley/pkg/server/settings" "istio.io/istio/galley/pkg/testing/mock" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" "istio.io/istio/pkg/mcp/monitoring" mcptestmon "istio.io/istio/pkg/mcp/testing/monitoring" diff --git a/istioctl/cmd/analyze.go b/istioctl/cmd/analyze.go index df3e2cd52182..970f7ebc40ff 100644 --- a/istioctl/cmd/analyze.go +++ b/istioctl/cmd/analyze.go @@ -37,9 +37,9 @@ import ( "istio.io/istio/galley/pkg/config/analysis/analyzers" "istio.io/istio/galley/pkg/config/analysis/diag" "istio.io/istio/galley/pkg/config/analysis/local" - "istio.io/istio/galley/pkg/config/resource" cfgKube "istio.io/istio/galley/pkg/config/source/kube" "istio.io/istio/istioctl/pkg/util/handlers" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema" "istio.io/istio/pkg/kube" ) diff --git a/galley/pkg/config/event/buffer.go b/pkg/config/event/buffer.go similarity index 100% rename from galley/pkg/config/event/buffer.go rename to pkg/config/event/buffer.go diff --git a/galley/pkg/config/event/buffer_test.go b/pkg/config/event/buffer_test.go similarity index 98% rename from galley/pkg/config/event/buffer_test.go rename to pkg/config/event/buffer_test.go index 2865945c7320..186499bcb08c 100644 --- a/galley/pkg/config/event/buffer_test.go +++ b/pkg/config/event/buffer_test.go @@ -21,9 +21,9 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" ) func TestBuffer_Basics(t *testing.T) { diff --git a/galley/pkg/config/event/dispatcher.go b/pkg/config/event/dispatcher.go similarity index 100% rename from galley/pkg/config/event/dispatcher.go rename to pkg/config/event/dispatcher.go diff --git a/galley/pkg/config/event/event.go b/pkg/config/event/event.go similarity index 98% rename from galley/pkg/config/event/event.go rename to pkg/config/event/event.go index b38a3e3d2082..5b9c951c1de3 100644 --- a/galley/pkg/config/event/event.go +++ b/pkg/config/event/event.go @@ -17,7 +17,7 @@ package event import ( "fmt" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/event/event_test.go b/pkg/config/event/event_test.go similarity index 98% rename from galley/pkg/config/event/event_test.go rename to pkg/config/event/event_test.go index 7f5b59636aca..9dca5a1e6bef 100644 --- a/galley/pkg/config/event/event_test.go +++ b/pkg/config/event/event_test.go @@ -20,9 +20,9 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/data" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collection" "github.com/gogo/protobuf/types" diff --git a/galley/pkg/config/event/handler.go b/pkg/config/event/handler.go similarity index 100% rename from galley/pkg/config/event/handler.go rename to pkg/config/event/handler.go diff --git a/galley/pkg/config/event/handler_test.go b/pkg/config/event/handler_test.go similarity index 97% rename from galley/pkg/config/event/handler_test.go rename to pkg/config/event/handler_test.go index ed4850b3a60e..4ba6cdde2aba 100644 --- a/galley/pkg/config/event/handler_test.go +++ b/pkg/config/event/handler_test.go @@ -20,8 +20,8 @@ import ( "github.com/gogo/protobuf/types" . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/event" + "istio.io/istio/pkg/config/resource" ) func TestHandlerFromFn(t *testing.T) { diff --git a/galley/pkg/config/event/handlers.go b/pkg/config/event/handlers.go similarity index 100% rename from galley/pkg/config/event/handlers.go rename to pkg/config/event/handlers.go diff --git a/galley/pkg/config/event/handlers_test.go b/pkg/config/event/handlers_test.go similarity index 98% rename from galley/pkg/config/event/handlers_test.go rename to pkg/config/event/handlers_test.go index 832266d1e223..c9fbdb8e7567 100644 --- a/galley/pkg/config/event/handlers_test.go +++ b/pkg/config/event/handlers_test.go @@ -19,9 +19,9 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" ) func TestHandlers_Handle_Zero(t *testing.T) { diff --git a/galley/pkg/config/event/kind.go b/pkg/config/event/kind.go similarity index 100% rename from galley/pkg/config/event/kind.go rename to pkg/config/event/kind.go diff --git a/galley/pkg/config/event/kind_test.go b/pkg/config/event/kind_test.go similarity index 96% rename from galley/pkg/config/event/kind_test.go rename to pkg/config/event/kind_test.go index 2a9664a226a8..e4683d0f8a8c 100644 --- a/galley/pkg/config/event/kind_test.go +++ b/pkg/config/event/kind_test.go @@ -17,7 +17,7 @@ package event_test import ( "testing" - "istio.io/istio/galley/pkg/config/event" + "istio.io/istio/pkg/config/event" ) func TestEventKind_String(t *testing.T) { diff --git a/galley/pkg/config/event/processor.go b/pkg/config/event/processor.go similarity index 100% rename from galley/pkg/config/event/processor.go rename to pkg/config/event/processor.go diff --git a/galley/pkg/config/event/queue.go b/pkg/config/event/queue.go similarity index 100% rename from galley/pkg/config/event/queue.go rename to pkg/config/event/queue.go diff --git a/galley/pkg/config/event/queue_test.go b/pkg/config/event/queue_test.go similarity index 98% rename from galley/pkg/config/event/queue_test.go rename to pkg/config/event/queue_test.go index 90f533b3cb2b..684ca536ad68 100644 --- a/galley/pkg/config/event/queue_test.go +++ b/pkg/config/event/queue_test.go @@ -21,7 +21,7 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) func TestQueue_Empty(t *testing.T) { diff --git a/galley/pkg/config/event/router.go b/pkg/config/event/router.go similarity index 100% rename from galley/pkg/config/event/router.go rename to pkg/config/event/router.go diff --git a/galley/pkg/config/event/router_test.go b/pkg/config/event/router_test.go similarity index 99% rename from galley/pkg/config/event/router_test.go rename to pkg/config/event/router_test.go index 725d1b47e34b..00eb62e273e1 100644 --- a/galley/pkg/config/event/router_test.go +++ b/pkg/config/event/router_test.go @@ -19,10 +19,10 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/testing/basicmeta" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" ) func TestRouter_Empty(t *testing.T) { diff --git a/galley/pkg/config/event/source.go b/pkg/config/event/source.go similarity index 100% rename from galley/pkg/config/event/source.go rename to pkg/config/event/source.go diff --git a/galley/pkg/config/event/source_test.go b/pkg/config/event/source_test.go similarity index 97% rename from galley/pkg/config/event/source_test.go rename to pkg/config/event/source_test.go index 4ba3c5c93f5e..356c439e0adc 100644 --- a/galley/pkg/config/event/source_test.go +++ b/pkg/config/event/source_test.go @@ -19,8 +19,8 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" ) func TestMergeSources_Basic(t *testing.T) { diff --git a/galley/pkg/config/event/transformer.go b/pkg/config/event/transformer.go similarity index 100% rename from galley/pkg/config/event/transformer.go rename to pkg/config/event/transformer.go diff --git a/galley/pkg/config/event/transformer_test.go b/pkg/config/event/transformer_test.go similarity index 99% rename from galley/pkg/config/event/transformer_test.go rename to pkg/config/event/transformer_test.go index 74e045eada29..8852174c4908 100644 --- a/galley/pkg/config/event/transformer_test.go +++ b/pkg/config/event/transformer_test.go @@ -19,9 +19,9 @@ import ( . "github.com/onsi/gomega" - "istio.io/istio/galley/pkg/config/event" "istio.io/istio/galley/pkg/config/testing/data" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/event" "istio.io/istio/pkg/config/schema/collection" ) diff --git a/galley/pkg/config/resource/instance.go b/pkg/config/resource/instance.go similarity index 100% rename from galley/pkg/config/resource/instance.go rename to pkg/config/resource/instance.go diff --git a/galley/pkg/config/resource/instance_test.go b/pkg/config/resource/instance_test.go similarity index 100% rename from galley/pkg/config/resource/instance_test.go rename to pkg/config/resource/instance_test.go diff --git a/galley/pkg/config/resource/metadata.go b/pkg/config/resource/metadata.go similarity index 100% rename from galley/pkg/config/resource/metadata.go rename to pkg/config/resource/metadata.go diff --git a/galley/pkg/config/resource/metadata_test.go b/pkg/config/resource/metadata_test.go similarity index 100% rename from galley/pkg/config/resource/metadata_test.go rename to pkg/config/resource/metadata_test.go diff --git a/galley/pkg/config/resource/name.go b/pkg/config/resource/name.go similarity index 100% rename from galley/pkg/config/resource/name.go rename to pkg/config/resource/name.go diff --git a/galley/pkg/config/resource/name_test.go b/pkg/config/resource/name_test.go similarity index 100% rename from galley/pkg/config/resource/name_test.go rename to pkg/config/resource/name_test.go diff --git a/galley/pkg/config/resource/origin.go b/pkg/config/resource/origin.go similarity index 100% rename from galley/pkg/config/resource/origin.go rename to pkg/config/resource/origin.go diff --git a/galley/pkg/config/resource/serialization.go b/pkg/config/resource/serialization.go similarity index 100% rename from galley/pkg/config/resource/serialization.go rename to pkg/config/resource/serialization.go diff --git a/galley/pkg/config/resource/serialization_test.go b/pkg/config/resource/serialization_test.go similarity index 99% rename from galley/pkg/config/resource/serialization_test.go rename to pkg/config/resource/serialization_test.go index 64810063502a..c2a271ab81f0 100644 --- a/galley/pkg/config/resource/serialization_test.go +++ b/pkg/config/resource/serialization_test.go @@ -27,8 +27,8 @@ import ( "github.com/gogo/protobuf/proto" "github.com/gogo/protobuf/types" - "istio.io/istio/galley/pkg/config/resource" "istio.io/istio/galley/pkg/config/testing/fixtures" + "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/collections" ) diff --git a/galley/pkg/config/resource/stringmap.go b/pkg/config/resource/stringmap.go similarity index 100% rename from galley/pkg/config/resource/stringmap.go rename to pkg/config/resource/stringmap.go diff --git a/galley/pkg/config/resource/stringmap_test.go b/pkg/config/resource/stringmap_test.go similarity index 100% rename from galley/pkg/config/resource/stringmap_test.go rename to pkg/config/resource/stringmap_test.go diff --git a/galley/pkg/config/resource/version.go b/pkg/config/resource/version.go similarity index 100% rename from galley/pkg/config/resource/version.go rename to pkg/config/resource/version.go diff --git a/pkg/test/framework/components/galley/snapshot.go b/pkg/test/framework/components/galley/snapshot.go index 582b49f876dc..e69c0e8f1462 100644 --- a/pkg/test/framework/components/galley/snapshot.go +++ b/pkg/test/framework/components/galley/snapshot.go @@ -25,7 +25,7 @@ import ( mcp "istio.io/api/mcp/v1alpha1" - "istio.io/istio/galley/pkg/config/resource" + "istio.io/istio/pkg/config/resource" ) // Ensure that Object can behave as a proto message. From 7d0dd7a7eee1797289b68fb2c028d166b537e39d Mon Sep 17 00:00:00 2001 From: Ben Plotnick Date: Fri, 24 Jan 2020 15:12:19 -0800 Subject: [PATCH 11/31] Replace unicode quotes with ascii quotes (#20492) --- manifests/global.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/global.yaml b/manifests/global.yaml index 7b9c8488d5fb..a3c8ab80004e 100644 --- a/manifests/global.yaml +++ b/manifests/global.yaml @@ -406,7 +406,7 @@ global: # The trust domain aliases represent the aliases of trust_domain. # For example, if we have # trustDomain: td1 - # trustDomainAliases: [“td2”, "td3"] + # trustDomainAliases: ["td2", "td3"] # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. trustDomainAliases: [] From 174fbce00c59bbf8f95060d3cb67b62ca68efae8 Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 24 Jan 2020 16:33:24 -0800 Subject: [PATCH 12/31] Cleanup racetest targets (#20125) * Cleanup racetest targets Right now we have targets for race test and unit test. In CI, we only run race tests, so its not clear there is much benefit to having the non-race test variants, especially since they have caused multiple bugs in the past: https://github.com/istio/istio/issues/19559 and https://github.com/istio/istio/issues/20110 as examples. This makes test and racetest both use -race. In a followup PR, after CI is changed, we will just remove the racetest target and only use test for simplicity. Additionally, rather than expecting RACE_TEST to be set, use native go support for excluding tests with -race passed. Also made a change to mixer tests to properly default REPO_ROOT. All of these changes all a user to just run `go test ./(anything but e2e tests)` and things just work, without relying on Makefiles. * format * Actually add race tag --- Makefile.core.mk | 41 ++++------- .../kubernetesenv_norace_test.go | 68 +++++++++++++++++++ .../kubernetesenv/kubernetesenv_test.go | 41 ----------- .../spybackend/nosession_integration_test.go | 10 +-- mixer/tools/mixgen/cmd/adapter.go | 5 +- mixer/tools/mixgen/cmd/template.go | 5 +- .../kube/controller/multicluster_test.go | 8 +-- tests/util/kubeconfig | 12 ---- 8 files changed, 91 insertions(+), 99 deletions(-) create mode 100644 mixer/adapter/kubernetesenv/kubernetesenv_norace_test.go delete mode 100644 tests/util/kubeconfig diff --git a/Makefile.core.mk b/Makefile.core.mk index a8628d57ffb0..067737fb72ff 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -412,50 +412,38 @@ else TEST_OBJ = selected-pkg-test endif test: | $(JUNIT_REPORT) - KUBECONFIG="$${KUBECONFIG:-$${REPO_ROOT}/tests/util/kubeconfig}" \ $(MAKE) -e -f Makefile.core.mk --keep-going $(TEST_OBJ) \ 2>&1 | tee >($(JUNIT_REPORT) > $(JUNIT_OUT)) -GOTEST_PARALLEL ?= '-test.parallel=1' +# TODO: remove the racetest targets and just have *-test targets that call race .PHONY: pilot-test -pilot-test: - go test ${T} ./pilot/... +pilot-test: pilot-racetest .PHONY: istioctl-test -istioctl-test: - go test ${T} ./istioctl/... +istioctl-test: istioctl-racetest .PHONY: operator-test operator-test: go test ${T} ./operator/... .PHONY: mixer-test -MIXER_TEST_T ?= ${T} ${GOTEST_PARALLEL} -mixer-test: - # Some tests use relative path "testdata", must be run from mixer dir - (cd mixer; go test ${MIXER_TEST_T} ./...) +mixer-test: mixer-racetest +# Galley test is not using -race yet. See https://github.com/istio/istio/issues/20110 .PHONY: galley-test galley-test: go test ${T} ./galley/... .PHONY: security-test -security-test: - go test ${T} ./security/pkg/... - go test ${T} ./security/cmd/... +security-test: security-racetest .PHONY: common-test -common-test: build - go test ${T} ./pkg/... - go test ${T} ./tests/common/... - go test ${T} ./tools/istio-iptables/... - # Execute bash shell unit tests scripts - ./tests/scripts/istio-iptables-test.sh +common-test: common-racetest .PHONY: selected-pkg-test selected-pkg-test: - find ${WHAT} -name "*_test.go" | xargs -I {} dirname {} | uniq | xargs -I {} go test ${T} ./{} + find ${WHAT} -name "*_test.go" | xargs -I {} dirname {} | uniq | xargs -I {} go test ${T} -race ./{} #----------------------------------------------------------------------------- # Target: coverage @@ -507,11 +495,11 @@ racetest: $(JUNIT_REPORT) .PHONY: pilot-racetest pilot-racetest: - RACE_TEST=true go test ${T} -race ./pilot/... + go test ${T} -race ./pilot/... .PHONY: istioctl-racetest istioctl-racetest: - RACE_TEST=true go test ${T} -race ./istioctl/... + go test ${T} -race ./istioctl/... .PHONY: operator-racetest operator-racetest: @@ -519,22 +507,21 @@ operator-racetest: .PHONY: mixer-racetest mixer-racetest: - # Some tests use relative path "testdata", must be run from mixer dir - (cd mixer; RACE_TEST=true go test ${T} -race ./...) + go test ${T} -race ./mixer/... .PHONY: galley-racetest galley-racetest: - RACE_TEST=true go test ${T} -race ./galley/... + go test ${T} -race ./galley/... .PHONY: security-racetest security-racetest: - RACE_TEST=true go test ${T} -race ./security/pkg/... ./security/cmd/... + go test ${T} -race ./security/pkg/... ./security/cmd/... .PHONY: common-racetest common-racetest: # Execute bash shell unit tests scripts ./tests/scripts/istio-iptables-test.sh - RACE_TEST=true go test ${T} -race ./pkg/... + go test ${T} -race ./pkg/... ./tests/common/... ./tools/istio-iptables/... #----------------------------------------------------------------------------- # Target: clean diff --git a/mixer/adapter/kubernetesenv/kubernetesenv_norace_test.go b/mixer/adapter/kubernetesenv/kubernetesenv_norace_test.go new file mode 100644 index 000000000000..e2782099cee6 --- /dev/null +++ b/mixer/adapter/kubernetesenv/kubernetesenv_norace_test.go @@ -0,0 +1,68 @@ +// +build !race + +// Copyright 2017 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package kubernetesenv + +import ( + "context" + "testing" + "time" + + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/kubernetes/fake" + + "istio.io/istio/mixer/pkg/adapter" + "istio.io/istio/mixer/pkg/adapter/test" + "istio.io/istio/pkg/kube/secretcontroller" +) + +// This test is skipped by the build tag !race due to https://github.com/istio/istio/issues/15610 +func Test_KubeSecretController(t *testing.T) { + secretcontroller.LoadKubeConfig = mockLoadKubeConfig + secretcontroller.ValidateClientConfig = mockValidateClientConfig + secretcontroller.CreateInterfaceFromClusterConfig = mockCreateInterfaceFromClusterConfig + + clientset := fake.NewSimpleClientset() + b := newBuilder(func(string, adapter.Env) (kubernetes.Interface, error) { + return clientset, nil + }) + + // Call kube Build function which will start the secret controller. + // Sleep to allow secret process to start. + _, err := b.Build(context.Background(), test.NewEnv(t)) + if err != nil { + t.Fatalf("error building adapter: %v", err) + } + time.Sleep(10 * time.Millisecond) + + // Create the multicluster secret. + err = createMultiClusterSecret(clientset) + if err != nil { + t.Fatalf("Unexpected error on secret create: %v", err) + } + + // Test - Verify that the remote controller has been added. + verifyControllers(t, b, 2, "create remote controller") + + // Delete the mulicluster secret. + err = deleteMultiClusterSecret(clientset) + if err != nil { + t.Fatalf("Unexpected error on secret delete: %v", err) + } + + // Test - Verify that the remote controller has been removed. + verifyControllers(t, b, 1, "delete remote controller") +} diff --git a/mixer/adapter/kubernetesenv/kubernetesenv_test.go b/mixer/adapter/kubernetesenv/kubernetesenv_test.go index 97642ae2ef23..bcb86c61316b 100644 --- a/mixer/adapter/kubernetesenv/kubernetesenv_test.go +++ b/mixer/adapter/kubernetesenv/kubernetesenv_test.go @@ -527,47 +527,6 @@ func mockCreateInterfaceFromClusterConfig(_ *clientcmdapi.Config) (kubernetes.In return fake.NewSimpleClientset(), nil } -func Test_KubeSecretController(t *testing.T) { - if len(os.Getenv("RACE_TEST")) > 0 { - t.Skip("https://github.com/istio/istio/issues/15610") - } - - secretcontroller.LoadKubeConfig = mockLoadKubeConfig - secretcontroller.ValidateClientConfig = mockValidateClientConfig - secretcontroller.CreateInterfaceFromClusterConfig = mockCreateInterfaceFromClusterConfig - - clientset := fake.NewSimpleClientset() - b := newBuilder(func(string, adapter.Env) (kubernetes.Interface, error) { - return clientset, nil - }) - - // Call kube Build function which will start the secret controller. - // Sleep to allow secret process to start. - _, err := b.Build(context.Background(), test.NewEnv(t)) - if err != nil { - t.Fatalf("error building adapter: %v", err) - } - time.Sleep(10 * time.Millisecond) - - // Create the multicluster secret. - err = createMultiClusterSecret(clientset) - if err != nil { - t.Fatalf("Unexpected error on secret create: %v", err) - } - - // Test - Verify that the remote controller has been added. - verifyControllers(t, b, 2, "create remote controller") - - // Delete the mulicluster secret. - err = deleteMultiClusterSecret(clientset) - if err != nil { - t.Fatalf("Unexpected error on secret delete: %v", err) - } - - // Test - Verify that the remote controller has been removed. - verifyControllers(t, b, 1, "delete remote controller") -} - // Kubernetes Runtime Object for Tests var trueVar = true diff --git a/mixer/test/spybackend/nosession_integration_test.go b/mixer/test/spybackend/nosession_integration_test.go index a94cef130054..5751911ded97 100644 --- a/mixer/test/spybackend/nosession_integration_test.go +++ b/mixer/test/spybackend/nosession_integration_test.go @@ -1,3 +1,5 @@ +// +build !race + // Copyright 2018 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,7 +19,6 @@ package spybackend import ( "fmt" "io/ioutil" - "os" "strings" "testing" "time" @@ -254,13 +255,6 @@ spec: ) func TestNoSessionBackend(t *testing.T) { - - // We skip this test if it is being run as part of the racetest because - // it is intensive on memory and will cause the test to fail with no error - if len(os.Getenv("RACE_TEST")) > 0 { - t.Skip() - } - testdata := []struct { name string calls []adapter_integration.Call diff --git a/mixer/tools/mixgen/cmd/adapter.go b/mixer/tools/mixgen/cmd/adapter.go index e84a1e6ed1a5..da07857082a9 100644 --- a/mixer/tools/mixgen/cmd/adapter.go +++ b/mixer/tools/mixgen/cmd/adapter.go @@ -31,7 +31,7 @@ import ( "istio.io/istio/mixer/cmd/shared" "istio.io/istio/mixer/pkg/runtime/config/constant" - "istio.io/pkg/env" + "istio.io/istio/pkg/test/env" ) func adapterCfgCmd(rawArgs []string, printf, fatalf shared.FormatFn) *cobra.Command { @@ -112,9 +112,8 @@ spec: } } - repoRoot := env.RegisterStringVar("REPO_ROOT", "", "Absolute path to the base of the source repository.").Get() adapterObj := &adapterCRVar{ - RawCommand: strings.Replace(rawCommand, repoRoot, "$REPO_ROOT", -1), + RawCommand: strings.Replace(rawCommand, env.IstioSrc, "$REPO_ROOT", -1), Name: name, Namespace: namespace, Description: description, diff --git a/mixer/tools/mixgen/cmd/template.go b/mixer/tools/mixgen/cmd/template.go index f4833a27e4a4..1caee6131a7b 100644 --- a/mixer/tools/mixgen/cmd/template.go +++ b/mixer/tools/mixgen/cmd/template.go @@ -26,7 +26,7 @@ import ( "istio.io/istio/mixer/cmd/shared" "istio.io/istio/mixer/pkg/runtime/config/constant" - "istio.io/pkg/env" + "istio.io/istio/pkg/test/env" ) func templateCfgCmd(rawArgs []string, printf, fatalf shared.FormatFn) *cobra.Command { @@ -81,12 +81,11 @@ spec: fatalf("template in invalid: %v", err) } - repoRoot := env.RegisterStringVar("REPO_ROOT", "", "Absolute path to the base of the source repository.").Get() tmplObj := &templateCRVar{ Name: name, Namespace: ns, Descriptor: base64.StdEncoding.EncodeToString(byts), - RawCommand: strings.Replace(rawCommand, repoRoot, "$REPO_ROOT", -1), + RawCommand: strings.Replace(rawCommand, env.IstioSrc, "$REPO_ROOT", -1), } t := gotemplate.New("templatecr") diff --git a/pilot/pkg/serviceregistry/kube/controller/multicluster_test.go b/pilot/pkg/serviceregistry/kube/controller/multicluster_test.go index 1a0b7e2db930..30929eefad45 100644 --- a/pilot/pkg/serviceregistry/kube/controller/multicluster_test.go +++ b/pilot/pkg/serviceregistry/kube/controller/multicluster_test.go @@ -1,3 +1,5 @@ +// +build !race + // Copyright 2018 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,7 +17,6 @@ package controller import ( - "os" "testing" "time" @@ -86,11 +87,8 @@ func mockCreateInterfaceFromClusterConfig(_ *clientcmdapi.Config) (kubernetes.In return fake.NewSimpleClientset(), nil } +// This test is skipped by the build tag !race due to https://github.com/istio/istio/issues/15610 func Test_KubeSecretController(t *testing.T) { - if len(os.Getenv("RACE_TEST")) > 0 { - t.Skip("https://github.com/istio/istio/issues/15610") - } - secretcontroller.LoadKubeConfig = mockLoadKubeConfig secretcontroller.ValidateClientConfig = mockValidateClientConfig secretcontroller.CreateInterfaceFromClusterConfig = mockCreateInterfaceFromClusterConfig diff --git a/tests/util/kubeconfig b/tests/util/kubeconfig deleted file mode 100644 index 6fdd42cdca38..000000000000 --- a/tests/util/kubeconfig +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -clusters: -- cluster: - server: http://localhost:8080 - name: istio -contexts: -- context: - cluster: istio - user: "" - name: istio -current-context: istio -kind: Config From 15e80846d004e2eee4a6a198060be9cdefb1cbd8 Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 24 Jan 2020 16:33:32 -0800 Subject: [PATCH 13/31] Add back golang linting (#20480) * Add back golang linting In a recent PR somebody (me) accidentally deleted the golang lint target. In the meantime, we had a lot of lint errors break. This turns back on the linter and fixes all lint errors. * fix new errors --- Makefile.core.mk | 3 ++- galley/pkg/config/analysis/local/analyze.go | 2 -- istioctl/cmd/describe.go | 2 ++ istioctl/cmd/describe_test.go | 2 -- istioctl/cmd/istioctl_test.go | 2 -- istioctl/cmd/proxyconfig_test.go | 1 - istioctl/cmd/root.go | 3 --- operator/cmd/mesh/manifest-common.go | 3 ++- operator/cmd/mesh/manifest-migrate.go | 2 +- operator/cmd/mesh/profile-common.go | 12 +++++++----- operator/pkg/translate/icp_iop.go | 14 +++++++------- operator/pkg/translate/yaml_tree.go | 4 ++-- operator/pkg/translate/yaml_tree_test.go | 2 +- operator/pkg/util/reflect.go | 1 + pilot/cmd/pilot-discovery/main.go | 2 +- pilot/pkg/bootstrap/certcontroller.go | 2 +- pilot/pkg/bootstrap/options.go | 2 +- pilot/pkg/bootstrap/server.go | 2 +- pilot/pkg/config/kube/crd/conversion_test.go | 1 + pilot/pkg/model/config.go | 4 ++-- pilot/pkg/model/push_context.go | 2 +- pilot/pkg/model/push_context_test.go | 8 ++++---- pilot/pkg/networking/core/v1alpha3/listener.go | 9 ++++----- pilot/pkg/proxy/envoy/v2/monitoring.go | 2 +- pilot/pkg/proxy/envoy/v2/xds_test.go | 4 ++-- pilot/pkg/security/authz/builder/builder.go | 1 + .../syntheticserviceentrycontroller.go | 1 - pkg/config/xds/filter_types.go | 4 ++-- security/cmd/istio_ca/main.go | 2 -- .../caclient/providers/google/mock/ca_mock.go | 3 ++- security/pkg/nodeagent/sds/server_test.go | 9 +-------- security/pkg/stsservice/mock/xdsserver.go | 3 ++- security/pkg/stsservice/test/setup.go | 15 +++++++-------- .../tokenmanager/google/mock/mockserver.go | 3 ++- .../tokenmanager/google/tokenexchangeplugin.go | 14 +++++++------- tests/common/jwt/jwt_token.go | 1 + tests/integration/galley/webhook/webhook_test.go | 2 +- .../{mtls_k8s_ca => mtlsk8sca}/main_test.go | 2 +- .../{mtls_k8s_ca => mtlsk8sca}/strict_test.go | 2 +- .../testdata/global-mtls-on-no-dr.yaml | 0 .../testdata/global-plaintext.yaml | 0 tools/istio-iptables/pkg/config/config.go | 3 ++- 42 files changed, 74 insertions(+), 82 deletions(-) rename tests/integration/security/{mtls_k8s_ca => mtlsk8sca}/main_test.go (98%) rename tests/integration/security/{mtls_k8s_ca => mtlsk8sca}/strict_test.go (99%) rename tests/integration/security/{mtls_k8s_ca => mtlsk8sca}/testdata/global-mtls-on-no-dr.yaml (100%) rename tests/integration/security/{mtls_k8s_ca => mtlsk8sca}/testdata/global-plaintext.yaml (100%) diff --git a/Makefile.core.mk b/Makefile.core.mk index 067737fb72ff..d9c8604644bc 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -323,11 +323,12 @@ lint-go-split: @golangci-lint run -c ./common/config/.golangci.yml ./sidecar-injector/... @golangci-lint run -c ./common/config/.golangci.yml ./tests/... @golangci-lint run -c ./common/config/.golangci.yml ./tools/... + @golangci-lint run -c ./common/config/.golangci.yml ./operator/... lint-helm-global: find manifests -name 'Chart.yaml' -print0 | ${XARGS} -L 1 dirname | xargs -r helm lint --strict -f manifests/global.yaml -lint: lint-python lint-copyright-banner lint-scripts lint-dockerfiles lint-markdown lint-yaml lint-licenses lint-helm-global +lint: lint-python lint-copyright-banner lint-scripts lint-go-split lint-dockerfiles lint-markdown lint-yaml lint-licenses lint-helm-global @bin/check_helm.sh @bin/check_samples.sh @bin/check_dashboards.sh diff --git a/galley/pkg/config/analysis/local/analyze.go b/galley/pkg/config/analysis/local/analyze.go index 4aefe9019d7d..ca4b8b079bf7 100644 --- a/galley/pkg/config/analysis/local/analyze.go +++ b/galley/pkg/config/analysis/local/analyze.go @@ -56,7 +56,6 @@ const ( // Pseudo-constants, since golang doesn't support a true const slice/array var ( - requiredPerms = []string{"list", "watch"} analysisSnapshots = []string{snapshots.LocalAnalysis, snapshots.SyntheticServiceEntry} ) @@ -234,7 +233,6 @@ func (sa *SourceAnalyzer) AddReaderKubeSource(readers []io.Reader) error { if err = src.ApplyContent(string(i), string(by)); err != nil { errs = multierror.Append(errs, err) - src.ApplyContent(string(i), string(by)) } } diff --git a/istioctl/cmd/describe.go b/istioctl/cmd/describe.go index c1623807d169..c723f7bb9740 100644 --- a/istioctl/cmd/describe.go +++ b/istioctl/cmd/describe.go @@ -768,6 +768,7 @@ func getIstioVirtualServiceNameForSvc(cd *configdump.Wrapper, svc v1.Service, po } // Starting with recent 1.5.0 builds, the path will include .istio.io. Handle both. + // nolint: gosimple re := regexp.MustCompile("/apis/networking(\\.istio\\.io)?/v1alpha3/namespaces/(?P[^/]+)/virtual-service/(?P[^/]+)") ss := re.FindStringSubmatch(path) if ss == nil { @@ -916,6 +917,7 @@ func getIstioDestinationRuleNameForSvc(cd *configdump.Wrapper, svc v1.Service, p } // Starting with recent 1.5.0 builds, the path will include .istio.io. Handle both. + // nolint: gosimple re := regexp.MustCompile("/apis/networking(\\.istio\\.io)?/v1alpha3/namespaces/(?P[^/]+)/destination-rule/(?P[^/]+)") ss := re.FindStringSubmatch(path) if ss == nil { diff --git a/istioctl/cmd/describe_test.go b/istioctl/cmd/describe_test.go index bd95326dbda7..dd9101003743 100644 --- a/istioctl/cmd/describe_test.go +++ b/istioctl/cmd/describe_test.go @@ -611,8 +611,6 @@ func verifyExecAndK8sConfigTestCaseTestOutput(t *testing.T, c execAndK8sConfigTe namespace = c.namespace } - file = "" // Clear, because we re-use - fErr := rootCmd.Execute() output := out.String() diff --git a/istioctl/cmd/istioctl_test.go b/istioctl/cmd/istioctl_test.go index 0128a0fc4e51..828157f6a2c3 100644 --- a/istioctl/cmd/istioctl_test.go +++ b/istioctl/cmd/istioctl_test.go @@ -161,8 +161,6 @@ func verifyOutput(t *testing.T, c testCase) { rootCmd := GetRootCmd(c.args) rootCmd.SetOutput(&out) - file = "" // Clear, because we re-use - fErr := rootCmd.Execute() output := out.String() diff --git a/istioctl/cmd/proxyconfig_test.go b/istioctl/cmd/proxyconfig_test.go index babe2fd0600b..4b4fd3ecaa99 100644 --- a/istioctl/cmd/proxyconfig_test.go +++ b/istioctl/cmd/proxyconfig_test.go @@ -266,7 +266,6 @@ func verifyExecTestOutput(t *testing.T, c execTestCase) { var out bytes.Buffer rootCmd := GetRootCmd(c.args) rootCmd.SetOutput(&out) - file = "" // Clear, because we re-use fErr := rootCmd.Execute() output := out.String() diff --git a/istioctl/cmd/root.go b/istioctl/cmd/root.go index 9fb0733711a2..0b8860e896c5 100644 --- a/istioctl/cmd/root.go +++ b/istioctl/cmd/root.go @@ -49,9 +49,6 @@ var ( istioNamespace string defaultNamespace string - // input file name - file string - // output format (yaml or short) outputFormat string diff --git a/operator/cmd/mesh/manifest-common.go b/operator/cmd/mesh/manifest-common.go index 218437c8a9c1..423426a97f3b 100644 --- a/operator/cmd/mesh/manifest-common.go +++ b/operator/cmd/mesh/manifest-common.go @@ -119,7 +119,8 @@ func genApplyManifests(setOverlay []string, inFilename []string, force bool, dry } // GenManifests generate manifest from input file and setOverLay -func GenManifests(inFilename []string, setOverlayYAML string, force bool, kubeConfig *rest.Config, l *Logger) (name.ManifestMap, *v1alpha1.IstioOperatorSpec, error) { +func GenManifests(inFilename []string, setOverlayYAML string, force bool, + kubeConfig *rest.Config, l *Logger) (name.ManifestMap, *v1alpha1.IstioOperatorSpec, error) { mergedYAML, err := genProfile(false, inFilename, "", setOverlayYAML, "", force, kubeConfig, l) if err != nil { return nil, nil, err diff --git a/operator/cmd/mesh/manifest-migrate.go b/operator/cmd/mesh/manifest-migrate.go index 586ebbd588c5..93d0d71aecc8 100644 --- a/operator/cmd/mesh/manifest-migrate.go +++ b/operator/cmd/mesh/manifest-migrate.go @@ -96,7 +96,7 @@ func translateFunc(values []byte, l *Logger) error { if err != nil { return err } - out, err := translate.TranslateICPToIOP(string(values), translations) + out, err := translate.ICPToIOP(string(values), translations) if err != nil { return err } diff --git a/operator/cmd/mesh/profile-common.go b/operator/cmd/mesh/profile-common.go index c19378e8c2bc..d2de006db078 100644 --- a/operator/cmd/mesh/profile-common.go +++ b/operator/cmd/mesh/profile-common.go @@ -47,7 +47,8 @@ var scope = log.RegisterScope("installer", "installer", 0) // ones that are compiled in. If it does, the starting point will be the base and profile YAMLs at that file path. // Otherwise it will be the compiled in profile YAMLs. // In step 3, the remaining fields in the same user overlay are applied on the resulting profile base. -func genIOPS(inFilename []string, profile, setOverlayYAML, ver string, force bool, kubeConfig *rest.Config, l *Logger) (string, *v1alpha1.IstioOperatorSpec, error) { +func genIOPS(inFilename []string, profile, setOverlayYAML, ver string, + force bool, kubeConfig *rest.Config, l *Logger) (string, *v1alpha1.IstioOperatorSpec, error) { overlayYAML := "" var overlayIOPS *v1alpha1.IstioOperatorSpec set := make(map[string]interface{}) @@ -62,7 +63,7 @@ func genIOPS(inFilename []string, profile, setOverlayYAML, ver string, force boo } overlayIOPS, overlayYAML, err = unmarshalAndValidateIOP(inputYaml, force) if err != nil { - iopYAML, translateErr := translate.TranslateICPToIOPVer(inputYaml, binversion.OperatorBinaryVersion) + iopYAML, translateErr := translate.ICPToIOPVer(inputYaml, binversion.OperatorBinaryVersion) if translateErr != nil { return "", nil, fmt.Errorf("could not unmarshal yaml or translate it to IOP: %s, %s\n\nOriginal YAML:\n%s", err, translateErr, inputYaml) @@ -117,12 +118,12 @@ func genIOPS(inFilename []string, profile, setOverlayYAML, ver string, force boo _, baseYAML, err := unmarshalAndValidateIOP(baseCRYAML, force) if err != nil { - baseIopYAML, translateErr := translate.TranslateICPToIOPVer(baseCRYAML, binversion.OperatorBinaryVersion) + baseIopYAML, translateErr := translate.ICPToIOPVer(baseCRYAML, binversion.OperatorBinaryVersion) if translateErr != nil { return "", nil, fmt.Errorf("could not unmarshal or translate base yaml into IOP with profile %s at version %s: %s, %s", profile, binversion.OperatorBinaryVersion, err, translateErr) } - overlayIOPS, overlayYAML, err = unmarshalAndValidateIOP(baseIopYAML, force) + _, overlayYAML, err = unmarshalAndValidateIOP(baseIopYAML, force) if err != nil { return "", nil, err } @@ -217,7 +218,8 @@ func getJwtTypeOverlay(config *rest.Config, l *Logger) (string, error) { return "values.global.jwtPolicy=first-party-jwt", nil } -func genProfile(helmValues bool, inFilename []string, profile, setOverlayYAML, configPath string, force bool, kubeConfig *rest.Config, l *Logger) (string, error) { +func genProfile(helmValues bool, inFilename []string, profile, setOverlayYAML, + configPath string, force bool, kubeConfig *rest.Config, l *Logger) (string, error) { finalYAML, finalIOPS, err := genIOPS(inFilename, profile, setOverlayYAML, "", force, kubeConfig, l) if err != nil { return "", err diff --git a/operator/pkg/translate/icp_iop.go b/operator/pkg/translate/icp_iop.go index 168d061ee62a..43d061854afe 100644 --- a/operator/pkg/translate/icp_iop.go +++ b/operator/pkg/translate/icp_iop.go @@ -47,7 +47,7 @@ func ICPtoIOPTranslations(ver version.Version) (map[string]string, error) { return out, nil } -// ReadICPtoIOPTranslations reads a file at filePath with key:value pairs in the format expected by TranslateICPToIOP. +// ReadICPtoIOPTranslations reads a file at filePath with key:value pairs in the format expected by ICPToIOP. func ReadICPtoIOPTranslations(filePath string) (map[string]string, error) { b, err := ioutil.ReadFile(filePath) if err != nil { @@ -60,19 +60,19 @@ func ReadICPtoIOPTranslations(filePath string) (map[string]string, error) { return out, nil } -// TranslateICPToIOPVer takes an IstioControlPlane YAML string and the target version as input, +// ICPToIOPVer takes an IstioControlPlane YAML string and the target version as input, // then translates it into an IstioOperator YAML string. -func TranslateICPToIOPVer(icp string, ver version.Version) (string, error) { +func ICPToIOPVer(icp string, ver version.Version) (string, error) { translations, err := ICPtoIOPTranslations(ver) if err != nil { return "", fmt.Errorf("could not read translate config for version %s: %s", ver, err) } - return TranslateICPToIOP(icp, translations) + return ICPToIOP(icp, translations) } -// TranslateICPToIOP takes an IstioControlPlane YAML string and a map of translations with key:value format +// ICPToIOP takes an IstioControlPlane YAML string and a map of translations with key:value format // souce-path:destination-path (where paths are expressed in pkg/tpath format) and returns an IstioOperator string. -func TranslateICPToIOP(icp string, translations map[string]string) (string, error) { +func ICPToIOP(icp string, translations map[string]string) (string, error) { icps, err := getSpecSubtree(icp) if err != nil { return "", err @@ -84,7 +84,7 @@ func TranslateICPToIOP(icp string, translations map[string]string) (string, erro return "", err } - translated, err := TranslateYAMLTree(icps, outTree, translations) + translated, err := YAMLTree(icps, outTree, translations) if err != nil { return "", err } diff --git a/operator/pkg/translate/yaml_tree.go b/operator/pkg/translate/yaml_tree.go index 5f081e3205a9..90b1af73a1b5 100644 --- a/operator/pkg/translate/yaml_tree.go +++ b/operator/pkg/translate/yaml_tree.go @@ -22,10 +22,10 @@ import ( "istio.io/istio/operator/pkg/tpath" ) -// TranslateYAMLTree takes an input tree inTreeStr, a partially constructed output tree outTreeStr, and a map of +// YAMLTree takes an input tree inTreeStr, a partially constructed output tree outTreeStr, and a map of // translations of source-path:dest-path in pkg/tpath format. It returns an output tree with paths from the input // tree, translated and overlaid on the output tree. -func TranslateYAMLTree(inTreeStr, outTreeStr string, translations map[string]string) (string, error) { +func YAMLTree(inTreeStr, outTreeStr string, translations map[string]string) (string, error) { inTree := make(map[string]interface{}) if err := yaml.Unmarshal([]byte(inTreeStr), &inTree); err != nil { return "", err diff --git a/operator/pkg/translate/yaml_tree_test.go b/operator/pkg/translate/yaml_tree_test.go index 324e63a9ebac..1ef413a51d9f 100644 --- a/operator/pkg/translate/yaml_tree_test.go +++ b/operator/pkg/translate/yaml_tree_test.go @@ -66,7 +66,7 @@ func TestTranslateYAMLTree(t *testing.T) { t.Fatal(err) } - got, err := TranslateICPToIOP(icp, translations) + got, err := ICPToIOP(icp, translations) if err != nil { t.Fatal(err) } diff --git a/operator/pkg/util/reflect.go b/operator/pkg/util/reflect.go index 284256708561..a31646fc3838 100644 --- a/operator/pkg/util/reflect.go +++ b/operator/pkg/util/reflect.go @@ -269,6 +269,7 @@ func AppendToSlicePtr(parentSlice interface{}, value interface{}) error { v := reflect.ValueOf(value) if !IsSliceInterfacePtr(parentSlice) { + // nolint: golint return fmt.Errorf("AppendToSlicePtr parent type is %T, must be *[]interface{}", parentSlice) } diff --git a/pilot/cmd/pilot-discovery/main.go b/pilot/cmd/pilot-discovery/main.go index e46b06656502..a10f6f224430 100644 --- a/pilot/cmd/pilot-discovery/main.go +++ b/pilot/cmd/pilot-discovery/main.go @@ -139,7 +139,7 @@ func init() { discoveryCmd.PersistentFlags().BoolVar(&serverArgs.Config.DisableInstallCRDs, "disable-install-crds", true, "Disable discovery service from verifying the existence of CRDs at startup and then installing if not detected. "+ "It is recommended to be disable for highly available setups.") - discoveryCmd.PersistentFlags().MarkDeprecated("disable-install-crds", + _ = discoveryCmd.PersistentFlags().MarkDeprecated("disable-install-crds", "Setting this flag has no effect. Install CRD definitions directly or with the operator") discoveryCmd.PersistentFlags().StringVar(&serverArgs.Config.FileDir, "configDir", "", "Directory to watch for updates to config yaml files. If specified, the files will be used as the source of config, rather than a CRD client.") diff --git a/pilot/pkg/bootstrap/certcontroller.go b/pilot/pkg/bootstrap/certcontroller.go index 6eb348efedd0..d7b2c4f73725 100644 --- a/pilot/pkg/bootstrap/certcontroller.go +++ b/pilot/pkg/bootstrap/certcontroller.go @@ -191,7 +191,7 @@ func (s *Server) initDNSCerts(hostname string) error { } else { log.Errorf("Invalid Pilot CA provider: %v", features.PilotCertProvider.Get()) - err = fmt.Errorf("Invalid Pilot CA provider: %v", features.PilotCertProvider.Get()) + err = fmt.Errorf("invalid Pilot CA provider: %v", features.PilotCertProvider.Get()) } if err != nil { return err diff --git a/pilot/pkg/bootstrap/options.go b/pilot/pkg/bootstrap/options.go index 7389546dabbd..3d8cc2646e71 100644 --- a/pilot/pkg/bootstrap/options.go +++ b/pilot/pkg/bootstrap/options.go @@ -93,7 +93,7 @@ type DiscoveryServiceOptions struct { // a port number is automatically chosen. HTTPAddr string - // The listening addres for HTTPS (webhooks). If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0") + // The listening address for HTTPS (webhooks). If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0") // a port number is automatically chosen. HTTPSAddr string diff --git a/pilot/pkg/bootstrap/server.go b/pilot/pkg/bootstrap/server.go index ba94daad09a3..c446d3cf3403 100644 --- a/pilot/pkg/bootstrap/server.go +++ b/pilot/pkg/bootstrap/server.go @@ -224,7 +224,7 @@ func NewServer(args *PilotArgs) (*Server, error) { var err error s.ca, err = s.createCA(s.kubeClient.CoreV1(), caOpts) if err != nil { - return nil, fmt.Errorf("EnableCA: %v", err) + return nil, fmt.Errorf("enableCA: %v", err) } } diff --git a/pilot/pkg/config/kube/crd/conversion_test.go b/pilot/pkg/config/kube/crd/conversion_test.go index fb71c554cb1b..b0bfe32f0f15 100644 --- a/pilot/pkg/config/kube/crd/conversion_test.go +++ b/pilot/pkg/config/kube/crd/conversion_test.go @@ -78,6 +78,7 @@ func TestParseInputs(t *testing.T) { t.Error("ParseInput(invalid spec) => got no error") } + // nolint: lll validInput := `{"apiVersion": "networking.istio.io/v1alpha3", "kind":"VirtualService", "spec":{"hosts":["foo"],"http":[{"route":[{"destination":{"host":"bar"},"weight":100}]}]}}` varr, _, err := ParseInputs(validInput) if err != nil || len(varr) == 0 { diff --git a/pilot/pkg/model/config.go b/pilot/pkg/model/config.go index 166a4944b34b..af7b6e8b05e3 100644 --- a/pilot/pkg/model/config.go +++ b/pilot/pkg/model/config.go @@ -627,8 +627,8 @@ func SortQuotaSpec(specs []Config) { }) } -func (config Config) DeepCopy() Config { - copied, err := copystructure.Copy(config) +func (c Config) DeepCopy() Config { + copied, err := copystructure.Copy(c) if err != nil { // There are 2 locations where errors are generated in copystructure.Copy: // * The reflection walk over the structure fails, which should never happen diff --git a/pilot/pkg/model/push_context.go b/pilot/pkg/model/push_context.go index e742aac69185..ae33083c9140 100644 --- a/pilot/pkg/model/push_context.go +++ b/pilot/pkg/model/push_context.go @@ -541,7 +541,7 @@ func (ps *PushContext) UpdateMetrics() { } } -// GatewayServices returns the set of services which are refered from the proxy gateways. +// GatewayServices returns the set of services which are referred from the proxy gateways. func (ps *PushContext) GatewayServices(proxy *Proxy) []*Service { svcs := ps.Services(proxy) // gateway set. diff --git a/pilot/pkg/model/push_context_test.go b/pilot/pkg/model/push_context_test.go index 911d17063cbd..871b5b1ff6cb 100644 --- a/pilot/pkg/model/push_context_test.go +++ b/pilot/pkg/model/push_context_test.go @@ -68,7 +68,7 @@ func TestMergeUpdateRequest(t *testing.T) { Push: push0, Start: t0, NamespacesUpdated: map[string]struct{}{"ns1": {}}, - ConfigTypesUpdated: map[resource.GroupVersionKind]struct{}{resource.GroupVersionKind{Kind: "cfg1"}: {}}, + ConfigTypesUpdated: map[resource.GroupVersionKind]struct{}{{Kind: "cfg1"}: {}}, Reason: []TriggerReason{ServiceUpdate, ServiceUpdate}, }, &PushRequest{ @@ -76,7 +76,7 @@ func TestMergeUpdateRequest(t *testing.T) { Push: push1, Start: t1, NamespacesUpdated: map[string]struct{}{"ns2": {}}, - ConfigTypesUpdated: map[resource.GroupVersionKind]struct{}{resource.GroupVersionKind{Kind: "cfg2"}: {}}, + ConfigTypesUpdated: map[resource.GroupVersionKind]struct{}{{Kind: "cfg2"}: {}}, Reason: []TriggerReason{EndpointUpdate}, }, PushRequest{ @@ -84,7 +84,7 @@ func TestMergeUpdateRequest(t *testing.T) { Push: push1, Start: t0, NamespacesUpdated: map[string]struct{}{"ns1": {}, "ns2": {}}, - ConfigTypesUpdated: map[resource.GroupVersionKind]struct{}{resource.GroupVersionKind{Kind: "cfg1"}: {}, resource.GroupVersionKind{Kind: "cfg2"}: {}}, + ConfigTypesUpdated: map[resource.GroupVersionKind]struct{}{{Kind: "cfg1"}: {}, {Kind: "cfg2"}: {}}, Reason: []TriggerReason{ServiceUpdate, ServiceUpdate, EndpointUpdate}, }, }, @@ -121,7 +121,7 @@ func TestMergeUpdateRequest(t *testing.T) { { "skip config type merge: one empty", &PushRequest{Full: true, ConfigTypesUpdated: nil}, - &PushRequest{Full: true, ConfigTypesUpdated: map[resource.GroupVersionKind]struct{}{resource.GroupVersionKind{Kind: "cfg2"}: {}}}, + &PushRequest{Full: true, ConfigTypesUpdated: map[resource.GroupVersionKind]struct{}{{Kind: "cfg2"}: {}}}, PushRequest{Full: true, ConfigTypesUpdated: nil}, }, } diff --git a/pilot/pkg/networking/core/v1alpha3/listener.go b/pilot/pkg/networking/core/v1alpha3/listener.go index 5427852e2a5e..b56f6c9c4b5f 100644 --- a/pilot/pkg/networking/core/v1alpha3/listener.go +++ b/pilot/pkg/networking/core/v1alpha3/listener.go @@ -1358,9 +1358,8 @@ func (configgen *ConfigGeneratorImpl) buildSidecarOutboundListenerForPortOrUDS(n if ret, opts = configgen.buildSidecarOutboundHTTPListenerOptsForPortOrUDS(node, &listenerMapKey, ¤tListenerEntry, &listenerOpts, pluginParams, listenerMap, actualWildcard); !ret { return - } else { - listenerOpts.filterChainOpts = opts } + listenerOpts.filterChainOpts = opts } else { switch pluginParams.ListenerProtocol { case plugin.ListenerProtocolHTTP: @@ -2398,15 +2397,15 @@ func removeListenerFilterTimeout(listeners []*xdsapi.Listener) { // Remove listener filter timeout for // 1. outbound listeners AND // 2. without HTTP inspector - hasHttpInspector := false + hasHTTPInspector := false for _, lf := range l.ListenerFilters { if lf.Name == wellknown.HttpInspector { - hasHttpInspector = true + hasHTTPInspector = true break } } - if !hasHttpInspector && l.TrafficDirection == core.TrafficDirection_OUTBOUND { + if !hasHTTPInspector && l.TrafficDirection == core.TrafficDirection_OUTBOUND { l.ListenerFiltersTimeout = nil l.ContinueOnListenerFiltersTimeout = false } diff --git a/pilot/pkg/proxy/envoy/v2/monitoring.go b/pilot/pkg/proxy/envoy/v2/monitoring.go index 85efca6f9c1d..a3954c92b47c 100644 --- a/pilot/pkg/proxy/envoy/v2/monitoring.go +++ b/pilot/pkg/proxy/envoy/v2/monitoring.go @@ -131,7 +131,7 @@ var ( pushTriggers = monitoring.NewSum( "pilot_push_triggers", - "Total number of times a push was triggered, labelled by reason for the push.", + "Total number of times a push was triggered, labeled by reason for the push.", monitoring.WithLabels(typeTag), ) diff --git a/pilot/pkg/proxy/envoy/v2/xds_test.go b/pilot/pkg/proxy/envoy/v2/xds_test.go index d3d58430fd71..b9d0ce9feb42 100644 --- a/pilot/pkg/proxy/envoy/v2/xds_test.go +++ b/pilot/pkg/proxy/envoy/v2/xds_test.go @@ -162,7 +162,7 @@ func localPilotTestEnv(t *testing.T, initFunc func(*bootstrap.Server), additiona // // The server will have a set of pre-defined instances and services, and read CRDs from the // common tests/testdata directory. -func initLocalPilotTestEnv(t *testing.T, additionalArgs ...func(*bootstrap.PilotArgs)) (*bootstrap.Server, util.TearDownFunc) { +func initLocalPilotTestEnv(t *testing.T) (*bootstrap.Server, util.TearDownFunc) { return localPilotTestEnv(t, func(server *bootstrap.Server) { // Service and endpoints for hello.default - used in v1 pilot tests hostname := host.Name("hello.default.svc.cluster.local") @@ -310,7 +310,7 @@ func initLocalPilotTestEnv(t *testing.T, additionalArgs ...func(*bootstrap.Pilot // RouteConf Service4 is using port 80, to test that we generate multiple clusters (regression) // service4 has no endpoints server.EnvoyXdsServer.MemRegistry.AddHTTPService("service4.default.svc.cluster.local", "10.1.0.4", 80) - }, additionalArgs...) + }) } // nolint: unparam diff --git a/pilot/pkg/security/authz/builder/builder.go b/pilot/pkg/security/authz/builder/builder.go index ce7aa5c5681b..87cb60132406 100644 --- a/pilot/pkg/security/authz/builder/builder.go +++ b/pilot/pkg/security/authz/builder/builder.go @@ -98,6 +98,7 @@ func (b *Builder) BuildHTTPFilters() []*httpFilterPb.HttpFilter { return filters } +// nolint: interfacer func createHTTPFilter(config *envoyRbacHttpPb.RBAC) *httpFilterPb.HttpFilter { if config == nil { return nil diff --git a/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller.go b/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller.go index 47312ae339e8..37b6458faf4e 100644 --- a/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller.go +++ b/pilot/pkg/serviceregistry/synthetic/serviceentry/syntheticserviceentrycontroller.go @@ -314,7 +314,6 @@ func (c *SyntheticServiceEntryController) incrementalUpdate(resources []*sink.Ob oldEpVersion = version(namedConf[conf.Name].Annotations, endpointKey) } namedConf[conf.Name] = conf - // c.dispatch(*conf, model.EventUpdate) } else { event = model.EventAdd c.configStore[conf.Namespace] = map[string]*model.Config{ diff --git a/pkg/config/xds/filter_types.go b/pkg/config/xds/filter_types.go index 5ca7afdb1d59..7222625a786e 100644 --- a/pkg/config/xds/filter_types.go +++ b/pkg/config/xds/filter_types.go @@ -14,9 +14,9 @@ package xds -// Import all Envoy filter types so they are registered and deserialization does not fail -// when using them in the "typed_config" attributes. import ( + // Import all Envoy filter types so they are registered and deserialization does not fail + // when using them in the "typed_config" attributes. _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/accesslog/v2" _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/dubbo/router/v2alpha1" _ "github.com/envoyproxy/go-control-plane/envoy/config/filter/fault/v2" diff --git a/security/cmd/istio_ca/main.go b/security/cmd/istio_ca/main.go index bf8bd4a30221..cba923468bac 100644 --- a/security/cmd/istio_ca/main.go +++ b/security/cmd/istio_ca/main.go @@ -175,8 +175,6 @@ var ( "istio-sidecar-injector", "istio-galley", } - - rootCertRotatorChan chan struct{} ) func fatalf(template string, args ...interface{}) { diff --git a/security/pkg/nodeagent/caclient/providers/google/mock/ca_mock.go b/security/pkg/nodeagent/caclient/providers/google/mock/ca_mock.go index 36fd77de3156..d815dee0f41e 100644 --- a/security/pkg/nodeagent/caclient/providers/google/mock/ca_mock.go +++ b/security/pkg/nodeagent/caclient/providers/google/mock/ca_mock.go @@ -47,6 +47,7 @@ type CAServer struct { } // CreateServer creates a mocked local Google CA server and runs it in a separate thread. +// nolint: interfacer func CreateServer(addr string, service *CAService) (*CAServer, error) { // create a local grpc server s := &CAServer{ @@ -55,7 +56,7 @@ func CreateServer(addr string, service *CAService) (*CAServer, error) { lis, err := net.Listen("tcp", addr) if err != nil { - return nil, fmt.Errorf("Failed to listen on the TCP address: %v", err) + return nil, fmt.Errorf("failed to listen on the TCP address: %v", err) } s.Address = lis.Addr().String() diff --git a/security/pkg/nodeagent/sds/server_test.go b/security/pkg/nodeagent/sds/server_test.go index 938eb85465d3..b9d98c1c170c 100644 --- a/security/pkg/nodeagent/sds/server_test.go +++ b/security/pkg/nodeagent/sds/server_test.go @@ -40,9 +40,7 @@ import ( const mockCAAddress = "localhost:0" var ( - mockMeshCAServer *mca.CAServer - mockSTSServer *msts.AuthorizationServer - validCerts = []string{ + validCerts = []string{ `-----BEGIN CERTIFICATE----- MIIFiDCCA3ACCQDriJFARkUboTANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UEBhMC VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEOMAwG @@ -143,11 +141,6 @@ yTi7LtqQOBVq0veaVudHd+9I/JrJ `} ) -func cleanup() { - mockMeshCAServer.Stop() - mockSTSServer.Stop() -} - func createRealSDSServer(t *testing.T, socket string) *Server { // Create a local grpc server to mock Mesh CA caService := &mca.CAService{Certs: validCerts, Err: nil} diff --git a/security/pkg/stsservice/mock/xdsserver.go b/security/pkg/stsservice/mock/xdsserver.go index e12b29deb5a5..417758a75849 100644 --- a/security/pkg/stsservice/mock/xdsserver.go +++ b/security/pkg/stsservice/mock/xdsserver.go @@ -108,6 +108,7 @@ type XDSConf struct { } // StartXDSServer sets up a mock XDS server +// nolint: interfacer func StartXDSServer(conf XDSConf, cb *XDSCallbacks, ls *DynamicListener, isTLS bool) (*grpc.Server, error) { snapshotCache := cache.NewSnapshotCache(false, hasher{}, nil) server := xds.NewServer(context.Background(), snapshotCache, cb) @@ -132,7 +133,7 @@ func StartXDSServer(conf XDSConf, cb *XDSCallbacks, ls *DynamicListener, isTLS b snapshot := cache.Snapshot{} snapshot.Resources[cache.Listener] = cache.Resources{Version: time.Now().String(), Items: map[string]cache.Resource{ "backend": ls.makeListener()}} - snapshotCache.SetSnapshot("", snapshot) + _ = snapshotCache.SetSnapshot("", snapshot) go func() { _ = gRPCServer.Serve(lis) }() diff --git a/security/pkg/stsservice/test/setup.go b/security/pkg/stsservice/test/setup.go index 6fc829bed6d5..67ef15b306b4 100644 --- a/security/pkg/stsservice/test/setup.go +++ b/security/pkg/stsservice/test/setup.go @@ -53,7 +53,6 @@ type Env struct { stsServer *stsServer.Server xDSServer *grpc.Server - xDSCb *xdsService.XDSCallbacks ProxyListenerPort int initialToken string // initial token is sent to STS server for token exchange } @@ -62,7 +61,7 @@ func (e *Env) TearDown() { // Stop proxy first, otherwise XDS stream is still alive and server's graceful // stop will be blocked. e.ProxySetUp.TearDown() - e.AuthServer.Stop() + _ = e.AuthServer.Stop() e.xDSServer.GracefulStop() e.stsServer.Stop() } @@ -88,7 +87,7 @@ func WriteDataToFile(path string, content string) error { if _, err = f.WriteString(content); err != nil { return err } - f.Sync() + _ = f.Sync() return nil } @@ -204,7 +203,7 @@ func (e *Env) WaitForStsFlowReady(t *testing.T) { }, } // keep sending requests periodically until a success STS response is received - req := e.genStsReq(t, stsServerAddress) + req := e.genStsReq(stsServerAddress) for i := 0; i < 20; i++ { resp, err := hTTPClient.Do(req) if err == nil { @@ -218,7 +217,7 @@ func (e *Env) WaitForStsFlowReady(t *testing.T) { t.Errorf("STS flow is not ready") } -func (e *Env) genStsReq(t *testing.T, stsAddr string) (req *http.Request) { +func (e *Env) genStsReq(stsAddr string) (req *http.Request) { stsQuery := url.Values{} stsQuery.Set("grant_type", stsServer.TokenExchangeGrantType) stsQuery.Set("resource", "https//:backend.example.com") @@ -235,11 +234,11 @@ func (e *Env) genStsReq(t *testing.T, stsAddr string) (req *http.Request) { return req } -func setUpSTS(stsPort int, backendUrl string) (*stsServer.Server, error) { +func setUpSTS(stsPort int, backendURL string) (*stsServer.Server, error) { // Create token exchange Google plugin tokenExchangePlugin, _ := google.CreateTokenManagerPlugin(tokenBackend.FakeTrustDomain, tokenBackend.FakeProjectNum) - federatedTokenTestingEndpoint := backendUrl + "/v1/identitybindingtoken" - accessTokenTestingEndpoint := backendUrl + "/v1/projects/-/serviceAccounts/service-%s@gcp-sa-meshdataplane.iam.gserviceaccount.com:generateAccessToken" + federatedTokenTestingEndpoint := backendURL + "/v1/identitybindingtoken" + accessTokenTestingEndpoint := backendURL + "/v1/projects/-/serviceAccounts/service-%s@gcp-sa-meshdataplane.iam.gserviceaccount.com:generateAccessToken" tokenExchangePlugin.SetEndpoints(federatedTokenTestingEndpoint, accessTokenTestingEndpoint) // Create token manager tm := tokenmanager.CreateTokenManager(tokenmanager.GoogleTokenExchange, diff --git a/security/pkg/stsservice/tokenmanager/google/mock/mockserver.go b/security/pkg/stsservice/tokenmanager/google/mock/mockserver.go index 53a835f4d51c..429edc1856c9 100644 --- a/security/pkg/stsservice/tokenmanager/google/mock/mockserver.go +++ b/security/pkg/stsservice/tokenmanager/google/mock/mockserver.go @@ -68,6 +68,7 @@ type accessTokenResponse struct { } // AuthorizationServer mocks google secure token server. +// nolint: maligned type AuthorizationServer struct { Port int URL string @@ -295,7 +296,7 @@ func (ms *AuthorizationServer) getAccessToken(w http.ResponseWriter, req *http.R tokenLifeInSec := ms.accessTokenLife token := ms.accessToken if ms.enableDynamicAccessToken { - token = token + time.Now().String() + token += time.Now().String() } blockRequest := ms.blockAccessTokenRequest ms.mutex.Unlock() diff --git a/security/pkg/stsservice/tokenmanager/google/tokenexchangeplugin.go b/security/pkg/stsservice/tokenmanager/google/tokenexchangeplugin.go index 5c6f3a2c9d59..734d6af7de3e 100644 --- a/security/pkg/stsservice/tokenmanager/google/tokenexchangeplugin.go +++ b/security/pkg/stsservice/tokenmanager/google/tokenexchangeplugin.go @@ -147,7 +147,7 @@ func (p *Plugin) fetchFederatedToken(parameters stsservice.StsRequestParameters) respData := &federatedTokenResponse{} req := p.constructFederatedTokenRequest(parameters) - resp, err, timeElapsed := p.sendRequestWithRetry(req) + resp, timeElapsed, err := p.sendRequestWithRetry(req) if err != nil { respCode := 0 if resp != nil { @@ -189,7 +189,7 @@ func (p *Plugin) fetchFederatedToken(parameters stsservice.StsRequestParameters) // Send HTTP request every 0.01 seconds until successfully receive response or hit max retry numbers. // If response code is 4xx, return immediately without retry. -func (p *Plugin) sendRequestWithRetry(req *http.Request) (resp *http.Response, err error, elapsedTime time.Duration) { +func (p *Plugin) sendRequestWithRetry(req *http.Request) (resp *http.Response, elapsedTime time.Duration, err error) { start := time.Now() for i := 0; i < maxRequestRetry; i++ { resp, err = p.hTTPClient.Do(req) @@ -197,19 +197,19 @@ func (p *Plugin) sendRequestWithRetry(req *http.Request) (resp *http.Response, e pluginLog.Errorf("failed to send out request: %v (response: %v)", err, resp) } if resp != nil && resp.StatusCode == http.StatusOK { - return resp, err, time.Since(start) + return resp, time.Since(start), err } if resp != nil && resp.StatusCode >= http.StatusBadRequest && resp.StatusCode < http.StatusInternalServerError { - return resp, err, time.Since(start) + return resp, time.Since(start), err } time.Sleep(10 * time.Millisecond) } if resp != nil && resp.StatusCode != http.StatusOK { bodyBytes, _ := ioutil.ReadAll(resp.Body) defer resp.Body.Close() - return resp, fmt.Errorf("HTTP Status %d, body: %s", resp.StatusCode, string(bodyBytes)), time.Since(start) + return resp, time.Since(start), fmt.Errorf("HTTP Status %d, body: %s", resp.StatusCode, string(bodyBytes)) } - return resp, err, time.Since(start) + return resp, time.Since(start), err } type accessTokenRequest struct { @@ -260,7 +260,7 @@ func (p *Plugin) fetchAccessToken(federatedToken *federatedTokenResponse) (*acce respData := &accessTokenResponse{} req := p.constructGenerateAccessTokenRequest(federatedToken) - resp, err, timeElapsed := p.sendRequestWithRetry(req) + resp, timeElapsed, err := p.sendRequestWithRetry(req) if err != nil { respCode := 0 if resp != nil { diff --git a/tests/common/jwt/jwt_token.go b/tests/common/jwt/jwt_token.go index 6e3fe781fdca..04c84e25263f 100644 --- a/tests/common/jwt/jwt_token.go +++ b/tests/common/jwt/jwt_token.go @@ -39,6 +39,7 @@ const ( // } // Generated by: security/tools/jwt/samples/gen-jwt.py tests/common/jwt/key.pem -jwks=tests/common/jwt/jwks.json // --expire=3153600000 --iss=test-issuer-1@istio.io --sub=sub-1 --aud=bar + // nolint: lll TokenIssuer1WithAud = "eyJhbGciOiJSUzI1NiIsImtpZCI6InRUX3c5TFJOclk3d0phbEdzVFlTdDdydXRaaTg2R3Z5YzBFS1I0Q2FRQXciLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJmb28iLCJleHAiOjQ3MzI5OTQ4MDEsImlhdCI6MTU3OTM5NDgwMSwiaXNzIjoidGVzdC1pc3N1ZXItMUBpc3Rpby5pbyIsInN1YiI6InN1Yi0xIn0.OmCSy8PplBCwdLnn_uOy3ADq_9bjXznyNwhyuCI5uaaZzWusHNMg0KKEk-2vKo9adbZKHfqGk0ID3ONWOPIy2WYkpHTMU_4FY7dP7pdORjqIVuIQ6ZNLVLjiOg_LM5Se-Gvq53p61Zqb25Io_gyHqsXzyYDrWOzYDmkjOK6HNjPLhEgnZipwZ2eYiZnhYXwyYSnnuxV6FosbCvA-nFiJcbIsQObzBGC6SDZhtuAcZf1i54K16se1yiiI-LwUkyA3DZhf0P-pWEo-LfBCMVqHBuhBGeQ6twfbfU5O5KRxroxno8v7uJON0LFqP-4uv1CX2Fta4MT_hAizqNX1z4Bkxw" // Payload { diff --git a/tests/integration/galley/webhook/webhook_test.go b/tests/integration/galley/webhook/webhook_test.go index 16f5ab2896cb..cefd21443bdb 100644 --- a/tests/integration/galley/webhook/webhook_test.go +++ b/tests/integration/galley/webhook/webhook_test.go @@ -222,7 +222,7 @@ func startWebhookPortForwarderOrFail(t test.Failer, env *kube.Environment, cfg i t.Fatal("istiod does not support cert rotation") } // Hardcode Galley's webhook port. - port := (uint16)(server.DefaultArgs().Port) + port := uint16(server.DefaultArgs().Port) // ensure only one pod *exists* before we start port forwarding. scaleDeployment(cfg.IstioNamespace, deployName, 0, t, env) diff --git a/tests/integration/security/mtls_k8s_ca/main_test.go b/tests/integration/security/mtlsk8sca/main_test.go similarity index 98% rename from tests/integration/security/mtls_k8s_ca/main_test.go rename to tests/integration/security/mtlsk8sca/main_test.go index c2fd679c4e88..9d52ff5c2501 100644 --- a/tests/integration/security/mtls_k8s_ca/main_test.go +++ b/tests/integration/security/mtlsk8sca/main_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package mtls_k8s_ca +package mtlsk8sca import ( "testing" diff --git a/tests/integration/security/mtls_k8s_ca/strict_test.go b/tests/integration/security/mtlsk8sca/strict_test.go similarity index 99% rename from tests/integration/security/mtls_k8s_ca/strict_test.go rename to tests/integration/security/mtlsk8sca/strict_test.go index c789d8673e66..16cfd9e6df92 100644 --- a/tests/integration/security/mtls_k8s_ca/strict_test.go +++ b/tests/integration/security/mtlsk8sca/strict_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package mtls_k8s_ca +package mtlsk8sca import ( "testing" diff --git a/tests/integration/security/mtls_k8s_ca/testdata/global-mtls-on-no-dr.yaml b/tests/integration/security/mtlsk8sca/testdata/global-mtls-on-no-dr.yaml similarity index 100% rename from tests/integration/security/mtls_k8s_ca/testdata/global-mtls-on-no-dr.yaml rename to tests/integration/security/mtlsk8sca/testdata/global-mtls-on-no-dr.yaml diff --git a/tests/integration/security/mtls_k8s_ca/testdata/global-plaintext.yaml b/tests/integration/security/mtlsk8sca/testdata/global-plaintext.yaml similarity index 100% rename from tests/integration/security/mtls_k8s_ca/testdata/global-plaintext.yaml rename to tests/integration/security/mtlsk8sca/testdata/global-plaintext.yaml diff --git a/tools/istio-iptables/pkg/config/config.go b/tools/istio-iptables/pkg/config/config.go index ae5c453028d9..c97b90d604d5 100644 --- a/tools/istio-iptables/pkg/config/config.go +++ b/tools/istio-iptables/pkg/config/config.go @@ -23,6 +23,7 @@ import ( ) // Command line options +// nolint: maligned type Config struct { ProxyPort string `json:"PROXY_PORT"` InboundCapturePort string `json:"INBOUND_CAPTURE_PORT"` @@ -38,7 +39,7 @@ type Config struct { OutboundIPRangesExclude string `json:"OUTBOUND_IPRANGES_EXCLUDE"` KubevirtInterfaces string `json:"KUBEVIRT_INTERFACES"` IptablesProbePort uint16 `json:"IPTABLES_PROBE_PORT"` - ProbeTimeout time.Duration `json: "PROBE_TIMEOUT"` + ProbeTimeout time.Duration `json:"PROBE_TIMEOUT"` DryRun bool `json:"DRY_RUN"` RestoreFormat bool `json:"RESTORE_FORMAT"` SkipRuleApply bool `json:"SKIP_RULE_APPLY"` From 2d0198c3091a486e9adc89eb99740c25a77bb9fd Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 24 Jan 2020 17:39:19 -0800 Subject: [PATCH 14/31] Add podRedirectAnnot to fix CNI regression (#20472) --- .../istio-discovery/files/injection-template.yaml | 10 ++++++++++ .../mesh/testdata/manifest-generate/output/all_on.yaml | 10 ++++++++++ .../testdata/manifest-generate/output/flag_force.yaml | 10 ++++++++++ .../testdata/manifest-generate/output/flag_output.yaml | 10 ++++++++++ .../output/flag_output_set_profile.yaml | 10 ++++++++++ .../output/flag_output_set_values.yaml | 10 ++++++++++ .../manifest-generate/output/flag_override_values.yaml | 10 ++++++++++ .../manifest-generate/output/flag_set_values.yaml | 10 ++++++++++ .../manifest-generate/output/pilot_default.yaml | 10 ++++++++++ .../manifest-generate/output/pilot_k8s_settings.yaml | 10 ++++++++++ .../output/pilot_override_kubernetes.yaml | 10 ++++++++++ .../output/pilot_override_values.yaml | 10 ++++++++++ operator/pkg/vfs/assets.gen.go | 10 ++++++++++ ...lo-probes-with-flag-set-in-annotation.yaml.injected | 6 +++++- ...-probes-with-flag-unset-in-annotation.yaml.injected | 6 +++++- .../inject/app_probe/hello-probes.yaml.injected | 6 +++++- .../inject/app_probe/hello-readiness.yaml.injected | 6 +++++- .../inject/app_probe/https-probes.yaml.injected | 6 +++++- .../testdata/inject/app_probe/named_port.yaml.injected | 6 +++++- .../inject/app_probe/one_container.yaml.injected | 6 +++++- .../testdata/inject/app_probe/ready_live.yaml.injected | 6 +++++- .../testdata/inject/app_probe/ready_only.yaml.injected | 6 +++++- .../inject/app_probe/two_container.yaml.injected | 6 +++++- .../inject/testdata/inject/auth.cert-dir.yaml.injected | 4 ++++ .../auth.non-default-service-account.yaml.injected | 4 ++++ pkg/kube/inject/testdata/inject/auth.yaml.injected | 4 ++++ pkg/kube/inject/testdata/inject/cronjob.yaml.injected | 3 +++ .../inject/testdata/inject/daemonset.yaml.injected | 4 ++++ .../inject/deploymentconfig-multi.yaml.injected | 4 ++++ .../testdata/inject/deploymentconfig.yaml.injected | 4 ++++ .../inject/enable-core-dump-annotation.yaml.injected | 4 ++++ .../testdata/inject/enable-core-dump.yaml.injected | 4 ++++ .../testdata/inject/format-duration.yaml.injected | 4 ++++ pkg/kube/inject/testdata/inject/frontend.yaml.injected | 3 +++ .../inject/testdata/inject/hello-always.yaml.injected | 4 ++++ .../inject/hello-config-map-name.yaml.injected | 4 ++++ .../inject/testdata/inject/hello-ignore.yaml.injected | 4 ++++ .../testdata/inject/hello-mtls-not-ready.yaml.injected | 4 ++++ .../inject/testdata/inject/hello-multi.yaml.injected | 8 ++++++++ .../testdata/inject/hello-namespace.yaml.injected | 4 ++++ .../inject/testdata/inject/hello-never.yaml.injected | 4 ++++ .../testdata/inject/hello-proxy-override.yaml.injected | 4 ++++ .../inject/hello-template-in-values.yaml.injected | 4 ++++ .../inject/testdata/inject/hello-tproxy.yaml.injected | 4 ++++ .../inject/testdata/inject/hello.yaml.cni.injected | 4 ++++ pkg/kube/inject/testdata/inject/hello.yaml.injected | 4 ++++ pkg/kube/inject/testdata/inject/job.yaml.injected | 3 +++ .../testdata/inject/kubevirtInterfaces.yaml.injected | 4 ++++ .../inject/kubevirtInterfaces_list.yaml.injected | 4 ++++ .../inject/testdata/inject/list-frontend.yaml.injected | 3 +++ pkg/kube/inject/testdata/inject/list.yaml.injected | 8 ++++++++ .../testdata/inject/multi-container.yaml.injected | 4 ++++ .../inject/testdata/inject/multi-init.yaml.injected | 4 ++++ pkg/kube/inject/testdata/inject/pod.yaml.injected | 4 ++++ .../inject/testdata/inject/replicaset.yaml.injected | 4 ++++ .../inject/replicationcontroller.yaml.injected | 4 ++++ .../inject/testdata/inject/statefulset.yaml.injected | 4 ++++ .../testdata/inject/status_annotations.yaml.injected | 4 ++++ .../inject/testdata/inject/status_params.yaml.injected | 4 ++++ .../traffic-annotations-empty-includes.yaml.injected | 3 ++- .../inject/traffic-annotations-wildcards.yaml.injected | 3 ++- .../testdata/inject/traffic-annotations.yaml.injected | 3 ++- .../inject/traffic-params-empty-includes.yaml.injected | 4 ++++ .../testdata/inject/traffic-params.yaml.injected | 5 +++++ 64 files changed, 343 insertions(+), 13 deletions(-) diff --git a/manifests/istio-control/istio-discovery/files/injection-template.yaml b/manifests/istio-control/istio-discovery/files/injection-template.yaml index 5bbeeccdf16a..aa92cd61b471 100644 --- a/manifests/istio-control/istio-discovery/files/injection-template.yaml +++ b/manifests/istio-control/istio-discovery/files/injection-template.yaml @@ -450,3 +450,13 @@ template: | - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml index 47dae0f7626e..d289c5f68910 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml @@ -9171,6 +9171,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml index a169136d66a1..7f53d5b3db77 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml @@ -1499,6 +1499,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml index e6c431b5682f..e3619ccfc1a9 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml @@ -1502,6 +1502,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml index 791a5ccfee9d..66189aa6fcd9 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml @@ -7252,6 +7252,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml index 1cc90a4006a5..27f970c4df63 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml @@ -8087,6 +8087,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml index c6ba0cd348a6..aa6a42620da2 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml @@ -1496,6 +1496,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml index 2560896cd573..a416151effae 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml @@ -8086,6 +8086,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml index 99d7f78d38b5..c8e730f60597 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml @@ -1496,6 +1496,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml index d8c9ad6cdb30..c4c845fbfd7e 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml @@ -1502,6 +1502,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml index 2474306b74f9..718c3dcd5cb1 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml @@ -1253,6 +1253,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- apiVersion: v1 kind: ConfigMap diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml index d6fa4e191a1e..5ce1b5f82fc5 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml @@ -1496,6 +1496,16 @@ data: - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" --- diff --git a/operator/pkg/vfs/assets.gen.go b/operator/pkg/vfs/assets.gen.go index 2c057325ffc5..b4b9e5fc6207 100644 --- a/operator/pkg/vfs/assets.gen.go +++ b/operator/pkg/vfs/assets.gen.go @@ -12261,6 +12261,16 @@ template: | - {{ render . }} {{- end }} {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `+"`"+`sidecar.istio.io/interceptionMode`+"`"+` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `+"`"+`traffic.sidecar.istio.io/includeOutboundIPRanges`+"`"+` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `+"`"+`traffic.sidecar.istio.io/excludeOutboundIPRanges`+"`"+` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `+"`"+`traffic.sidecar.istio.io/includeInboundPorts`+"`"+` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `+"`"+`status.sidecar.istio.io/port`+"`"+` .Values.global.proxy.statusPort) (annotation .ObjectMeta `+"`"+`traffic.sidecar.istio.io/excludeInboundPorts`+"`"+` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `+"`"+`traffic.sidecar.istio.io/excludeOutboundPorts`+"`"+`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `+"`"+`traffic.sidecar.istio.io/excludeOutboundPorts`+"`"+` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `+"`"+`traffic.sidecar.istio.io/kubevirtInterfaces`+"`"+` }}" `) func chartsIstioControlIstioDiscoveryFilesInjectionTemplateYamlBytes() ([]byte, error) { diff --git a/pkg/kube/inject/testdata/inject/app_probe/hello-probes-with-flag-set-in-annotation.yaml.injected b/pkg/kube/inject/testdata/inject/app_probe/hello-probes-with-flag-set-in-annotation.yaml.injected index 8728efae5f7f..469e82b582b6 100644 --- a/pkg/kube/inject/testdata/inject/app_probe/hello-probes-with-flag-set-in-annotation.yaml.injected +++ b/pkg/kube/inject/testdata/inject/app_probe/hello-probes-with-flag-set-in-annotation.yaml.injected @@ -14,8 +14,12 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/rewriteAppHTTPProbers: "true" - sidecar.istio.io/status: '{"version":"bf820cbcf48bd658b93aae60afb49b4650d91c3f0bddb82cd82fb05262f58d68","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + sidecar.istio.io/status: '{"version":"bfb085eb5ec13a689e8c0461d5453ad4820228cb1bb63d99e635214548fc808c","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: 80,90 + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/app_probe/hello-probes-with-flag-unset-in-annotation.yaml.injected b/pkg/kube/inject/testdata/inject/app_probe/hello-probes-with-flag-unset-in-annotation.yaml.injected index 94db60e3da50..ec7761d4da07 100644 --- a/pkg/kube/inject/testdata/inject/app_probe/hello-probes-with-flag-unset-in-annotation.yaml.injected +++ b/pkg/kube/inject/testdata/inject/app_probe/hello-probes-with-flag-unset-in-annotation.yaml.injected @@ -14,8 +14,12 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/rewriteAppHTTPProbers: "false" - sidecar.istio.io/status: '{"version":"bf820cbcf48bd658b93aae60afb49b4650d91c3f0bddb82cd82fb05262f58d68","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + sidecar.istio.io/status: '{"version":"bfb085eb5ec13a689e8c0461d5453ad4820228cb1bb63d99e635214548fc808c","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: 80,90 + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/app_probe/hello-probes.yaml.injected b/pkg/kube/inject/testdata/inject/app_probe/hello-probes.yaml.injected index 6842dde39cbb..0cfae30f00fb 100644 --- a/pkg/kube/inject/testdata/inject/app_probe/hello-probes.yaml.injected +++ b/pkg/kube/inject/testdata/inject/app_probe/hello-probes.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: - sidecar.istio.io/status: '{"version":"bf820cbcf48bd658b93aae60afb49b4650d91c3f0bddb82cd82fb05262f58d68","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + sidecar.istio.io/interceptionMode: REDIRECT + sidecar.istio.io/status: '{"version":"bfb085eb5ec13a689e8c0461d5453ad4820228cb1bb63d99e635214548fc808c","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: 80,90 + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/app_probe/hello-readiness.yaml.injected b/pkg/kube/inject/testdata/inject/app_probe/hello-readiness.yaml.injected index fb92b8bf9d59..2181240600c4 100644 --- a/pkg/kube/inject/testdata/inject/app_probe/hello-readiness.yaml.injected +++ b/pkg/kube/inject/testdata/inject/app_probe/hello-readiness.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: - sidecar.istio.io/status: '{"version":"bf820cbcf48bd658b93aae60afb49b4650d91c3f0bddb82cd82fb05262f58d68","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + sidecar.istio.io/interceptionMode: REDIRECT + sidecar.istio.io/status: '{"version":"bfb085eb5ec13a689e8c0461d5453ad4820228cb1bb63d99e635214548fc808c","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/app_probe/https-probes.yaml.injected b/pkg/kube/inject/testdata/inject/app_probe/https-probes.yaml.injected index 23c7066607ab..7f45baaf5cea 100644 --- a/pkg/kube/inject/testdata/inject/app_probe/https-probes.yaml.injected +++ b/pkg/kube/inject/testdata/inject/app_probe/https-probes.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: - sidecar.istio.io/status: '{"version":"bf820cbcf48bd658b93aae60afb49b4650d91c3f0bddb82cd82fb05262f58d68","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + sidecar.istio.io/interceptionMode: REDIRECT + sidecar.istio.io/status: '{"version":"bfb085eb5ec13a689e8c0461d5453ad4820228cb1bb63d99e635214548fc808c","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: 80,90 + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/app_probe/named_port.yaml.injected b/pkg/kube/inject/testdata/inject/app_probe/named_port.yaml.injected index 55f36d00a005..fb0acb02422f 100644 --- a/pkg/kube/inject/testdata/inject/app_probe/named_port.yaml.injected +++ b/pkg/kube/inject/testdata/inject/app_probe/named_port.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: - sidecar.istio.io/status: '{"version":"bf820cbcf48bd658b93aae60afb49b4650d91c3f0bddb82cd82fb05262f58d68","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + sidecar.istio.io/interceptionMode: REDIRECT + sidecar.istio.io/status: '{"version":"bfb085eb5ec13a689e8c0461d5453ad4820228cb1bb63d99e635214548fc808c","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/app_probe/one_container.yaml.injected b/pkg/kube/inject/testdata/inject/app_probe/one_container.yaml.injected index 59af6f4b9994..e677dd5a0f88 100644 --- a/pkg/kube/inject/testdata/inject/app_probe/one_container.yaml.injected +++ b/pkg/kube/inject/testdata/inject/app_probe/one_container.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: - sidecar.istio.io/status: '{"version":"bf820cbcf48bd658b93aae60afb49b4650d91c3f0bddb82cd82fb05262f58d68","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + sidecar.istio.io/interceptionMode: REDIRECT + sidecar.istio.io/status: '{"version":"bfb085eb5ec13a689e8c0461d5453ad4820228cb1bb63d99e635214548fc808c","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/app_probe/ready_live.yaml.injected b/pkg/kube/inject/testdata/inject/app_probe/ready_live.yaml.injected index 6842dde39cbb..0cfae30f00fb 100644 --- a/pkg/kube/inject/testdata/inject/app_probe/ready_live.yaml.injected +++ b/pkg/kube/inject/testdata/inject/app_probe/ready_live.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: - sidecar.istio.io/status: '{"version":"bf820cbcf48bd658b93aae60afb49b4650d91c3f0bddb82cd82fb05262f58d68","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + sidecar.istio.io/interceptionMode: REDIRECT + sidecar.istio.io/status: '{"version":"bfb085eb5ec13a689e8c0461d5453ad4820228cb1bb63d99e635214548fc808c","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: 80,90 + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/app_probe/ready_only.yaml.injected b/pkg/kube/inject/testdata/inject/app_probe/ready_only.yaml.injected index f6e276f69876..5aa602dc9dbe 100644 --- a/pkg/kube/inject/testdata/inject/app_probe/ready_only.yaml.injected +++ b/pkg/kube/inject/testdata/inject/app_probe/ready_only.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: - sidecar.istio.io/status: '{"version":"bf820cbcf48bd658b93aae60afb49b4650d91c3f0bddb82cd82fb05262f58d68","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + sidecar.istio.io/interceptionMode: REDIRECT + sidecar.istio.io/status: '{"version":"bfb085eb5ec13a689e8c0461d5453ad4820228cb1bb63d99e635214548fc808c","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/app_probe/two_container.yaml.injected b/pkg/kube/inject/testdata/inject/app_probe/two_container.yaml.injected index 904f3568a3bb..7194912ee7ff 100644 --- a/pkg/kube/inject/testdata/inject/app_probe/two_container.yaml.injected +++ b/pkg/kube/inject/testdata/inject/app_probe/two_container.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: - sidecar.istio.io/status: '{"version":"bf820cbcf48bd658b93aae60afb49b4650d91c3f0bddb82cd82fb05262f58d68","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + sidecar.istio.io/interceptionMode: REDIRECT + sidecar.istio.io/status: '{"version":"bfb085eb5ec13a689e8c0461d5453ad4820228cb1bb63d99e635214548fc808c","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: 80,90 + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/auth.cert-dir.yaml.injected b/pkg/kube/inject/testdata/inject/auth.cert-dir.yaml.injected index 190edbfa76cf..df5e3e88fbcb 100644 --- a/pkg/kube/inject/testdata/inject/auth.cert-dir.yaml.injected +++ b/pkg/kube/inject/testdata/inject/auth.cert-dir.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/auth.non-default-service-account.yaml.injected b/pkg/kube/inject/testdata/inject/auth.non-default-service-account.yaml.injected index 0ab95fadc00a..aa9e0d5ffdbd 100644 --- a/pkg/kube/inject/testdata/inject/auth.non-default-service-account.yaml.injected +++ b/pkg/kube/inject/testdata/inject/auth.non-default-service-account.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/auth.yaml.injected b/pkg/kube/inject/testdata/inject/auth.yaml.injected index 190edbfa76cf..df5e3e88fbcb 100644 --- a/pkg/kube/inject/testdata/inject/auth.yaml.injected +++ b/pkg/kube/inject/testdata/inject/auth.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/cronjob.yaml.injected b/pkg/kube/inject/testdata/inject/cronjob.yaml.injected index 8ac959df1e1a..e500d1c9d346 100644 --- a/pkg/kube/inject/testdata/inject/cronjob.yaml.injected +++ b/pkg/kube/inject/testdata/inject/cronjob.yaml.injected @@ -7,7 +7,10 @@ spec: jobTemplate: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: security.istio.io/tlsMode: istio diff --git a/pkg/kube/inject/testdata/inject/daemonset.yaml.injected b/pkg/kube/inject/testdata/inject/daemonset.yaml.injected index 65a45cbdb4b9..22a50e09e201 100644 --- a/pkg/kube/inject/testdata/inject/daemonset.yaml.injected +++ b/pkg/kube/inject/testdata/inject/daemonset.yaml.injected @@ -12,7 +12,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/deploymentconfig-multi.yaml.injected b/pkg/kube/inject/testdata/inject/deploymentconfig-multi.yaml.injected index f4b559715922..20f4fa0bc763 100644 --- a/pkg/kube/inject/testdata/inject/deploymentconfig-multi.yaml.injected +++ b/pkg/kube/inject/testdata/inject/deploymentconfig-multi.yaml.injected @@ -27,7 +27,11 @@ items: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/deploymentconfig.yaml.injected b/pkg/kube/inject/testdata/inject/deploymentconfig.yaml.injected index 7c2852c2a8ae..db1fd36be210 100644 --- a/pkg/kube/inject/testdata/inject/deploymentconfig.yaml.injected +++ b/pkg/kube/inject/testdata/inject/deploymentconfig.yaml.injected @@ -12,7 +12,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/enable-core-dump-annotation.yaml.injected b/pkg/kube/inject/testdata/inject/enable-core-dump-annotation.yaml.injected index 39624544cdad..0ae20c6fdfaf 100644 --- a/pkg/kube/inject/testdata/inject/enable-core-dump-annotation.yaml.injected +++ b/pkg/kube/inject/testdata/inject/enable-core-dump-annotation.yaml.injected @@ -15,7 +15,11 @@ spec: metadata: annotations: sidecar.istio.io/enableCoreDump: "true" + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/enable-core-dump.yaml.injected b/pkg/kube/inject/testdata/inject/enable-core-dump.yaml.injected index 6c7bef2f8487..498601bce731 100644 --- a/pkg/kube/inject/testdata/inject/enable-core-dump.yaml.injected +++ b/pkg/kube/inject/testdata/inject/enable-core-dump.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init","enable-core-dump"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/format-duration.yaml.injected b/pkg/kube/inject/testdata/inject/format-duration.yaml.injected index 190edbfa76cf..df5e3e88fbcb 100644 --- a/pkg/kube/inject/testdata/inject/format-duration.yaml.injected +++ b/pkg/kube/inject/testdata/inject/format-duration.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/frontend.yaml.injected b/pkg/kube/inject/testdata/inject/frontend.yaml.injected index 75c23d6728d4..b59fc89afd7c 100644 --- a/pkg/kube/inject/testdata/inject/frontend.yaml.injected +++ b/pkg/kube/inject/testdata/inject/frontend.yaml.injected @@ -28,7 +28,10 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello-always.yaml.injected b/pkg/kube/inject/testdata/inject/hello-always.yaml.injected index 95fdfccafe9c..ab90c03465f9 100644 --- a/pkg/kube/inject/testdata/inject/hello-always.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello-always.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello-config-map-name.yaml.injected b/pkg/kube/inject/testdata/inject/hello-config-map-name.yaml.injected index 190edbfa76cf..df5e3e88fbcb 100644 --- a/pkg/kube/inject/testdata/inject/hello-config-map-name.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello-config-map-name.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello-ignore.yaml.injected b/pkg/kube/inject/testdata/inject/hello-ignore.yaml.injected index 2c4e85a342cb..e953e6a5bebc 100644 --- a/pkg/kube/inject/testdata/inject/hello-ignore.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello-ignore.yaml.injected @@ -15,7 +15,11 @@ spec: metadata: annotations: sidecar.istio.io/inject: "false" + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello-mtls-not-ready.yaml.injected b/pkg/kube/inject/testdata/inject/hello-mtls-not-ready.yaml.injected index a3ca52bfe649..6ce7c2e8cade 100644 --- a/pkg/kube/inject/testdata/inject/hello-mtls-not-ready.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello-mtls-not-ready.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello-multi.yaml.injected b/pkg/kube/inject/testdata/inject/hello-multi.yaml.injected index 36cfe049c45c..dc530f00e1ab 100644 --- a/pkg/kube/inject/testdata/inject/hello-multi.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello-multi.yaml.injected @@ -15,7 +15,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello @@ -241,7 +245,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "81" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello-namespace.yaml.injected b/pkg/kube/inject/testdata/inject/hello-namespace.yaml.injected index 5ee9086eeb00..3a42e63ed433 100644 --- a/pkg/kube/inject/testdata/inject/hello-namespace.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello-namespace.yaml.injected @@ -15,7 +15,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello-never.yaml.injected b/pkg/kube/inject/testdata/inject/hello-never.yaml.injected index 78f8345c3d26..82ec9be1a7a3 100644 --- a/pkg/kube/inject/testdata/inject/hello-never.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello-never.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello-proxy-override.yaml.injected b/pkg/kube/inject/testdata/inject/hello-proxy-override.yaml.injected index 926bb645927b..91f89deb04f5 100644 --- a/pkg/kube/inject/testdata/inject/hello-proxy-override.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello-proxy-override.yaml.injected @@ -14,8 +14,12 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/proxyImage: docker.io/istio/proxy2_debug:unittest sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello-template-in-values.yaml.injected b/pkg/kube/inject/testdata/inject/hello-template-in-values.yaml.injected index 73fed819da17..68af02a25013 100644 --- a/pkg/kube/inject/testdata/inject/hello-template-in-values.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello-template-in-values.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello-tproxy.yaml.injected b/pkg/kube/inject/testdata/inject/hello-tproxy.yaml.injected index 190edbfa76cf..df5e3e88fbcb 100644 --- a/pkg/kube/inject/testdata/inject/hello-tproxy.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello-tproxy.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello.yaml.cni.injected b/pkg/kube/inject/testdata/inject/hello.yaml.cni.injected index 1a109d901c75..7099fe375382 100644 --- a/pkg/kube/inject/testdata/inject/hello.yaml.cni.injected +++ b/pkg/kube/inject/testdata/inject/hello.yaml.cni.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-validation"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/hello.yaml.injected b/pkg/kube/inject/testdata/inject/hello.yaml.injected index 190edbfa76cf..df5e3e88fbcb 100644 --- a/pkg/kube/inject/testdata/inject/hello.yaml.injected +++ b/pkg/kube/inject/testdata/inject/hello.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/job.yaml.injected b/pkg/kube/inject/testdata/inject/job.yaml.injected index 864a0bded2a4..8175c4ec1101 100644 --- a/pkg/kube/inject/testdata/inject/job.yaml.injected +++ b/pkg/kube/inject/testdata/inject/job.yaml.injected @@ -7,7 +7,10 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: security.istio.io/tlsMode: istio diff --git a/pkg/kube/inject/testdata/inject/kubevirtInterfaces.yaml.injected b/pkg/kube/inject/testdata/inject/kubevirtInterfaces.yaml.injected index a949dff555bd..d85bde8c4c4c 100644 --- a/pkg/kube/inject/testdata/inject/kubevirtInterfaces.yaml.injected +++ b/pkg/kube/inject/testdata/inject/kubevirtInterfaces.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "123" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' traffic.sidecar.istio.io/kubevirtInterfaces: net1 creationTimestamp: null labels: diff --git a/pkg/kube/inject/testdata/inject/kubevirtInterfaces_list.yaml.injected b/pkg/kube/inject/testdata/inject/kubevirtInterfaces_list.yaml.injected index 6517d96476ee..acf0cecf8a24 100644 --- a/pkg/kube/inject/testdata/inject/kubevirtInterfaces_list.yaml.injected +++ b/pkg/kube/inject/testdata/inject/kubevirtInterfaces_list.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' traffic.sidecar.istio.io/kubevirtInterfaces: net1,net2 creationTimestamp: null labels: diff --git a/pkg/kube/inject/testdata/inject/list-frontend.yaml.injected b/pkg/kube/inject/testdata/inject/list-frontend.yaml.injected index 1153f70ca65d..c75d67febcaa 100644 --- a/pkg/kube/inject/testdata/inject/list-frontend.yaml.injected +++ b/pkg/kube/inject/testdata/inject/list-frontend.yaml.injected @@ -29,7 +29,10 @@ items: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/list.yaml.injected b/pkg/kube/inject/testdata/inject/list.yaml.injected index a46439a8dca4..872e9a7db9f1 100644 --- a/pkg/kube/inject/testdata/inject/list.yaml.injected +++ b/pkg/kube/inject/testdata/inject/list.yaml.injected @@ -17,7 +17,11 @@ items: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello @@ -242,7 +246,11 @@ items: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "81" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/multi-container.yaml.injected b/pkg/kube/inject/testdata/inject/multi-container.yaml.injected index 0f0a74190fe6..2ad358071bbd 100644 --- a/pkg/kube/inject/testdata/inject/multi-container.yaml.injected +++ b/pkg/kube/inject/testdata/inject/multi-container.yaml.injected @@ -12,7 +12,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "123" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: app diff --git a/pkg/kube/inject/testdata/inject/multi-init.yaml.injected b/pkg/kube/inject/testdata/inject/multi-init.yaml.injected index 145b9c8b42dc..8b59481c8ce0 100644 --- a/pkg/kube/inject/testdata/inject/multi-init.yaml.injected +++ b/pkg/kube/inject/testdata/inject/multi-init.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/pod.yaml.injected b/pkg/kube/inject/testdata/inject/pod.yaml.injected index 84e534dc6099..74e96b7064e6 100644 --- a/pkg/kube/inject/testdata/inject/pod.yaml.injected +++ b/pkg/kube/inject/testdata/inject/pod.yaml.injected @@ -2,7 +2,11 @@ apiVersion: v1 kind: Pod metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: security.istio.io/tlsMode: istio diff --git a/pkg/kube/inject/testdata/inject/replicaset.yaml.injected b/pkg/kube/inject/testdata/inject/replicaset.yaml.injected index e1ad177159f9..183d94f56dfe 100644 --- a/pkg/kube/inject/testdata/inject/replicaset.yaml.injected +++ b/pkg/kube/inject/testdata/inject/replicaset.yaml.injected @@ -11,7 +11,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/replicationcontroller.yaml.injected b/pkg/kube/inject/testdata/inject/replicationcontroller.yaml.injected index ecd34f306e15..9524912fdece 100644 --- a/pkg/kube/inject/testdata/inject/replicationcontroller.yaml.injected +++ b/pkg/kube/inject/testdata/inject/replicationcontroller.yaml.injected @@ -10,7 +10,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: nginx diff --git a/pkg/kube/inject/testdata/inject/statefulset.yaml.injected b/pkg/kube/inject/testdata/inject/statefulset.yaml.injected index 7e0d502d6473..572339a47234 100644 --- a/pkg/kube/inject/testdata/inject/statefulset.yaml.injected +++ b/pkg/kube/inject/testdata/inject/statefulset.yaml.injected @@ -14,7 +14,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: hello diff --git a/pkg/kube/inject/testdata/inject/status_annotations.yaml.injected b/pkg/kube/inject/testdata/inject/status_annotations.yaml.injected index 246ad5a78673..b091cd2e5d5b 100644 --- a/pkg/kube/inject/testdata/inject/status_annotations.yaml.injected +++ b/pkg/kube/inject/testdata/inject/status_annotations.yaml.injected @@ -16,8 +16,12 @@ spec: readiness.status.sidecar.istio.io/failureThreshold: "300" readiness.status.sidecar.istio.io/initialDelaySeconds: "100" readiness.status.sidecar.istio.io/periodSeconds: "200" + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' status.sidecar.istio.io/port: "123" + traffic.sidecar.istio.io/excludeInboundPorts: "123" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: status diff --git a/pkg/kube/inject/testdata/inject/status_params.yaml.injected b/pkg/kube/inject/testdata/inject/status_params.yaml.injected index da29967e5a97..556f4408ce21 100644 --- a/pkg/kube/inject/testdata/inject/status_params.yaml.injected +++ b/pkg/kube/inject/testdata/inject/status_params.yaml.injected @@ -12,7 +12,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "123" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: status diff --git a/pkg/kube/inject/testdata/inject/traffic-annotations-empty-includes.yaml.injected b/pkg/kube/inject/testdata/inject/traffic-annotations-empty-includes.yaml.injected index ae76e9bae373..7e3fde7c905f 100644 --- a/pkg/kube/inject/testdata/inject/traffic-annotations-empty-includes.yaml.injected +++ b/pkg/kube/inject/testdata/inject/traffic-annotations-empty-includes.yaml.injected @@ -12,8 +12,9 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' - traffic.sidecar.istio.io/excludeInboundPorts: 4,5,6 + traffic.sidecar.istio.io/excludeInboundPorts: 4,5,6,15020 traffic.sidecar.istio.io/excludeOutboundIPRanges: 10.96.0.2/24,10.96.0.3/24 traffic.sidecar.istio.io/includeInboundPorts: "" traffic.sidecar.istio.io/includeOutboundIPRanges: "" diff --git a/pkg/kube/inject/testdata/inject/traffic-annotations-wildcards.yaml.injected b/pkg/kube/inject/testdata/inject/traffic-annotations-wildcards.yaml.injected index 04aa0911f412..2a054a05aeb6 100644 --- a/pkg/kube/inject/testdata/inject/traffic-annotations-wildcards.yaml.injected +++ b/pkg/kube/inject/testdata/inject/traffic-annotations-wildcards.yaml.injected @@ -12,8 +12,9 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' - traffic.sidecar.istio.io/excludeInboundPorts: 4,5,6 + traffic.sidecar.istio.io/excludeInboundPorts: 4,5,6,15020 traffic.sidecar.istio.io/excludeOutboundIPRanges: 10.96.0.2/24,10.96.0.3/24 traffic.sidecar.istio.io/includeInboundPorts: '*' traffic.sidecar.istio.io/includeOutboundIPRanges: '*' diff --git a/pkg/kube/inject/testdata/inject/traffic-annotations.yaml.injected b/pkg/kube/inject/testdata/inject/traffic-annotations.yaml.injected index 1e1f52d17cd0..a76ae3f24ab7 100644 --- a/pkg/kube/inject/testdata/inject/traffic-annotations.yaml.injected +++ b/pkg/kube/inject/testdata/inject/traffic-annotations.yaml.injected @@ -12,8 +12,9 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' - traffic.sidecar.istio.io/excludeInboundPorts: 4,5,6 + traffic.sidecar.istio.io/excludeInboundPorts: 4,5,6,15020 traffic.sidecar.istio.io/excludeOutboundIPRanges: 10.96.0.2/24,10.96.0.3/24 traffic.sidecar.istio.io/excludeOutboundPorts: 7,8,9 traffic.sidecar.istio.io/includeInboundPorts: 1,2,3 diff --git a/pkg/kube/inject/testdata/inject/traffic-params-empty-includes.yaml.injected b/pkg/kube/inject/testdata/inject/traffic-params-empty-includes.yaml.injected index c1b410f881b4..a18cf4c34298 100644 --- a/pkg/kube/inject/testdata/inject/traffic-params-empty-includes.yaml.injected +++ b/pkg/kube/inject/testdata/inject/traffic-params-empty-includes.yaml.injected @@ -12,7 +12,11 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: "15020" + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: '*' creationTimestamp: null labels: app: traffic diff --git a/pkg/kube/inject/testdata/inject/traffic-params.yaml.injected b/pkg/kube/inject/testdata/inject/traffic-params.yaml.injected index 151f8683f008..f73f6a8f4447 100644 --- a/pkg/kube/inject/testdata/inject/traffic-params.yaml.injected +++ b/pkg/kube/inject/testdata/inject/traffic-params.yaml.injected @@ -12,7 +12,12 @@ spec: template: metadata: annotations: + sidecar.istio.io/interceptionMode: REDIRECT sidecar.istio.io/status: '{"version":"","initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-token","citadel-ca-cert","istio-certs"],"imagePullSecrets":null}' + traffic.sidecar.istio.io/excludeInboundPorts: 4,5,6 + traffic.sidecar.istio.io/excludeOutboundIPRanges: 10.96.0.2/24,10.96.0.3/24 + traffic.sidecar.istio.io/includeInboundPorts: "80" + traffic.sidecar.istio.io/includeOutboundIPRanges: 127.0.0.1/24,10.96.0.1/24 creationTimestamp: null labels: app: traffic From 9aaf27f60ca91f809b7d05a2a0d0f38e10800cd1 Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 24 Jan 2020 17:39:28 -0800 Subject: [PATCH 15/31] Support standalone Galley for MCP (#20517) Right now, to run Galley, you need certs (and therefor citadel) and it will try to do validation which won't work out because it will fight with istiod validation. This change makes it so we only require certs if validation is enabled and istiod is disabled. We also fix liveness probes in galley to support this, and remove places where we deployed citadel just for galley. --- galley/pkg/server/server.go | 9 +++++++++ .../istio-control/istio-config/templates/deployment.yaml | 4 ++-- .../mesh/testdata/manifest-generate/output/all_on.yaml | 5 +---- operator/pkg/vfs/assets.gen.go | 4 ++-- tests/integration/galley/main_test.go | 2 -- tests/integration/pilot/mcp/main_test.go | 2 -- 6 files changed, 14 insertions(+), 12 deletions(-) diff --git a/galley/pkg/server/server.go b/galley/pkg/server/server.go index 749d667f27f0..234a636ef3fa 100644 --- a/galley/pkg/server/server.go +++ b/galley/pkg/server/server.go @@ -18,6 +18,7 @@ import ( "net" "istio.io/pkg/ctrlz/fw" + "istio.io/pkg/probe" "istio.io/istio/galley/pkg/server/components" "istio.io/istio/galley/pkg/server/process" @@ -47,6 +48,14 @@ func New(a *settings.Args) *Server { live, ready := liveness.Controller(), readiness.Controller() server := components.NewValidationServer(a.ValidationWebhookServerArgs, live, ready) s.host.Add(server) + } else { + // Only the validation server controls the probes currently, so if its disable we need to set them as available. + livenessProbe := probe.NewProbe() + livenessProbe.SetAvailable(nil) + livenessProbe.RegisterProbe(liveness.Controller(), "liveness") + readinessProbe := probe.NewProbe() + readinessProbe.SetAvailable(nil) + readinessProbe.RegisterProbe(readiness.Controller(), "readiness") } if a.EnableValidationController || (a.EnableValidationServer && a.ValidationWebhookControllerArgs.UnregisterValidationWebhook) { diff --git a/manifests/istio-control/istio-config/templates/deployment.yaml b/manifests/istio-control/istio-config/templates/deployment.yaml index 2f8909ca8f75..98c2346a01b3 100644 --- a/manifests/istio-control/istio-config/templates/deployment.yaml +++ b/manifests/istio-control/istio-config/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: - --readinessProbePath=/tmp/healthready - --readinessProbeInterval=1s - --insecure=true - {{- if .Values.global.configValidation }} + {{- if and .Values.global.configValidation (not .Values.global.istiod.enabled) }} - --enable-validation=true {{- else }} - --enable-validation=false @@ -89,7 +89,7 @@ spec: - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem {{- end }} volumeMounts: - {{- if .Values.global.configValidation }} + {{- if and .Values.global.configValidation (not .Values.global.istiod.enabled) }} - name: istio-certs mountPath: /etc/certs readOnly: true diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml index d289c5f68910..cc6e6129eed2 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml @@ -7179,7 +7179,7 @@ spec: - --readinessProbePath=/tmp/healthready - --readinessProbeInterval=1s - --insecure=true - - --enable-validation=true + - --enable-validation=false - --enable-reconcileWebhookConfiguration=false - --enable-server=true - --deployment-namespace=istio-system @@ -7218,9 +7218,6 @@ spec: requests: cpu: 100m volumeMounts: - - mountPath: /etc/certs - name: istio-certs - readOnly: true - mountPath: /etc/config name: config readOnly: true diff --git a/operator/pkg/vfs/assets.gen.go b/operator/pkg/vfs/assets.gen.go index b4b9e5fc6207..90823b7c2251 100644 --- a/operator/pkg/vfs/assets.gen.go +++ b/operator/pkg/vfs/assets.gen.go @@ -11276,7 +11276,7 @@ spec: - --readinessProbePath=/tmp/healthready - --readinessProbeInterval=1s - --insecure=true - {{- if .Values.global.configValidation }} + {{- if and .Values.global.configValidation (not .Values.global.istiod.enabled) }} - --enable-validation=true {{- else }} - --enable-validation=false @@ -11307,7 +11307,7 @@ spec: - --validation.tls.caCertificates=/etc/dnscerts/root-cert.pem {{- end }} volumeMounts: - {{- if .Values.global.configValidation }} + {{- if and .Values.global.configValidation (not .Values.global.istiod.enabled) }} - name: istio-certs mountPath: /etc/certs readOnly: true diff --git a/tests/integration/galley/main_test.go b/tests/integration/galley/main_test.go index bb50c4d0c4cb..f78d6b47d979 100644 --- a/tests/integration/galley/main_test.go +++ b/tests/integration/galley/main_test.go @@ -36,8 +36,6 @@ func TestMain(m *testing.M) { components: galley: enabled: true - citadel: - enabled: true ` })). SetupOnEnv(environment.Kube, func(ctx resource.Context) error { diff --git a/tests/integration/pilot/mcp/main_test.go b/tests/integration/pilot/mcp/main_test.go index 46390341daf0..e6ad4f0de5b8 100644 --- a/tests/integration/pilot/mcp/main_test.go +++ b/tests/integration/pilot/mcp/main_test.go @@ -81,8 +81,6 @@ func setupConfig(cfg *istio.Config) { components: galley: enabled: true - citadel: - enabled: true values: galley: enableServiceDiscovery: true From be06f47a22af254ea6adaf17b1659f9af286a3ac Mon Sep 17 00:00:00 2001 From: Jason Young Date: Fri, 24 Jan 2020 18:46:57 -0800 Subject: [PATCH 16/31] add UX maintainers as codeowners for the analyzers (#20518) Also remove the duplicate `/pilot/pkg/config` line. --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 76fd128535be..99a6a7c680c0 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -2,6 +2,7 @@ /bin/ @istio/wg-test-and-release-maintainers /cmd/istiod/ @istio/wg-environments-maintainers /galley/ @istio/wg-config-maintainers +/galley/pkg/config/analysis/ @istio/wg-config-maintainers @istio/wg-user-experience-maintainers /install/ @istio/wg-environments-maintainers /istioctl/ @istio/wg-user-experience-maintainers /manifests/ @istio/wg-environments-maintainers @@ -13,7 +14,6 @@ /pilot/pkg/networking/plugin/authn/ @istio/wg-security-maintainers /pilot/pkg/networking/plugin/authz/ @istio/wg-security-maintainers /pilot/pkg/networking/plugin/mixer/ @istio/wg-policies-and-telemetry-maintainers -/pilot/pkg/config/ @istio/wg-networking-maintainers-pilot /pilot/pkg/serviceregistry/ @istio/wg-networking-maintainers-pilot /pilot/pkg/model/ @istio/wg-networking-maintainers-pilot /pilot/pkg/networking/core @istio/wg-networking-maintainers-pilot From 1ac517c337eabf91689aeedb7d8818cc656b99d7 Mon Sep 17 00:00:00 2001 From: lei-tang <32078630+lei-tang@users.noreply.github.com> Date: Fri, 24 Jan 2020 20:57:43 -0800 Subject: [PATCH 17/31] Add integration tests for jwtPolicy=first-party-jwt (#20484) * Add integration tests for jwtPolicy=first-party-jwt * Fix lint error --- .../mtls_first_party_jwt/main_test.go | 61 ++++++++++++++ .../mtls_first_party_jwt/strict_test.go | 84 +++++++++++++++++++ .../testdata/global-mtls-on-no-dr.yaml | 8 ++ .../testdata/global-plaintext.yaml | 6 ++ 4 files changed, 159 insertions(+) create mode 100644 tests/integration/security/mtls_first_party_jwt/main_test.go create mode 100644 tests/integration/security/mtls_first_party_jwt/strict_test.go create mode 100644 tests/integration/security/mtls_first_party_jwt/testdata/global-mtls-on-no-dr.yaml create mode 100644 tests/integration/security/mtls_first_party_jwt/testdata/global-plaintext.yaml diff --git a/tests/integration/security/mtls_first_party_jwt/main_test.go b/tests/integration/security/mtls_first_party_jwt/main_test.go new file mode 100644 index 000000000000..7366f51476c3 --- /dev/null +++ b/tests/integration/security/mtls_first_party_jwt/main_test.go @@ -0,0 +1,61 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package mtlsfirstpartyjwt + +import ( + "testing" + + "istio.io/istio/pkg/test/framework" + "istio.io/istio/pkg/test/framework/components/environment" + "istio.io/istio/pkg/test/framework/components/galley" + "istio.io/istio/pkg/test/framework/components/istio" + "istio.io/istio/pkg/test/framework/components/pilot" + "istio.io/istio/pkg/test/framework/label" + "istio.io/istio/pkg/test/framework/resource" +) + +var ( + inst istio.Instance + g galley.Instance + p pilot.Instance +) + +func TestMain(m *testing.M) { + framework. + NewSuite("mtls_first_party_jwt", m). + RequireEnvironment(environment.Kube). + Label(label.CustomSetup). + SetupOnEnv(environment.Kube, istio.Setup(&inst, setupConfig)). + Setup(func(ctx resource.Context) (err error) { + if g, err = galley.New(ctx, galley.Config{}); err != nil { + return err + } + if p, err = pilot.New(ctx, pilot.Config{ + Galley: g, + }); err != nil { + return err + } + return nil + }). + Run() +} + +func setupConfig(cfg *istio.Config) { + if cfg == nil { + return + } + cfg.Values["global.jwtPolicy"] = "first-party-jwt" + cfg.Values["global.mtls.auto"] = "true" +} diff --git a/tests/integration/security/mtls_first_party_jwt/strict_test.go b/tests/integration/security/mtls_first_party_jwt/strict_test.go new file mode 100644 index 000000000000..4d3c916faf16 --- /dev/null +++ b/tests/integration/security/mtls_first_party_jwt/strict_test.go @@ -0,0 +1,84 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package mtlsfirstpartyjwt + +import ( + "testing" + + "istio.io/istio/pkg/test/framework" + "istio.io/istio/pkg/test/framework/components/echo" + "istio.io/istio/pkg/test/framework/components/environment" + "istio.io/istio/pkg/test/framework/components/namespace" + "istio.io/istio/tests/integration/security/util/reachability" +) + +// When k8s CA issues the Pilot certificate, this test verifies +// reachability under different authN scenario when automtls enabled +// - app A to app B using mTLS. +// In each test, the steps are: +// - Configure authn policy. +// - Wait for config propagation. +// - Send HTTP/gRPC requests between apps. +func TestMtlsStrictK8sCA(t *testing.T) { + framework.NewTest(t). + Run(func(ctx framework.TestContext) { + + rctx := reachability.CreateContext(ctx, g, p) + systemNM := namespace.ClaimSystemNamespaceOrFail(ctx, ctx) + + testCases := []reachability.TestCase{ + { + ConfigFile: "global-mtls-on-no-dr.yaml", + Namespace: systemNM, + RequiredEnvironment: environment.Kube, + Include: func(src echo.Instance, opts echo.CallOptions) bool { + // Exclude calls to the headless service. + // Auto mtls does not apply to headless service, because for headless service + // the cluster discovery type is ORIGINAL_DST, and it will not apply upstream tls setting + return opts.Target != rctx.Headless + }, + ExpectSuccess: func(src echo.Instance, opts echo.CallOptions) bool { + // When mTLS is in STRICT mode, DR's TLS settings are default to mTLS so the result would + // be the same as having global DR rule. + if opts.Target == rctx.Naked { + // calls to naked should always succeed. + return true + } + + // If source is naked, and destination is not, expect failure. + return !(src == rctx.Naked && opts.Target != rctx.Naked) + }, + }, + { + ConfigFile: "global-plaintext.yaml", + Namespace: systemNM, + RequiredEnvironment: environment.Kube, + Include: func(src echo.Instance, opts echo.CallOptions) bool { + // Exclude calls to the headless TCP port. + if opts.Target == rctx.Headless && opts.PortName == "tcp" { + return false + } + + return true + }, + ExpectSuccess: func(src echo.Instance, opts echo.CallOptions) bool { + // When mTLS is disabled, all traffic should work. + return true + }, + }, + } + rctx.Run(testCases) + }) +} diff --git a/tests/integration/security/mtls_first_party_jwt/testdata/global-mtls-on-no-dr.yaml b/tests/integration/security/mtls_first_party_jwt/testdata/global-mtls-on-no-dr.yaml new file mode 100644 index 000000000000..b20935cc829d --- /dev/null +++ b/tests/integration/security/mtls_first_party_jwt/testdata/global-mtls-on-no-dr.yaml @@ -0,0 +1,8 @@ +# mTLS is enabled in strict mode without destination rule. +apiVersion: authentication.istio.io/v1alpha1 +kind: MeshPolicy +metadata: + name: "default" +spec: + peers: + - mtls: {} \ No newline at end of file diff --git a/tests/integration/security/mtls_first_party_jwt/testdata/global-plaintext.yaml b/tests/integration/security/mtls_first_party_jwt/testdata/global-plaintext.yaml new file mode 100644 index 000000000000..c71ec36524d4 --- /dev/null +++ b/tests/integration/security/mtls_first_party_jwt/testdata/global-plaintext.yaml @@ -0,0 +1,6 @@ +# mTLS is disabled without destination rule. +apiVersion: authentication.istio.io/v1alpha1 +kind: MeshPolicy +metadata: + name: "default" +spec: {} From a9da8461ea348a3ea5a95a8298ac7de200cab109 Mon Sep 17 00:00:00 2001 From: Tao HE <1579288+elfinhe@users.noreply.github.com> Date: Fri, 24 Jan 2020 22:22:38 -0800 Subject: [PATCH 18/31] Translate Hub an Tag values under component level specs into values. Update manifests template to support tag and hub from component values. Rebase and make gen. (#20461) --- .../templates/deployment.yaml | 2 +- .../istio-autoinject/values.yaml | 2 + .../istio-config/templates/deployment.yaml | 2 +- .../istio-control/istio-config/values.yaml | 2 + .../istio-discovery/templates/deployment.yaml | 2 +- .../istio-control/istio-discovery/values.yaml | 3 + .../istio-policy/templates/deployment.yaml | 2 +- manifests/istio-policy/values.yaml | 2 + .../mixer-telemetry/templates/deployment.yaml | 2 +- .../mixer-telemetry/values.yaml | 2 + .../nodeagent/templates/daemonset.yaml | 2 +- manifests/security/nodeagent/values.yaml | 2 + operator/cmd/mesh/manifest-generate_test.go | 4 + .../input/component_hub_tag.yaml | 14 + .../manifest-generate/output/all_on.yaml | 4 +- .../output/component_hub_tag.yaml | 9794 +++++++++++++++++ .../manifest-generate/output/flag_force.yaml | 2 + .../manifest-generate/output/flag_output.yaml | 2 + .../output/flag_output_set_profile.yaml | 2 + .../output/flag_output_set_values.yaml | 2 + .../output/flag_override_values.yaml | 2 + .../output/flag_set_values.yaml | 2 + .../output/pilot_default.yaml | 2 + .../output/pilot_k8s_settings.yaml | 2 + .../output/pilot_override_kubernetes.yaml | 2 + .../output/pilot_override_values.yaml | 2 + .../pkg/apis/istio/v1alpha1/v1alpha1.pb.html | 113 +- .../apis/istio/v1alpha1/values_types.pb.go | 1015 +- .../apis/istio/v1alpha1/values_types.proto | 24 + operator/pkg/translate/translate.go | 26 +- operator/pkg/vfs/assets.gen.go | 25 +- .../apis/istio/v1alpha1/values_types_pb2.py | 1734 +-- 32 files changed, 11698 insertions(+), 1100 deletions(-) create mode 100644 operator/cmd/mesh/testdata/manifest-generate/input/component_hub_tag.yaml create mode 100644 operator/cmd/mesh/testdata/manifest-generate/output/component_hub_tag.yaml diff --git a/manifests/istio-control/istio-autoinject/templates/deployment.yaml b/manifests/istio-control/istio-autoinject/templates/deployment.yaml index 512335c5093a..87875b8db0a9 100644 --- a/manifests/istio-control/istio-autoinject/templates/deployment.yaml +++ b/manifests/istio-control/istio-autoinject/templates/deployment.yaml @@ -43,7 +43,7 @@ spec: {{- if contains "/" .Values.sidecarInjectorWebhook.image }} image: "{{ .Values.sidecarInjectorWebhook.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.sidecarInjectorWebhook.image | default "sidecar_injector" }}:{{ .Values.global.tag }}" + image: "{{ .Values.sidecarInjectorWebhook.hub | default .Values.global.hub }}/{{ .Values.sidecarInjectorWebhook.image | default "sidecar_injector" }}:{{ .Values.sidecarInjectorWebhook.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} args: diff --git a/manifests/istio-control/istio-autoinject/values.yaml b/manifests/istio-control/istio-autoinject/values.yaml index d504acb7098e..1521f21d012a 100644 --- a/manifests/istio-control/istio-autoinject/values.yaml +++ b/manifests/istio-control/istio-autoinject/values.yaml @@ -6,6 +6,8 @@ sidecarInjectorWebhook: rollingMaxSurge: 100% rollingMaxUnavailable: 25% + hub: "" + tag: "" image: sidecar_injector # This enables injection of sidecar in all namespaces, diff --git a/manifests/istio-control/istio-config/templates/deployment.yaml b/manifests/istio-control/istio-config/templates/deployment.yaml index 98c2346a01b3..94b85684e6d8 100644 --- a/manifests/istio-control/istio-config/templates/deployment.yaml +++ b/manifests/istio-control/istio-config/templates/deployment.yaml @@ -41,7 +41,7 @@ spec: {{- if contains "/" .Values.galley.image }} image: "{{ .Values.galley.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.galley.image | default "galley" }}:{{ .Values.global.tag }}" + image: "{{ .Values.galley.hub | default .Values.global.hub }}/{{ .Values.galley.image | default "galley" }}:{{ .Values.galley.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} ports: diff --git a/manifests/istio-control/istio-config/values.yaml b/manifests/istio-control/istio-config/values.yaml index b34a2672d2d5..939673d9c0a9 100644 --- a/manifests/istio-control/istio-config/values.yaml +++ b/manifests/istio-control/istio-config/values.yaml @@ -1,4 +1,6 @@ galley: + hub: "" + tag: "" image: galley replicaCount: 1 rollingMaxSurge: 100% diff --git a/manifests/istio-control/istio-discovery/templates/deployment.yaml b/manifests/istio-control/istio-discovery/templates/deployment.yaml index 4c006f70798b..3c754358a586 100644 --- a/manifests/istio-control/istio-discovery/templates/deployment.yaml +++ b/manifests/istio-control/istio-discovery/templates/deployment.yaml @@ -65,7 +65,7 @@ spec: {{- if contains "/" .Values.pilot.image }} image: "{{ .Values.pilot.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.pilot.image | default "pilot" }}:{{ .Values.global.tag }}" + image: "{{ .Values.pilot.hub | default .Values.global.hub }}/{{ .Values.pilot.image | default "pilot" }}:{{ .Values.pilot.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} args: diff --git a/manifests/istio-control/istio-discovery/values.yaml b/manifests/istio-control/istio-discovery/values.yaml index 113ea272e126..42c2308f54d2 100644 --- a/manifests/istio-control/istio-discovery/values.yaml +++ b/manifests/istio-control/istio-discovery/values.yaml @@ -9,6 +9,9 @@ pilot: rollingMaxSurge: 100% rollingMaxUnavailable: 25% + hub: "" + tag: "" + # Can be a full hub/image:tag image: pilot traceSampling: 1.0 diff --git a/manifests/istio-policy/templates/deployment.yaml b/manifests/istio-policy/templates/deployment.yaml index fa986f5b93b8..ce64929e4fb6 100644 --- a/manifests/istio-policy/templates/deployment.yaml +++ b/manifests/istio-policy/templates/deployment.yaml @@ -77,7 +77,7 @@ spec: {{- if contains "/" .Values.mixer.policy.image }} image: "{{ .Values.mixer.policy.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.mixer.policy.image }}:{{ .Values.global.tag }}" + image: "{{ .Values.mixer.policy.hub | default .Values.global.hub }}/{{ .Values.mixer.policy.image }}:{{ .Values.mixer.policy.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} ports: diff --git a/manifests/istio-policy/values.yaml b/manifests/istio-policy/values.yaml index 5302cafcfcd3..4826889e014f 100644 --- a/manifests/istio-policy/values.yaml +++ b/manifests/istio-policy/values.yaml @@ -1,5 +1,7 @@ mixer: policy: + hub: "" + tag: "" image: mixer replicaCount: 1 diff --git a/manifests/istio-telemetry/mixer-telemetry/templates/deployment.yaml b/manifests/istio-telemetry/mixer-telemetry/templates/deployment.yaml index 41e50e50e643..cf8c39d96816 100644 --- a/manifests/istio-telemetry/mixer-telemetry/templates/deployment.yaml +++ b/manifests/istio-telemetry/mixer-telemetry/templates/deployment.yaml @@ -76,7 +76,7 @@ spec: {{- if contains "/" .Values.mixer.telemetry.image }} image: "{{ .Values.mixer.telemetry.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.mixer.telemetry.image }}:{{ .Values.global.tag }}" + image: "{{ .Values.mixer.telemetry.hub | default .Values.global.hub }}/{{ .Values.mixer.telemetry.image }}:{{ .Values.mixer.telemetry.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} ports: diff --git a/manifests/istio-telemetry/mixer-telemetry/values.yaml b/manifests/istio-telemetry/mixer-telemetry/values.yaml index cd5f92c1e481..febc0ee4297c 100644 --- a/manifests/istio-telemetry/mixer-telemetry/values.yaml +++ b/manifests/istio-telemetry/mixer-telemetry/values.yaml @@ -40,6 +40,8 @@ mixer: useAdapterCRDs: false telemetry: + hub: "" + tag: "" image: mixer enabled: true replicaCount: 1 diff --git a/manifests/security/nodeagent/templates/daemonset.yaml b/manifests/security/nodeagent/templates/daemonset.yaml index 6905c6327e40..024d633f0df3 100644 --- a/manifests/security/nodeagent/templates/daemonset.yaml +++ b/manifests/security/nodeagent/templates/daemonset.yaml @@ -32,7 +32,7 @@ spec: {{- if contains "/" .Values.nodeagent.image }} image: "{{ .Values.nodeagent.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.nodeagent.image }}:{{ .Values.global.tag }}" + image: "{{ .Values.nodeagent.hub | default .Values.global.hub }}/{{ .Values.nodeagent.image }}:{{ .Values.nodeagent.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} args: diff --git a/manifests/security/nodeagent/values.yaml b/manifests/security/nodeagent/values.yaml index 8506832ecfd4..213601125560 100644 --- a/manifests/security/nodeagent/values.yaml +++ b/manifests/security/nodeagent/values.yaml @@ -3,6 +3,8 @@ # nodeagent: enabled: false + hub: "" + tag: "" image: node-agent-k8s env: # name of authentication provider. diff --git a/operator/cmd/mesh/manifest-generate_test.go b/operator/cmd/mesh/manifest-generate_test.go index c22314f51296..f4902aea18c9 100644 --- a/operator/cmd/mesh/manifest-generate_test.go +++ b/operator/cmd/mesh/manifest-generate_test.go @@ -59,6 +59,10 @@ func TestManifestGenerateFlags(t *testing.T) { desc: "gateways_override_default", diffIgnore: "ConfigMap:*:istio", }, + { + desc: "component_hub_tag", + diffIgnore: "ConfigMap:*:istio", + }, { desc: "flag_set_values", diffIgnore: "ConfigMap:*:istio", diff --git a/operator/cmd/mesh/testdata/manifest-generate/input/component_hub_tag.yaml b/operator/cmd/mesh/testdata/manifest-generate/input/component_hub_tag.yaml new file mode 100644 index 000000000000..d7052d139451 --- /dev/null +++ b/operator/cmd/mesh/testdata/manifest-generate/input/component_hub_tag.yaml @@ -0,0 +1,14 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + hub: istio-spec.hub + tag: istio-spec.tag + components: + pilot: + enabled: true + hub: component.pilot.hub + tag: component.pilot.tag + cni: + enabled: true + hub: component.cni.hub + tag: component.cni.tag diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml index cc6e6129eed2..0df365d9bd9b 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml @@ -8173,6 +8173,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -8197,6 +8198,7 @@ data: memory: 2048Mi rollingMaxSurge: 100% rollingMaxUnavailable: 25% + tag: "" tolerations: [] traceSampling: 1 @@ -9869,7 +9871,7 @@ metadata: istio: sidecar-injector data: values: |- - {"certmanager":{"enabled":false,"namespace":"istio-system"},"clusterResources":true,"cni":{"namespace":"istio-system"},"galley":{"enableAnalysis":false,"enabled":true,"image":"galley","namespace":"istio-system"},"gateways":{"istio-egressgateway":{"autoscaleEnabled":true,"env":{"ISTIO_META_ROUTER_MODE":"sni-dnat"},"ports":[{"name":"http2","port":80},{"name":"https","port":443},{"name":"tls","port":15443,"targetPort":15443}],"secretVolumes":[{"mountPath":"/etc/istio/egressgateway-certs","name":"egressgateway-certs","secretName":"istio-egressgateway-certs"},{"mountPath":"/etc/istio/egressgateway-ca-certs","name":"egressgateway-ca-certs","secretName":"istio-egressgateway-ca-certs"}],"type":"ClusterIP","zvpn":{"enabled":true,"suffix":"global"}},"istio-ingressgateway":{"applicationPorts":"","autoscaleEnabled":true,"debug":"info","domain":"","env":{"ISTIO_META_ROUTER_MODE":"sni-dnat"},"meshExpansionPorts":[{"name":"tcp-pilot-grpc-tls","port":15011,"targetPort":15011},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns-tls","port":853,"targetPort":853}],"ports":[{"name":"status-port","port":15020,"targetPort":15020},{"name":"http2","port":80,"targetPort":80},{"name":"https","port":443},{"name":"kiali","port":15029,"targetPort":15029},{"name":"prometheus","port":15030,"targetPort":15030},{"name":"grafana","port":15031,"targetPort":15031},{"name":"tracing","port":15032,"targetPort":15032},{"name":"tls","port":15443,"targetPort":15443}],"sds":{"enabled":false,"image":"node-agent-k8s","resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}},"secretVolumes":[{"mountPath":"/etc/istio/ingressgateway-certs","name":"ingressgateway-certs","secretName":"istio-ingressgateway-certs"},{"mountPath":"/etc/istio/ingressgateway-ca-certs","name":"ingressgateway-ca-certs","secretName":"istio-ingressgateway-ca-certs"}],"type":"LoadBalancer","zvpn":{"enabled":true,"suffix":"global"}}},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configNamespace":"istio-system","configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"enabled":true,"hub":"gcr.io/istio-testing","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"istioNamespace":"istio-system","istiod":{"enabled":true},"jwtPolicy":"third-party-jwt","k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logAsJson":false,"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshNetworks":{},"mtls":{"auto":true,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"namespace":"istio-system","network":"","omitSidecarInjectorConfigMap":false,"oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"pilotCertProvider":"citadel","policyCheckFailOpen":false,"policyNamespace":"istio-system","priorityClassName":"","prometheusNamespace":"istio-system","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"misc:error","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"envoyAccessLogService":{"enabled":false},"envoyMetricsService":{"enabled":false,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"mode":"DISABLE","subjectAltNames":[]}},"envoyStatsd":{"enabled":false},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","kubevirtInterfaces":"","logLevel":"warning","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2","resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"securityNamespace":"istio-system","tag":"latest","telemetryNamespace":"istio-system","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"cluster.local","useMCP":false},"grafana":{"accessMode":"ReadWriteMany","contextPath":"/grafana","dashboardProviders":{"dashboardproviders.yaml":{"apiVersion":1,"providers":[{"disableDeletion":false,"folder":"istio","name":"istio","options":{"path":"/var/lib/grafana/dashboards/istio"},"orgId":1,"type":"file"}]}},"datasources":{"datasources.yaml":{"apiVersion":1}},"enabled":false,"env":{},"envSecrets":{},"image":{"repository":"grafana/grafana","tag":"6.5.2"},"ingress":{"enabled":false,"hosts":["grafana.local"]},"namespace":"istio-system","nodeSelector":{},"persist":false,"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"security":{"enabled":false,"passphraseKey":"passphrase","secretName":"grafana","usernameKey":"username"},"service":{"annotations":{},"externalPort":3000,"name":"http","type":"ClusterIP"},"storageClassName":"","tolerations":[]},"istio_cni":{"enabled":false},"istiocoredns":{"coreDNSImage":"coredns/coredns","coreDNSPluginImage":"istio/coredns-plugin:0.2-istio-1.1","coreDNSTag":"1.6.2","enabled":false,"namespace":"istio-system"},"kiali":{"contextPath":"/kiali","createDemoSecret":false,"dashboard":{"passphraseKey":"passphrase","secretName":"kiali","usernameKey":"username","viewOnlyMode":false},"enabled":false,"hub":"quay.io/kiali","ingress":{"enabled":false,"hosts":["kiali.local"]},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"security":{"cert_file":"/kiali-cert/cert-chain.pem","enabled":false,"private_key_file":"/kiali-cert/key.pem"},"tag":"v1.9"},"mixer":{"adapters":{"kubernetesenv":{"enabled":true},"prometheus":{"enabled":true,"metricsExpiryDuration":"10m"},"stackdriver":{"auth":{"apiKey":"","appCredentials":false,"serviceAccountPath":""},"enabled":false,"tracer":{"enabled":false,"sampleProbability":1}},"stdio":{"enabled":false,"outputAsJson":false},"useAdapterCRDs":false},"policy":{"adapters":{"kubernetesenv":{"enabled":true},"useAdapterCRDs":false},"autoscaleEnabled":true,"enabled":true,"image":"mixer","namespace":"istio-system","sessionAffinityEnabled":false},"telemetry":{"autoscaleEnabled":true,"enabled":true,"env":{"GOMAXPROCS":"6"},"image":"mixer","loadshedding":{"latencyThreshold":"100ms","mode":"enforce"},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"reportBatchMaxEntries":100,"reportBatchMaxTime":"1s","sessionAffinityEnabled":false,"tolerations":[]}},"nodeagent":{"enabled":false,"image":"node-agent-k8s","namespace":"istio-system"},"pilot":{"appNamespaces":[],"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"configMap":true,"configNamespace":"istio-config","cpu":{"targetAverageUtilization":80},"enableProtocolSniffingForInbound":false,"enableProtocolSniffingForOutbound":true,"enabled":true,"env":{},"image":"pilot","ingress":{"ingressClass":"istio","ingressControllerMode":"STRICT","ingressService":"istio-ingressgateway"},"keepaliveMaxServerConnectionAge":"30m","meshNetworks":{"networks":{}},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"policy":{"enabled":false},"replicaCount":1,"tolerations":[],"traceSampling":1},"prometheus":{"contextPath":"/prometheus","enabled":true,"hub":"docker.io/prom","ingress":{"enabled":false,"hosts":["prometheus.local"]},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"retention":"6h","scrapeInterval":"15s","security":{"enabled":true},"tag":"v2.15.1","tolerations":[]},"security":{"dnsCerts":{"istio-pilot-service-account.istio-control":"istio-pilot.istio-control"},"enableNamespacesByDefault":true,"enabled":true,"image":"citadel","namespace":"istio-system","selfSigned":true},"sidecarInjectorWebhook":{"alwaysInjectSelector":[],"enableNamespacesByDefault":false,"enabled":true,"image":"sidecar_injector","injectLabel":"istio-injection","injectedAnnotations":{},"lifecycle":{},"namespace":"istio-system","neverInjectSelector":[],"nodeSelector":{},"objectSelector":{"autoInject":true,"enabled":false},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"resources":{},"rewriteAppHTTPProbe":false,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","selfSigned":false,"tolerations":[]},"telemetry":{"enabled":true,"v2":{"enabled":false,"prometheus":{"enabled":true},"stackdriver":{"configOverride":{},"enabled":false,"logging":false,"monitoring":false,"topology":false}}},"tracing":{"enabled":false,"ingress":{"enabled":false},"jaeger":{"accessMode":"ReadWriteMany","enabled":false,"hub":"docker.io/jaegertracing","memory":{"max_traces":50000},"namespace":"istio-system","persist":false,"spanStorageType":"badger","storageClassName":"","tag":"1.14"},"nodeSelector":{},"opencensus":{"exporters":{"stackdriver":{"enable_tracing":true}},"hub":"docker.io/omnition","resources":{"limits":{"cpu":"1","memory":"2Gi"},"requests":{"cpu":"200m","memory":"400Mi"}},"tag":"0.1.9"},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"provider":"jaeger","service":{"annotations":{},"externalPort":9411,"name":"http-query","type":"ClusterIP"},"zipkin":{"hub":"docker.io/openzipkin","javaOptsHeap":700,"maxSpans":500000,"node":{"cpus":2},"probeStartupDelay":200,"queryPort":9411,"resources":{"limits":{"cpu":"300m","memory":"900Mi"},"requests":{"cpu":"150m","memory":"900Mi"}},"tag":"2.14.2"}},"version":""} + {"certmanager":{"enabled":false,"namespace":"istio-system"},"clusterResources":true,"cni":{"namespace":"istio-system"},"galley":{"enableAnalysis":false,"enabled":true,"image":"galley","namespace":"istio-system"},"gateways":{"istio-egressgateway":{"autoscaleEnabled":true,"env":{"ISTIO_META_ROUTER_MODE":"sni-dnat"},"ports":[{"name":"http2","port":80},{"name":"https","port":443},{"name":"tls","port":15443,"targetPort":15443}],"secretVolumes":[{"mountPath":"/etc/istio/egressgateway-certs","name":"egressgateway-certs","secretName":"istio-egressgateway-certs"},{"mountPath":"/etc/istio/egressgateway-ca-certs","name":"egressgateway-ca-certs","secretName":"istio-egressgateway-ca-certs"}],"type":"ClusterIP","zvpn":{"enabled":true,"suffix":"global"}},"istio-ingressgateway":{"applicationPorts":"","autoscaleEnabled":true,"debug":"info","domain":"","env":{"ISTIO_META_ROUTER_MODE":"sni-dnat"},"meshExpansionPorts":[{"name":"tcp-pilot-grpc-tls","port":15011,"targetPort":15011},{"name":"tcp-citadel-grpc-tls","port":8060,"targetPort":8060},{"name":"tcp-dns-tls","port":853,"targetPort":853}],"ports":[{"name":"status-port","port":15020,"targetPort":15020},{"name":"http2","port":80,"targetPort":80},{"name":"https","port":443},{"name":"kiali","port":15029,"targetPort":15029},{"name":"prometheus","port":15030,"targetPort":15030},{"name":"grafana","port":15031,"targetPort":15031},{"name":"tracing","port":15032,"targetPort":15032},{"name":"tls","port":15443,"targetPort":15443}],"sds":{"enabled":false,"image":"node-agent-k8s","resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}},"secretVolumes":[{"mountPath":"/etc/istio/ingressgateway-certs","name":"ingressgateway-certs","secretName":"istio-ingressgateway-certs"},{"mountPath":"/etc/istio/ingressgateway-ca-certs","name":"ingressgateway-ca-certs","secretName":"istio-ingressgateway-ca-certs"}],"type":"LoadBalancer","zvpn":{"enabled":true,"suffix":"global"}}},"global":{"arch":{"amd64":2,"ppc64le":2,"s390x":2},"certificates":[],"configNamespace":"istio-system","configValidation":true,"controlPlaneSecurityEnabled":false,"defaultNodeSelector":{},"defaultPodDisruptionBudget":{"enabled":true},"defaultResources":{"requests":{"cpu":"10m"}},"disablePolicyChecks":true,"enableHelmTest":false,"enableTracing":true,"enabled":true,"hub":"gcr.io/istio-testing","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"istioNamespace":"istio-system","istiod":{"enabled":true},"jwtPolicy":"third-party-jwt","k8sIngress":{"enableHttps":false,"enabled":false,"gatewayName":"ingressgateway"},"localityLbSetting":{"enabled":true},"logAsJson":false,"logging":{"level":"default:info"},"meshExpansion":{"enabled":false,"useILB":false},"meshNetworks":{},"mtls":{"auto":true,"enabled":false},"multiCluster":{"clusterName":"","enabled":false},"namespace":"istio-system","network":"","omitSidecarInjectorConfigMap":false,"oneNamespace":false,"operatorManageWebhooks":false,"outboundTrafficPolicy":{"mode":"ALLOW_ANY"},"pilotCertProvider":"citadel","policyCheckFailOpen":false,"policyNamespace":"istio-system","priorityClassName":"","prometheusNamespace":"istio-system","proxy":{"accessLogEncoding":"TEXT","accessLogFile":"","accessLogFormat":"","autoInject":"enabled","clusterDomain":"cluster.local","componentLogLevel":"misc:error","concurrency":2,"dnsRefreshRate":"300s","enableCoreDump":false,"envoyAccessLogService":{"enabled":false},"envoyMetricsService":{"enabled":false,"tcpKeepalive":{"interval":"10s","probes":3,"time":"10s"},"tlsSettings":{"mode":"DISABLE","subjectAltNames":[]}},"envoyStatsd":{"enabled":false},"excludeIPRanges":"","excludeInboundPorts":"","excludeOutboundPorts":"","image":"proxyv2","includeIPRanges":"*","includeInboundPorts":"*","kubevirtInterfaces":"","logLevel":"warning","privileged":false,"protocolDetectionTimeout":"100ms","readinessFailureThreshold":30,"readinessInitialDelaySeconds":1,"readinessPeriodSeconds":2,"resources":{"limits":{"cpu":"2000m","memory":"1024Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"statusPort":15020,"tracer":"zipkin"},"proxy_init":{"image":"proxyv2","resources":{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}},"sds":{"enabled":false,"token":{"aud":"istio-ca"},"udsPath":""},"securityNamespace":"istio-system","tag":"latest","telemetryNamespace":"istio-system","tracer":{"datadog":{"address":"$(HOST_IP):8126"},"lightstep":{"accessToken":"","address":"","cacertPath":"","secure":true},"zipkin":{"address":""}},"trustDomain":"cluster.local","useMCP":false},"grafana":{"accessMode":"ReadWriteMany","contextPath":"/grafana","dashboardProviders":{"dashboardproviders.yaml":{"apiVersion":1,"providers":[{"disableDeletion":false,"folder":"istio","name":"istio","options":{"path":"/var/lib/grafana/dashboards/istio"},"orgId":1,"type":"file"}]}},"datasources":{"datasources.yaml":{"apiVersion":1}},"enabled":false,"env":{},"envSecrets":{},"image":{"repository":"grafana/grafana","tag":"6.5.2"},"ingress":{"enabled":false,"hosts":["grafana.local"]},"namespace":"istio-system","nodeSelector":{},"persist":false,"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"security":{"enabled":false,"passphraseKey":"passphrase","secretName":"grafana","usernameKey":"username"},"service":{"annotations":{},"externalPort":3000,"name":"http","type":"ClusterIP"},"storageClassName":"","tolerations":[]},"istio_cni":{"enabled":false},"istiocoredns":{"coreDNSImage":"coredns/coredns","coreDNSPluginImage":"istio/coredns-plugin:0.2-istio-1.1","coreDNSTag":"1.6.2","enabled":false,"namespace":"istio-system"},"kiali":{"contextPath":"/kiali","createDemoSecret":false,"dashboard":{"passphraseKey":"passphrase","secretName":"kiali","usernameKey":"username","viewOnlyMode":false},"enabled":false,"hub":"quay.io/kiali","ingress":{"enabled":false,"hosts":["kiali.local"]},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"security":{"cert_file":"/kiali-cert/cert-chain.pem","enabled":false,"private_key_file":"/kiali-cert/key.pem"},"tag":"v1.9"},"mixer":{"adapters":{"kubernetesenv":{"enabled":true},"prometheus":{"enabled":true,"metricsExpiryDuration":"10m"},"stackdriver":{"auth":{"apiKey":"","appCredentials":false,"serviceAccountPath":""},"enabled":false,"tracer":{"enabled":false,"sampleProbability":1}},"stdio":{"enabled":false,"outputAsJson":false},"useAdapterCRDs":false},"policy":{"adapters":{"kubernetesenv":{"enabled":true},"useAdapterCRDs":false},"autoscaleEnabled":true,"enabled":true,"image":"mixer","namespace":"istio-system","sessionAffinityEnabled":false},"telemetry":{"autoscaleEnabled":true,"enabled":true,"env":{"GOMAXPROCS":"6"},"image":"mixer","loadshedding":{"latencyThreshold":"100ms","mode":"enforce"},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"reportBatchMaxEntries":100,"reportBatchMaxTime":"1s","sessionAffinityEnabled":false,"tolerations":[]}},"nodeagent":{"enabled":false,"image":"node-agent-k8s","namespace":"istio-system"},"pilot":{"appNamespaces":[],"autoscaleEnabled":true,"autoscaleMax":5,"autoscaleMin":1,"configMap":true,"configNamespace":"istio-config","cpu":{"targetAverageUtilization":80},"enableProtocolSniffingForInbound":false,"enableProtocolSniffingForOutbound":true,"enabled":true,"env":{},"image":"pilot","ingress":{"ingressClass":"istio","ingressControllerMode":"STRICT","ingressService":"istio-ingressgateway"},"keepaliveMaxServerConnectionAge":"30m","meshNetworks":{"networks":{}},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"policy":{"enabled":false},"replicaCount":1,"tolerations":[],"traceSampling":1},"prometheus":{"contextPath":"/prometheus","enabled":true,"hub":"docker.io/prom","ingress":{"enabled":false,"hosts":["prometheus.local"]},"namespace":"istio-system","nodeSelector":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"retention":"6h","scrapeInterval":"15s","security":{"enabled":true},"tag":"v2.15.1","tolerations":[]},"security":{"dnsCerts":{"istio-pilot-service-account.istio-control":"istio-pilot.istio-control"},"enableNamespacesByDefault":true,"enabled":true,"image":"citadel","namespace":"istio-system","selfSigned":true},"sidecarInjectorWebhook":{"alwaysInjectSelector":[],"enableNamespacesByDefault":false,"enabled":true,"hub":"","image":"sidecar_injector","injectLabel":"istio-injection","injectedAnnotations":{},"lifecycle":{},"namespace":"istio-system","neverInjectSelector":[],"nodeSelector":{},"objectSelector":{"autoInject":true,"enabled":false},"podAnnotations":{},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"replicaCount":1,"resources":{},"rewriteAppHTTPProbe":false,"rollingMaxSurge":"100%","rollingMaxUnavailable":"25%","selfSigned":false,"tag":"","tolerations":[]},"telemetry":{"enabled":true,"v2":{"enabled":false,"prometheus":{"enabled":true},"stackdriver":{"configOverride":{},"enabled":false,"logging":false,"monitoring":false,"topology":false}}},"tracing":{"enabled":false,"ingress":{"enabled":false},"jaeger":{"accessMode":"ReadWriteMany","enabled":false,"hub":"docker.io/jaegertracing","memory":{"max_traces":50000},"namespace":"istio-system","persist":false,"spanStorageType":"badger","storageClassName":"","tag":"1.14"},"nodeSelector":{},"opencensus":{"exporters":{"stackdriver":{"enable_tracing":true}},"hub":"docker.io/omnition","resources":{"limits":{"cpu":"1","memory":"2Gi"},"requests":{"cpu":"200m","memory":"400Mi"}},"tag":"0.1.9"},"podAntiAffinityLabelSelector":[],"podAntiAffinityTermLabelSelector":[],"provider":"jaeger","service":{"annotations":{},"externalPort":9411,"name":"http-query","type":"ClusterIP"},"zipkin":{"hub":"docker.io/openzipkin","javaOptsHeap":700,"maxSpans":500000,"node":{"cpus":2},"probeStartupDelay":200,"queryPort":9411,"resources":{"limits":{"cpu":"300m","memory":"900Mi"},"requests":{"cpu":"150m","memory":"900Mi"}},"tag":"2.14.2"}},"version":""} config: |- policy: enabled diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/component_hub_tag.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/component_hub_tag.yaml new file mode 100644 index 000000000000..fe8bbfa1a280 --- /dev/null +++ b/operator/cmd/mesh/testdata/manifest-generate/output/component_hub_tag.yaml @@ -0,0 +1,9794 @@ +# Resources for Addon component + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: prometheus-istio-system + labels: + app: prometheus + release: istio +rules: +- apiGroups: [""] + resources: + - nodes + - services + - endpoints + - pods + - nodes/proxy + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: + - configmaps + verbs: ["get"] +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: prometheus-istio-system + labels: + app: prometheus + release: istio +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus-istio-system +subjects: +- kind: ServiceAccount + name: prometheus + namespace: istio-system +--- + + +apiVersion: v1 +kind: ConfigMap +metadata: + name: prometheus + namespace: istio-system + labels: + app: prometheus + release: istio +data: + prometheus.yml: |- + global: + scrape_interval: 15s + scrape_configs: + + # Mixer scrapping. Defaults to Prometheus and mixer on same namespace. + # + - job_name: 'istio-mesh' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-telemetry;prometheus + + # Scrape config for envoy stats + - job_name: 'envoy-stats' + metrics_path: /stats/prometheus + kubernetes_sd_configs: + - role: pod + + relabel_configs: + - source_labels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:15090 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name + + - job_name: 'istio-policy' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-policy;http-policy-monitoring + + - job_name: 'istio-telemetry' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-telemetry;http-monitoring + + - job_name: 'pilot' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-pilot;http-monitoring + + - job_name: 'galley' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-galley;http-monitoring + + - job_name: 'citadel' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-citadel;http-monitoring + + - job_name: 'sidecar-injector' + + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - istio-system + + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: istio-sidecar-injector;http-monitoring + + # scrape config for API servers + - job_name: 'kubernetes-apiservers' + kubernetes_sd_configs: + - role: endpoints + namespaces: + names: + - default + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + relabel_configs: + - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: kubernetes;https + + # scrape config for nodes (kubelet) + - job_name: 'kubernetes-nodes' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics + + # Scrape config for Kubelet cAdvisor. + # + # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics + # (those whose names begin with 'container_') have been removed from the + # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to + # retrieve those metrics. + # + # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor + # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" + # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with + # the --cadvisor-port=0 Kubelet flag). + # + # This job is not necessary and should be removed in Kubernetes 1.6 and + # earlier versions, or it will cause the metrics to be scraped twice. + - job_name: 'kubernetes-cadvisor' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor + + # scrape config for service endpoints. + - job_name: 'kubernetes-service-endpoints' + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] + action: replace + target_label: __scheme__ + regex: (https?) + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] + action: replace + target_label: __address__ + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: kubernetes_name + + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: + - role: pod + relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status] + action: drop + regex: (.+) + - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] + action: drop + regex: (true) + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: pod_name +--- + + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prometheus + namespace: istio-system + labels: + app: prometheus + release: istio +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + labels: + app: prometheus + release: istio + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: prometheus + containers: + - name: prometheus + image: "docker.io/prom/prometheus:v2.15.1" + imagePullPolicy: IfNotPresent + args: + - '--storage.tsdb.retention=6h' + - '--config.file=/etc/prometheus/prometheus.yml' + ports: + - containerPort: 9090 + name: http + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + resources: + requests: + cpu: 10m + + volumeMounts: + - name: config-volume + mountPath: /etc/prometheus + - mountPath: /etc/istio-certs + name: istio-certs + volumes: + - name: config-volume + configMap: + name: prometheus + - name: istio-certs + secret: + defaultMode: 420 + optional: true + secretName: istio.default + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - "amd64" + - "ppc64le" + - "s390x" + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 2 + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - "amd64" + - weight: 2 + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - "ppc64le" + - weight: 2 + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - "s390x" +--- + + +apiVersion: v1 +kind: Service +metadata: + name: prometheus + namespace: istio-system + annotations: + prometheus.io/scrape: 'true' + labels: + app: prometheus + release: istio +spec: + selector: + app: prometheus + ports: + - name: http-prometheus + protocol: TCP + port: 9090 +--- + + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: prometheus + namespace: istio-system + labels: + app: prometheus + release: istio +--- + +# Resources for Base component + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-reader-istio-system + labels: + app: istio-reader + release: istio +rules: +- apiGroups: + - "config.istio.io" + - "rbac.istio.io" + - "security.istio.io" + - "networking.istio.io" + - "authentication.istio.io" + resources: ["*"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-reader-istio-system + labels: + app: istio-reader + release: istio +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-reader-istio-system +subjects: + - kind: ServiceAccount + name: istio-reader-service-account + namespace: istio-system +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-citadel + chart: istio + heritage: Tiller + release: istio + name: meshpolicies.authentication.istio.io +spec: + group: authentication.istio.io + names: + categories: + - istio-io + - authentication-istio-io + kind: MeshPolicy + listKind: MeshPolicyList + plural: meshpolicies + singular: meshpolicy + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Authentication policy for Istio services. See more details + at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' + properties: + originIsOptional: + description: Deprecated. + type: boolean + origins: + description: Deprecated. + items: + properties: + jwt: + description: Jwt params for the method. + properties: + audiences: + items: + format: string + type: string + type: array + issuer: + description: Identifies the issuer that issued the JWT. + format: string + type: string + jwks: + description: JSON Web Key Set of public keys to validate signature + of the JWT. + format: string + type: string + jwks_uri: + format: string + type: string + jwksUri: + format: string + type: string + jwt_headers: + description: JWT is sent in a request header. + items: + format: string + type: string + type: array + jwtHeaders: + description: JWT is sent in a request header. + items: + format: string + type: string + type: array + jwtParams: + description: JWT is sent in a query parameter. + items: + format: string + type: string + type: array + trigger_rules: + items: + properties: + excluded_paths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + excludedPaths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + included_paths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + includedPaths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + type: object + type: array + triggerRules: + items: + properties: + excluded_paths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + excludedPaths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + included_paths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + includedPaths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + type: object + type: array + type: object + type: object + type: array + peerIsOptional: + description: Deprecated. + type: boolean + peers: + description: List of authentication methods that can be used for peer + authentication. + items: + oneOf: + - required: + - mtls + - properties: + jwt: {} + required: + - jwt + properties: + jwt: + properties: + audiences: + items: + format: string + type: string + type: array + issuer: + description: Identifies the issuer that issued the JWT. + format: string + type: string + jwks: + description: JSON Web Key Set of public keys to validate signature + of the JWT. + format: string + type: string + jwks_uri: + format: string + type: string + jwksUri: + format: string + type: string + jwt_headers: + description: JWT is sent in a request header. + items: + format: string + type: string + type: array + jwtHeaders: + description: JWT is sent in a request header. + items: + format: string + type: string + type: array + jwtParams: + description: JWT is sent in a query parameter. + items: + format: string + type: string + type: array + trigger_rules: + items: + properties: + excluded_paths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + excludedPaths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + included_paths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + includedPaths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + type: object + type: array + triggerRules: + items: + properties: + excluded_paths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + excludedPaths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + included_paths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + includedPaths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + type: object + type: array + type: object + mtls: + description: Set if mTLS is used. + properties: + allowTls: + description: Deprecated. + type: boolean + mode: + description: Defines the mode of mTLS authentication. + enum: + - STRICT + - PERMISSIVE + type: string + type: object + type: object + type: array + principalBinding: + description: Deprecated. + enum: + - USE_PEER + - USE_ORIGIN + type: string + targets: + description: Deprecated. + items: + properties: + name: + description: The name must be a short name from the service registry. + format: string + type: string + ports: + description: Specifies the ports. + items: + oneOf: + - required: + - number + - required: + - name + properties: + name: + format: string + type: string + number: + type: integer + type: object + type: array + type: object + type: array + type: object + type: object + versions: + - name: v1alpha1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-citadel + chart: istio + heritage: Tiller + release: istio + name: policies.authentication.istio.io +spec: + group: authentication.istio.io + names: + categories: + - istio-io + - authentication-istio-io + kind: Policy + listKind: PolicyList + plural: policies + singular: policy + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Authentication policy for Istio services. See more details + at: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1.html' + properties: + originIsOptional: + description: Deprecated. + type: boolean + origins: + description: Deprecated. + items: + properties: + jwt: + description: Jwt params for the method. + properties: + audiences: + items: + format: string + type: string + type: array + issuer: + description: Identifies the issuer that issued the JWT. + format: string + type: string + jwks: + description: JSON Web Key Set of public keys to validate signature + of the JWT. + format: string + type: string + jwks_uri: + format: string + type: string + jwksUri: + format: string + type: string + jwt_headers: + description: JWT is sent in a request header. + items: + format: string + type: string + type: array + jwtHeaders: + description: JWT is sent in a request header. + items: + format: string + type: string + type: array + jwtParams: + description: JWT is sent in a query parameter. + items: + format: string + type: string + type: array + trigger_rules: + items: + properties: + excluded_paths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + excludedPaths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + included_paths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + includedPaths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + type: object + type: array + triggerRules: + items: + properties: + excluded_paths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + excludedPaths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + included_paths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + includedPaths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + type: object + type: array + type: object + type: object + type: array + peerIsOptional: + description: Deprecated. + type: boolean + peers: + description: List of authentication methods that can be used for peer + authentication. + items: + oneOf: + - required: + - mtls + - properties: + jwt: {} + required: + - jwt + properties: + jwt: + properties: + audiences: + items: + format: string + type: string + type: array + issuer: + description: Identifies the issuer that issued the JWT. + format: string + type: string + jwks: + description: JSON Web Key Set of public keys to validate signature + of the JWT. + format: string + type: string + jwks_uri: + format: string + type: string + jwksUri: + format: string + type: string + jwt_headers: + description: JWT is sent in a request header. + items: + format: string + type: string + type: array + jwtHeaders: + description: JWT is sent in a request header. + items: + format: string + type: string + type: array + jwtParams: + description: JWT is sent in a query parameter. + items: + format: string + type: string + type: array + trigger_rules: + items: + properties: + excluded_paths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + excludedPaths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + included_paths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + includedPaths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + type: object + type: array + triggerRules: + items: + properties: + excluded_paths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + excludedPaths: + description: List of paths to be excluded from the request. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + included_paths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + includedPaths: + description: List of paths that the request must include. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - suffix + - required: + - regex + properties: + exact: + description: exact string match. + format: string + type: string + prefix: + description: prefix-based match. + format: string + type: string + regex: + description: ECMAscript style regex-based match + as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). + format: string + type: string + suffix: + description: suffix-based match. + format: string + type: string + type: object + type: array + type: object + type: array + type: object + mtls: + description: Set if mTLS is used. + properties: + allowTls: + description: Deprecated. + type: boolean + mode: + description: Defines the mode of mTLS authentication. + enum: + - STRICT + - PERMISSIVE + type: string + type: object + type: object + type: array + principalBinding: + description: Deprecated. + enum: + - USE_PEER + - USE_ORIGIN + type: string + targets: + description: Deprecated. + items: + properties: + name: + description: The name must be a short name from the service registry. + format: string + type: string + ports: + description: Specifies the ports. + items: + oneOf: + - required: + - number + - required: + - name + properties: + name: + format: string + type: string + number: + type: integer + type: object + type: array + type: object + type: array + type: object + type: object + versions: + - name: v1alpha1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: httpapispecs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: HTTPAPISpec + listKind: HTTPAPISpecList + plural: httpapispecs + singular: httpapispec + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + api_keys: + items: + oneOf: + - required: + - query + - required: + - header + - required: + - cookie + properties: + cookie: + format: string + type: string + header: + description: API key is sent in a request header. + format: string + type: string + query: + description: API Key is sent as a query parameter. + format: string + type: string + type: object + type: array + apiKeys: + items: + oneOf: + - required: + - query + - required: + - header + - required: + - cookie + properties: + cookie: + format: string + type: string + header: + description: API key is sent in a request header. + format: string + type: string + query: + description: API Key is sent as a query parameter. + format: string + type: string + type: object + type: array + attributes: + properties: + attributes: + additionalProperties: + oneOf: + - required: + - stringValue + - required: + - int64Value + - required: + - doubleValue + - required: + - boolValue + - required: + - bytesValue + - required: + - timestampValue + - required: + - durationValue + - required: + - stringMapValue + properties: + boolValue: + type: boolean + bytesValue: + format: binary + type: string + doubleValue: + format: double + type: number + durationValue: + type: string + int64Value: + format: int64 + type: integer + stringMapValue: + properties: + entries: + additionalProperties: + format: string + type: string + description: Holds a set of name/value pairs. + type: object + type: object + stringValue: + format: string + type: string + timestampValue: + format: dateTime + type: string + type: object + description: A map of attribute name to its value. + type: object + type: object + patterns: + description: List of HTTP patterns to match. + items: + oneOf: + - required: + - uriTemplate + - required: + - regex + properties: + attributes: + properties: + attributes: + additionalProperties: + oneOf: + - required: + - stringValue + - required: + - int64Value + - required: + - doubleValue + - required: + - boolValue + - required: + - bytesValue + - required: + - timestampValue + - required: + - durationValue + - required: + - stringMapValue + properties: + boolValue: + type: boolean + bytesValue: + format: binary + type: string + doubleValue: + format: double + type: number + durationValue: + type: string + int64Value: + format: int64 + type: integer + stringMapValue: + properties: + entries: + additionalProperties: + format: string + type: string + description: Holds a set of name/value pairs. + type: object + type: object + stringValue: + format: string + type: string + timestampValue: + format: dateTime + type: string + type: object + description: A map of attribute name to its value. + type: object + type: object + httpMethod: + format: string + type: string + regex: + format: string + type: string + uriTemplate: + format: string + type: string + type: object + type: array + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: httpapispecbindings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: HTTPAPISpecBinding + listKind: HTTPAPISpecBindingList + plural: httpapispecbindings + singular: httpapispecbinding + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + api_specs: + items: + properties: + name: + description: The short name of the HTTPAPISpec. + format: string + type: string + namespace: + description: Optional namespace of the HTTPAPISpec. + format: string + type: string + type: object + type: array + apiSpecs: + items: + properties: + name: + description: The short name of the HTTPAPISpec. + format: string + type: string + namespace: + description: Optional namespace of the HTTPAPISpec. + format: string + type: string + type: object + type: array + services: + description: One or more services to map the listed HTTPAPISpec onto. + items: + properties: + domain: + description: Domain suffix used to construct the service FQDN + in implementations that support such specification. + format: string + type: string + labels: + additionalProperties: + format: string + type: string + description: Optional one or more labels that uniquely identify + the service version. + type: object + name: + description: The short name of the service such as "foo". + format: string + type: string + namespace: + description: Optional namespace of the service. + format: string + type: string + service: + description: The service FQDN. + format: string + type: string + type: object + type: array + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: quotaspecs.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: QuotaSpec + listKind: QuotaSpecList + plural: quotaspecs + singular: quotaspec + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: Determines the quotas used for individual requests. + properties: + rules: + description: A list of Quota rules. + items: + properties: + match: + description: If empty, match all request. + items: + properties: + clause: + additionalProperties: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + format: string + type: string + type: object + description: Map of attribute names to StringMatch type. + type: object + type: object + type: array + quotas: + description: The list of quotas to charge. + items: + properties: + charge: + format: int32 + type: integer + quota: + format: string + type: string + type: object + type: array + type: object + type: array + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-mixer + chart: istio + heritage: Tiller + release: istio + name: quotaspecbindings.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - apim-istio-io + kind: QuotaSpecBinding + listKind: QuotaSpecBindingList + plural: quotaspecbindings + singular: quotaspecbinding + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + quotaSpecs: + items: + properties: + name: + description: The short name of the QuotaSpec. + format: string + type: string + namespace: + description: Optional namespace of the QuotaSpec. + format: string + type: string + type: object + type: array + services: + description: One or more services to map the listed QuotaSpec onto. + items: + properties: + domain: + description: Domain suffix used to construct the service FQDN + in implementations that support such specification. + format: string + type: string + labels: + additionalProperties: + format: string + type: string + description: Optional one or more labels that uniquely identify + the service version. + type: object + name: + description: The short name of the service such as "foo". + format: string + type: string + namespace: + description: Optional namespace of the service. + format: string + type: string + service: + description: The service FQDN. + format: string + type: string + type: object + type: array + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: destinationrules.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.host + description: The name of a service from the service registry + name: Host + type: string + - JSONPath: .metadata.creationTimestamp + description: 'CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: DestinationRule + listKind: DestinationRuleList + plural: destinationrules + shortNames: + - dr + singular: destinationrule + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting load balancing, outlier detection, + etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' + properties: + exportTo: + description: A list of namespaces to which this destination rule is + exported. + items: + format: string + type: string + type: array + host: + description: The name of a service from the service registry. + format: string + type: string + subsets: + items: + properties: + labels: + additionalProperties: + format: string + type: string + type: object + name: + description: Name of the subset. + format: string + type: string + trafficPolicy: + description: Traffic policies that apply to this subset. + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: Specify if http1.1 connection should + be upgraded to http2 for the associated destination. + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of pending HTTP requests + to a destination. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of requests to a backend. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + format: int32 + type: integer + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + probes: + type: integer + time: + type: string + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - required: + - simple + - properties: + consistentHash: + oneOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + required: + - consistentHash + properties: + consistentHash: + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + format: string + type: string + path: + description: Path to set for the cookie. + format: string + type: string + ttl: + description: Lifetime of the cookie. + type: string + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + format: string + type: string + minimumRingSize: + type: integer + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute or + failover can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + format: string + type: string + to: + additionalProperties: + type: integer + description: Map of upstream localities to traffic + distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this + is DestinationRule-level and will override mesh + wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only failover or distribute + can be set.' + items: + properties: + from: + description: Originating region. + format: string + type: string + to: + format: string + type: string + type: object + type: array + type: object + simple: + enum: + - ROUND_ROBIN + - LEAST_CONN + - RANDOM + - PASSTHROUGH + type: string + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host is + ejected from the connection pool. + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + maxEjectionPercent: + format: int32 + type: integer + minHealthPercent: + format: int32 + type: integer + type: object + portLevelSettings: + description: Traffic policies specific to individual ports. + items: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: Specify if http1.1 connection should + be upgraded to http2 for the associated destination. + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of pending HTTP + requests to a destination. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of requests to a + backend. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + maxRequestsPerConnection: + description: Maximum number of requests per + connection to a backend. + format: int32 + type: integer + maxRetries: + format: int32 + type: integer + type: object + tcp: + description: Settings common to both HTTP and TCP + upstream connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on + the socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + probes: + type: integer + time: + type: string + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer + algorithms. + oneOf: + - required: + - simple + - properties: + consistentHash: + oneOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + required: + - consistentHash + properties: + consistentHash: + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + format: string + type: string + path: + description: Path to set for the cookie. + format: string + type: string + ttl: + description: Lifetime of the cookie. + type: string + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + format: string + type: string + minimumRingSize: + type: integer + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute + or failover can be set.' + items: + properties: + from: + description: Originating locality, '/' + separated, e.g. + format: string + type: string + to: + additionalProperties: + type: integer + description: Map of upstream localities + to traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, + this is DestinationRule-level and will override + mesh wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only failover or distribute + can be set.' + items: + properties: + from: + description: Originating region. + format: string + type: string + to: + format: string + type: string + type: object + type: array + type: object + simple: + enum: + - ROUND_ROBIN + - LEAST_CONN + - RANDOM + - PASSTHROUGH + type: string + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + consecutive5xxErrors: + description: Number of 5xx errors before a host + is ejected from the connection pool. + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host + is ejected from the connection pool. + nullable: true + type: integer + interval: + description: Time interval between ejection sweep + analysis. + type: string + maxEjectionPercent: + format: int32 + type: integer + minHealthPercent: + format: int32 + type: integer + type: object + port: + properties: + number: + type: integer + type: object + tls: + description: TLS related settings for connections to + the upstream service. + properties: + caCertificates: + format: string + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + format: string + type: string + mode: + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + format: string + type: string + sni: + description: SNI string to present to the server + during TLS handshake. + format: string + type: string + subjectAltNames: + items: + format: string + type: string + type: array + type: object + type: object + type: array + tls: + description: TLS related settings for connections to the upstream + service. + properties: + caCertificates: + format: string + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + format: string + type: string + mode: + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + format: string + type: string + sni: + description: SNI string to present to the server during + TLS handshake. + format: string + type: string + subjectAltNames: + items: + format: string + type: string + type: array + type: object + type: object + type: object + type: array + trafficPolicy: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: Specify if http1.1 connection should be upgraded + to http2 for the associated destination. + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of pending HTTP requests to + a destination. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of requests to a backend. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection pool + connections. + type: string + maxRequestsPerConnection: + description: Maximum number of requests per connection to + a backend. + format: int32 + type: integer + maxRetries: + format: int32 + type: integer + type: object + tcp: + description: Settings common to both HTTP and TCP upstream connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + maxConnections: + description: Maximum number of HTTP1 /TCP connections to + a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive probes. + type: string + probes: + type: integer + time: + type: string + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - required: + - simple + - properties: + consistentHash: + oneOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + required: + - consistentHash + properties: + consistentHash: + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + format: string + type: string + path: + description: Path to set for the cookie. + format: string + type: string + ttl: + description: Lifetime of the cookie. + type: string + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + format: string + type: string + minimumRingSize: + type: integer + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute or failover + can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + format: string + type: string + to: + additionalProperties: + type: integer + description: Map of upstream localities to traffic + distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this is DestinationRule-level + and will override mesh wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only failover or distribute can + be set.' + items: + properties: + from: + description: Originating region. + format: string + type: string + to: + format: string + type: string + type: object + type: array + type: object + simple: + enum: + - ROUND_ROBIN + - LEAST_CONN + - RANDOM + - PASSTHROUGH + type: string + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected from + the connection pool. + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host is ejected + from the connection pool. + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + maxEjectionPercent: + format: int32 + type: integer + minHealthPercent: + format: int32 + type: integer + type: object + portLevelSettings: + description: Traffic policies specific to individual ports. + items: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: Specify if http1.1 connection should + be upgraded to http2 for the associated destination. + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of pending HTTP requests + to a destination. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of requests to a backend. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + format: int32 + type: integer + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + probes: + type: integer + time: + type: string + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - required: + - simple + - properties: + consistentHash: + oneOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + required: + - consistentHash + properties: + consistentHash: + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + format: string + type: string + path: + description: Path to set for the cookie. + format: string + type: string + ttl: + description: Lifetime of the cookie. + type: string + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + format: string + type: string + minimumRingSize: + type: integer + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute or + failover can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + format: string + type: string + to: + additionalProperties: + type: integer + description: Map of upstream localities to traffic + distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this + is DestinationRule-level and will override mesh + wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only failover or distribute + can be set.' + items: + properties: + from: + description: Originating region. + format: string + type: string + to: + format: string + type: string + type: object + type: array + type: object + simple: + enum: + - ROUND_ROBIN + - LEAST_CONN + - RANDOM + - PASSTHROUGH + type: string + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host is + ejected from the connection pool. + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + maxEjectionPercent: + format: int32 + type: integer + minHealthPercent: + format: int32 + type: integer + type: object + port: + properties: + number: + type: integer + type: object + tls: + description: TLS related settings for connections to the upstream + service. + properties: + caCertificates: + format: string + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + format: string + type: string + mode: + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + format: string + type: string + sni: + description: SNI string to present to the server during + TLS handshake. + format: string + type: string + subjectAltNames: + items: + format: string + type: string + type: array + type: object + type: object + type: array + tls: + description: TLS related settings for connections to the upstream + service. + properties: + caCertificates: + format: string + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + format: string + type: string + mode: + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + format: string + type: string + sni: + description: SNI string to present to the server during TLS + handshake. + format: string + type: string + subjectAltNames: + items: + format: string + type: string + type: array + type: object + type: object + type: object + type: object + versions: + - name: v1alpha3 + served: true + storage: false + - name: v1beta1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: envoyfilters.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: EnvoyFilter + listKind: EnvoyFilterList + plural: envoyfilters + singular: envoyfilter + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Customizing Envoy configuration generated by Istio. See more + details at: https://istio.io/docs/reference/config/networking/envoy-filter.html' + properties: + configPatches: + description: One or more patches with match conditions. + items: + properties: + applyTo: + enum: + - INVALID + - LISTENER + - FILTER_CHAIN + - NETWORK_FILTER + - HTTP_FILTER + - ROUTE_CONFIGURATION + - VIRTUAL_HOST + - HTTP_ROUTE + - CLUSTER + type: string + match: + description: Match on listener/route configuration/cluster. + oneOf: + - required: + - listener + - required: + - routeConfiguration + - required: + - cluster + properties: + cluster: + description: Match on envoy cluster attributes. + properties: + name: + description: The exact name of the cluster to match. + format: string + type: string + portNumber: + description: The service port for which this cluster was + generated. + type: integer + service: + description: The fully qualified service name for this + cluster. + format: string + type: string + subset: + description: The subset associated with the service. + format: string + type: string + type: object + context: + description: The specific config generation context to match + on. + enum: + - ANY + - SIDECAR_INBOUND + - SIDECAR_OUTBOUND + - GATEWAY + type: string + listener: + description: Match on envoy listener attributes. + properties: + filterChain: + description: Match a specific filter chain in a listener. + properties: + applicationProtocols: + description: Applies only to sidecars. + format: string + type: string + filter: + description: The name of a specific filter to apply + the patch to. + properties: + name: + description: The filter name to match on. + format: string + type: string + subFilter: + properties: + name: + description: The filter name to match on. + format: string + type: string + type: object + type: object + name: + description: The name assigned to the filter chain. + format: string + type: string + sni: + description: The SNI value used by a filter chain's + match condition. + format: string + type: string + transportProtocol: + description: Applies only to SIDECAR_INBOUND context. + format: string + type: string + type: object + name: + description: Match a specific listener by its name. + format: string + type: string + portName: + format: string + type: string + portNumber: + type: integer + type: object + proxy: + description: Match on properties associated with a proxy. + properties: + metadata: + additionalProperties: + format: string + type: string + type: object + proxyVersion: + format: string + type: string + type: object + routeConfiguration: + description: Match on envoy HTTP route configuration attributes. + properties: + gateway: + format: string + type: string + name: + description: Route configuration name to match on. + format: string + type: string + portName: + description: Applicable only for GATEWAY context. + format: string + type: string + portNumber: + type: integer + vhost: + properties: + name: + format: string + type: string + route: + description: Match a specific route within the virtual + host. + properties: + action: + description: Match a route with specific action + type. + enum: + - ANY + - ROUTE + - REDIRECT + - DIRECT_RESPONSE + type: string + name: + format: string + type: string + type: object + type: object + type: object + type: object + patch: + description: The patch to apply along with the operation. + properties: + operation: + description: Determines how the patch should be applied. + enum: + - INVALID + - MERGE + - ADD + - REMOVE + - INSERT_BEFORE + - INSERT_AFTER + type: string + value: + description: The JSON config of the object being patched. + type: object + type: object + type: object + type: array + filters: + items: + properties: + filterConfig: + type: object + filterName: + description: The name of the filter to instantiate. + format: string + type: string + filterType: + description: The type of filter to instantiate. + enum: + - INVALID + - HTTP + - NETWORK + type: string + insertPosition: + description: Insert position in the filter chain. + properties: + index: + description: Position of this filter in the filter chain. + enum: + - FIRST + - LAST + - BEFORE + - AFTER + type: string + relativeTo: + format: string + type: string + type: object + listenerMatch: + properties: + address: + description: One or more IP addresses to which the listener + is bound. + items: + format: string + type: string + type: array + listenerProtocol: + description: Selects a class of listeners for the same protocol. + enum: + - ALL + - HTTP + - TCP + type: string + listenerType: + description: Inbound vs outbound sidecar listener or gateway + listener. + enum: + - ANY + - SIDECAR_INBOUND + - SIDECAR_OUTBOUND + - GATEWAY + type: string + portNamePrefix: + format: string + type: string + portNumber: + type: integer + type: object + type: object + type: array + workloadLabels: + additionalProperties: + format: string + type: string + description: Deprecated. + type: object + workloadSelector: + properties: + labels: + additionalProperties: + format: string + type: string + type: object + type: object + type: object + type: object + versions: + - name: v1alpha3 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: gateways.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: Gateway + listKind: GatewayList + plural: gateways + shortNames: + - gw + singular: gateway + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting edge load balancer. See more details + at: https://istio.io/docs/reference/config/networking/gateway.html' + properties: + selector: + additionalProperties: + format: string + type: string + type: object + servers: + description: A list of server specifications. + items: + properties: + bind: + format: string + type: string + defaultEndpoint: + format: string + type: string + hosts: + description: One or more hosts exposed by this gateway. + items: + format: string + type: string + type: array + port: + properties: + name: + description: Label assigned to the port. + format: string + type: string + number: + description: A valid non-negative integer port number. + type: integer + protocol: + description: The protocol exposed on the port. + format: string + type: string + type: object + tls: + description: Set of TLS related options that govern the server's + behavior. + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL`. + format: string + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + format: string + type: string + type: array + credentialName: + format: string + type: string + httpsRedirect: + type: boolean + maxProtocolVersion: + description: 'Optional: Maximum TLS protocol version.' + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: 'Optional: Minimum TLS protocol version.' + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + format: string + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + format: string + type: string + subjectAltNames: + items: + format: string + type: string + type: array + verifyCertificateHash: + items: + format: string + type: string + type: array + verifyCertificateSpki: + items: + format: string + type: string + type: array + type: object + type: object + type: array + type: object + type: object + versions: + - name: v1alpha3 + served: true + storage: false + - name: v1beta1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: serviceentries.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.hosts + description: The hosts associated with the ServiceEntry + name: Hosts + type: string + - JSONPath: .spec.location + description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL + or MESH_INTERNAL) + name: Location + type: string + - JSONPath: .spec.resolution + description: Service discovery mode for the hosts (NONE, STATIC, or DNS) + name: Resolution + type: string + - JSONPath: .metadata.creationTimestamp + description: 'CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: ServiceEntry + listKind: ServiceEntryList + plural: serviceentries + shortNames: + - se + singular: serviceentry + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting service registry. See more details + at: https://istio.io/docs/reference/config/networking/service-entry.html' + properties: + addresses: + description: The virtual IP addresses associated with the service. + items: + format: string + type: string + type: array + endpoints: + description: One or more endpoints associated with the service. + items: + properties: + address: + format: string + type: string + labels: + additionalProperties: + format: string + type: string + description: One or more labels associated with the endpoint. + type: object + locality: + description: The locality associated with the endpoint. + format: string + type: string + network: + format: string + type: string + ports: + additionalProperties: + type: integer + description: Set of ports associated with the endpoint. + type: object + weight: + description: The load balancing weight associated with the endpoint. + type: integer + type: object + type: array + exportTo: + description: A list of namespaces to which this service is exported. + items: + format: string + type: string + type: array + hosts: + description: The hosts associated with the ServiceEntry. + items: + format: string + type: string + type: array + location: + enum: + - MESH_EXTERNAL + - MESH_INTERNAL + type: string + ports: + description: The ports associated with the external service. + items: + properties: + name: + description: Label assigned to the port. + format: string + type: string + number: + description: A valid non-negative integer port number. + type: integer + protocol: + description: The protocol exposed on the port. + format: string + type: string + type: object + type: array + resolution: + description: Service discovery mode for the hosts. + enum: + - NONE + - STATIC + - DNS + type: string + subjectAltNames: + items: + format: string + type: string + type: array + type: object + type: object + versions: + - name: v1alpha3 + served: true + storage: false + - name: v1beta1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: sidecars.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: Sidecar + listKind: SidecarList + plural: sidecars + singular: sidecar + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting network reachability of a sidecar. + See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' + properties: + egress: + items: + properties: + bind: + format: string + type: string + captureMode: + enum: + - DEFAULT + - IPTABLES + - NONE + type: string + hosts: + items: + format: string + type: string + type: array + port: + description: The port associated with the listener. + properties: + name: + description: Label assigned to the port. + format: string + type: string + number: + description: A valid non-negative integer port number. + type: integer + protocol: + description: The protocol exposed on the port. + format: string + type: string + type: object + type: object + type: array + ingress: + items: + properties: + bind: + description: The IP to which the listener should be bound. + format: string + type: string + captureMode: + enum: + - DEFAULT + - IPTABLES + - NONE + type: string + defaultEndpoint: + format: string + type: string + port: + description: The port associated with the listener. + properties: + name: + description: Label assigned to the port. + format: string + type: string + number: + description: A valid non-negative integer port number. + type: integer + protocol: + description: The protocol exposed on the port. + format: string + type: string + type: object + type: object + type: array + outboundTrafficPolicy: + description: This allows to configure the outbound traffic policy. + properties: + mode: + enum: + - REGISTRY_ONLY + - ALLOW_ANY + type: string + type: object + workloadSelector: + properties: + labels: + additionalProperties: + format: string + type: string + type: object + type: object + type: object + type: object + versions: + - name: v1alpha3 + served: true + storage: false + - name: v1beta1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: virtualservices.networking.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.gateways + description: The names of gateways and sidecars that should apply these routes + name: Gateways + type: string + - JSONPath: .spec.hosts + description: The destination hosts to which traffic is being sent + name: Hosts + type: string + - JSONPath: .metadata.creationTimestamp + description: 'CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + name: Age + type: date + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: VirtualService + listKind: VirtualServiceList + plural: virtualservices + shortNames: + - vs + singular: virtualservice + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting label/content routing, sni routing, + etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' + properties: + exportTo: + description: A list of namespaces to which this virtual service is exported. + items: + format: string + type: string + type: array + gateways: + description: The names of gateways and sidecars that should apply these + routes. + items: + format: string + type: string + type: array + hosts: + description: The destination hosts to which traffic is being sent. + items: + format: string + type: string + type: array + http: + description: An ordered list of route rules for HTTP traffic. + items: + properties: + corsPolicy: + description: Cross-Origin Resource Sharing policy (CORS). + properties: + allowCredentials: + nullable: true + type: boolean + allowHeaders: + items: + format: string + type: string + type: array + allowMethods: + description: List of HTTP methods allowed to access the resource. + items: + format: string + type: string + type: array + allowOrigin: + description: The list of origins that are allowed to perform + CORS requests. + items: + format: string + type: string + type: array + allowOrigins: + description: String patterns that match allowed origins. + items: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + format: string + type: string + type: object + type: array + exposeHeaders: + items: + format: string + type: string + type: array + maxAge: + type: string + type: object + fault: + description: Fault injection policy to apply on HTTP traffic at + the client side. + properties: + abort: + oneOf: + - required: + - httpStatus + - required: + - grpcStatus + - required: + - http2Error + properties: + grpcStatus: + format: string + type: string + http2Error: + format: string + type: string + httpStatus: + description: HTTP status code to use to abort the Http + request. + format: int32 + type: integer + percentage: + description: Percentage of requests to be aborted with + the error code provided. + properties: + value: + format: double + type: number + type: object + type: object + delay: + oneOf: + - properties: + percent: {} + required: + - fixedDelay + - properties: + percent: {} + required: + - exponentialDelay + properties: + exponentialDelay: + type: string + fixedDelay: + description: Add a fixed delay before forwarding the request. + type: string + percent: + description: Percentage of requests on which the delay + will be injected (0-100). + format: int32 + type: integer + percentage: + description: Percentage of requests on which the delay + will be injected. + properties: + value: + format: double + type: number + type: object + type: object + type: object + headers: + properties: + request: + properties: + add: + additionalProperties: + format: string + type: string + type: object + remove: + items: + format: string + type: string + type: array + set: + additionalProperties: + format: string + type: string + type: object + type: object + response: + properties: + add: + additionalProperties: + format: string + type: string + type: object + remove: + items: + format: string + type: string + type: array + set: + additionalProperties: + format: string + type: string + type: object + type: object + type: object + match: + items: + properties: + authority: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + format: string + type: string + type: object + gateways: + description: Names of gateways where the rule should be + applied. + items: + format: string + type: string + type: array + headers: + additionalProperties: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + format: string + type: string + type: object + type: object + ignoreUriCase: + description: Flag to specify whether the URI matching should + be case-insensitive. + type: boolean + method: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + format: string + type: string + type: object + name: + description: The name assigned to a match. + format: string + type: string + port: + description: Specifies the ports on the host that is being + addressed. + type: integer + queryParams: + additionalProperties: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + format: string + type: string + type: object + description: Query parameters for matching. + type: object + scheme: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + format: string + type: string + type: object + sourceLabels: + additionalProperties: + format: string + type: string + type: object + uri: + oneOf: + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + format: string + type: string + type: object + type: object + type: array + mirror: + properties: + host: + description: The name of a service from the service registry. + format: string + type: string + port: + description: Specifies the port on the host that is being + addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + format: string + type: string + type: object + mirror_percent: + description: Percentage of the traffic to be mirrored by the `mirror` + field. + nullable: true + type: integer + mirrorPercent: + description: Percentage of the traffic to be mirrored by the `mirror` + field. + nullable: true + type: integer + mirrorPercentage: + description: Percentage of the traffic to be mirrored by the `mirror` + field. + properties: + value: + format: double + type: number + type: object + name: + description: The name assigned to the route for debugging purposes. + format: string + type: string + redirect: + description: A HTTP rule can either redirect or forward (default) + traffic. + properties: + authority: + format: string + type: string + redirectCode: + type: integer + uri: + format: string + type: string + type: object + retries: + description: Retry policy for HTTP requests. + properties: + attempts: + description: Number of retries for a given request. + format: int32 + type: integer + perTryTimeout: + description: Timeout per retry attempt for a given request. + type: string + retryOn: + description: Specifies the conditions under which retry takes + place. + format: string + type: string + type: object + rewrite: + description: Rewrite HTTP URIs and Authority headers. + properties: + authority: + description: rewrite the Authority/Host header with this value. + format: string + type: string + uri: + format: string + type: string + type: object + route: + description: A HTTP rule can either redirect or forward (default) + traffic. + items: + properties: + destination: + properties: + host: + description: The name of a service from the service + registry. + format: string + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + format: string + type: string + type: object + headers: + properties: + request: + properties: + add: + additionalProperties: + format: string + type: string + type: object + remove: + items: + format: string + type: string + type: array + set: + additionalProperties: + format: string + type: string + type: object + type: object + response: + properties: + add: + additionalProperties: + format: string + type: string + type: object + remove: + items: + format: string + type: string + type: array + set: + additionalProperties: + format: string + type: string + type: object + type: object + type: object + weight: + format: int32 + type: integer + type: object + type: array + timeout: + description: Timeout for HTTP requests. + type: string + type: object + type: array + tcp: + description: An ordered list of route rules for opaque TCP traffic. + items: + properties: + match: + items: + properties: + destinationSubnets: + description: IPv4 or IPv6 ip addresses of destination with + optional subnet. + items: + format: string + type: string + type: array + gateways: + description: Names of gateways where the rule should be + applied. + items: + format: string + type: string + type: array + port: + description: Specifies the port on the host that is being + addressed. + type: integer + sourceLabels: + additionalProperties: + format: string + type: string + type: object + sourceSubnet: + description: IPv4 or IPv6 ip address of source with optional + subnet. + format: string + type: string + type: object + type: array + route: + description: The destination to which the connection should be + forwarded to. + items: + properties: + destination: + properties: + host: + description: The name of a service from the service + registry. + format: string + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + format: string + type: string + type: object + weight: + format: int32 + type: integer + type: object + type: array + type: object + type: array + tls: + items: + properties: + match: + items: + properties: + destinationSubnets: + description: IPv4 or IPv6 ip addresses of destination with + optional subnet. + items: + format: string + type: string + type: array + gateways: + description: Names of gateways where the rule should be + applied. + items: + format: string + type: string + type: array + port: + description: Specifies the port on the host that is being + addressed. + type: integer + sniHosts: + description: SNI (server name indicator) to match on. + items: + format: string + type: string + type: array + sourceLabels: + additionalProperties: + format: string + type: string + type: object + type: object + type: array + route: + description: The destination to which the connection should be + forwarded to. + items: + properties: + destination: + properties: + host: + description: The name of a service from the service + registry. + format: string + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + format: string + type: string + type: object + weight: + format: int32 + type: integer + type: object + type: array + type: object + type: array + type: object + type: object + versions: + - name: v1alpha3 + served: true + storage: false + - name: v1beta1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: core + package: istio.io.mixer + release: istio + name: attributemanifests.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: attributemanifest + listKind: attributemanifestList + plural: attributemanifests + singular: attributemanifest + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Describes the rules used to configure Mixer''s policy and + telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' + properties: + attributes: + additionalProperties: + properties: + description: + description: A human-readable description of the attribute's purpose. + format: string + type: string + valueType: + description: The type of data carried by this attribute. + enum: + - VALUE_TYPE_UNSPECIFIED + - STRING + - INT64 + - DOUBLE + - BOOL + - TIMESTAMP + - IP_ADDRESS + - EMAIL_ADDRESS + - URI + - DNS_NAME + - DURATION + - STRING_MAP + type: string + type: object + description: The set of attributes this Istio component will be responsible + for producing at runtime. + type: object + name: + description: Name of the component producing these attributes. + format: string + type: string + revision: + description: The revision of this document. + format: string + type: string + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-handler + package: handler + release: istio + name: handlers.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: handler + listKind: handlerList + plural: handlers + singular: handler + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: Handler allows the operator to configure a specific adapter + implementation. + properties: + adapter: + description: The name of a specific adapter implementation. + format: string + type: string + compiledAdapter: + description: The name of the compiled in adapter this handler instantiates. + format: string + type: string + connection: + description: Information on how to connect to the out-of-process adapter. + properties: + address: + description: The address of the backend. + format: string + type: string + authentication: + description: Auth config for the connection to the backend. + oneOf: + - properties: + tls: + allOf: + - oneOf: + - required: + - tokenPath + - required: + - oauth + - oneOf: + - required: + - authHeader + - required: + - customHeader + required: + - tls + - required: + - mutual + properties: + mutual: + properties: + caCertificates: + format: string + type: string + clientCertificate: + description: The path to the file holding client certificate + for mutual TLS. + format: string + type: string + privateKey: + description: The path to the file holding the private key + for mutual TLS. + format: string + type: string + serverName: + description: Used to configure mixer mutual TLS client to + supply server name for SNI. + format: string + type: string + type: object + tls: + properties: + authHeader: + description: Access token is passed as authorization header. + enum: + - PLAIN + - BEARER + type: string + caCertificates: + format: string + type: string + customHeader: + description: Customized header key to hold access token, + e.g. + format: string + type: string + oauth: + description: Oauth config to fetch access token from auth + provider. + properties: + clientId: + description: OAuth client id for mixer. + format: string + type: string + clientSecret: + description: The path to the file holding the client + secret for oauth. + format: string + type: string + endpointParams: + additionalProperties: + format: string + type: string + description: Additional parameters for requests to the + token endpoint. + type: object + scopes: + description: List of requested permissions. + items: + format: string + type: string + type: array + tokenUrl: + description: The Resource server's token endpoint URL. + format: string + type: string + type: object + serverName: + format: string + type: string + tokenPath: + format: string + type: string + type: object + type: object + timeout: + description: Timeout for remote calls to the backend. + type: string + type: object + name: + description: Must be unique in the entire Mixer configuration. + format: string + type: string + params: + description: Depends on adapter implementation. + type: object + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: mixer-instance + package: instance + release: istio + name: instances.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: instance + listKind: instanceList + plural: instances + singular: instance + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: An Instance tells Mixer how to create instances for particular + template. + properties: + attributeBindings: + additionalProperties: + format: string + type: string + type: object + compiledTemplate: + description: The name of the compiled in template this instance creates + instances for. + format: string + type: string + name: + format: string + type: string + params: + description: Depends on referenced template. + type: object + template: + description: The name of the template this instance creates instances + for. + format: string + type: string + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: core + package: istio.io.mixer + release: istio + name: rules.config.istio.io +spec: + group: config.istio.io + names: + categories: + - istio-io + - policy-istio-io + kind: rule + listKind: ruleList + plural: rules + singular: rule + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Describes the rules used to configure Mixer''s policy and + telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' + properties: + actions: + description: The actions that will be executed when match evaluates + to `true`. + items: + properties: + handler: + description: Fully qualified name of the handler to invoke. + format: string + type: string + instances: + items: + format: string + type: string + type: array + name: + description: A handle to refer to the results of the action. + format: string + type: string + type: object + type: array + match: + description: Match is an attribute based predicate. + format: string + type: string + requestHeaderOperations: + items: + properties: + name: + description: Header name literal value. + format: string + type: string + operation: + description: Header operation type. + enum: + - REPLACE + - REMOVE + - APPEND + type: string + values: + description: Header value expressions. + items: + format: string + type: string + type: array + type: object + type: array + responseHeaderOperations: + items: + properties: + name: + description: Header name literal value. + format: string + type: string + operation: + description: Header operation type. + enum: + - REPLACE + - REMOVE + - APPEND + type: string + values: + description: Header value expressions. + items: + format: string + type: string + type: array + type: object + type: array + sampling: + properties: + random: + description: Provides filtering of actions based on random selection + per request. + properties: + attributeExpression: + description: Specifies an attribute expression to use to override + the numerator in the `percent_sampled` field. + format: string + type: string + percentSampled: + description: The default sampling rate, expressed as a percentage. + properties: + denominator: + description: Specifies the denominator. + enum: + - HUNDRED + - TEN_THOUSAND + type: string + numerator: + description: Specifies the numerator. + type: integer + type: object + useIndependentRandomness: + description: By default sampling will be based on the value + of the request header `x-request-id`. + type: boolean + type: object + rateLimit: + properties: + maxUnsampledEntries: + description: Number of entries to allow during the `sampling_duration` + before sampling is enforced. + format: int64 + type: integer + samplingDuration: + description: Window in which to enforce the sampling rate. + type: string + samplingRate: + description: The rate at which to sample entries once the unsampled + limit has been reached. + format: int64 + type: integer + type: object + type: object + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + istio: rbac + release: istio + name: clusterrbacconfigs.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ClusterRbacConfig + listKind: ClusterRbacConfigList + plural: clusterrbacconfigs + singular: clusterrbacconfig + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Configuration for Role Based Access Control. See more details + at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' + properties: + enforcementMode: + enum: + - ENFORCED + - PERMISSIVE + type: string + exclusion: + description: A list of services or namespaces that should not be enforced + by Istio RBAC policies. + properties: + namespaces: + description: A list of namespaces. + items: + format: string + type: string + type: array + services: + description: A list of services. + items: + format: string + type: string + type: array + type: object + inclusion: + description: A list of services or namespaces that should be enforced + by Istio RBAC policies. + properties: + namespaces: + description: A list of namespaces. + items: + format: string + type: string + type: array + services: + description: A list of services. + items: + format: string + type: string + type: array + type: object + mode: + description: Istio RBAC mode. + enum: + - "OFF" + - "ON" + - ON_WITH_INCLUSION + - ON_WITH_EXCLUSION + type: string + type: object + type: object + versions: + - name: v1alpha1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: rbac + package: istio.io.mixer + release: istio + name: rbacconfigs.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: RbacConfig + listKind: RbacConfigList + plural: rbacconfigs + singular: rbacconfig + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Configuration for Role Based Access Control. See more details + at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' + properties: + enforcementMode: + enum: + - ENFORCED + - PERMISSIVE + type: string + exclusion: + description: A list of services or namespaces that should not be enforced + by Istio RBAC policies. + properties: + namespaces: + description: A list of namespaces. + items: + format: string + type: string + type: array + services: + description: A list of services. + items: + format: string + type: string + type: array + type: object + inclusion: + description: A list of services or namespaces that should be enforced + by Istio RBAC policies. + properties: + namespaces: + description: A list of namespaces. + items: + format: string + type: string + type: array + services: + description: A list of services. + items: + format: string + type: string + type: array + type: object + mode: + description: Istio RBAC mode. + enum: + - "OFF" + - "ON" + - ON_WITH_INCLUSION + - ON_WITH_EXCLUSION + type: string + type: object + type: object + versions: + - name: v1alpha1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: rbac + package: istio.io.mixer + release: istio + name: serviceroles.rbac.istio.io +spec: + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ServiceRole + listKind: ServiceRoleList + plural: serviceroles + singular: servicerole + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Configuration for Role Based Access Control. See more details + at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' + properties: + rules: + description: The set of access rules (permissions) that the role has. + items: + properties: + constraints: + description: Optional. + items: + properties: + key: + description: Key of the constraint. + format: string + type: string + values: + description: List of valid values for the constraint. + items: + format: string + type: string + type: array + type: object + type: array + hosts: + items: + format: string + type: string + type: array + methods: + description: Optional. + items: + format: string + type: string + type: array + notHosts: + items: + format: string + type: string + type: array + notMethods: + items: + format: string + type: string + type: array + notPaths: + items: + format: string + type: string + type: array + notPorts: + items: + format: int32 + type: integer + type: array + paths: + description: Optional. + items: + format: string + type: string + type: array + ports: + items: + format: int32 + type: integer + type: array + services: + description: A list of service names. + items: + format: string + type: string + type: array + type: object + type: array + type: object + type: object + versions: + - name: v1alpha1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: mixer + chart: istio + heritage: Tiller + istio: rbac + package: istio.io.mixer + release: istio + name: servicerolebindings.rbac.istio.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.roleRef.name + description: The name of the ServiceRole object being referenced + name: Reference + type: string + - JSONPath: .metadata.creationTimestamp + description: 'CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + name: Age + type: date + group: rbac.istio.io + names: + categories: + - istio-io + - rbac-istio-io + kind: ServiceRoleBinding + listKind: ServiceRoleBindingList + plural: servicerolebindings + singular: servicerolebinding + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Configuration for Role Based Access Control. See more details + at: https://istio.io/docs/reference/config/security/istio.rbac.v1alpha1.html' + properties: + actions: + items: + properties: + constraints: + description: Optional. + items: + properties: + key: + description: Key of the constraint. + format: string + type: string + values: + description: List of valid values for the constraint. + items: + format: string + type: string + type: array + type: object + type: array + hosts: + items: + format: string + type: string + type: array + methods: + description: Optional. + items: + format: string + type: string + type: array + notHosts: + items: + format: string + type: string + type: array + notMethods: + items: + format: string + type: string + type: array + notPaths: + items: + format: string + type: string + type: array + notPorts: + items: + format: int32 + type: integer + type: array + paths: + description: Optional. + items: + format: string + type: string + type: array + ports: + items: + format: int32 + type: integer + type: array + services: + description: A list of service names. + items: + format: string + type: string + type: array + type: object + type: array + mode: + enum: + - ENFORCED + - PERMISSIVE + type: string + role: + format: string + type: string + roleRef: + description: Reference to the ServiceRole object. + properties: + kind: + description: The type of the role being referenced. + format: string + type: string + name: + description: The name of the ServiceRole object being referenced. + format: string + type: string + type: object + subjects: + description: List of subjects that are assigned the ServiceRole object. + items: + properties: + group: + format: string + type: string + groups: + items: + format: string + type: string + type: array + ips: + items: + format: string + type: string + type: array + names: + items: + format: string + type: string + type: array + namespaces: + items: + format: string + type: string + type: array + notGroups: + items: + format: string + type: string + type: array + notIps: + items: + format: string + type: string + type: array + notNames: + items: + format: string + type: string + type: array + notNamespaces: + items: + format: string + type: string + type: array + properties: + additionalProperties: + format: string + type: string + description: Optional. + type: object + user: + description: Optional. + format: string + type: string + type: object + type: array + type: object + type: object + versions: + - name: v1alpha1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + istio: security + release: istio + name: authorizationpolicies.security.istio.io +spec: + group: security.istio.io + names: + categories: + - istio-io + - security-istio-io + kind: AuthorizationPolicy + listKind: AuthorizationPolicyList + plural: authorizationpolicies + singular: authorizationpolicy + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: 'Configuration for access control on workloads. See more details + at: https://istio.io/docs/reference/config/security/authorization-policy.html' + properties: + action: + description: Optional. + enum: + - ALLOW + - DENY + type: string + rules: + description: Optional. + items: + properties: + from: + description: Optional. + items: + properties: + source: + description: Source specifies the source of a request. + properties: + ipBlocks: + description: Optional. + items: + format: string + type: string + type: array + namespaces: + description: Optional. + items: + format: string + type: string + type: array + notIpBlocks: + description: Optional. + items: + format: string + type: string + type: array + notNamespaces: + description: Optional. + items: + format: string + type: string + type: array + notPrincipals: + description: Optional. + items: + format: string + type: string + type: array + notRequestPrincipals: + description: Optional. + items: + format: string + type: string + type: array + principals: + description: Optional. + items: + format: string + type: string + type: array + requestPrincipals: + description: Optional. + items: + format: string + type: string + type: array + type: object + type: object + type: array + to: + description: Optional. + items: + properties: + operation: + description: Operation specifies the operation of a request. + properties: + hosts: + description: Optional. + items: + format: string + type: string + type: array + methods: + description: Optional. + items: + format: string + type: string + type: array + notHosts: + description: Optional. + items: + format: string + type: string + type: array + notMethods: + description: Optional. + items: + format: string + type: string + type: array + notPaths: + description: Optional. + items: + format: string + type: string + type: array + notPorts: + description: Optional. + items: + format: string + type: string + type: array + paths: + description: Optional. + items: + format: string + type: string + type: array + ports: + description: Optional. + items: + format: string + type: string + type: array + type: object + type: object + type: array + when: + description: Optional. + items: + properties: + key: + description: The name of an Istio attribute. + format: string + type: string + notValues: + description: Optional. + items: + format: string + type: string + type: array + values: + description: Optional. + items: + format: string + type: string + type: array + type: object + type: array + type: object + type: array + selector: + description: Optional. + properties: + matchLabels: + additionalProperties: + format: string + type: string + type: object + type: object + type: object + type: object + versions: + - name: v1beta1 + served: true + storage: true +--- + + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + istio: security + release: istio + name: requestauthentications.security.istio.io +spec: + group: security.istio.io + names: + categories: + - istio-io + - security-istio-io + kind: RequestAuthentication + listKind: RequestAuthenticationList + plural: requestauthentications + singular: requestauthentication + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + description: RequestAuthentication defines what request authentication methods + are supported by a workload. + properties: + jwtRules: + description: Define the list of JWTs that can be validated at the selected + workloads' proxy. + items: + properties: + audiences: + items: + format: string + type: string + type: array + forwardOriginalToken: + description: If set to true, the orginal token will be kept for + the ustream request. + type: boolean + fromHeaders: + description: List of header locations from which JWT is expected. + items: + properties: + name: + description: The HTTP header name. + format: string + type: string + prefix: + description: The prefix that should be stripped before decoding + the token. + format: string + type: string + type: object + type: array + fromParams: + description: List of query parameters from which JWT is expected. + items: + format: string + type: string + type: array + issuer: + description: Identifies the issuer that issued the JWT. + format: string + type: string + jwks: + description: JSON Web Key Set of public keys to validate signature + of the JWT. + format: string + type: string + jwks_uri: + format: string + type: string + jwksUri: + format: string + type: string + outputPayloadToHeader: + format: string + type: string + type: object + type: array + selector: + description: The selector determines the workloads to apply the RequestAuthentication + on. + properties: + matchLabels: + additionalProperties: + format: string + type: string + type: object + type: object + type: object + type: object + versions: + - name: v1beta1 + served: true + storage: true +--- + + +kind: CustomResourceDefinition +apiVersion: apiextensions.k8s.io/v1beta1 +metadata: + name: adapters.config.istio.io + labels: + app: mixer + package: adapter + istio: mixer-adapter + chart: istio + heritage: Tiller + release: istio + annotations: + "helm.sh/resource-policy": keep +spec: + group: config.istio.io + names: + kind: adapter + plural: adapters + singular: adapter + categories: + - istio-io + - policy-istio-io + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +kind: CustomResourceDefinition +apiVersion: apiextensions.k8s.io/v1beta1 +metadata: + name: instances.config.istio.io + labels: + app: mixer + package: instance + istio: mixer-instance + chart: istio + heritage: Tiller + release: istio + annotations: + "helm.sh/resource-policy": keep +spec: + group: config.istio.io + names: + kind: instance + plural: instances + singular: instance + categories: + - istio-io + - policy-istio-io + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +kind: CustomResourceDefinition +apiVersion: apiextensions.k8s.io/v1beta1 +metadata: + name: templates.config.istio.io + labels: + app: mixer + package: template + istio: mixer-template + chart: istio + heritage: Tiller + release: istio + annotations: + "helm.sh/resource-policy": keep +spec: + group: config.istio.io + names: + kind: template + plural: templates + singular: template + categories: + - istio-io + - policy-istio-io + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +kind: CustomResourceDefinition +apiVersion: apiextensions.k8s.io/v1beta1 +metadata: + name: handlers.config.istio.io + labels: + app: mixer + package: handler + istio: mixer-handler + chart: istio + heritage: Tiller + release: istio + annotations: + "helm.sh/resource-policy": keep +spec: + group: config.istio.io + names: + kind: handler + plural: handlers + singular: handler + categories: + - istio-io + - policy-istio-io + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha2 + served: true + storage: true +--- + + +apiVersion: v1 +kind: Namespace +metadata: + name: istio-system + labels: + istio-operator-managed: Reconcile + istio-injection: disabled +--- + + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-reader-service-account + namespace: istio-system + labels: + app: istio-reader + release: istio +--- + +# Citadel component is disabled. + +# Resources for Cni component + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-cni + labels: + app: istio-cni + release: istio +rules: +- apiGroups: [""] + resources: + - pods + - nodes + verbs: + - get +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-cni + labels: + app: istio-cni + release: istio +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-cni +subjects: +- kind: ServiceAccount + name: istio-cni + namespace: istio-system +--- + + +kind: ConfigMap +apiVersion: v1 +metadata: + name: istio-cni-config + namespace: istio-system + labels: + app: istio-cni + release: istio +data: + # The CNI network configuration to add to the plugin chain on each node. The special + # values in this config will be automatically populated. + cni_network_config: |- + { + "type": "istio-cni", + "log_level": "info", + "kubernetes": { + "kubeconfig": "__KUBECONFIG_FILEPATH__", + "cni_bin_dir": "/opt/cni/bin", + "exclude_namespaces": [ "istio-system" ] + } + } +--- + + +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: istio-cni-node + namespace: istio-system + labels: + k8s-app: istio-cni-node + release: istio +spec: + selector: + matchLabels: + k8s-app: istio-cni-node + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + k8s-app: istio-cni-node + annotations: + # This, along with the CriticalAddonsOnly toleration below, + # marks the pod as a critical add-on, ensuring it gets + # priority scheduling and that its resources are reserved + # if it ever gets evicted. + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + nodeSelector: + beta.kubernetes.io/os: linux + hostNetwork: true + tolerations: + # Make sure istio-cni-node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + priorityClassName: system-cluster-critical + serviceAccountName: istio-cni + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 5 + containers: + # This container installs the Istio CNI binaries + # and CNI network config file on each node. + - name: install-cni + image: "component.cni.hub/install-cni:component.cni.tag" + imagePullPolicy: Always + command: ["/install-cni.sh"] + env: + # The CNI network config to install on each node. + - name: CNI_NETWORK_CONFIG + valueFrom: + configMapKeyRef: + name: istio-cni-config + key: cni_network_config + - name: CNI_NET_DIR + value: /etc/cni/net.d + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + volumes: + # Used to install CNI. + - name: cni-bin-dir + hostPath: + path: /opt/cni/bin + - name: cni-net-dir + hostPath: + path: /etc/cni/net.d +--- + + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-cni + namespace: istio-system + labels: + app: istio-cni + release: istio +--- + +# Galley component is disabled. + +# Resources for IngressGateways component + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: istio-ingressgateway + istio: ingressgateway + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-ingressgateway + +--- + + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-ingressgateway + istio: ingressgateway + release: istio + name: istio-ingressgateway + namespace: istio-system +spec: + selector: + matchLabels: + app: istio-ingressgateway + istio: ingressgateway + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: istio-ingressgateway + chart: gateways + heritage: Tiller + istio: ingressgateway + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --proxyLogLevel=warning + - --proxyComponentLogLevel=misc:error + - --log_output_level=default:info + - --drainDuration + - 45s + - --parentShutdownDuration + - 1m0s + - --connectTimeout + - 10s + - --serviceCluster + - istio-ingressgateway + - --zipkinAddress + - zipkin.istio-system:9411 + - --proxyAdminPort + - "15000" + - --statusPort + - "15020" + - --controlPlaneAuthPolicy + - NONE + - --discoveryAddress + - istio-pilot.istio-system.svc:15012 + - --trust-domain=cluster.local + env: + - name: JWT_POLICY + value: third-party-jwt + - name: PILOT_CERT_PROVIDER + value: citadel + - name: ISTIO_META_USER_SDS + value: "true" + - name: CA_ADDR + value: istio-pilot.istio-system.svc:15012 + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: ISTIO_META_WORKLOAD_NAME + value: istio-ingressgateway + - name: ISTIO_META_OWNER + value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway + - name: ISTIO_META_MESH_ID + value: cluster.local + - name: ISTIO_AUTO_MTLS_ENABLED + value: "true" + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_META_ROUTER_MODE + value: sni-dnat + - name: ISTIO_METAJSON_LABELS + value: | + {"app":"istio-ingressgateway","istio":"ingressgateway"} + - name: ISTIO_META_CLUSTER_ID + value: Kubernetes + - name: SDS_ENABLED + value: "false" + image: istio-spec.hub/proxyv2:istio-spec.tag + imagePullPolicy: IfNotPresent + name: istio-proxy + ports: + - containerPort: 15020 + - containerPort: 80 + - containerPort: 443 + - containerPort: 15029 + - containerPort: 15030 + - containerPort: 15031 + - containerPort: 15032 + - containerPort: 15443 + - containerPort: 15011 + - containerPort: 8060 + - containerPort: 853 + - containerPort: 15090 + name: http-envoy-prom + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 2000m + memory: 1024Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /etc/istio/citadel-ca-cert + name: citadel-ca-cert + - mountPath: /var/run/secrets/tokens + name: istio-token + readOnly: true + - mountPath: /var/run/ingress_gateway + name: ingressgatewaysdsudspath + - mountPath: /etc/certs + name: istio-certs + readOnly: true + - mountPath: /etc/istio/ingressgateway-certs + name: ingressgateway-certs + readOnly: true + - mountPath: /etc/istio/ingressgateway-ca-certs + name: ingressgateway-ca-certs + readOnly: true + serviceAccountName: istio-ingressgateway-service-account + volumes: + - configMap: + name: istio-ca-root-cert + name: citadel-ca-cert + - emptyDir: {} + name: ingressgatewaysdsudspath + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + - name: istio-certs + secret: + optional: true + secretName: istio.istio-ingressgateway-service-account + - name: ingressgateway-certs + secret: + optional: true + secretName: istio-ingressgateway-certs + - name: ingressgateway-ca-certs + secret: + optional: true + secretName: istio-ingressgateway-ca-certs + +--- + + +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: ingressgateway + namespace: istio-system + labels: + release: istio +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" + # Additional ports in gateaway for the ingressPorts - apps using dedicated port instead of hostname +--- + + +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: ingressgateway + namespace: istio-system + labels: + app: istio-ingressgateway + istio: ingressgateway + + release: istio +spec: + minAvailable: 1 + selector: + matchLabels: + app: istio-ingressgateway + istio: ingressgateway + + release: istio +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-ingressgateway-sds + namespace: istio-system + labels: + release: istio +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-ingressgateway-sds + namespace: istio-system + labels: + release: istio +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-ingressgateway-sds +subjects: +- kind: ServiceAccount + name: istio-ingressgateway-service-account +--- + + +apiVersion: v1 +kind: Service +metadata: + name: istio-ingressgateway + namespace: istio-system + annotations: + labels: + app: istio-ingressgateway + istio: ingressgateway + + release: istio +spec: + type: LoadBalancer + selector: + app: istio-ingressgateway + istio: ingressgateway + + ports: + - + name: status-port + port: 15020 + targetPort: 15020 + - + name: http2 + port: 80 + targetPort: 80 + - + name: https + port: 443 + - + name: kiali + port: 15029 + targetPort: 15029 + - + name: prometheus + port: 15030 + targetPort: 15030 + - + name: grafana + port: 15031 + targetPort: 15031 + - + name: tracing + port: 15032 + targetPort: 15032 + - + name: tls + port: 15443 + targetPort: 15443 +--- + + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-ingressgateway-service-account + namespace: istio-system + labels: + app: istio-ingressgateway + istio: ingressgateway + + release: istio +--- + + +apiVersion: networking.istio.io/v1alpha3 +kind: Sidecar +metadata: + name: default + namespace: istio-system + labels: + release: istio +spec: + egress: + - hosts: + - "*/*" +--- + +# NodeAgent component is disabled. + +# Resources for Pilot component + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: pilot + release: istio + name: istio-pilot + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-pilot + +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-galley-istio-system + labels: + release: istio +rules: + # For reading Istio resources + - apiGroups: [ + "authentication.istio.io", + "config.istio.io", + "networking.istio.io", + "rbac.istio.io", + "security.istio.io"] + resources: ["*"] + verbs: ["get", "list", "watch"] + # For updating Istio resource statuses + - apiGroups: [ + "authentication.istio.io", + "config.istio.io", + "networking.istio.io", + "rbac.istio.io", + "security.istio.io"] + resources: ["*/status"] + verbs: ["update"] + + # Remove galley's permissions to reconcile the validation config when istiod is present. + # Notably missing here is the permission to modify webhooks. + + - apiGroups: ["extensions","apps"] + resources: ["deployments"] + resourceNames: ["istio-galley"] + verbs: ["get"] + - apiGroups: [""] + resources: ["pods", "nodes", "services", "endpoints", "namespaces"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions"] + resources: ["deployments/finalizers"] + resourceNames: ["istio-galley"] + verbs: ["update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles"] + verbs: ["get", "list", "watch"] +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-pilot-istio-system + labels: + app: pilot + release: istio +rules: +- apiGroups: ["config.istio.io", "rbac.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"] + verbs: ["get", "watch", "list"] + resources: ["*"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "watch", "list"] +- apiGroups: ["extensions"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["extensions"] + resources: ["ingresses/status"] + verbs: ["*"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["endpoints", "pods", "services", "namespaces", "nodes", "secrets"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "get", "watch", "list", "update", "delete"] +- apiGroups: ["certificates.k8s.io"] + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: ["update", "create", "get", "delete", "watch"] +- apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istiod-istio-system + labels: + app: pilot + release: istio +rules: + # Remove permissions to reconcile webhook configuration. This address the downgrade case + # where istiod will be uninstalled. Removing the permissions reduces + # the likelihood that istiod will reconcile something it shouldn't. + + # sidecar injection controller + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "patch"] + + # configuration validation webhook controller + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["*"] + # required to set ownerRef on istiod clusterrole. + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles/finalizers"] + resourceNames: + - istiod-istio-system + verbs: ["update"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles"] + resourceNames: + - istiod-istio-system + verbs: ["get"] + + # istio configuration + - apiGroups: ["config.istio.io", "rbac.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io"] + verbs: ["get", "watch", "list"] + resources: ["*"] + + # auto-detect installed CRD definitions + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + + # discovery and routing + - apiGroups: ["extensions","apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods", "nodes", "services", "namespaces", "endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + + # ingress controller + - apiGroups: ["extensions"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions"] + resources: ["ingresses/status"] + verbs: ["*"] + + # Pilot, injector - not clear why cluster wide. + # TODO: remove, too broad permission, should be namespace only + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] + + # Istiod and bootstrap. + - apiGroups: ["certificates.k8s.io"] + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: ["update", "create", "get", "delete", "watch"] + # Used by Istiod to verify the JWT tokens + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + + # Citadel subset + # TODO: remove, namespace only + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "update"] + + # TODO: remove, no longer needed at cluster + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "get", "watch", "list", "update", "delete"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "watch", "list"] +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-pilot-istio-system + labels: + app: pilot + release: istio +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-pilot-istio-system +subjects: + - kind: ServiceAccount + name: istio-pilot-service-account + namespace: istio-system +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istiod-pilot-istio-system + labels: + app: pilot + release: istio +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istiod-istio-system +subjects: + - kind: ServiceAccount + name: istio-pilot-service-account + namespace: istio-system +--- + + +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: istio-system + name: pilot-envoy-config + labels: + release: istio +data: + envoy.yaml.tmpl: |- + admin: + access_log_path: /dev/null + address: + socket_address: + address: 127.0.0.1 + port_value: 15000 + + static_resources: + clusters: + - name: in.15010 + http2_protocol_options: {} + connect_timeout: 1.000s + + hosts: + - socket_address: + address: 127.0.0.1 + port_value: 15010 + + circuit_breakers: + thresholds: + - max_connections: 100000 + max_pending_requests: 100000 + max_requests: 100000 + max_retries: 3 + + # TODO: telemetry using EDS + # TODO: other pilots using EDS, load balancing + # TODO: galley using EDS + + - name: out.galley.15019 + http2_protocol_options: {} + connect_timeout: 1.000s + type: STRICT_DNS + + circuit_breakers: + thresholds: + - max_connections: 100000 + max_pending_requests: 100000 + max_requests: 100000 + max_retries: 3 + + tls_context: + common_tls_context: + tls_certificates: + - certificate_chain: + filename: /etc/certs/cert-chain.pem + private_key: + filename: /etc/certs/key.pem + validation_context: + trusted_ca: + filename: /etc/certs/root-cert.pem + verify_subject_alt_name: + - spiffe://cluster.local/ns/istio-system/sa/istio-galley-service-account + + hosts: + - socket_address: + address: istio-galley.istio-system + port_value: 15019 + + + listeners: + - name: "in.15011" + address: + socket_address: + address: 0.0.0.0 + port_value: 15011 + filter_chains: + - filters: + - name: envoy.http_connection_manager + #typed_config + #"@type": "type.googleapis.com/", + config: + codec_type: HTTP2 + stat_prefix: "15011" + stream_idle_timeout: 0s + http2_protocol_options: + max_concurrent_streams: 1073741824 + + access_log: + - name: envoy.file_access_log + config: + path: /dev/stdout + + http_filters: + - name: envoy.router + + route_config: + name: "15011" + + virtual_hosts: + - name: istio-pilot + + domains: + - '*' + + routes: + - match: + prefix: / + route: + cluster: in.15010 + timeout: 0.000s + decorator: + operation: xDS + + tls_context: + require_client_certificate: true + common_tls_context: + validation_context: + trusted_ca: + filename: /etc/certs/root-cert.pem + + alpn_protocols: + - h2 + + tls_certificates: + - certificate_chain: + filename: /etc/certs/cert-chain.pem + private_key: + filename: /etc/certs/key.pem + + + # Manual 'whitebox' mode + - name: "local.15019" + address: + socket_address: + address: 127.0.0.1 + port_value: 15019 + filter_chains: + - filters: + - name: envoy.http_connection_manager + config: + codec_type: HTTP2 + stat_prefix: "15019" + stream_idle_timeout: 0s + http2_protocol_options: + max_concurrent_streams: 1073741824 + + access_log: + - name: envoy.file_access_log + config: + path: /dev/stdout + + http_filters: + - name: envoy.router + + route_config: + name: "15019" + + virtual_hosts: + - name: istio-galley + + domains: + - '*' + + routes: + - match: + prefix: / + route: + cluster: out.galley.15019 + timeout: 0.000s +--- + + +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-validation + namespace: istio-system + labels: + release: istio +data: + config: |- + apiVersion: admissionregistration.k8s.io/v1beta1 + kind: ValidatingWebhookConfiguration + metadata: + name: istiod-istio-system + namespace: istio-system + labels: + app: istiod + release: istio + istio: istiod + webhooks: + - name: validation.istio.io + clientConfig: + service: + name: istiod + namespace: istio-system + path: "/validate" + port: 443 + caBundle: "" + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - config.istio.io + - rbac.istio.io + - security.istio.io + - authentication.istio.io + - networking.istio.io + apiVersions: + - "*" + resources: + - "*" + failurePolicy: Fail + sideEffects: None +--- + + +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio + namespace: istio-system + labels: + release: istio +data: + + # Configuration file for the mesh networks to be used by the Split Horizon EDS. + meshNetworks: |- + networks: {} + + values.yaml: |- + appNamespaces: [] + autoscaleEnabled: true + autoscaleMax: 5 + autoscaleMin: 1 + configMap: true + configNamespace: istio-config + configSource: + subscribedResources: [] + cpu: + targetAverageUtilization: 80 + deploymentLabels: {} + enableProtocolSniffingForInbound: false + enableProtocolSniffingForOutbound: true + enabled: true + env: {} + hub: component.pilot.hub + image: pilot + ingress: + ingressClass: istio + ingressControllerMode: STRICT + ingressService: istio-ingressgateway + jwksResolverExtraRootCA: "" + keepaliveMaxServerConnectionAge: 30m + meshNetworks: + networks: {} + namespace: istio-system + nodeSelector: {} + plugins: [] + podAnnotations: {} + podAntiAffinityLabelSelector: [] + podAntiAffinityTermLabelSelector: [] + policy: + enabled: false + replicaCount: 1 + resources: + requests: + cpu: 500m + memory: 2048Mi + rollingMaxSurge: 100% + rollingMaxUnavailable: 25% + tag: component.pilot.tag + tolerations: [] + traceSampling: 1 + + mesh: |- + # Set enableTracing to false to disable request tracing. + enableTracing: true + + # Set accessLogFile to empty string to disable access log. + accessLogFile: "" + + accessLogFormat: "" + + accessLogEncoding: 'TEXT' + + enableEnvoyAccessLogService: false + mixerReportServer: istio-telemetry.istio-system.svc.cluster.local:9091 + # reportBatchMaxEntries is the number of requests that are batched before telemetry data is sent to the mixer server + reportBatchMaxEntries: 100 + # reportBatchMaxTime is the max waiting time before the telemetry data of a request is sent to the mixer server + reportBatchMaxTime: 1s + disableMixerHttpReports: false + + # Set the following variable to true to disable policy checks by the Mixer. + # Note that metrics will still be reported to the Mixer. + disablePolicyChecks: true + + # Automatic protocol detection uses a set of heuristics to + # determine whether the connection is using TLS or not (on the + # server side), as well as the application protocol being used + # (e.g., http vs tcp). These heuristics rely on the client sending + # the first bits of data. For server first protocols like MySQL, + # MongoDB, etc., Envoy will timeout on the protocol detection after + # the specified period, defaulting to non mTLS plain TCP + # traffic. Set this field to tweak the period that Envoy will wait + # for the client to send the first bits of data. (MUST BE >=1ms) + protocolDetectionTimeout: 100ms + + # This is the k8s ingress service name, update if you used a different name + ingressService: "istio-ingressgateway" + ingressControllerMode: "STRICT" + ingressClass: "istio" + + # The trust domain corresponds to the trust root of a system. + # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain + trustDomain: "cluster.local" + + # The trust domain aliases represent the aliases of trust_domain. + # For example, if we have + # trustDomain: td1 + # trustDomainAliases: [“td2”, "td3"] + # Any service with the identity "td1/ns/foo/sa/a-service-account", "td2/ns/foo/sa/a-service-account", + # or "td3/ns/foo/sa/a-service-account" will be treated the same in the Istio mesh. + trustDomainAliases: + + # Used by pilot-agent + sdsUdsPath: "unix:/etc/istio/proxy/SDS" + + # If true, automatically configure client side mTLS settings to match the corresponding service's + # server side mTLS authentication policy, when destination rule for that service does not specify + # TLS settings. + enableAutoMtls: true + + outboundTrafficPolicy: + mode: ALLOW_ANY + localityLbSetting: + enabled: true + + # Configures DNS certificates provisioned through Chiron linked into Pilot. + # The DNS certificate provisioning is enabled by default now so it get tested. + # TODO (lei-tang): we'll decide whether enable it by default or not before Istio 1.4 Release. + certificates: + [] + + defaultConfig: + # + # TCP connection timeout between Envoy & the application, and between Envoys. + connectTimeout: 10s + # + ### ADVANCED SETTINGS ############# + # Where should envoy's configuration be stored in the istio-proxy container + configPath: "/etc/istio/proxy" + # The pseudo service name used for Envoy. + serviceCluster: istio-proxy + # These settings that determine how long an old Envoy + # process should be kept alive after an occasional reload. + drainDuration: 45s + parentShutdownDuration: 1m0s + # + # Port where Envoy listens (on local host) for admin commands + # You can exec into the istio-proxy container in a pod and + # curl the admin port (curl http://localhost:15000/) to obtain + # diagnostic information from Envoy. See + # https://lyft.github.io/envoy/docs/operations/admin.html + # for more details + proxyAdminPort: 15000 + # + # Set concurrency to a specific number to control the number of Proxy worker threads. + # If set to 0 (default), then start worker thread for each CPU thread/core. + concurrency: 2 + # + tracing: + zipkin: + # Address of the Zipkin collector + address: zipkin.istio-system:9411 + # If port is 15012, will use SDS. + # controlPlaneAuthPolicy is for mounted secrets, will wait for the files. + controlPlaneAuthPolicy: NONE + discoveryAddress: istio-pilot.istio-system.svc:15012 +--- + + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: pilot + istio: pilot + release: istio + name: istio-pilot + namespace: istio-system +spec: + selector: + matchLabels: + istio: pilot + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: pilot + chart: pilot + heritage: Tiller + istio: pilot + release: istio + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - discovery + - --monitoringAddr=:15014 + - --log_output_level=default:info + - --domain + - cluster.local + - --secureGrpcAddr + - "" + - --trust-domain=cluster.local + - --keepaliveMaxServerConnectionAge + - 30m + - --disable-install-crds=true + env: + - name: JWT_POLICY + value: third-party-jwt + - name: PILOT_CERT_PROVIDER + value: citadel + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: PILOT_TRACE_SAMPLING + value: "1" + - name: CONFIG_NAMESPACE + value: istio-config + - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND + value: "true" + - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND + value: "false" + - name: ISTIOD_ADDR + value: istio-pilot.istio-system.svc:15012 + - name: PILOT_EXTERNAL_GALLEY + value: "false" + envFrom: + - configMapRef: + name: istiod + optional: true + image: component.pilot.hub/pilot:component.pilot.tag + imagePullPolicy: IfNotPresent + name: discovery + ports: + - containerPort: 8080 + - containerPort: 15010 + - containerPort: 15017 + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 5 + resources: + requests: + cpu: 500m + memory: 2048Mi + volumeMounts: + - mountPath: /etc/istio/config + name: config-volume + - mountPath: /var/run/secrets/tokens + name: istio-token + readOnly: true + - mountPath: /var/run/secrets/istio-dns + name: local-certs + - mountPath: /etc/cacerts + name: cacerts + readOnly: true + - mountPath: /var/lib/istio/inject + name: inject + readOnly: true + - mountPath: /var/lib/istio/local + name: istiod + readOnly: true + - mountPath: /var/lib/istio/validation + name: validation + readOnly: true + securityContext: + fsGroup: 1337 + serviceAccountName: istio-pilot-service-account + volumes: + - emptyDir: + medium: Memory + name: local-certs + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + - configMap: + name: istiod + optional: true + name: istiod + - name: cacerts + secret: + optional: true + secretName: cacerts + - configMap: + name: istio-sidecar-injector + optional: true + name: inject + - configMap: + name: istio-validation + optional: true + name: validation + - configMap: + name: istio + name: config-volume + - configMap: + name: pilot-envoy-config + name: pilot-envoy-config + +--- + + +apiVersion: "authentication.istio.io/v1alpha1" +kind: "MeshPolicy" +metadata: + name: "default" + labels: + release: istio +spec: + peers: + - mtls: + mode: PERMISSIVE +--- + + +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-sidecar-injector + namespace: istio-system + labels: + release: istio +data: + + values: |- + { + "global": { + "arch": { + "amd64": 2, + "ppc64le": 2, + "s390x": 2 + }, + "certificates": [], + "configNamespace": "istio-system", + "configValidation": true, + "controlPlaneSecurityEnabled": false, + "defaultNodeSelector": {}, + "defaultPodDisruptionBudget": { + "enabled": true + }, + "defaultResources": { + "requests": { + "cpu": "10m" + } + }, + "disablePolicyChecks": true, + "enableHelmTest": false, + "enableTracing": true, + "enabled": true, + "hub": "istio-spec.hub", + "imagePullPolicy": "IfNotPresent", + "imagePullSecrets": [], + "istioNamespace": "istio-system", + "istiod": { + "enabled": true + }, + "jwtPolicy": "third-party-jwt", + "k8sIngress": { + "enableHttps": false, + "enabled": false, + "gatewayName": "ingressgateway" + }, + "localityLbSetting": { + "enabled": true + }, + "logAsJson": false, + "logging": { + "level": "default:info" + }, + "meshExpansion": { + "enabled": false, + "useILB": false + }, + "meshNetworks": {}, + "mtls": { + "auto": true, + "enabled": false + }, + "multiCluster": { + "clusterName": "", + "enabled": false + }, + "namespace": "istio-system", + "network": "", + "omitSidecarInjectorConfigMap": false, + "oneNamespace": false, + "operatorManageWebhooks": false, + "outboundTrafficPolicy": { + "mode": "ALLOW_ANY" + }, + "pilotCertProvider": "citadel", + "policyCheckFailOpen": false, + "policyNamespace": "istio-system", + "priorityClassName": "", + "prometheusNamespace": "istio-system", + "proxy": { + "accessLogEncoding": "TEXT", + "accessLogFile": "", + "accessLogFormat": "", + "autoInject": "enabled", + "clusterDomain": "cluster.local", + "componentLogLevel": "misc:error", + "concurrency": 2, + "dnsRefreshRate": "300s", + "enableCoreDump": false, + "envoyAccessLogService": { + "enabled": false + }, + "envoyMetricsService": { + "enabled": false, + "tcpKeepalive": { + "interval": "10s", + "probes": 3, + "time": "10s" + }, + "tlsSettings": { + "mode": "DISABLE", + "subjectAltNames": [] + } + }, + "envoyStatsd": { + "enabled": false + }, + "excludeIPRanges": "", + "excludeInboundPorts": "", + "excludeOutboundPorts": "", + "image": "proxyv2", + "includeIPRanges": "*", + "includeInboundPorts": "*", + "kubevirtInterfaces": "", + "logLevel": "warning", + "privileged": false, + "protocolDetectionTimeout": "100ms", + "readinessFailureThreshold": 30, + "readinessInitialDelaySeconds": 1, + "readinessPeriodSeconds": 2, + "resources": { + "limits": { + "cpu": "2000m", + "memory": "1024Mi" + }, + "requests": { + "cpu": "100m", + "memory": "128Mi" + } + }, + "statusPort": 15020, + "tracer": "zipkin" + }, + "proxy_init": { + "image": "proxyv2", + "resources": { + "limits": { + "cpu": "100m", + "memory": "50Mi" + }, + "requests": { + "cpu": "10m", + "memory": "10Mi" + } + } + }, + "sds": { + "enabled": false, + "token": { + "aud": "istio-ca" + }, + "udsPath": "" + }, + "securityNamespace": "istio-system", + "tag": "istio-spec.tag", + "telemetryNamespace": "istio-system", + "tracer": { + "datadog": { + "address": "$(HOST_IP):8126" + }, + "lightstep": { + "accessToken": "", + "address": "", + "cacertPath": "", + "secure": true + }, + "zipkin": { + "address": "" + } + }, + "trustDomain": "cluster.local", + "useMCP": false + }, + "istio_cni": { + "enabled": true + }, + "sidecarInjectorWebhook": { + "alwaysInjectSelector": [], + "enableNamespacesByDefault": false, + "enabled": false, + "image": "sidecar_injector", + "injectLabel": "istio-injection", + "injectedAnnotations": {}, + "namespace": "istio-system", + "neverInjectSelector": [], + "objectSelector": { + "autoInject": true, + "enabled": false + }, + "rewriteAppHTTPProbe": false, + "selfSigned": false + } + } + + # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching + # and istiod webhook functionality. + # + # New fields should not use Values - it is a 'primary' config object, users should be able + # to fine tune it or use it with kube-inject. + config: |- + policy: enabled + alwaysInjectSelector: + [] + neverInjectSelector: + [] + injectedAnnotations: + + # Configmap optimized for Istiod. Please DO NOT MERGE all changes from istio - in particular those dependent on + # Values.yaml, which should not be used by istiod. + + # Istiod only uses SDS based config ( files will mapped/handled by SDS). + + template: | + rewriteAppHTTPProbe: {{ valueOrDefault .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe false }} + initContainers: + {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} + {{ if .Values.istio_cni.enabled -}} + - name: istio-validation + {{ else -}} + - name: istio-init + {{ end -}} + {{- if contains "/" .Values.global.proxy_init.image }} + image: "{{ .Values.global.proxy_init.image }}" + {{- else }} + image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" + {{- end }} + command: + - istio-iptables + - "-p" + - 15001 + - "-z" + - "15006" + - "-u" + - 1337 + - "-m" + - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + - "-i" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + - "-x" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + - "-b" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" + - "-d" + - "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} + - "-o" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" + {{ end -}} + {{ if .Values.istio_cni.enabled -}} + - "--run-validation" + - "--skip-rule-apply" + {{ end -}} + imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" + {{- if .Values.global.proxy_init.resources }} + resources: + {{ toYaml .Values.global.proxy_init.resources | indent 4 }} + {{- else }} + resources: {} + {{- end }} + securityContext: + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + privileged: {{ .Values.global.proxy.privileged }} + capabilities: + {{- if not .Values.istio_cni.enabled }} + add: + - NET_ADMIN + - NET_RAW + {{- end }} + drop: + - ALL + readOnlyRootFilesystem: false + {{- if not .Values.istio_cni.enabled }} + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + {{- else }} + runAsGroup: 1337 + runAsUser: 1337 + runAsNonRoot: true + {{- end }} + restartPolicy: Always + {{ end -}} + {{- if eq .Values.global.proxy.enableCoreDump true }} + - name: enable-core-dump + args: + - -c + - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited + command: + - /bin/sh + {{- if contains "/" .Values.global.proxy_init.image }} + image: "{{ .Values.global.proxy_init.image }}" + {{- else }} + image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" + {{- end }} + imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" + resources: {} + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + drop: + - ALL + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + {{ end }} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --configPath + - "/etc/istio/proxy" + - --binaryPath + - "/usr/local/bin/envoy" + - --serviceCluster + {{ if ne "" (index .ObjectMeta.Labels "app") -}} + - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" + {{ else -}} + - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" + {{ end -}} + - --drainDuration + - "{{ formatDuration .ProxyConfig.DrainDuration }}" + - --parentShutdownDuration + - "{{ formatDuration .ProxyConfig.ParentShutdownDuration }}" + - --discoveryAddress + - "{{ annotation .ObjectMeta `sidecar.istio.io/discoveryAddress` .ProxyConfig.DiscoveryAddress }}" + {{- if eq .Values.global.proxy.tracer "lightstep" }} + - --lightstepAddress + - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAddress }}" + - --lightstepAccessToken + - "{{ .ProxyConfig.GetTracing.GetLightstep.GetAccessToken }}" + - --lightstepSecure={{ .ProxyConfig.GetTracing.GetLightstep.GetSecure }} + - --lightstepCacertPath + - "{{ .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }}" + {{- else if eq .Values.global.proxy.tracer "zipkin" }} + - --zipkinAddress + - "{{ .ProxyConfig.GetTracing.GetZipkin.GetAddress }}" + {{- else if eq .Values.global.proxy.tracer "datadog" }} + - --datadogAgentAddress + - "{{ .ProxyConfig.GetTracing.GetDatadog.GetAddress }}" + {{- end }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel}} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel}} + - --connectTimeout + - "{{ formatDuration .ProxyConfig.ConnectTimeout }}" + {{- if .Values.global.proxy.envoyStatsd.enabled }} + - --statsdUdpAddress + - "{{ .ProxyConfig.StatsdUdpAddress }}" + {{- end }} + {{- if .Values.global.proxy.envoyMetricsService.enabled }} + - --envoyMetricsService + - '{{ protoToJSON .ProxyConfig.EnvoyMetricsService }}' + {{- end }} + {{- if .Values.global.proxy.envoyAccessLogService.enabled }} + - --envoyAccessLogService + - '{{ protoToJSON .ProxyConfig.EnvoyAccessLogService }}' + {{- end }} + - --proxyAdminPort + - "{{ .ProxyConfig.ProxyAdminPort }}" + {{ if gt .ProxyConfig.Concurrency 0 -}} + - --concurrency + - "{{ .ProxyConfig.Concurrency }}" + {{ end -}} + {{- if .Values.global.istiod.enabled }} + - --controlPlaneAuthPolicy + - NONE + {{- else if .Values.global.controlPlaneSecurityEnabled }} + - --controlPlaneAuthPolicy + - MUTUAL_TLS + {{- else }} + - --controlPlaneAuthPolicy + - NONE + {{- end }} + - --dnsRefreshRate + - {{ valueOrDefault .Values.global.proxy.dnsRefreshRate "300s" }} + {{- if (ne (annotation .ObjectMeta "status.sidecar.istio.io/port" .Values.global.proxy.statusPort) "0") }} + - --statusPort + - "{{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }}" + {{- end }} + {{- if .Values.global.trustDomain }} + - --trust-domain={{ .Values.global.trustDomain }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + - --controlPlaneBootstrap=false + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 4 }} + {{- end }} + env: + - name: JWT_POLICY + value: {{ .Values.global.jwtPolicy }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + # Temp, pending PR to make it default or based on the istiodAddr env + - name: CA_ADDR + {{- if .Values.global.configNamespace }} + value: istio-pilot.{{ .Values.global.configNamespace }}.svc:15012 + {{- else }} + value: istio-pilot.istio-system.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + {{- if eq .Values.global.proxy.tracer "datadog" }} + {{- if isset .ObjectMeta.Annotations `apm.datadoghq.com/env` }} + {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + {{- end }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SDS_ENABLED + value: "{{ .Values.global.sds.enabled }}" + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{ if .ObjectMeta.Annotations }} + - name: ISTIO_METAJSON_ANNOTATIONS + value: | + {{ toJSON .ObjectMeta.Annotations }} + {{ end }} + {{ if .ObjectMeta.Labels }} + - name: ISTIO_METAJSON_LABELS + value: | + {{ toJSON .ObjectMeta.Labels }} + {{ end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: {{ .DeploymentMeta.Name }} + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if .Values.global.trustDomain }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.trustDomain }}" + {{- end }} + {{- if eq .Values.global.proxy.tracer "stackdriver" }} + - name: STACKDRIVER_TRACING_ENABLED + value: "true" + - name: STACKDRIVER_TRACING_DEBUG + value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetDebug }}" + - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ANNOTATIONS + value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAnnotations }}" + - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_ATTRIBUTES + value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfAttributes }}" + - name: STACKDRIVER_TRACING_MAX_NUMBER_OF_MESSAGE_EVENTS + value: "{{ .ProxyConfig.GetTracing.GetStackdriver.GetMaxNumberOfMessageEvents }}" + {{- end }} + {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + readinessProbe: + httpGet: + path: /healthz/ready + port: {{ annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort }} + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + {{ end -}} + securityContext: + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + capabilities: + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} + add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + - NET_ADMIN + {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} + drop: + - ALL + privileged: {{ .Values.global.proxy.privileged }} + readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} + runAsGroup: 1337 + fsGroup: 1337 + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} + runAsNonRoot: false + runAsUser: 0 + {{- else -}} + runAsNonRoot: true + runAsUser: 1337 + {{- end }} + resources: + {{ if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" + {{ end}} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" + {{ end }} + {{ else -}} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 4 }} + {{- end }} + {{ end -}} + volumeMounts: + {{- if eq .Values.global.pilotCertProvider "citadel" }} + - mountPath: /etc/istio/citadel-ca-cert + name: citadel-ca-cert + {{- end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + - mountPath: /etc/istio/proxy + name: istio-envoy + {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- end }} + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} + - mountPath: {{ directory .ProxyConfig.GetTracing.GetLightstep.GetCacertPath }} + name: lightstep-certs + readOnly: true + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{- end }} + volumes: + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + - emptyDir: + medium: Memory + name: istio-envoy + {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- end }} + {{- if eq .Values.global.pilotCertProvider "citadel" }} + - name: citadel-ca-cert + configMap: + name: istio-ca-root-cert + {{- end }} + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 2 }} + {{ end }} + {{ end }} + {{- if and (eq .Values.global.proxy.tracer "lightstep") .Values.global.tracer.lightstep.cacertPath }} + - name: lightstep-certs + secret: + optional: true + secretName: lightstep.cacert + {{- end }} + {{- if .Values.global.podDNSSearchNamespaces }} + dnsConfig: + searches: + {{- range .Values.global.podDNSSearchNamespaces }} + - {{ render . }} + {{- end }} + {{- end }} + podRedirectAnnot: + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + traffic.sidecar.istio.io/includeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` (includeInboundPorts .Spec.Containers) }}" + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{- end }} + traffic.sidecar.istio.io/kubevirtInterfaces: "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" +--- + + +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: istio-sidecar-injector + + labels: + app: sidecar-injector + release: istio +webhooks: + - name: sidecar-injector.istio.io + clientConfig: + service: + name: istio-pilot + namespace: istio-system + path: "/inject" + caBundle: "" + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + namespaceSelector: + matchLabels: + istio-injection: enabled +--- + + +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: istio-pilot + namespace: istio-system + labels: + app: pilot + release: istio + istio: pilot +spec: + minAvailable: 1 + selector: + matchLabels: + app: pilot + release: istio + istio: pilot +--- + + +apiVersion: v1 +kind: Service +metadata: + name: istio-pilot + namespace: istio-system + labels: + app: pilot + release: istio + istio: pilot +spec: + ports: + - port: 15010 + name: grpc-xds # direct + - port: 15011 + name: https-xds # mTLS + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + - port: 8080 + name: http-legacy-discovery # direct + - port: 15014 + name: http-monitoring + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + selector: + istio: pilot +--- + + +apiVersion: v1 +kind: Service +metadata: + name: istiod + namespace: istio-system + labels: + app: istiod + release: istio +spec: + ports: + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + selector: + app: pilot + istio: pilot +--- + + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-pilot-service-account + namespace: istio-system + labels: + app: pilot + release: istio +--- + + +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: istio-galley + namespace: istio-system + labels: + app: galley + release: istio + istio: galley +webhooks: +--- + +# Policy component is disabled. + +# SidecarInjector component is disabled. + +# Resources for Telemetry component + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: mixer + release: istio + name: istio-telemetry + namespace: istio-system +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istio-telemetry + +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-mixer-istio-system + labels: + app: istio-telemetry + release: istio +rules: +- apiGroups: ["config.istio.io"] # istio CRD watcher + resources: ["*"] + verbs: ["create", "get", "list", "watch", "patch"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["configmaps", "endpoints", "pods", "services", "namespaces", "secrets", "replicationcontrollers"] + verbs: ["get", "list", "watch"] +- apiGroups: ["extensions", "apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] +--- + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-mixer-admin-role-binding-istio-system + labels: + app: istio-telemetry + release: istio +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-mixer-istio-system +subjects: + - kind: ServiceAccount + name: istio-mixer-service-account + namespace: istio-system +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: attributemanifest +metadata: + name: istioproxy + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + attributes: + origin.ip: + valueType: IP_ADDRESS + origin.uid: + valueType: STRING + origin.user: + valueType: STRING + request.headers: + valueType: STRING_MAP + request.id: + valueType: STRING + request.host: + valueType: STRING + request.method: + valueType: STRING + request.path: + valueType: STRING + request.url_path: + valueType: STRING + request.query_params: + valueType: STRING_MAP + request.reason: + valueType: STRING + request.referer: + valueType: STRING + request.scheme: + valueType: STRING + request.total_size: + valueType: INT64 + request.size: + valueType: INT64 + request.time: + valueType: TIMESTAMP + request.useragent: + valueType: STRING + response.code: + valueType: INT64 + response.duration: + valueType: DURATION + response.headers: + valueType: STRING_MAP + response.total_size: + valueType: INT64 + response.size: + valueType: INT64 + response.time: + valueType: TIMESTAMP + response.grpc_status: + valueType: STRING + response.grpc_message: + valueType: STRING + source.uid: + valueType: STRING + source.user: # DEPRECATED + valueType: STRING + source.principal: + valueType: STRING + destination.uid: + valueType: STRING + destination.principal: + valueType: STRING + destination.port: + valueType: INT64 + connection.event: + valueType: STRING + connection.id: + valueType: STRING + connection.received.bytes: + valueType: INT64 + connection.received.bytes_total: + valueType: INT64 + connection.sent.bytes: + valueType: INT64 + connection.sent.bytes_total: + valueType: INT64 + connection.duration: + valueType: DURATION + connection.mtls: + valueType: BOOL + connection.requested_server_name: + valueType: STRING + context.protocol: + valueType: STRING + context.proxy_error_code: + valueType: STRING + context.timestamp: + valueType: TIMESTAMP + context.time: + valueType: TIMESTAMP + # Deprecated, kept for compatibility + context.reporter.local: + valueType: BOOL + context.reporter.kind: + valueType: STRING + context.reporter.uid: + valueType: STRING + context.proxy_version: + valueType: STRING + api.service: + valueType: STRING + api.version: + valueType: STRING + api.operation: + valueType: STRING + api.protocol: + valueType: STRING + request.auth.principal: + valueType: STRING + request.auth.audiences: + valueType: STRING + request.auth.presenter: + valueType: STRING + request.auth.claims: + valueType: STRING_MAP + request.auth.raw_claims: + valueType: STRING + request.api_key: + valueType: STRING + rbac.permissive.response_code: + valueType: STRING + rbac.permissive.effective_policy_id: + valueType: STRING + check.error_code: + valueType: INT64 + check.error_message: + valueType: STRING + check.cache_hit: + valueType: BOOL + quota.cache_hit: + valueType: BOOL +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: attributemanifest +metadata: + name: kubernetes + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + attributes: + source.ip: + valueType: IP_ADDRESS + source.labels: + valueType: STRING_MAP + source.metadata: + valueType: STRING_MAP + source.name: + valueType: STRING + source.namespace: + valueType: STRING + source.owner: + valueType: STRING + source.serviceAccount: + valueType: STRING + source.services: + valueType: STRING + source.workload.uid: + valueType: STRING + source.workload.name: + valueType: STRING + source.workload.namespace: + valueType: STRING + destination.ip: + valueType: IP_ADDRESS + destination.labels: + valueType: STRING_MAP + destination.metadata: + valueType: STRING_MAP + destination.owner: + valueType: STRING + destination.name: + valueType: STRING + destination.container.name: + valueType: STRING + destination.namespace: + valueType: STRING + destination.service.uid: + valueType: STRING + destination.service.name: + valueType: STRING + destination.service.namespace: + valueType: STRING + destination.service.host: + valueType: STRING + destination.serviceAccount: + valueType: STRING + destination.workload.uid: + valueType: STRING + destination.workload.name: + valueType: STRING + destination.workload.namespace: + valueType: STRING +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: instance +metadata: + name: requestcount + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledTemplate: metric + params: + value: "1" + dimensions: + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + source_principal: source.principal | "unknown" + source_app: source.labels["app"] | "unknown" + source_version: source.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + destination_principal: destination.principal | "unknown" + destination_app: destination.labels["app"] | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + monitored_resource_type: '"UNSPECIFIED"' +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: instance +metadata: + name: requestduration + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledTemplate: metric + params: + value: response.duration | "0ms" + dimensions: + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + source_principal: source.principal | "unknown" + source_app: source.labels["app"] | "unknown" + source_version: source.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + destination_principal: destination.principal | "unknown" + destination_app: destination.labels["app"] | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + monitored_resource_type: '"UNSPECIFIED"' +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: instance +metadata: + name: requestsize + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledTemplate: metric + params: + value: request.size | 0 + dimensions: + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + source_principal: source.principal | "unknown" + source_app: source.labels["app"] | "unknown" + source_version: source.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + destination_principal: destination.principal | "unknown" + destination_app: destination.labels["app"] | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + monitored_resource_type: '"UNSPECIFIED"' +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: instance +metadata: + name: responsesize + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledTemplate: metric + params: + value: response.size | 0 + dimensions: + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + source_principal: source.principal | "unknown" + source_app: source.labels["app"] | "unknown" + source_version: source.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + destination_principal: destination.principal | "unknown" + destination_app: destination.labels["app"] | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_service: destination.service.host | conditional((destination.service.name | "unknown") == "unknown", "unknown", request.host) + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + request_protocol: api.protocol | context.protocol | "unknown" + response_code: response.code | 200 + response_flags: context.proxy_error_code | "-" + permissive_response_code: rbac.permissive.response_code | "none" + permissive_response_policyid: rbac.permissive.effective_policy_id | "none" + connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + monitored_resource_type: '"UNSPECIFIED"' +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: instance +metadata: + name: tcpbytesent + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledTemplate: metric + params: + value: connection.sent.bytes | 0 + dimensions: + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + source_principal: source.principal | "unknown" + source_app: source.labels["app"] | "unknown" + source_version: source.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + destination_principal: destination.principal | "unknown" + destination_app: destination.labels["app"] | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + response_flags: context.proxy_error_code | "-" + monitored_resource_type: '"UNSPECIFIED"' +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: instance +metadata: + name: tcpbytereceived + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledTemplate: metric + params: + value: connection.received.bytes | 0 + dimensions: + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + source_principal: source.principal | "unknown" + source_app: source.labels["app"] | "unknown" + source_version: source.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + destination_principal: destination.principal | "unknown" + destination_app: destination.labels["app"] | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + response_flags: context.proxy_error_code | "-" + monitored_resource_type: '"UNSPECIFIED"' +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: instance +metadata: + name: tcpconnectionsopened + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledTemplate: metric + params: + value: "1" + dimensions: + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + source_principal: source.principal | "unknown" + source_app: source.labels["app"] | "unknown" + source_version: source.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + destination_principal: destination.principal | "unknown" + destination_app: destination.labels["app"] | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + response_flags: context.proxy_error_code | "-" + monitored_resource_type: '"UNSPECIFIED"' +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: instance +metadata: + name: tcpconnectionsclosed + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledTemplate: metric + params: + value: "1" + dimensions: + reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination") + source_workload: source.workload.name | "unknown" + source_workload_namespace: source.workload.namespace | "unknown" + source_principal: source.principal | "unknown" + source_app: source.labels["app"] | "unknown" + source_version: source.labels["version"] | "unknown" + destination_workload: destination.workload.name | "unknown" + destination_workload_namespace: destination.workload.namespace | "unknown" + destination_principal: destination.principal | "unknown" + destination_app: destination.labels["app"] | "unknown" + destination_version: destination.labels["version"] | "unknown" + destination_service: destination.service.host | "unknown" + destination_service_name: destination.service.name | "unknown" + destination_service_namespace: destination.service.namespace | "unknown" + connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none")) + response_flags: context.proxy_error_code | "-" + monitored_resource_type: '"UNSPECIFIED"' +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: handler +metadata: + name: prometheus + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledAdapter: prometheus + params: + metricsExpirationPolicy: + metricsExpiryDuration: "10m" + metrics: + - name: requests_total + instance_name: requestcount.instance.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + - name: request_duration_seconds + instance_name: requestduration.instance.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + buckets: + explicit_buckets: + bounds: [0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1, 2.5, 5, 10] + - name: request_bytes + instance_name: requestsize.instance.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + buckets: + exponentialBuckets: + numFiniteBuckets: 8 + scale: 1 + growthFactor: 10 + - name: response_bytes + instance_name: responsesize.instance.istio-system + kind: DISTRIBUTION + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - request_protocol + - response_code + - response_flags + - permissive_response_code + - permissive_response_policyid + - connection_security_policy + buckets: + exponentialBuckets: + numFiniteBuckets: 8 + scale: 1 + growthFactor: 10 + - name: tcp_sent_bytes_total + instance_name: tcpbytesent.instance.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + - name: tcp_received_bytes_total + instance_name: tcpbytereceived.instance.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + - name: tcp_connections_opened_total + instance_name: tcpconnectionsopened.instance.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags + - name: tcp_connections_closed_total + instance_name: tcpconnectionsclosed.instance.istio-system + kind: COUNTER + label_names: + - reporter + - source_app + - source_principal + - source_workload + - source_workload_namespace + - source_version + - destination_app + - destination_principal + - destination_workload + - destination_workload_namespace + - destination_version + - destination_service + - destination_service_name + - destination_service_namespace + - connection_security_policy + - response_flags +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: rule +metadata: + name: promhttp + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + match: (context.protocol == "http" || context.protocol == "grpc") && (match((request.useragent | "-"), "kube-probe*") == false) && (match((request.useragent | "-"), "Prometheus*") == false) + actions: + - handler: prometheus + instances: + - requestcount + - requestduration + - requestsize + - responsesize +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: rule +metadata: + name: promtcp + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + match: context.protocol == "tcp" + actions: + - handler: prometheus + instances: + - tcpbytesent + - tcpbytereceived +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: rule +metadata: + name: promtcpconnectionopen + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + match: context.protocol == "tcp" && ((connection.event | "na") == "open") + actions: + - handler: prometheus + instances: + - tcpconnectionsopened +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: rule +metadata: + name: promtcpconnectionclosed + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + match: context.protocol == "tcp" && ((connection.event | "na") == "close") + actions: + - handler: prometheus + instances: + - tcpconnectionsclosed +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: handler +metadata: + name: kubernetesenv + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledAdapter: kubernetesenv + params: + # when running from mixer root, use the following config after adding a + # symbolic link to a kubernetes config file via: + # + # $ ln -s ~/.kube/config mixer/adapter/kubernetes/kubeconfig + # + # kubeconfig_path: "mixer/adapter/kubernetes/kubeconfig" +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: rule +metadata: + name: kubeattrgenrulerule + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + actions: + - handler: kubernetesenv + instances: + - attributes +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: rule +metadata: + name: tcpkubeattrgenrulerule + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + match: context.protocol == "tcp" + actions: + - handler: kubernetesenv + instances: + - attributes +--- + + +apiVersion: "config.istio.io/v1alpha2" +kind: instance +metadata: + name: attributes + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + compiledTemplate: kubernetes + params: + # Pass the required attribute data to the adapter + source_uid: source.uid | "" + source_ip: source.ip | ip("0.0.0.0") # default to unspecified ip addr + destination_uid: destination.uid | "" + destination_port: destination.port | 0 + attributeBindings: + # Fill the new attributes from the adapter produced output. + # $out refers to an instance of OutputTemplate message + source.ip: $out.source_pod_ip | ip("0.0.0.0") + source.uid: $out.source_pod_uid | "unknown" + source.labels: $out.source_labels | emptyStringMap() + source.name: $out.source_pod_name | "unknown" + source.namespace: $out.source_namespace | "default" + source.owner: $out.source_owner | "unknown" + source.serviceAccount: $out.source_service_account_name | "unknown" + source.workload.uid: $out.source_workload_uid | "unknown" + source.workload.name: $out.source_workload_name | "unknown" + source.workload.namespace: $out.source_workload_namespace | "unknown" + destination.ip: $out.destination_pod_ip | ip("0.0.0.0") + destination.uid: $out.destination_pod_uid | "unknown" + destination.labels: $out.destination_labels | emptyStringMap() + destination.name: $out.destination_pod_name | "unknown" + destination.container.name: $out.destination_container_name | "unknown" + destination.namespace: $out.destination_namespace | "default" + destination.owner: $out.destination_owner | "unknown" + destination.serviceAccount: $out.destination_service_account_name | "unknown" + destination.workload.uid: $out.destination_workload_uid | "unknown" + destination.workload.name: $out.destination_workload_name | "unknown" + destination.workload.namespace: $out.destination_workload_namespace | "unknown" +--- + + +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: istio-telemetry + namespace: istio-system + labels: + app: istio-telemetry + release: istio +spec: + host: istio-telemetry.istio-system.svc.cluster.local + trafficPolicy: + portLevelSettings: + - port: + number: 15004 # grpc-mixer-mtls + tls: + mode: ISTIO_MUTUAL + - port: + number: 9091 # grpc-mixer + tls: + mode: DISABLE + connectionPool: + http: + http2MaxRequests: 10000 + maxRequestsPerConnection: 10000 +--- + + +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: istio-system + name: telemetry-envoy-config + labels: + release: istio +data: + # Explicitly defined - moved from istio/istio/pilot/docker. + envoy.yaml.tmpl: |- + admin: + access_log_path: /dev/null + address: + socket_address: + address: 127.0.0.1 + port_value: 15000 + stats_config: + use_all_default_tags: false + stats_tags: + - tag_name: cluster_name + regex: '^cluster\.((.+?(\..+?\.svc\.cluster\.local)?)\.)' + - tag_name: tcp_prefix + regex: '^tcp\.((.*?)\.)\w+?$' + - tag_name: response_code + regex: '_rq(_(\d{3}))$' + - tag_name: response_code_class + regex: '_rq(_(\dxx))$' + - tag_name: http_conn_manager_listener_prefix + regex: '^listener(?=\.).*?\.http\.(((?:[_.[:digit:]]*|[_\[\]aAbBcCdDeEfF[:digit:]]*))\.)' + - tag_name: http_conn_manager_prefix + regex: '^http\.(((?:[_.[:digit:]]*|[_\[\]aAbBcCdDeEfF[:digit:]]*))\.)' + - tag_name: listener_address + regex: '^listener\.(((?:[_.[:digit:]]*|[_\[\]aAbBcCdDeEfF[:digit:]]*))\.)' + + static_resources: + clusters: + - name: prometheus_stats + type: STATIC + connect_timeout: 0.250s + lb_policy: ROUND_ROBIN + hosts: + - socket_address: + protocol: TCP + address: 127.0.0.1 + port_value: 15000 + + - name: inbound_9092 + circuit_breakers: + thresholds: + - max_connections: 100000 + max_pending_requests: 100000 + max_requests: 100000 + max_retries: 3 + connect_timeout: 1.000s + hosts: + - pipe: + path: /sock/mixer.socket + http2_protocol_options: {} + + - name: out.galley.15019 + http2_protocol_options: {} + connect_timeout: 1.000s + type: STRICT_DNS + + circuit_breakers: + thresholds: + - max_connections: 100000 + max_pending_requests: 100000 + max_requests: 100000 + max_retries: 3 + + tls_context: + common_tls_context: + tls_certificates: + - certificate_chain: + filename: /etc/certs/cert-chain.pem + private_key: + filename: /etc/certs/key.pem + validation_context: + trusted_ca: + filename: /etc/certs/root-cert.pem + verify_subject_alt_name: + - spiffe://cluster.local/ns/istio-system/sa/istio-galley-service-account + + hosts: + - socket_address: + address: istio-galley.istio-system + port_value: 15019 + + + listeners: + - name: "15090" + address: + socket_address: + protocol: TCP + address: 0.0.0.0 + port_value: 15090 + filter_chains: + - filters: + - name: envoy.http_connection_manager + config: + codec_type: AUTO + stat_prefix: stats + route_config: + virtual_hosts: + - name: backend + domains: + - '*' + routes: + - match: + prefix: /stats/prometheus + route: + cluster: prometheus_stats + http_filters: + - name: envoy.router + + - name: "15004" + address: + socket_address: + address: 0.0.0.0 + port_value: 15004 + filter_chains: + - filters: + - config: + codec_type: HTTP2 + http2_protocol_options: + max_concurrent_streams: 1073741824 + generate_request_id: true + http_filters: + - config: + default_destination_service: istio-telemetry.istio-system.svc.cluster.local + service_configs: + istio-telemetry.istio-system.svc.cluster.local: + disable_check_calls: true + {{- if .DisableReportCalls }} + disable_report_calls: true + {{- end }} + mixer_attributes: + attributes: + destination.service.host: + string_value: istio-telemetry.istio-system.svc.cluster.local + destination.service.uid: + string_value: istio://istio-system/services/istio-telemetry + destination.service.name: + string_value: istio-telemetry + destination.service.namespace: + string_value: istio-system + destination.uid: + string_value: kubernetes://{{ .PodName }}.istio-system + destination.namespace: + string_value: istio-system + destination.ip: + bytes_value: {{ .PodIP }} + destination.port: + int64_value: 15004 + context.reporter.kind: + string_value: inbound + context.reporter.uid: + string_value: kubernetes://{{ .PodName }}.istio-system + transport: + check_cluster: mixer_check_server + report_cluster: inbound_9092 + name: mixer + - name: envoy.router + route_config: + name: "15004" + virtual_hosts: + - domains: + - '*' + name: istio-telemetry.istio-system.svc.cluster.local + routes: + - decorator: + operation: Report + match: + prefix: / + route: + cluster: inbound_9092 + timeout: 0.000s + stat_prefix: "15004" + name: envoy.http_connection_manager + + - name: "9091" + address: + socket_address: + address: 0.0.0.0 + port_value: 9091 + filter_chains: + - filters: + - config: + codec_type: HTTP2 + http2_protocol_options: + max_concurrent_streams: 1073741824 + generate_request_id: true + http_filters: + - config: + default_destination_service: istio-telemetry.istio-system.svc.cluster.local + service_configs: + istio-telemetry.istio-system.svc.cluster.local: + disable_check_calls: true + {{- if .DisableReportCalls }} + disable_report_calls: true + {{- end }} + mixer_attributes: + attributes: + destination.service.host: + string_value: istio-telemetry.istio-system.svc.cluster.local + destination.service.uid: + string_value: istio://istio-system/services/istio-telemetry + destination.service.name: + string_value: istio-telemetry + destination.service.namespace: + string_value: istio-system + destination.uid: + string_value: kubernetes://{{ .PodName }}.istio-system + destination.namespace: + string_value: istio-system + destination.ip: + bytes_value: {{ .PodIP }} + destination.port: + int64_value: 9091 + context.reporter.kind: + string_value: inbound + context.reporter.uid: + string_value: kubernetes://{{ .PodName }}.istio-system + transport: + check_cluster: mixer_check_server + report_cluster: inbound_9092 + name: mixer + - name: envoy.router + route_config: + name: "9091" + virtual_hosts: + - domains: + - '*' + name: istio-telemetry.istio-system.svc.cluster.local + routes: + - decorator: + operation: Report + match: + prefix: / + route: + cluster: inbound_9092 + timeout: 0.000s + stat_prefix: "9091" + name: envoy.http_connection_manager + + - name: "local.15019" + address: + socket_address: + address: 127.0.0.1 + port_value: 15019 + filter_chains: + - filters: + - name: envoy.http_connection_manager + config: + codec_type: HTTP2 + stat_prefix: "15019" + stream_idle_timeout: 0s + http2_protocol_options: + max_concurrent_streams: 1073741824 + + access_log: + - name: envoy.file_access_log + config: + path: /dev/stdout + + http_filters: + - name: envoy.router + + route_config: + name: "15019" + + virtual_hosts: + - name: istio-galley + + domains: + - '*' + + routes: + - match: + prefix: / + route: + cluster: out.galley.15019 + timeout: 0.000s +--- + + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: istio-mixer + istio: mixer + release: istio + name: istio-telemetry + namespace: istio-system +spec: + replicas: 1 + selector: + matchLabels: + istio: mixer + istio-mixer-type: telemetry + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: telemetry + istio: mixer + istio-mixer-type: telemetry + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + weight: 2 + - preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x + weight: 2 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + containers: + - args: + - --monitoringPort=15014 + - --address + - tcp://0.0.0.0:9091 + - --log_output_level=default:info + - --configStoreURL=k8s:// + - --configDefaultNamespace=istio-system + - --useAdapterCRDs=false + - --useTemplateCRDs=false + - --trace_zipkin_url=http://zipkin.istio-system:9411/api/v1/spans + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: GOMAXPROCS + value: "6" + image: istio-spec.hub/mixer:istio-spec.tag + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /version + port: 15014 + initialDelaySeconds: 5 + periodSeconds: 5 + name: mixer + ports: + - containerPort: 9091 + - containerPort: 15014 + - containerPort: 42422 + resources: + limits: + cpu: 4800m + memory: 4G + requests: + cpu: 1000m + memory: 1G + volumeMounts: + - mountPath: /sock + name: uds-socket + - mountPath: /var/run/secrets/istio.io/telemetry/adapter + name: telemetry-adapter-secret + readOnly: true + serviceAccountName: istio-mixer-service-account + volumes: + - name: istio-certs + secret: + optional: true + secretName: istio.istio-mixer-service-account + - emptyDir: {} + name: uds-socket + - name: telemetry-adapter-secret + secret: + optional: true + secretName: telemetry-adapter-secret + - configMap: + name: telemetry-envoy-config + name: telemetry-envoy-config + +--- + + +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: istio-telemetry + namespace: istio-system + labels: + app: telemetry + release: istio + istio: mixer + istio-mixer-type: telemetry +spec: + minAvailable: 1 + selector: + matchLabels: + app: telemetry + istio: mixer + istio-mixer-type: telemetry +--- + + +apiVersion: v1 +kind: Service +metadata: + name: istio-telemetry + namespace: istio-system + labels: + app: mixer + istio: mixer + release: istio +spec: + ports: + - name: grpc-mixer + port: 9091 + - name: grpc-mixer-mtls + port: 15004 + - name: http-monitoring + port: 15014 + - name: prometheus + port: 42422 + selector: + istio: mixer + istio-mixer-type: telemetry +--- + + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-mixer-service-account + namespace: istio-system + labels: + app: istio-telemetry + release: istio +--- + diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml index 7f53d5b3db77..2d3a2ff6ebeb 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.yaml @@ -506,6 +506,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -531,6 +532,7 @@ data: rollingMaxSurge: 100% rollingMaxUnavailable: 25% sidecar: false + tag: "" tolerations: [] traceSampling: 1 useMCP: false diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml index e3619ccfc1a9..8a188d180630 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output.yaml @@ -509,6 +509,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -534,6 +535,7 @@ data: rollingMaxSurge: 100% rollingMaxUnavailable: 25% sidecar: false + tag: "" tolerations: [] traceSampling: 1 useMCP: false diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml index 66189aa6fcd9..ced39c6b36f2 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml @@ -6259,6 +6259,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -6284,6 +6285,7 @@ data: rollingMaxSurge: 100% rollingMaxUnavailable: 25% sidecar: false + tag: "" tolerations: [] traceSampling: 1 useMCP: false diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml index 27f970c4df63..2740c2b1b6e0 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml @@ -7096,6 +7096,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -7120,6 +7121,7 @@ data: memory: 2048Mi rollingMaxSurge: 100% rollingMaxUnavailable: 25% + tag: "" tolerations: [] traceSampling: 1 diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml index aa6a42620da2..611438c22141 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_override_values.yaml @@ -506,6 +506,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -531,6 +532,7 @@ data: rollingMaxSurge: 100% rollingMaxUnavailable: 25% sidecar: false + tag: "" tolerations: [] traceSampling: 1 useMCP: false diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml index a416151effae..3dc258269be4 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml @@ -7095,6 +7095,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -7119,6 +7120,7 @@ data: memory: 2048Mi rollingMaxSurge: 100% rollingMaxUnavailable: 25% + tag: "" tolerations: [] traceSampling: 1 diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml index c8e730f60597..b10a34f2550d 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_default.yaml @@ -506,6 +506,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -531,6 +532,7 @@ data: rollingMaxSurge: 100% rollingMaxUnavailable: 25% sidecar: false + tag: "" tolerations: [] traceSampling: 1 useMCP: false diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml index c4c845fbfd7e..8362fc89554b 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_k8s_settings.yaml @@ -506,6 +506,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -531,6 +532,7 @@ data: rollingMaxSurge: 100% rollingMaxUnavailable: 25% sidecar: false + tag: "" tolerations: [] traceSampling: 1 useMCP: false diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml index 718c3dcd5cb1..8f25b77923ae 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_kubernetes.yaml @@ -458,6 +458,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -483,6 +484,7 @@ data: rollingMaxSurge: 100% rollingMaxUnavailable: 25% sidecar: false + tag: "" tolerations: [] traceSampling: 1 useMCP: false diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml index 5ce1b5f82fc5..77ffd3ba6cc4 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/pilot_override_values.yaml @@ -506,6 +506,7 @@ data: enableProtocolSniffingForOutbound: true enabled: true env: {} + hub: "" image: pilot ingress: ingressClass: istio @@ -531,6 +532,7 @@ data: rollingMaxSurge: 100% rollingMaxUnavailable: 25% sidecar: false + tag: "" tolerations: [] traceSampling: 1 useMCP: false diff --git a/operator/pkg/apis/istio/v1alpha1/v1alpha1.pb.html b/operator/pkg/apis/istio/v1alpha1/v1alpha1.pb.html index 5534f9395449..02cb613cb562 100644 --- a/operator/pkg/apis/istio/v1alpha1/v1alpha1.pb.html +++ b/operator/pkg/apis/istio/v1alpha1/v1alpha1.pb.html @@ -1213,6 +1213,24 @@

GalleyConfig

Enable analysis and status update in Galley

+ + +No + + + +hub +string + + + +No + + + +tag +StringOrNumber + No @@ -2008,10 +2026,7 @@

GlobalConfig

string

Configure the Pilot certificate provider. -Currently, two providers are supported: “kubernetes” and “citadel”. -TODO (lei-tang): the default value of this option is currently set as “kubernetes” to be consistent -with the existing istiod implementation and testing. As some platforms may not have k8s signing APIs, -we may change the default value of this option as “citadel”.

+Currently, two providers are supported: “kubernetes” and “citadel”.

@@ -3496,6 +3511,24 @@

MixerPolicyConfig

ENVVAR1: value1 ENVVAR2: value2

+ + +No + + + +hub +string + + + +No + + + +tag +StringOrNumber + No @@ -3822,6 +3855,24 @@

MixerTelemetryConfig

Controls whether to enable the sticky session setting when choosing backend pods.

+ + +No + + + +hub +string + + + +No + + + +tag +StringOrNumber + No @@ -4027,6 +4078,24 @@

NodeAgentConfig

Image name for the Node Agent DaemonSet.

+ + +No + + + +hub +string + + + +No + + + +tag +StringOrNumber + No @@ -4421,6 +4490,24 @@

PilotConfig

No + +hub +string + + + +No + + + +tag +StringOrNumber + + + +No + + replicaCount uint32 @@ -5989,6 +6076,24 @@

SidecarInjectorConfig

Examples: custom-sidecarinjector, docker.io/someuser:custom-sidecarinjector

+ + +No + + + +hub +string + + + +No + + + +tag +StringOrNumber + No diff --git a/operator/pkg/apis/istio/v1alpha1/values_types.pb.go b/operator/pkg/apis/istio/v1alpha1/values_types.pb.go index e896a197eac4..0560bb2f09c3 100644 --- a/operator/pkg/apis/istio/v1alpha1/values_types.pb.go +++ b/operator/pkg/apis/istio/v1alpha1/values_types.pb.go @@ -1331,6 +1331,8 @@ type GalleyConfig struct { // See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector NodeSelector map[string]interface{} `protobuf:"bytes,13,opt,name=nodeSelector,proto3" json:"nodeSelector,omitempty"` // Deprecated: Do not use. PodAnnotations map[string]interface{} `protobuf:"bytes,14,opt,name=podAnnotations,proto3" json:"podAnnotations,omitempty"` // Deprecated: Do not use. + Hub string `protobuf:"bytes,15,opt,name=hub,proto3" json:"hub,omitempty"` + Tag *json.Number `protobuf:"bytes,16,opt,name=tag,proto3" json:"tag,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1469,6 +1471,20 @@ func (m *GalleyConfig) GetPodAnnotations() map[string]interface{} { return nil } +func (m *GalleyConfig) GetHub() string { + if m != nil { + return m.Hub + } + return "" +} + +func (m *GalleyConfig) GetTag() *json.Number { + if m != nil { + return m.Tag + } + return nil +} + // GatewayLabelsConfig is a set of Configuration for gateway labels. type GatewayLabelsConfig struct { App string `protobuf:"bytes,1,opt,name=app,proto3" json:"app,omitempty"` @@ -1741,10 +1757,7 @@ type GlobalConfig struct { Istiod *IstiodConfig `protobuf:"bytes,54,opt,name=istiod,proto3" json:"istiod,omitempty"` // Configure the Pilot certificate provider. // Currently, two providers are supported: "kubernetes" and "citadel". - // TODO (lei-tang): the default value of this option is currently set as "kubernetes" to be consistent - // with the existing istiod implementation and testing. As some platforms may not have k8s signing APIs, - // we may change the default value of this option as "citadel". - PilotCertProvider string `protobuf:"bytes,56,opt,name=pilotCertProvider,proto3" json:"pilotCertProvider,omitempty"` + PilotCertProvider string `protobuf:"bytes,56,opt,name=pilotCertProvider,proto3" json:"pilotCertProvider,omitempty"` // Configure the policy for validating JWT. // Currently, two options are supported: "third-party-jwt" and "first-party-jwt". JwtPolicy string `protobuf:"bytes,57,opt,name=jwtPolicy,proto3" json:"jwtPolicy,omitempty"` @@ -3301,6 +3314,8 @@ type MixerPolicyConfig struct { // ENV_VAR_2: value2 Env map[string]interface{} `protobuf:"bytes,17,opt,name=env,proto3" json:"env,omitempty"` Tolerations []map[string]interface{} `protobuf:"bytes,18,opt,name=tolerations,proto3" json:"tolerations,omitempty"` // Deprecated: Do not use. + Hub string `protobuf:"bytes,19,opt,name=hub,proto3" json:"hub,omitempty"` + Tag *json.Number `protobuf:"bytes,20,opt,name=tag,proto3" json:"tag,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -3467,6 +3482,20 @@ func (m *MixerPolicyConfig) GetTolerations() []map[string]interface{} { return nil } +func (m *MixerPolicyConfig) GetHub() string { + if m != nil { + return m.Hub + } + return "" +} + +func (m *MixerPolicyConfig) GetTag() *json.Number { + if m != nil { + return m.Tag + } + return nil +} + // Configuration for Mixer Telemetry. type MixerTelemetryConfig struct { // Controls whether a HorizontalPodAutoscaler is installed for Mixer Telemetry. @@ -3523,6 +3552,8 @@ type MixerTelemetryConfig struct { PodAntiAffinityLabelSelector []map[string]interface{} `protobuf:"bytes,20,opt,name=podAntiAffinityLabelSelector,proto3" json:"podAntiAffinityLabelSelector,omitempty"` // Deprecated: Do not use. PodAntiAffinityTermLabelSelector []map[string]interface{} `protobuf:"bytes,21,opt,name=podAntiAffinityTermLabelSelector,proto3" json:"podAntiAffinityTermLabelSelector,omitempty"` // Deprecated: Do not use. Tolerations []map[string]interface{} `protobuf:"bytes,22,opt,name=tolerations,proto3" json:"tolerations,omitempty"` // Deprecated: Do not use. + Hub string `protobuf:"bytes,23,opt,name=hub,proto3" json:"hub,omitempty"` + Tag *json.Number `protobuf:"bytes,24,opt,name=tag,proto3" json:"tag,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -3710,6 +3741,20 @@ func (m *MixerTelemetryConfig) GetTolerations() []map[string]interface{} { return nil } +func (m *MixerTelemetryConfig) GetHub() string { + if m != nil { + return m.Hub + } + return "" +} + +func (m *MixerTelemetryConfig) GetTag() *json.Number { + if m != nil { + return m.Tag + } + return nil +} + // MultiClusterConfig specifies the Configuration for Istio mesh across multiple clusters through the istio gateways. type MultiClusterConfig struct { // Enables the connection between two kubernetes clusters via their respective ingressgateway services. @@ -3784,6 +3829,8 @@ type NodeAgentConfig struct { // // See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ PodAnnotations map[string]interface{} `protobuf:"bytes,8,opt,name=podAnnotations,proto3" json:"podAnnotations,omitempty"` // Deprecated: Do not use. + Hub string `protobuf:"bytes,9,opt,name=hub,proto3" json:"hub,omitempty"` + Tag *json.Number `protobuf:"bytes,10,opt,name=tag,proto3" json:"tag,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -3875,6 +3922,20 @@ func (m *NodeAgentConfig) GetPodAnnotations() map[string]interface{} { return nil } +func (m *NodeAgentConfig) GetHub() string { + if m != nil { + return m.Hub + } + return "" +} + +func (m *NodeAgentConfig) GetTag() *json.Number { + if m != nil { + return m.Tag + } + return nil +} + // OutboundTrafficPolicyConfig controls the default behavior of the sidecar for handling outbound traffic from the application. type OutboundTrafficPolicyConfig struct { Mode OutboundTrafficPolicyConfig_Mode `protobuf:"varint,2,opt,name=mode,proto3,enum=v1alpha1.OutboundTrafficPolicyConfig_Mode" json:"mode,omitempty"` @@ -4014,6 +4075,8 @@ type PilotConfig struct { ConfigSource *PilotConfigSource `protobuf:"bytes,31,opt,name=configSource,proto3" json:"configSource,omitempty"` JwksResolverExtraRootCA string `protobuf:"bytes,32,opt,name=jwksResolverExtraRootCA,proto3" json:"jwksResolverExtraRootCA,omitempty"` Plugins []map[string]interface{} `protobuf:"bytes,33,opt,name=plugins,proto3" json:"plugins,omitempty"` + Hub string `protobuf:"bytes,34,opt,name=hub,proto3" json:"hub,omitempty"` + Tag *json.Number `protobuf:"bytes,35,opt,name=tag,proto3" json:"tag,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -4278,6 +4341,20 @@ func (m *PilotConfig) GetPlugins() []map[string]interface{} { return nil } +func (m *PilotConfig) GetHub() string { + if m != nil { + return m.Hub + } + return "" +} + +func (m *PilotConfig) GetTag() *json.Number { + if m != nil { + return m.Tag + } + return nil +} + // Controls legacy k8s ingress. Only one pilot profile should enable ingress support. type PilotIngressConfig struct { // Sets the type ingress service for Pilot. @@ -6177,7 +6254,9 @@ type SidecarInjectorConfig struct { // This can be set either to image name if hub is also set, or can be set to the full hub:name string. // // Examples: custom-sidecar_injector, docker.io/someuser:custom-sidecar_injector - Image string `protobuf:"bytes,3,opt,name=image,proto3" json:"image,omitempty"` + Image string `protobuf:"bytes,3,opt,name=image,proto3" json:"image,omitempty"` + Hub string `protobuf:"bytes,4,opt,name=hub,proto3" json:"hub,omitempty"` + Tag *json.Number `protobuf:"bytes,5,opt,name=tag,proto3" json:"tag,omitempty"` // K8s node selector. Each component can overwrite the default values by adding its node selector block in the relevant section and setting the desired values. // // See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector @@ -6273,6 +6352,20 @@ func (m *SidecarInjectorConfig) GetImage() string { return "" } +func (m *SidecarInjectorConfig) GetHub() string { + if m != nil { + return m.Hub + } + return "" +} + +func (m *SidecarInjectorConfig) GetTag() *json.Number { + if m != nil { + return m.Tag + } + return nil +} + // Deprecated: Do not use. func (m *SidecarInjectorConfig) GetNodeSelector() map[string]interface{} { if m != nil { @@ -8365,443 +8458,477 @@ func init() { } var fileDescriptor_261260e22432516f = []byte{ - // 6996 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x4b, 0x6c, 0x1c, 0x49, - 0x72, 0xe8, 0x34, 0xff, 0x1d, 0xdd, 0x4d, 0x36, 0x93, 0x1f, 0x95, 0x28, 0x4a, 0xe2, 0xd4, 0xfc, - 0xb4, 0x9a, 0x59, 0x4a, 0xe2, 0x68, 0x24, 0x8d, 0xe6, 0xb3, 0xc3, 0x9f, 0x46, 0x9c, 0xe1, 0x6f, - 0xab, 0x39, 0x9a, 0xcf, 0xbe, 0xb7, 0x7a, 0xc9, 0xaa, 0x64, 0x77, 0x0d, 0xab, 0xab, 0x6a, 0xab, - 0xb2, 0x29, 0x72, 0x81, 0x87, 0x87, 0x07, 0x1f, 0x7c, 0x31, 0x60, 0xd8, 0x58, 0xd8, 0x17, 0x7f, - 0xb0, 0xf6, 0x1a, 0x3e, 0x19, 0x3e, 0xf8, 0xe0, 0x8b, 0x8f, 0x5e, 0xc0, 0x80, 0xe1, 0xab, 0x61, - 0xec, 0xc1, 0x80, 0x8f, 0x36, 0xb0, 0x07, 0x9f, 0xbd, 0x80, 0x8d, 0xfc, 0xd4, 0xbf, 0x9a, 0x5d, - 0x6c, 0x52, 0xa3, 0xb5, 0x77, 0x6f, 0x5d, 0x91, 0x11, 0x59, 0x59, 0x99, 0x91, 0x91, 0x11, 0x91, - 0x11, 0xd1, 0x70, 0xd3, 0x3d, 0x6c, 0xde, 0xc2, 0xae, 0xe9, 0xdf, 0x32, 0x7d, 0x6a, 0x3a, 0xb7, - 0x8e, 0xee, 0x60, 0xcb, 0x6d, 0xe1, 0x3b, 0xb7, 0x8e, 0xb0, 0xd5, 0x21, 0xfe, 0x53, 0x7a, 0xe2, - 0x12, 0x7f, 0xd1, 0xf5, 0x1c, 0xea, 0xa0, 0xb1, 0xa0, 0x71, 0xee, 0x5a, 0xd3, 0x71, 0x9a, 0x16, - 0xb9, 0xc5, 0xe1, 0xfb, 0x9d, 0x83, 0x5b, 0x46, 0xc7, 0xc3, 0xd4, 0x74, 0x6c, 0x81, 0x39, 0xa7, - 0x1e, 0x3e, 0xf0, 0x17, 0x4d, 0x87, 0x75, 0x7c, 0x4b, 0x77, 0x3c, 0x72, 0xeb, 0xe8, 0xce, 0xad, - 0x26, 0xb1, 0x89, 0x87, 0x29, 0x31, 0x24, 0xce, 0x47, 0x4d, 0x93, 0xb6, 0x3a, 0xfb, 0x8b, 0xba, - 0xd3, 0xbe, 0xd5, 0x74, 0x9a, 0x4e, 0xd4, 0x59, 0xf8, 0x23, 0xfd, 0x96, 0x67, 0x1e, 0x76, 0x5d, - 0xe2, 0xc9, 0xf1, 0xa8, 0xff, 0x54, 0x02, 0xb4, 0x6c, 0x18, 0x8e, 0xbd, 0x61, 0x37, 0x3d, 0xe2, - 0xfb, 0xab, 0x8e, 0x7d, 0x60, 0x36, 0xd1, 0x5d, 0x18, 0x25, 0x36, 0xde, 0xb7, 0x88, 0xa1, 0x94, - 0x16, 0x4a, 0x37, 0x2a, 0x4b, 0x73, 0x8b, 0xa2, 0xa3, 0xc5, 0xa0, 0xa3, 0xc5, 0x15, 0xc7, 0xb1, - 0x9e, 0xb0, 0x0f, 0xd4, 0x02, 0x54, 0x34, 0x0d, 0xc3, 0x2d, 0xc7, 0xa7, 0xbe, 0x32, 0xb0, 0x30, - 0x78, 0xa3, 0xac, 0x89, 0x07, 0xb4, 0x02, 0x15, 0x6c, 0xdb, 0x0e, 0xe5, 0x1f, 0xe7, 0x2b, 0x83, - 0xbc, 0xbf, 0x85, 0xc5, 0x60, 0x22, 0x16, 0xf7, 0x4e, 0x5c, 0xb2, 0x85, 0xdd, 0x06, 0xf5, 0x4c, - 0xbb, 0xb9, 0x61, 0x53, 0xe2, 0x1d, 0x60, 0x9d, 0x68, 0x71, 0x22, 0xb4, 0x04, 0x83, 0xd4, 0xf2, - 0x95, 0xa1, 0x82, 0xb4, 0x0c, 0x59, 0xd5, 0x00, 0x96, 0x3d, 0xbd, 0x25, 0xbf, 0x68, 0x1a, 0x86, - 0x71, 0xdb, 0xb8, 0x77, 0x97, 0x7f, 0x4f, 0x4d, 0x13, 0x0f, 0x48, 0x81, 0x51, 0xd7, 0xd5, 0xef, - 0xdd, 0xb5, 0x88, 0x32, 0xc0, 0xe1, 0xc1, 0x23, 0xc3, 0xf7, 0xdf, 0x7e, 0xf7, 0xf6, 0x31, 0x1f, - 0x6f, 0x4d, 0x13, 0x0f, 0xea, 0x4f, 0x07, 0xa1, 0xbc, 0xba, 0xbd, 0x71, 0xae, 0x59, 0xaa, 0xc3, - 0x60, 0xab, 0xb3, 0xcf, 0xdf, 0x57, 0xd6, 0xd8, 0x4f, 0x06, 0xa1, 0xb8, 0xc9, 0xdf, 0x54, 0xd6, - 0xd8, 0x4f, 0xf6, 0x76, 0xb3, 0x8d, 0x9b, 0x84, 0x7f, 0x71, 0x59, 0x13, 0x0f, 0xe8, 0x1a, 0x80, - 0xdb, 0xb1, 0xac, 0x5d, 0xc7, 0x32, 0xf5, 0x13, 0x65, 0x98, 0x37, 0xc5, 0x20, 0x68, 0x1e, 0xca, - 0xba, 0x6d, 0xae, 0x98, 0xf6, 0x9a, 0xe9, 0x29, 0x23, 0xbc, 0x39, 0x02, 0x30, 0x6a, 0xdd, 0x36, - 0xd9, 0xd0, 0x59, 0xf3, 0xa8, 0xa0, 0x8e, 0x20, 0xe8, 0x06, 0x4c, 0xc8, 0xa7, 0x47, 0xa6, 0x45, - 0xb6, 0x71, 0x9b, 0x28, 0x63, 0x1c, 0x29, 0x0d, 0x46, 0x6f, 0xc1, 0x24, 0x39, 0xd6, 0xad, 0x8e, - 0xc1, 0x1f, 0x7d, 0x17, 0xeb, 0xc4, 0x57, 0xca, 0x7c, 0xcd, 0xb3, 0x0d, 0x68, 0x13, 0xc6, 0x5d, - 0xc7, 0x58, 0x8e, 0xb1, 0x00, 0x14, 0x5b, 0xc6, 0x95, 0x01, 0xa5, 0xa4, 0xa5, 0x68, 0xd1, 0x0d, - 0xa8, 0xbb, 0xbe, 0xfb, 0x54, 0xb7, 0x3a, 0x3e, 0x25, 0xde, 0x53, 0xcf, 0xb1, 0x88, 0x52, 0xe1, - 0xc3, 0x1c, 0x77, 0x7d, 0x77, 0x55, 0x80, 0x35, 0xc7, 0x22, 0x68, 0x0e, 0xc6, 0x2c, 0xa7, 0xb9, - 0x49, 0x8e, 0x88, 0xa5, 0x54, 0x39, 0x46, 0xf8, 0xac, 0x7e, 0x01, 0x73, 0xab, 0xbb, 0x9f, 0xed, - 0x61, 0xaf, 0x49, 0xe8, 0x67, 0xd4, 0xb4, 0xcc, 0x1f, 0xf2, 0xee, 0xe5, 0xba, 0x3e, 0x04, 0x85, - 0xf2, 0xa6, 0xe5, 0x23, 0xe2, 0xe1, 0x26, 0x89, 0x61, 0xf0, 0x85, 0x1e, 0xd6, 0xba, 0xb6, 0xab, - 0xbf, 0x31, 0x02, 0x93, 0xab, 0xc4, 0xa3, 0x5b, 0xd8, 0xc6, 0x4d, 0xe2, 0xbd, 0x20, 0x4e, 0x79, - 0x1d, 0xaa, 0x1e, 0x71, 0x2d, 0x53, 0xc7, 0xab, 0x4e, 0xc7, 0xa6, 0x9c, 0x57, 0x6a, 0x7c, 0x3e, - 0x13, 0x70, 0x46, 0x4d, 0xda, 0xd8, 0xb4, 0x24, 0xb7, 0x88, 0x07, 0xc6, 0x47, 0xe4, 0x98, 0x7a, - 0x78, 0xd9, 0x6b, 0xfa, 0xca, 0x28, 0x5f, 0xd7, 0x08, 0x80, 0x1e, 0x43, 0xd5, 0x76, 0x0c, 0xd2, - 0x20, 0x16, 0xd1, 0xa9, 0xe3, 0x71, 0x26, 0x29, 0xba, 0x9a, 0x09, 0x4a, 0xf4, 0x0e, 0x94, 0x3d, - 0xe2, 0x3b, 0x1d, 0x4f, 0xf0, 0x0f, 0xeb, 0x66, 0x2a, 0xea, 0x46, 0x0b, 0x9a, 0x38, 0x65, 0x84, - 0x89, 0x54, 0xa8, 0xba, 0x8e, 0xb1, 0x66, 0xfb, 0x72, 0x23, 0x00, 0x1f, 0x7b, 0x02, 0x86, 0xd6, - 0x02, 0x1c, 0xb1, 0x00, 0x9c, 0x45, 0x8a, 0x48, 0x8e, 0x04, 0x15, 0x72, 0x60, 0x9e, 0xb3, 0x1f, - 0x35, 0x97, 0x0f, 0x0e, 0x4c, 0xdb, 0xa4, 0x27, 0x9b, 0x78, 0x9f, 0x58, 0xe1, 0xa7, 0x57, 0x79, - 0xaf, 0x6f, 0x24, 0x7b, 0x6d, 0x58, 0xa6, 0x4e, 0x76, 0x0e, 0xba, 0xcc, 0xc0, 0xa9, 0x1d, 0xa2, - 0x67, 0xb0, 0x90, 0x6a, 0xdf, 0x23, 0x5e, 0x3b, 0xf9, 0xd2, 0xda, 0xd9, 0x5f, 0xda, 0xb3, 0x53, - 0xb4, 0x05, 0x15, 0xea, 0x58, 0xc4, 0x93, 0x3b, 0x74, 0xfc, 0xec, 0xef, 0x88, 0xd3, 0xab, 0xff, - 0x51, 0x82, 0x72, 0xb8, 0x7e, 0xe8, 0x3e, 0x8c, 0x58, 0x66, 0xdb, 0xa4, 0xbe, 0x52, 0x5a, 0x18, - 0xbc, 0x51, 0x59, 0xba, 0x9e, 0xb3, 0xc8, 0x8b, 0x9b, 0x1c, 0x63, 0xdd, 0xa6, 0xde, 0x89, 0x26, - 0xd1, 0xd1, 0x07, 0x30, 0xe6, 0x91, 0x1f, 0x74, 0x48, 0x70, 0xa6, 0x54, 0x96, 0x5e, 0xce, 0x23, - 0xd5, 0x24, 0x8e, 0x20, 0x0e, 0x49, 0xe6, 0xde, 0x85, 0x4a, 0xac, 0x57, 0xb6, 0x79, 0x0e, 0xc9, - 0x09, 0xdf, 0x80, 0x65, 0x8d, 0xfd, 0x64, 0xec, 0xcf, 0xcf, 0x68, 0xb9, 0xc5, 0xc4, 0xc3, 0xc3, - 0x81, 0x07, 0xa5, 0xb9, 0xf7, 0xa0, 0x96, 0xe8, 0xf5, 0x2c, 0xc4, 0xea, 0xef, 0x8c, 0x42, 0x6d, - 0xd5, 0xf1, 0xc8, 0xda, 0x76, 0xe3, 0x5c, 0xfb, 0x5f, 0x85, 0xaa, 0x2e, 0xba, 0xd9, 0xe0, 0x5b, - 0x5c, 0xbc, 0x28, 0x01, 0xe3, 0x52, 0x5d, 0x3c, 0xef, 0x85, 0x82, 0x21, 0x06, 0x41, 0x8b, 0x80, - 0xe4, 0xd3, 0xae, 0xd5, 0x69, 0x9a, 0xf6, 0x46, 0x4c, 0x58, 0xe4, 0xb4, 0x64, 0x76, 0xf7, 0x70, - 0xdf, 0xbb, 0x3b, 0x2d, 0x83, 0x46, 0xba, 0xc8, 0xa0, 0xec, 0xf9, 0x30, 0x7a, 0x8e, 0xf3, 0x21, - 0x21, 0x53, 0xc6, 0x0a, 0xcb, 0x94, 0x4d, 0x98, 0xf0, 0x1c, 0xcb, 0x32, 0xed, 0xe6, 0x16, 0x3e, - 0x6e, 0x74, 0xbc, 0x26, 0x91, 0x02, 0xe9, 0x5a, 0x72, 0x14, 0x1b, 0x36, 0xdd, 0xf1, 0xc4, 0x38, - 0x1e, 0x39, 0xde, 0xee, 0x0a, 0xef, 0x27, 0x4d, 0x8a, 0xbe, 0x80, 0x99, 0x08, 0xf4, 0x99, 0x8d, - 0x8f, 0xb0, 0x69, 0xb1, 0x25, 0x95, 0x27, 0x5f, 0x91, 0x3e, 0xf3, 0x3b, 0xe8, 0x29, 0x91, 0x2a, - 0x2f, 0x42, 0x22, 0x55, 0xbf, 0x01, 0x89, 0x54, 0x3b, 0xa7, 0x44, 0xfa, 0x02, 0x16, 0xd6, 0xc8, - 0x01, 0xee, 0x58, 0x74, 0xd7, 0x31, 0xd6, 0x4c, 0xdf, 0xeb, 0xb8, 0xac, 0x61, 0xa5, 0x63, 0x34, - 0x09, 0x3d, 0xcf, 0x2e, 0x55, 0x3f, 0x87, 0x59, 0xd9, 0x73, 0xc8, 0x5d, 0xb2, 0xbf, 0xb8, 0xf8, - 0x12, 0x1d, 0xe6, 0x89, 0xaf, 0x40, 0xce, 0x08, 0xa2, 0x48, 0x7c, 0xa9, 0xff, 0x5e, 0x86, 0xa9, - 0x75, 0xae, 0x95, 0x7f, 0x8c, 0x29, 0x79, 0x86, 0x4f, 0x64, 0xb7, 0x8f, 0xa0, 0x8e, 0x3b, 0xd4, - 0xf1, 0x75, 0x6c, 0x91, 0xf5, 0xc2, 0xe3, 0xcd, 0xd0, 0x30, 0xf1, 0x12, 0xc2, 0xb6, 0xf0, 0xb1, - 0xd4, 0x80, 0x13, 0xb0, 0x24, 0x8e, 0x69, 0x4b, 0x6d, 0x38, 0x01, 0x43, 0xaf, 0xc3, 0xb8, 0xee, - 0xd8, 0x36, 0xd1, 0xe9, 0x9e, 0xd9, 0x26, 0x4e, 0x87, 0x4a, 0xf1, 0x92, 0x82, 0xa2, 0x87, 0x30, - 0xa8, 0xbb, 0x1d, 0x29, 0x51, 0x5e, 0x8d, 0x66, 0xa2, 0xbb, 0x26, 0xc6, 0x97, 0x91, 0x11, 0xa1, - 0xef, 0x40, 0xcd, 0xf0, 0xb0, 0x69, 0xaf, 0x49, 0x23, 0x89, 0x4b, 0x93, 0xca, 0xd2, 0xe5, 0xcc, - 0x07, 0x07, 0x08, 0x5a, 0x12, 0x3f, 0xbe, 0xb6, 0xa3, 0xc5, 0x25, 0xf0, 0x12, 0x0c, 0x12, 0xfb, - 0xa8, 0xa8, 0x8a, 0xa3, 0x31, 0x64, 0xf4, 0x0e, 0x8c, 0x58, 0x8c, 0x93, 0x03, 0x95, 0xe6, 0x6a, - 0x44, 0x26, 0xd7, 0x91, 0x33, 0x7a, 0xb0, 0xde, 0x12, 0x39, 0x23, 0x78, 0xa1, 0x6f, 0xc1, 0x9b, - 0x15, 0xa8, 0x95, 0x73, 0x08, 0xd4, 0x5f, 0x1d, 0x1d, 0xe8, 0x4d, 0x18, 0x76, 0x1d, 0x8f, 0x32, - 0xed, 0x87, 0xa9, 0x1a, 0x33, 0x51, 0xef, 0xbb, 0x0c, 0x2c, 0xd7, 0x4b, 0xe0, 0x24, 0xcf, 0x99, - 0x89, 0xc2, 0xe7, 0xcc, 0xfb, 0x50, 0xf3, 0x89, 0xee, 0x11, 0xfa, 0xc4, 0xb1, 0x3a, 0x6d, 0xe2, - 0x2b, 0x75, 0xfe, 0xae, 0xd9, 0x88, 0xb4, 0x11, 0x6b, 0xd6, 0x92, 0xc8, 0x68, 0x17, 0x90, 0x4f, - 0xbc, 0x23, 0x53, 0x27, 0xf1, 0xd5, 0x9d, 0x2c, 0xc8, 0x9d, 0x39, 0xb4, 0x08, 0xc1, 0x10, 0x3d, - 0x71, 0x89, 0x82, 0xf8, 0x8e, 0xe5, 0xbf, 0xd1, 0x9b, 0x30, 0xf4, 0xc3, 0x23, 0xd7, 0x56, 0xa6, - 0x78, 0xbf, 0x97, 0xa2, 0x7e, 0xbf, 0x22, 0x9e, 0xf3, 0x64, 0x77, 0x5b, 0x4e, 0x04, 0x47, 0x4a, - 0x8b, 0xe9, 0xe9, 0x73, 0x8a, 0xe9, 0x5f, 0x94, 0x00, 0xad, 0xdb, 0x47, 0xce, 0xc9, 0x16, 0xa1, - 0x9e, 0xa9, 0x9f, 0xcf, 0x1f, 0x81, 0x60, 0xa8, 0xe5, 0xf8, 0x54, 0xea, 0x4d, 0xfc, 0x37, 0x83, - 0xb1, 0x05, 0xe4, 0x82, 0x6c, 0x58, 0xe3, 0xbf, 0xd1, 0x0a, 0x54, 0xa8, 0xe5, 0x37, 0x08, 0xa5, - 0xa6, 0xdd, 0x2c, 0xee, 0x65, 0x88, 0x13, 0x31, 0x83, 0x83, 0xea, 0xee, 0xa7, 0x84, 0xb8, 0xd8, - 0x32, 0x8f, 0x48, 0x51, 0xbd, 0x49, 0x4b, 0x50, 0xa9, 0xff, 0x30, 0x02, 0xd5, 0x8f, 0xb1, 0x65, - 0x91, 0x93, 0xf3, 0x3a, 0x62, 0xcc, 0x98, 0xc6, 0x28, 0x8d, 0xc2, 0xbb, 0x30, 0xd4, 0x26, 0x7e, - 0x4b, 0x19, 0xe4, 0x2c, 0xb7, 0x10, 0x17, 0x4b, 0xd1, 0x1b, 0x17, 0xb7, 0x88, 0xdf, 0x12, 0x8a, - 0x34, 0xc7, 0xee, 0xb9, 0xff, 0x87, 0x5e, 0xc4, 0xfe, 0x1f, 0x7e, 0x1e, 0xfb, 0xbf, 0xa8, 0xc2, - 0x9a, 0xd8, 0xfa, 0xa3, 0x85, 0xb7, 0xfe, 0x0a, 0x8c, 0x8b, 0xf5, 0x59, 0xb6, 0xb1, 0x75, 0xe2, - 0x9b, 0x81, 0x7a, 0x7a, 0xda, 0x8a, 0xa6, 0x28, 0xfe, 0xdb, 0xa8, 0xa9, 0x29, 0xa9, 0x50, 0x39, - 0x9f, 0x54, 0x98, 0xbb, 0x0f, 0xe5, 0x90, 0x2d, 0xcf, 0x64, 0x89, 0x7d, 0x00, 0x53, 0x39, 0x67, - 0x2e, 0xeb, 0x02, 0xbb, 0x6e, 0xd0, 0x05, 0x76, 0x5d, 0xbe, 0x63, 0x7c, 0x6a, 0x3a, 0xe1, 0x8e, - 0x61, 0x0f, 0xea, 0xbf, 0x96, 0x60, 0x5c, 0xd2, 0x07, 0xa4, 0xdb, 0x30, 0xc5, 0xdb, 0x9e, 0x12, - 0xae, 0x99, 0x35, 0x45, 0xab, 0xdc, 0x9c, 0xb1, 0xa3, 0x3e, 0x47, 0x71, 0xd3, 0x10, 0xa7, 0x5c, - 0x8f, 0x13, 0xc6, 0x37, 0xf8, 0x40, 0xf1, 0x0d, 0xfe, 0x5d, 0x98, 0x16, 0xa3, 0x30, 0xed, 0xc4, - 0x30, 0x86, 0xd2, 0x0b, 0x27, 0xdd, 0xba, 0xc9, 0x71, 0x88, 0x2f, 0xd8, 0x48, 0x90, 0xaa, 0x3f, - 0xbd, 0x0c, 0xd5, 0x8f, 0x2d, 0x67, 0x1f, 0x5b, 0xf2, 0x4b, 0x6f, 0xc0, 0x10, 0xf6, 0xf4, 0x96, - 0xfc, 0xb4, 0xe9, 0xa8, 0xcf, 0xc8, 0xab, 0xaa, 0x71, 0x0c, 0xf4, 0x29, 0x54, 0x75, 0xe2, 0x51, - 0xf3, 0xc0, 0xd4, 0x31, 0x25, 0xbe, 0x72, 0xe3, 0x4c, 0xcb, 0xad, 0x25, 0x88, 0xb9, 0x1b, 0x92, - 0x77, 0x1e, 0xba, 0x10, 0xe5, 0x9a, 0xa4, 0xc1, 0xe8, 0x36, 0x4c, 0x09, 0x90, 0xe6, 0x38, 0x34, - 0xc2, 0x5e, 0xe2, 0xd8, 0x79, 0x4d, 0x4c, 0x73, 0x16, 0xe0, 0x27, 0xd8, 0x32, 0x0d, 0xa1, 0x48, - 0x0e, 0xf6, 0xd6, 0x9c, 0xd3, 0x34, 0xe8, 0x7f, 0xc1, 0x15, 0xdd, 0xb1, 0xa9, 0xe7, 0x58, 0xbb, - 0x16, 0xb6, 0x49, 0x83, 0xe8, 0x1d, 0xcf, 0xa4, 0x27, 0x81, 0x32, 0x3e, 0xd4, 0xb3, 0xcb, 0xd3, - 0xc8, 0xd1, 0x63, 0xb8, 0x6e, 0x08, 0x83, 0x42, 0xcc, 0xf2, 0x13, 0xd3, 0x37, 0xf7, 0x4d, 0xcb, - 0xa4, 0x27, 0xe1, 0x11, 0x75, 0x97, 0x3b, 0xe5, 0x7a, 0xa1, 0xa1, 0x27, 0x30, 0x25, 0x51, 0xb6, - 0xe3, 0xaa, 0xe5, 0xc8, 0x19, 0xd4, 0xc1, 0xbc, 0x0e, 0x90, 0x0d, 0x73, 0x46, 0x57, 0x63, 0x4a, - 0x8a, 0xc4, 0x9b, 0x51, 0xf7, 0xbd, 0x0c, 0x2f, 0xfe, 0xa2, 0x53, 0x7a, 0x44, 0x9b, 0x30, 0x65, - 0x98, 0x3e, 0x9b, 0x1d, 0xe1, 0xde, 0x5b, 0x6d, 0x11, 0xfd, 0xb0, 0x88, 0xfc, 0xcc, 0x23, 0x43, - 0xbb, 0x50, 0x37, 0x52, 0x06, 0x9b, 0x94, 0xa2, 0x0b, 0x99, 0x31, 0xa7, 0x4c, 0x3a, 0x3e, 0xd2, - 0x0c, 0x75, 0x24, 0xda, 0x1f, 0x13, 0xab, 0xbd, 0x47, 0x7c, 0x2a, 0x25, 0x68, 0x01, 0xd1, 0x1e, - 0x50, 0xa0, 0x8f, 0xa0, 0x26, 0x20, 0x7b, 0x1e, 0xd6, 0x4d, 0x3b, 0x70, 0x59, 0x9e, 0xd6, 0x45, - 0x92, 0x20, 0x70, 0x17, 0x57, 0x23, 0x77, 0xf1, 0x0d, 0x98, 0xe0, 0x47, 0xff, 0x6e, 0x74, 0x6b, - 0x50, 0x13, 0x7b, 0x29, 0x05, 0x46, 0x0d, 0xa8, 0x87, 0x20, 0xa1, 0x81, 0xfa, 0xca, 0x6b, 0x67, - 0xdb, 0xc6, 0x99, 0x0e, 0x98, 0x61, 0xc8, 0x25, 0x4d, 0xb4, 0x37, 0xc7, 0x85, 0x61, 0x98, 0x84, - 0xa2, 0x6d, 0x98, 0xb4, 0x1c, 0x1d, 0x33, 0xd6, 0xdd, 0xdc, 0x97, 0xcc, 0x2b, 0x75, 0xea, 0xde, - 0x0a, 0x54, 0x96, 0x14, 0x2d, 0x03, 0x1c, 0x3e, 0xf0, 0xa5, 0x7c, 0x53, 0xea, 0x69, 0xcb, 0xfb, - 0xd3, 0xce, 0x3e, 0xf1, 0x6c, 0x42, 0x89, 0x9f, 0xb8, 0xf4, 0xd2, 0x62, 0x44, 0xe8, 0x01, 0x94, - 0x2d, 0xa7, 0xb9, 0xec, 0x7f, 0xe2, 0x3b, 0xb6, 0xf2, 0x6a, 0xcf, 0x95, 0x88, 0x90, 0xd1, 0x7d, - 0x18, 0xb5, 0x9c, 0x66, 0x93, 0x7d, 0xc2, 0x64, 0xc6, 0xfe, 0xe3, 0xf2, 0x75, 0x53, 0x34, 0xcb, - 0xb7, 0x06, 0xd8, 0x68, 0x15, 0x6a, 0x4c, 0xe1, 0x5a, 0x3f, 0x76, 0xb1, 0xed, 0x33, 0xc9, 0x84, - 0xd2, 0xe4, 0x5b, 0xf1, 0x66, 0x49, 0x9e, 0xa4, 0x41, 0xb3, 0x30, 0xc2, 0x00, 0x1b, 0x6b, 0xca, - 0x3b, 0x7c, 0xaa, 0xe5, 0x13, 0x53, 0x4f, 0xd9, 0xaf, 0x6d, 0x42, 0x9f, 0x39, 0xde, 0xa1, 0x2f, - 0x75, 0xfb, 0x02, 0xea, 0x69, 0x9c, 0x8a, 0x2d, 0x68, 0xdb, 0xb1, 0x4d, 0xea, 0x30, 0x24, 0x66, - 0x14, 0x71, 0x7d, 0xbf, 0xa6, 0xa5, 0xa0, 0xec, 0xe8, 0x68, 0x53, 0xcb, 0x57, 0x66, 0xd2, 0x47, - 0xc7, 0xd6, 0xde, 0x66, 0x23, 0x38, 0x3a, 0x18, 0x06, 0xfa, 0x08, 0xaa, 0xed, 0x8e, 0x45, 0x4d, - 0x79, 0x71, 0xa3, 0xcc, 0x72, 0x8a, 0xf9, 0x18, 0x45, 0xac, 0x55, 0x52, 0x26, 0x28, 0x90, 0x02, - 0xa3, 0xb6, 0x18, 0x9f, 0xf2, 0x06, 0xff, 0xe4, 0xe0, 0x11, 0xdd, 0x83, 0x59, 0xd7, 0x31, 0xd6, - 0xb6, 0x1b, 0x0d, 0xc2, 0x8e, 0xa9, 0xd8, 0x5d, 0xd5, 0x9b, 0x5c, 0x7c, 0x76, 0x69, 0x45, 0xdf, - 0x87, 0x79, 0xa7, 0x6d, 0xd2, 0x86, 0x69, 0x10, 0x1d, 0x7b, 0x1b, 0xf6, 0xd7, 0x5c, 0xe8, 0x89, - 0x97, 0x6f, 0x61, 0x57, 0x79, 0xbd, 0x27, 0x3b, 0x9c, 0x4a, 0x8f, 0x3e, 0x84, 0xaa, 0x63, 0x47, - 0x37, 0x64, 0xca, 0xa5, 0x9e, 0xfd, 0x25, 0xf0, 0x91, 0x06, 0xb3, 0x8e, 0xcb, 0x74, 0x23, 0xc7, - 0x13, 0xb7, 0x4c, 0x9f, 0x93, 0xfd, 0x96, 0xe3, 0x1c, 0xfa, 0xca, 0xb7, 0x7a, 0xf6, 0xd4, 0x85, - 0x12, 0x7d, 0x0f, 0x66, 0x9c, 0x0e, 0xdd, 0x77, 0x3a, 0xb6, 0xb1, 0xe7, 0xe1, 0x83, 0x03, 0x53, - 0x97, 0xf2, 0x42, 0xe1, 0x5d, 0xbe, 0x16, 0x2d, 0xc8, 0x4e, 0x1e, 0x9a, 0x5c, 0x99, 0xfc, 0x3e, - 0x98, 0xf8, 0x76, 0x23, 0x01, 0xfc, 0x08, 0x9b, 0xd6, 0x8e, 0x4b, 0x6c, 0xe5, 0x72, 0x6f, 0xf1, - 0x9d, 0x43, 0xc6, 0x84, 0x9a, 0x00, 0x47, 0x33, 0x38, 0x27, 0x84, 0x5a, 0x0a, 0x8c, 0x6e, 0xc3, - 0xa4, 0xeb, 0x99, 0x0e, 0x3b, 0x5b, 0x57, 0x2d, 0xec, 0xfb, 0xfc, 0x4e, 0xf3, 0x0a, 0xc3, 0xe5, - 0x72, 0x3c, 0xdb, 0xc8, 0x54, 0x0a, 0xd7, 0x73, 0xda, 0x84, 0xb6, 0x48, 0xc7, 0x8f, 0xfa, 0x7f, - 0x5b, 0xa8, 0x14, 0x39, 0x4d, 0xdc, 0x69, 0xe0, 0x39, 0xc7, 0x27, 0xca, 0x3c, 0xff, 0x9a, 0xb8, - 0xd3, 0x80, 0x81, 0x43, 0xa7, 0x01, 0x7b, 0x40, 0xf7, 0xa1, 0xcc, 0x7f, 0x6c, 0xd8, 0x26, 0x55, - 0xae, 0x4a, 0x0f, 0x56, 0x92, 0x80, 0x35, 0x49, 0xa2, 0x08, 0x17, 0xbd, 0x06, 0x83, 0xbe, 0xe1, - 0x2b, 0xd7, 0xd2, 0xc6, 0x46, 0x63, 0x2d, 0xd8, 0x4e, 0xac, 0x3d, 0xb8, 0x1e, 0xbc, 0x1e, 0x5d, - 0x0f, 0x2e, 0x02, 0xa2, 0xc4, 0x22, 0x6d, 0x42, 0xbd, 0xd8, 0x7c, 0x2d, 0x08, 0xf7, 0x7f, 0xb6, - 0x05, 0x2d, 0xc2, 0x08, 0xf5, 0xb0, 0x4e, 0x3c, 0xe5, 0x65, 0xfe, 0xae, 0x98, 0x63, 0x62, 0x8f, - 0xc3, 0x03, 0xaf, 0x95, 0xc0, 0x42, 0x0b, 0x50, 0xa1, 0x5e, 0xc7, 0xa7, 0x6b, 0x4e, 0x1b, 0x9b, - 0xb6, 0xa2, 0xf2, 0x8e, 0xe3, 0x20, 0x3e, 0x82, 0xe8, 0x71, 0xd9, 0x32, 0xb1, 0x4f, 0x7c, 0xe5, - 0x26, 0xdf, 0x81, 0x39, 0x2d, 0x68, 0x09, 0x46, 0x3a, 0x3e, 0xd9, 0x5a, 0xdd, 0x55, 0x5e, 0xe9, - 0xc9, 0x1f, 0x12, 0x13, 0xbd, 0x0f, 0x15, 0x7e, 0xa4, 0x68, 0xa4, 0xed, 0x50, 0xa2, 0xbc, 0xd5, - 0x93, 0x30, 0x8e, 0x8e, 0x9e, 0x80, 0xa2, 0x7b, 0x04, 0x53, 0x22, 0x9e, 0x1b, 0x47, 0xfa, 0xba, - 0x6d, 0xb8, 0x8e, 0x69, 0x53, 0x5f, 0xf9, 0x76, 0xcf, 0xae, 0xba, 0xd2, 0x32, 0x39, 0xe2, 0x71, - 0xe8, 0xae, 0x69, 0x39, 0x74, 0x95, 0xa3, 0xc5, 0x10, 0x94, 0xc5, 0xde, 0x72, 0xe4, 0x34, 0x7a, - 0xc6, 0xac, 0xb2, 0x9d, 0xf3, 0xfd, 0xb2, 0x61, 0xf0, 0xf3, 0xee, 0x96, 0x60, 0xd6, 0x9c, 0x26, - 0xb6, 0x16, 0xb1, 0x1e, 0x03, 0x82, 0xdb, 0x82, 0x1b, 0xb2, 0x2d, 0x4c, 0x82, 0x0a, 0xe8, 0x5e, - 0xc0, 0x29, 0x01, 0xcd, 0x1d, 0x4e, 0xd3, 0xa5, 0x95, 0x71, 0x11, 0x9f, 0x60, 0x43, 0xb9, 0x97, - 0xe6, 0xa2, 0x0d, 0x0e, 0x0f, 0xb8, 0x48, 0x60, 0xa1, 0xb7, 0x60, 0xd2, 0xe5, 0xdf, 0x48, 0x3c, - 0xba, 0xeb, 0x39, 0x47, 0xa6, 0x41, 0x3c, 0xe5, 0x3e, 0x7f, 0x45, 0xb6, 0x01, 0xcd, 0x43, 0xf9, - 0xeb, 0x67, 0x54, 0xca, 0xa7, 0x07, 0x22, 0xcc, 0x21, 0x04, 0xa8, 0x6b, 0x50, 0x8d, 0xbf, 0xa3, - 0x4f, 0xa7, 0xfe, 0x9b, 0x30, 0x95, 0x73, 0x58, 0x33, 0x33, 0xd1, 0xe2, 0x01, 0x05, 0xc2, 0x74, - 0x14, 0x0f, 0xea, 0xef, 0x4f, 0xc1, 0x74, 0x9e, 0xa1, 0xf5, 0x2b, 0xe9, 0xa9, 0xff, 0x08, 0x6a, - 0x7a, 0xc7, 0xa7, 0x4e, 0xbb, 0x21, 0xbc, 0x8d, 0xd2, 0xda, 0x38, 0x55, 0x8f, 0x4d, 0x10, 0xb0, - 0x49, 0x36, 0xc8, 0x7e, 0xa7, 0x29, 0x63, 0x54, 0xc4, 0x03, 0xd3, 0x6c, 0x0c, 0x21, 0x64, 0x44, - 0x54, 0x8a, 0x7c, 0xca, 0xde, 0x0c, 0x94, 0xfb, 0xbf, 0x19, 0x80, 0x33, 0xdf, 0x0c, 0x54, 0xce, - 0x72, 0x33, 0xb0, 0x00, 0x15, 0x72, 0x4c, 0x89, 0x67, 0x63, 0x6b, 0x63, 0xd7, 0x57, 0xaa, 0x5c, - 0x06, 0xc6, 0x41, 0xe8, 0x61, 0x42, 0x73, 0xad, 0xf5, 0x1c, 0x4e, 0x5c, 0x65, 0x5d, 0x83, 0x89, - 0xe8, 0xe9, 0x31, 0xa5, 0x6e, 0x70, 0x8d, 0x7f, 0x5a, 0x07, 0x69, 0x92, 0xd8, 0xed, 0xc5, 0xc4, - 0x59, 0x6e, 0x2f, 0x5e, 0x87, 0x71, 0xcb, 0xc1, 0xc6, 0x0a, 0xb6, 0xb0, 0xad, 0x13, 0x6f, 0x63, - 0x97, 0xab, 0xdd, 0x65, 0x2d, 0x05, 0x45, 0x0f, 0x41, 0x89, 0x43, 0x1a, 0xdc, 0x80, 0xd2, 0xb0, - 0xdd, 0x24, 0xbe, 0x32, 0xc9, 0xe7, 0xa3, 0x6b, 0x3b, 0x5a, 0x07, 0x94, 0x50, 0x76, 0xb9, 0x57, - 0x5e, 0x41, 0xa7, 0x39, 0xeb, 0x73, 0x08, 0x32, 0x17, 0x2d, 0x53, 0x17, 0x78, 0xd1, 0x32, 0xfd, - 0x1c, 0x2f, 0x5a, 0x66, 0x5e, 0x84, 0xa3, 0x75, 0xf6, 0xb9, 0x5e, 0xb4, 0x5c, 0x2a, 0x70, 0xd1, - 0x92, 0xf6, 0xca, 0x2a, 0x5d, 0xbc, 0xb2, 0x2b, 0x71, 0xaf, 0xec, 0xe5, 0x33, 0xac, 0x43, 0xcc, - 0x45, 0xfb, 0xb6, 0x50, 0xb3, 0xe6, 0xd2, 0x16, 0x63, 0x52, 0xb8, 0x37, 0x0c, 0x3f, 0xae, 0x74, - 0x65, 0xae, 0x74, 0xae, 0x9c, 0xff, 0x4a, 0x67, 0xfe, 0x02, 0xae, 0x74, 0xae, 0xc6, 0xae, 0x74, - 0xee, 0xc9, 0x2b, 0x1d, 0xa1, 0x40, 0xaa, 0xdd, 0xbe, 0xec, 0xab, 0x23, 0xd7, 0x4e, 0xdc, 0xee, - 0xe4, 0xf8, 0x9b, 0xaf, 0x3f, 0x07, 0x7f, 0xf3, 0xc2, 0x79, 0xfd, 0xcd, 0x37, 0xa1, 0x8e, 0x5d, - 0xce, 0x0c, 0x34, 0x14, 0x0c, 0x2f, 0xf3, 0xef, 0xcf, 0xc0, 0xd1, 0x5d, 0x98, 0x09, 0x44, 0x6e, - 0xd2, 0xd4, 0x11, 0xca, 0x6b, 0x7e, 0x63, 0xda, 0xa3, 0xfd, 0xca, 0xf9, 0x3c, 0xda, 0xe8, 0x53, - 0xa8, 0x4a, 0xd7, 0xad, 0x18, 0xec, 0xab, 0x67, 0x74, 0x99, 0xc6, 0x89, 0xd1, 0xf7, 0x60, 0x1a, - 0x1b, 0x86, 0xc9, 0x7a, 0xe6, 0xde, 0x5b, 0x8a, 0x4d, 0x9b, 0x78, 0x67, 0x76, 0xe0, 0xe4, 0x76, - 0x82, 0xb6, 0xa0, 0x26, 0xfd, 0x9f, 0x92, 0xbd, 0x5f, 0x3f, 0x5b, 0xaf, 0x49, 0x6a, 0x66, 0xfc, - 0x26, 0x7c, 0xc5, 0x6f, 0xf4, 0x36, 0x7e, 0x13, 0xee, 0xe1, 0xb7, 0x44, 0x24, 0xf0, 0x8d, 0x9e, - 0x64, 0x3c, 0x06, 0xf8, 0x0f, 0x4a, 0x70, 0xa9, 0xcb, 0xe6, 0xbd, 0xd0, 0xab, 0xb5, 0xc4, 0x95, - 0xd0, 0x60, 0xd1, 0x2b, 0x21, 0xb5, 0x05, 0x4a, 0xb7, 0x0d, 0xd8, 0xe7, 0xf0, 0x66, 0x61, 0xc4, - 0xef, 0x1c, 0x1c, 0x98, 0xc7, 0x72, 0x7c, 0xf2, 0x49, 0xfd, 0x1c, 0xae, 0x47, 0x6e, 0xaf, 0x75, - 0xfb, 0x68, 0xcb, 0x3c, 0x26, 0xde, 0xb2, 0x81, 0x5d, 0x7a, 0xbe, 0x18, 0x55, 0xf5, 0x2f, 0x4b, - 0x70, 0xa9, 0x8b, 0x43, 0xad, 0xcf, 0x4f, 0x78, 0x1f, 0x2a, 0xd2, 0x35, 0xca, 0x75, 0x98, 0xde, - 0xb7, 0x22, 0x71, 0x74, 0xa6, 0x63, 0xc9, 0x1b, 0x0d, 0x6e, 0xed, 0x8b, 0x80, 0xb8, 0x38, 0x48, - 0x35, 0x00, 0x6d, 0x3a, 0xd8, 0x68, 0xb4, 0x88, 0x61, 0x44, 0x9a, 0xfd, 0x4d, 0xa8, 0x5b, 0x98, - 0x12, 0x5b, 0x3f, 0xd9, 0x6b, 0x79, 0xc4, 0x6f, 0x39, 0x96, 0x21, 0x95, 0xfc, 0x0c, 0x1c, 0xa9, - 0x30, 0xd4, 0x76, 0x0c, 0xc1, 0x02, 0xe3, 0x4b, 0xe3, 0xd1, 0x42, 0x33, 0xa8, 0xc6, 0xdb, 0x54, - 0x0f, 0x20, 0x72, 0x76, 0xf5, 0x39, 0x13, 0x8b, 0x30, 0xc4, 0xd4, 0xf7, 0x02, 0x53, 0xc0, 0xf1, - 0xd4, 0xff, 0x07, 0x53, 0x39, 0x2e, 0xc2, 0x3e, 0x5f, 0x2e, 0xec, 0xf0, 0x8d, 0xcd, 0x95, 0x02, - 0xaf, 0x97, 0x98, 0xea, 0x7f, 0x0e, 0xc0, 0x3c, 0xe7, 0xac, 0x98, 0x45, 0xc8, 0x59, 0x2c, 0xe0, - 0x88, 0x1d, 0xa8, 0x1d, 0x86, 0xcc, 0xc2, 0xf4, 0x67, 0x31, 0xa0, 0x6f, 0xe5, 0x39, 0x67, 0x73, - 0xb9, 0x54, 0x4b, 0xd2, 0xa3, 0x47, 0x00, 0x91, 0x57, 0x46, 0x8e, 0xf4, 0xf5, 0x84, 0x4b, 0x45, - 0xb6, 0xe5, 0x74, 0x15, 0xa3, 0x44, 0xf7, 0x61, 0xd8, 0xa7, 0x86, 0xe9, 0xc8, 0xcd, 0x1b, 0x3b, - 0xfb, 0x1b, 0x0c, 0x9c, 0x43, 0x2d, 0xf0, 0xd1, 0x06, 0x54, 0x7c, 0x8a, 0xf5, 0x43, 0xc3, 0x33, - 0x8f, 0x48, 0xce, 0x6d, 0x78, 0x23, 0x6a, 0xcc, 0xe9, 0x24, 0x4e, 0x8b, 0x56, 0x60, 0xbc, 0xe3, - 0x93, 0x00, 0x41, 0x5b, 0xf3, 0xa5, 0x01, 0x76, 0xea, 0x2d, 0x42, 0x92, 0x42, 0xfd, 0xc5, 0x00, - 0x5c, 0xe6, 0xef, 0x09, 0x0c, 0xff, 0x5f, 0x4f, 0xff, 0x37, 0x39, 0xfd, 0x7f, 0x5b, 0x82, 0x0a, - 0x7f, 0x8f, 0x9c, 0xf0, 0xb7, 0x61, 0x44, 0x38, 0x25, 0xe5, 0x4c, 0x5f, 0x89, 0x39, 0xb6, 0xa3, - 0x55, 0x0a, 0x6c, 0x29, 0x81, 0x8a, 0xde, 0x87, 0x72, 0xe8, 0x99, 0x93, 0x73, 0x7a, 0x2d, 0x45, - 0x17, 0xee, 0xaf, 0xc0, 0x55, 0x18, 0x12, 0xa0, 0x15, 0x18, 0xc3, 0x72, 0xd5, 0xe5, 0x6c, 0xbe, - 0xde, 0x8d, 0x38, 0xc9, 0x1d, 0x5a, 0x48, 0xa7, 0xfe, 0x7c, 0x08, 0x26, 0x33, 0xe3, 0xfb, 0xa5, - 0xf3, 0x66, 0x48, 0x2f, 0xc5, 0x50, 0x3f, 0x5e, 0x8a, 0x98, 0x4c, 0x1c, 0xee, 0xe3, 0xf0, 0x1f, - 0x89, 0x1f, 0xfe, 0x17, 0x1b, 0xc0, 0x9c, 0xb6, 0x77, 0xc6, 0xba, 0xd8, 0x3b, 0xdf, 0x89, 0xad, - 0xb3, 0x70, 0x79, 0xbc, 0x92, 0xcb, 0x5c, 0xdd, 0x16, 0x19, 0x69, 0x30, 0xeb, 0x13, 0x9f, 0x9d, - 0x13, 0x81, 0xa5, 0xb6, 0x5e, 0xd8, 0x0d, 0xd2, 0x85, 0x32, 0xa9, 0x07, 0x55, 0x0a, 0xeb, 0x41, - 0xff, 0x06, 0x30, 0x9d, 0xc7, 0xd7, 0xb9, 0x2c, 0x37, 0x70, 0x01, 0x2c, 0x37, 0x58, 0x80, 0xe5, - 0x86, 0xba, 0xb3, 0xdc, 0xf0, 0x39, 0x59, 0x6e, 0xe4, 0xcc, 0x7e, 0xa6, 0xd1, 0xb3, 0xf8, 0x99, - 0x42, 0x36, 0x1d, 0x8b, 0xb3, 0xe9, 0x47, 0x50, 0xb5, 0x1c, 0x6c, 0xf8, 0x52, 0xef, 0x91, 0x4c, - 0x13, 0xbb, 0x6a, 0xcb, 0x6a, 0x45, 0x5a, 0x82, 0xe2, 0x97, 0x36, 0x44, 0x35, 0xbd, 0x65, 0xaa, - 0x5d, 0x33, 0x0d, 0x32, 0xd6, 0xec, 0xc4, 0x73, 0xb0, 0x66, 0xeb, 0xe7, 0xb5, 0x66, 0xa3, 0x2b, - 0x90, 0xc9, 0xc2, 0x57, 0x20, 0xdc, 0xb5, 0xef, 0x3a, 0x1e, 0x5d, 0xc1, 0x54, 0x6f, 0x6d, 0xe1, - 0xe3, 0x3d, 0xb3, 0x1d, 0x84, 0x75, 0xe6, 0xb4, 0x30, 0x2b, 0x38, 0x09, 0x5d, 0xb7, 0xa9, 0x67, - 0x12, 0x71, 0x33, 0x5c, 0xd3, 0xf2, 0x1b, 0x93, 0xfb, 0xbb, 0x56, 0x38, 0xf4, 0xad, 0xbb, 0xa8, - 0x19, 0xef, 0x5b, 0xd4, 0xf4, 0x72, 0x97, 0x4d, 0xbf, 0x08, 0x77, 0xd9, 0xcc, 0x37, 0x90, 0x09, - 0x31, 0x7b, 0xce, 0x10, 0x5b, 0x0b, 0x50, 0xf6, 0x52, 0xbd, 0x4f, 0x23, 0x61, 0x01, 0x2a, 0x32, - 0x13, 0x93, 0x5b, 0x5b, 0xc2, 0xe6, 0x8c, 0x83, 0xd4, 0x1f, 0x0d, 0xc1, 0xc4, 0xb6, 0x63, 0x90, - 0xe5, 0x26, 0xb1, 0xe9, 0x39, 0x0d, 0x12, 0x2e, 0x09, 0x07, 0xfa, 0x92, 0x84, 0x83, 0x71, 0x49, - 0x98, 0x96, 0x63, 0x43, 0x7d, 0xcb, 0xb1, 0xd4, 0xd2, 0x0c, 0x9f, 0xd3, 0x2b, 0xd4, 0x8b, 0xa7, - 0x47, 0x5e, 0x04, 0x4f, 0x8f, 0x3e, 0x07, 0x9e, 0x56, 0x7f, 0xb3, 0x04, 0x57, 0x4e, 0x89, 0x24, - 0x40, 0x1f, 0x26, 0x4c, 0xec, 0x9b, 0x85, 0xc2, 0x0f, 0x16, 0xb7, 0x22, 0xf3, 0xfb, 0x06, 0x0c, - 0xb1, 0x27, 0x54, 0x83, 0xf2, 0xf2, 0xe6, 0xe6, 0xce, 0xe7, 0x4f, 0x97, 0xb7, 0xbf, 0xac, 0xbf, - 0x84, 0x26, 0xa1, 0xa6, 0xad, 0x7f, 0xbc, 0xd1, 0xd8, 0xd3, 0xbe, 0x7c, 0xba, 0xb3, 0xbd, 0xf9, - 0x65, 0xbd, 0xa4, 0xfe, 0x7c, 0x02, 0x2a, 0xe2, 0x82, 0xf5, 0x3c, 0xcc, 0xf9, 0x5c, 0x14, 0x95, - 0x2e, 0x7a, 0x6f, 0x5a, 0x99, 0x19, 0xca, 0x51, 0x66, 0xce, 0x90, 0x00, 0x9c, 0xa3, 0xd1, 0xde, - 0x85, 0x51, 0x5f, 0x44, 0xaf, 0x14, 0x49, 0x96, 0x91, 0xa8, 0xe8, 0x55, 0xa8, 0xf1, 0xa8, 0x80, - 0x06, 0x6e, 0xbb, 0xec, 0x54, 0xe3, 0xea, 0x47, 0x49, 0x4b, 0x02, 0xfb, 0x4d, 0xfa, 0xcd, 0x09, - 0x0b, 0x85, 0xfc, 0xb0, 0x50, 0xa9, 0xa3, 0x55, 0xfa, 0xd1, 0xd1, 0xd2, 0x92, 0xa1, 0xda, 0xb7, - 0x64, 0xd0, 0xe1, 0xfa, 0x61, 0x10, 0xd6, 0xcf, 0x54, 0x06, 0xe2, 0x1d, 0x71, 0x59, 0x6b, 0x13, - 0x9d, 0xbd, 0x78, 0xb9, 0x49, 0xe4, 0xf9, 0x79, 0xca, 0x45, 0x65, 0xaf, 0x1e, 0xd0, 0x26, 0xd4, - 0x0d, 0xe2, 0x5a, 0xce, 0x49, 0x9b, 0xd8, 0x54, 0xdc, 0xcb, 0xc9, 0x13, 0xb5, 0xb7, 0x7c, 0xcc, - 0x50, 0x66, 0x62, 0xc4, 0x26, 0xfa, 0x8a, 0x11, 0xeb, 0x25, 0xc3, 0xea, 0x2f, 0x42, 0x86, 0x4d, - 0x3e, 0x8f, 0x73, 0xf9, 0x01, 0x94, 0xf5, 0x30, 0x28, 0x0c, 0xf5, 0x8e, 0x11, 0x0c, 0x91, 0xd1, - 0x3d, 0x18, 0x95, 0x0e, 0x7c, 0x79, 0xfb, 0x18, 0xd3, 0xc2, 0xb9, 0x2c, 0x4a, 0x06, 0x26, 0x06, - 0xc8, 0x31, 0xc5, 0x70, 0xba, 0xb0, 0x62, 0x28, 0x8f, 0xcd, 0x99, 0xb3, 0x1c, 0x9b, 0x91, 0xdb, - 0x62, 0x36, 0xed, 0xb6, 0xe0, 0xc3, 0xcb, 0x75, 0x5b, 0xe4, 0x68, 0xd7, 0xca, 0x73, 0xd0, 0xae, - 0x2f, 0x5f, 0x70, 0x6e, 0xc2, 0xdc, 0x39, 0xcf, 0xec, 0x2d, 0xa8, 0x61, 0xd7, 0x8d, 0x05, 0x17, - 0x5e, 0x39, 0xe3, 0xfd, 0x48, 0x82, 0x1a, 0xb5, 0xe0, 0x65, 0x71, 0xa6, 0xec, 0xb2, 0x25, 0xd5, - 0x1d, 0xab, 0x61, 0x9b, 0x8c, 0x03, 0xd9, 0x77, 0x05, 0x67, 0x9f, 0xbc, 0x1e, 0x3c, 0x6d, 0xf5, - 0x7b, 0x77, 0x82, 0x0e, 0x60, 0xa1, 0x2b, 0xd2, 0x86, 0x2d, 0x5e, 0x74, 0xb5, 0xe7, 0x8b, 0x7a, - 0xf6, 0x91, 0x63, 0xeb, 0x5d, 0x3b, 0x87, 0xad, 0xf7, 0x1d, 0xa8, 0x8a, 0x7d, 0x24, 0x42, 0x03, - 0xe4, 0x75, 0x64, 0x9a, 0x41, 0x57, 0x63, 0x28, 0x5a, 0x82, 0x40, 0xfd, 0xeb, 0x12, 0xa0, 0xec, - 0x1e, 0xe3, 0xb1, 0xca, 0x02, 0x10, 0xc4, 0xad, 0x94, 0x64, 0xac, 0x72, 0x02, 0x8a, 0x3e, 0x83, - 0x19, 0x33, 0x24, 0xa4, 0x8c, 0xc3, 0x88, 0xb7, 0x15, 0x69, 0x2a, 0xb1, 0xd2, 0x06, 0xb9, 0x68, - 0x5a, 0x3e, 0x35, 0x3b, 0xd3, 0x83, 0x06, 0x0b, 0xfb, 0xbe, 0xd4, 0x57, 0x13, 0x30, 0x75, 0x03, - 0x26, 0x33, 0xbb, 0xaf, 0xcf, 0x5b, 0x9b, 0x1f, 0x97, 0x60, 0x22, 0xed, 0x6b, 0xe9, 0x4f, 0xf1, - 0x79, 0x13, 0x06, 0x8e, 0xee, 0x48, 0x55, 0x27, 0xb6, 0x0a, 0x61, 0xe7, 0x4f, 0xee, 0x48, 0x31, - 0x31, 0x70, 0x74, 0x87, 0x23, 0x2f, 0x49, 0xaf, 0x64, 0x2e, 0xf2, 0x52, 0x88, 0xbc, 0xc4, 0x3e, - 0x37, 0xd3, 0x4b, 0x9f, 0x9f, 0xfb, 0xb3, 0x52, 0xbc, 0xaf, 0xa5, 0x73, 0x7d, 0xf0, 0x7a, 0x8e, - 0xcb, 0xfb, 0xb5, 0xdc, 0x6f, 0x89, 0xbc, 0xdf, 0x39, 0x1e, 0xef, 0xc7, 0x49, 0xc7, 0x75, 0xc6, - 0x53, 0x1b, 0xeb, 0x87, 0xfb, 0xb0, 0xd7, 0x38, 0x5e, 0x8e, 0xdf, 0x5a, 0x6d, 0xc0, 0x95, 0x53, - 0x5e, 0xda, 0xe7, 0x8c, 0xfd, 0xdd, 0x00, 0xcc, 0x9f, 0x36, 0x84, 0x3e, 0x27, 0xef, 0x6e, 0x14, - 0x1c, 0x5f, 0x20, 0xdb, 0x29, 0x88, 0x8c, 0x7f, 0x08, 0x10, 0x05, 0x98, 0x17, 0x48, 0xd8, 0x89, - 0x61, 0xa3, 0x7b, 0x30, 0x46, 0x1d, 0xd7, 0xb1, 0x9c, 0xe6, 0x49, 0x81, 0xbc, 0x9c, 0x10, 0x17, - 0x3d, 0xe6, 0xa1, 0x72, 0x07, 0x66, 0x73, 0xe7, 0x88, 0x78, 0x9e, 0x69, 0x14, 0xcf, 0xe8, 0x4c, - 0xd1, 0xa9, 0xeb, 0x72, 0xdb, 0xc6, 0x65, 0x12, 0xba, 0x0d, 0x53, 0x7e, 0x67, 0xdf, 0xd7, 0x3d, - 0x73, 0x9f, 0x18, 0x51, 0x1a, 0x8a, 0x90, 0x39, 0x79, 0x4d, 0xea, 0x0f, 0xa0, 0x12, 0x8b, 0x8e, - 0x41, 0x08, 0x86, 0x6c, 0x66, 0x72, 0x0b, 0x0a, 0xfe, 0x3b, 0xcc, 0x6d, 0x1d, 0x88, 0xe5, 0xb6, - 0xce, 0xc1, 0x18, 0xd3, 0x4b, 0x77, 0xa3, 0x9c, 0xd7, 0xf0, 0x19, 0x5d, 0x03, 0x10, 0x75, 0x8c, - 0x78, 0xeb, 0x10, 0x6f, 0x8d, 0x41, 0xd4, 0x7f, 0x1e, 0x85, 0x7a, 0x86, 0x9f, 0xc2, 0x68, 0xd9, - 0xa8, 0x25, 0x18, 0x64, 0x01, 0x4e, 0xe8, 0x4a, 0xdb, 0x67, 0x22, 0x5c, 0xda, 0xce, 0x19, 0xec, - 0x62, 0xe7, 0xc8, 0xdc, 0x98, 0xa1, 0x4c, 0x29, 0xa5, 0xe1, 0x28, 0x56, 0x7a, 0x9e, 0x59, 0x26, - 0x94, 0xd8, 0x61, 0x7d, 0x81, 0xb2, 0x16, 0x01, 0x32, 0xa6, 0xc1, 0x68, 0xdf, 0xa6, 0xc1, 0x32, - 0x8c, 0xfb, 0xba, 0x87, 0xb9, 0xd6, 0x42, 0xbc, 0x23, 0x6c, 0xc9, 0x44, 0xa6, 0x53, 0x2c, 0x81, - 0x14, 0x01, 0xf7, 0xbb, 0x38, 0x36, 0x25, 0xc7, 0x74, 0x17, 0xd3, 0x16, 0x37, 0xa3, 0xca, 0x5a, - 0x1c, 0x14, 0x57, 0x31, 0x21, 0xad, 0x62, 0x66, 0x0b, 0xbe, 0x45, 0x2a, 0xe6, 0x7b, 0x30, 0x2a, - 0x63, 0x8a, 0xa4, 0x05, 0xf5, 0x72, 0xde, 0x75, 0x9e, 0x3c, 0x0d, 0x03, 0x62, 0x49, 0x81, 0x3e, - 0x84, 0x31, 0x5f, 0x26, 0xb3, 0x49, 0xd3, 0x49, 0xcd, 0xa7, 0x16, 0x38, 0xc1, 0x95, 0x44, 0x40, - 0x73, 0xc1, 0x35, 0x3f, 0x7a, 0x9a, 0x22, 0xe3, 0x2f, 0xc2, 0x14, 0x99, 0x78, 0x1e, 0xa6, 0x48, - 0xc2, 0xa8, 0xae, 0x17, 0xbe, 0x77, 0xf9, 0xb3, 0x12, 0xcc, 0x9f, 0x76, 0x47, 0xdb, 0xa7, 0x94, - 0xdf, 0x81, 0x99, 0xb6, 0x48, 0xdf, 0x5f, 0x3f, 0x76, 0x4d, 0xef, 0x24, 0x0c, 0xcd, 0x1d, 0xe8, - 0xc5, 0xe7, 0xf9, 0x74, 0xea, 0x2e, 0x28, 0xdd, 0xb8, 0xa7, 0xcf, 0xf3, 0xed, 0x27, 0x25, 0xb8, - 0xd4, 0x85, 0x9d, 0xd3, 0x05, 0x0b, 0x4b, 0xfd, 0x14, 0x2c, 0x5c, 0x8f, 0x89, 0xdd, 0x81, 0xf4, - 0x25, 0x7b, 0xe6, 0xc5, 0xdb, 0x12, 0x35, 0xd8, 0x10, 0x01, 0xa9, 0x7a, 0x08, 0xd7, 0x7b, 0x20, - 0xf7, 0x5f, 0x1a, 0x21, 0x3c, 0x2a, 0x6a, 0xe2, 0xa8, 0x50, 0xff, 0xa8, 0x06, 0x95, 0x58, 0xd2, - 0x4a, 0xbc, 0xe7, 0x57, 0x8a, 0xf7, 0xfc, 0x2a, 0xd4, 0xb0, 0xae, 0x13, 0xdf, 0xdf, 0x74, 0x9a, - 0x8f, 0x4c, 0x2b, 0x38, 0xa1, 0x92, 0x40, 0x74, 0x03, 0x26, 0x22, 0x80, 0xe3, 0xb5, 0x71, 0x50, - 0xa5, 0x21, 0x0d, 0x46, 0x1b, 0x30, 0x19, 0x82, 0xd6, 0x6d, 0xdd, 0x31, 0x02, 0x1d, 0x60, 0x3c, - 0xae, 0x42, 0x66, 0x50, 0xb4, 0x2c, 0x15, 0x3b, 0xef, 0x70, 0x87, 0x3a, 0x22, 0x23, 0x4b, 0x9e, - 0x05, 0x31, 0x08, 0x1b, 0xba, 0x74, 0x5d, 0xcb, 0x74, 0x16, 0x71, 0x38, 0x24, 0x81, 0xe8, 0x2d, - 0x98, 0xd4, 0x9d, 0xb6, 0xeb, 0xd8, 0xc4, 0xa6, 0x9b, 0x41, 0x81, 0x41, 0x71, 0x5c, 0x64, 0x1b, - 0xa4, 0xa4, 0xd6, 0x3b, 0x9e, 0x47, 0x6c, 0xfd, 0x84, 0x9f, 0x1a, 0x35, 0x2d, 0x0e, 0x62, 0xc7, - 0x81, 0x61, 0xfb, 0x1a, 0x39, 0xf0, 0x88, 0xdf, 0xd2, 0x30, 0x25, 0x05, 0x8e, 0x83, 0x24, 0x41, - 0x94, 0x7f, 0xca, 0xab, 0x8e, 0x75, 0xda, 0xae, 0x74, 0xac, 0x15, 0xc8, 0x3f, 0x0d, 0x28, 0xd0, - 0x36, 0x4c, 0x91, 0x58, 0xe1, 0x8d, 0xc0, 0x0a, 0xca, 0x1c, 0x1e, 0xd9, 0xea, 0x1c, 0x5a, 0x1e, - 0x21, 0xfa, 0x10, 0x2a, 0x1c, 0xdc, 0xa0, 0x98, 0xfa, 0x86, 0x3c, 0x4c, 0x4e, 0xef, 0x27, 0x4e, - 0xc0, 0x34, 0x24, 0x59, 0x4b, 0x52, 0x1a, 0x92, 0x22, 0x50, 0x52, 0x64, 0xb7, 0xe6, 0x35, 0x31, - 0x9e, 0x0a, 0xc0, 0xbb, 0x32, 0xa4, 0x5c, 0x66, 0xbb, 0xa6, 0xc0, 0x91, 0xd7, 0x73, 0x3c, 0xee, - 0xf5, 0xbc, 0x0d, 0x53, 0xa6, 0x9d, 0x7d, 0xe3, 0x84, 0x78, 0x63, 0x4e, 0x13, 0xcf, 0xaf, 0xb5, - 0x93, 0x6f, 0xac, 0xcb, 0xfc, 0xda, 0x24, 0x18, 0x2d, 0x02, 0x3a, 0xec, 0xec, 0x93, 0x23, 0xd3, - 0xa3, 0xa1, 0xc4, 0x10, 0x95, 0x5b, 0xca, 0x5a, 0x4e, 0x4b, 0xa2, 0x78, 0x25, 0x4a, 0x16, 0xaf, - 0x64, 0xea, 0xb0, 0xeb, 0x99, 0x47, 0xa6, 0x45, 0x9a, 0xc4, 0x90, 0x0e, 0xa4, 0x53, 0xd5, 0xe1, - 0x08, 0x1b, 0xad, 0xc0, 0xbc, 0x47, 0xb0, 0x61, 0xda, 0xc4, 0xf7, 0x37, 0x6c, 0x93, 0x9a, 0xd8, - 0x5a, 0x23, 0x16, 0x3e, 0x69, 0x10, 0xdd, 0xb1, 0x0d, 0x5f, 0xe6, 0x73, 0x9e, 0x8a, 0x23, 0xb2, - 0x82, 0x64, 0xfb, 0x2e, 0xf1, 0x4c, 0xc7, 0x08, 0xa8, 0x67, 0x38, 0x75, 0x97, 0x56, 0xf4, 0x3e, - 0x5c, 0x0e, 0x5b, 0x1e, 0x61, 0xd3, 0xea, 0x78, 0x24, 0x8a, 0xb5, 0x9b, 0xe5, 0xa4, 0xdd, 0x11, - 0xd8, 0xe6, 0xf5, 0x29, 0xa6, 0x1d, 0x1e, 0xf3, 0xca, 0x73, 0x26, 0x6b, 0x5a, 0x0c, 0x92, 0x3c, - 0x02, 0x95, 0x33, 0xf8, 0x95, 0x83, 0x84, 0xb7, 0xcb, 0x5c, 0xa6, 0xd4, 0x23, 0x1a, 0x01, 0x0f, - 0x53, 0xdd, 0x1e, 0x82, 0xe2, 0x4a, 0x2f, 0xc7, 0x1a, 0xa1, 0xc2, 0x09, 0x1b, 0xa4, 0xd1, 0x88, - 0x04, 0xc4, 0xae, 0xed, 0x68, 0x0f, 0x66, 0x38, 0x6f, 0x2f, 0x07, 0x32, 0x29, 0xd8, 0x5e, 0x57, - 0xd2, 0xde, 0xac, 0xf5, 0x04, 0x5a, 0x90, 0x57, 0x99, 0x4b, 0x8c, 0x96, 0x60, 0x5a, 0x72, 0x76, - 0xe0, 0xd4, 0x11, 0x1c, 0x3b, 0xcf, 0x47, 0x93, 0xdb, 0x96, 0x4d, 0x97, 0xb9, 0x7a, 0xc6, 0x74, - 0x99, 0x6c, 0x0e, 0xd1, 0xb5, 0xdc, 0x1c, 0xa2, 0xef, 0xc2, 0xac, 0x8b, 0x3d, 0x62, 0xd3, 0x46, - 0xab, 0x43, 0x0d, 0xe7, 0x59, 0xf4, 0xc6, 0x85, 0x5e, 0x6f, 0xec, 0x42, 0xa8, 0xfe, 0xff, 0x01, - 0x98, 0xce, 0x9b, 0x9f, 0xe7, 0x54, 0x1e, 0xa8, 0x2c, 0x4d, 0xa8, 0xf5, 0xbc, 0xf2, 0x40, 0xaf, - 0x74, 0x5b, 0xb2, 0x18, 0xea, 0xf3, 0xa8, 0x10, 0xf4, 0x2f, 0x25, 0xb8, 0xdc, 0xf5, 0x85, 0x6c, - 0xf8, 0xfc, 0xda, 0x4c, 0x5a, 0x85, 0xec, 0x37, 0x3f, 0xaf, 0x2c, 0x93, 0xd8, 0x3c, 0x89, 0x4e, - 0xc6, 0x51, 0xcb, 0x6f, 0xce, 0x36, 0xf0, 0x1a, 0xc3, 0x9e, 0x79, 0x84, 0x29, 0xf9, 0x94, 0x9c, - 0x04, 0xf5, 0x24, 0x23, 0x08, 0x5f, 0x7e, 0xbc, 0x1a, 0x8f, 0xe0, 0x0e, 0x52, 0xc8, 0x12, 0x50, - 0x66, 0x5e, 0xf9, 0xb6, 0x19, 0x98, 0x57, 0xbe, 0x6d, 0x32, 0x61, 0xe9, 0x77, 0xf6, 0xd9, 0x41, - 0xbb, 0x6c, 0x89, 0x9a, 0x1c, 0xca, 0x08, 0xcf, 0xf8, 0x49, 0x83, 0xd5, 0xef, 0xc3, 0x44, 0x2a, - 0x17, 0x36, 0x92, 0xd8, 0xa5, 0xae, 0x61, 0xd7, 0xc3, 0x85, 0xd5, 0xde, 0x55, 0xb8, 0xd4, 0xa5, - 0xfa, 0x1e, 0x1b, 0xb6, 0xee, 0x76, 0x82, 0xca, 0x30, 0xba, 0xdb, 0x11, 0x19, 0xf5, 0x6d, 0x47, - 0x86, 0xe2, 0xf1, 0x8c, 0x7a, 0xf6, 0xa4, 0xfe, 0xe1, 0x00, 0x94, 0xc3, 0xf4, 0xdb, 0x3e, 0x39, - 0x50, 0x81, 0xd1, 0x8e, 0xe1, 0x73, 0x13, 0x4e, 0x74, 0x1e, 0x3c, 0xa2, 0x0f, 0xa1, 0xda, 0xf1, - 0xc9, 0x36, 0x53, 0x81, 0xac, 0x4f, 0x9e, 0xd1, 0x02, 0x4e, 0x8f, 0x04, 0x3e, 0x7a, 0x0c, 0x93, - 0x1d, 0x9f, 0xec, 0x79, 0x1d, 0x9f, 0x3e, 0x73, 0x3c, 0xda, 0x3a, 0x61, 0x9d, 0xf4, 0xf6, 0x7f, - 0x64, 0x89, 0xd0, 0x3d, 0x18, 0xa6, 0xce, 0x21, 0xb1, 0x0b, 0xf3, 0xab, 0x40, 0x57, 0xff, 0x0f, - 0x54, 0xe3, 0x79, 0x2f, 0xcc, 0xba, 0x6e, 0x33, 0x53, 0x9c, 0x7f, 0xad, 0x98, 0xdf, 0x08, 0x10, - 0xba, 0x33, 0x06, 0x62, 0xee, 0x0c, 0x26, 0xf1, 0x79, 0x0f, 0xb1, 0x48, 0xee, 0x18, 0x44, 0xfd, - 0xbd, 0x51, 0x18, 0xbf, 0x08, 0x63, 0x20, 0xe3, 0x44, 0x18, 0xe8, 0x75, 0x59, 0x9a, 0x88, 0x26, - 0x78, 0xc8, 0x86, 0x69, 0x1d, 0x34, 0xcc, 0xa6, 0x5d, 0xa8, 0xf6, 0x4b, 0x0c, 0x3b, 0x9d, 0x3e, - 0x3d, 0x9c, 0x4d, 0x9f, 0x5e, 0x81, 0x31, 0xc3, 0xf6, 0xd9, 0xd6, 0x12, 0xdb, 0x25, 0xe1, 0x24, - 0x4c, 0x7e, 0xfd, 0xe2, 0x9a, 0x44, 0x94, 0x75, 0x70, 0x03, 0x3a, 0x5e, 0xf6, 0x86, 0xbb, 0x5d, - 0xb6, 0x88, 0xdf, 0x92, 0xc9, 0x2e, 0xa3, 0x05, 0xca, 0xde, 0xa4, 0x68, 0xd0, 0x17, 0x70, 0x59, - 0x4c, 0x59, 0x74, 0x5f, 0xb1, 0x72, 0x22, 0x0b, 0xa5, 0x14, 0x28, 0xc6, 0xd2, 0x9d, 0x18, 0x7d, - 0x02, 0x48, 0x37, 0x29, 0x36, 0x88, 0xf5, 0x98, 0x60, 0x8b, 0xb6, 0x78, 0xc6, 0x7f, 0x01, 0x25, - 0x36, 0x87, 0xea, 0x02, 0xa3, 0xd4, 0xfa, 0xc9, 0xf1, 0xcc, 0xde, 0x76, 0x54, 0xcf, 0x55, 0xed, - 0x7c, 0xe2, 0x99, 0xe3, 0x1d, 0x5a, 0x0e, 0x36, 0xd8, 0x52, 0xee, 0x51, 0x2b, 0x50, 0x69, 0x53, - 0xe0, 0x0b, 0x2e, 0xe0, 0x3c, 0xf7, 0x1e, 0xd4, 0x12, 0xdc, 0x74, 0xa6, 0xaa, 0x5b, 0x7f, 0x5c, - 0x82, 0xda, 0xc5, 0x9b, 0xd4, 0x2a, 0x54, 0x83, 0xd4, 0xac, 0xdd, 0xc8, 0x74, 0x4d, 0xc0, 0x42, - 0x31, 0x32, 0x98, 0xf4, 0x8a, 0xa6, 0x4b, 0x1c, 0xaa, 0x3f, 0x2e, 0xc3, 0x4c, 0x6e, 0x7d, 0x8e, - 0x3e, 0x25, 0xc8, 0xa9, 0x3b, 0x63, 0xe0, 0x3c, 0x3b, 0xa3, 0x58, 0x04, 0x53, 0xff, 0x3c, 0xfe, - 0x25, 0x4c, 0xd9, 0xe4, 0x88, 0xc8, 0x69, 0xe8, 0xb3, 0x8e, 0xb0, 0x96, 0xd7, 0x07, 0x4f, 0x4b, - 0xb3, 0x9e, 0xe1, 0x13, 0x3f, 0xd5, 0x77, 0xf5, 0xac, 0x69, 0x69, 0x39, 0x9d, 0xf4, 0xf4, 0xed, - 0xd5, 0x5e, 0x84, 0x6f, 0x6f, 0xfc, 0x9b, 0x28, 0x4b, 0x38, 0xd1, 0x35, 0xba, 0x75, 0xca, 0x23, - 0xcf, 0x3c, 0x93, 0x92, 0x65, 0xd7, 0x7d, 0xbc, 0xb7, 0xb7, 0xbb, 0xeb, 0x39, 0xfb, 0x41, 0x34, - 0xea, 0xa9, 0x55, 0x56, 0x72, 0xc8, 0x52, 0xa7, 0xda, 0xe4, 0x59, 0x4f, 0x35, 0x93, 0xaf, 0x16, - 0xff, 0x10, 0xb9, 0xf1, 0xe2, 0x20, 0xa4, 0x31, 0x53, 0x9b, 0x3d, 0x92, 0x84, 0xa8, 0x2c, 0x5a, - 0x95, 0x28, 0x8f, 0x38, 0xa9, 0x0c, 0x4e, 0x17, 0x36, 0x00, 0x1f, 0xc3, 0xb8, 0xb3, 0x9f, 0xe0, - 0xcf, 0xa2, 0xa1, 0x12, 0x29, 0xba, 0x8b, 0x8e, 0xd3, 0xfc, 0xed, 0x12, 0x5c, 0xea, 0x92, 0xfd, - 0xd2, 0xa7, 0x94, 0xfa, 0x10, 0xaa, 0x4e, 0x87, 0xba, 0x1d, 0x2a, 0xeb, 0x5a, 0x0d, 0x14, 0x28, - 0x3c, 0x14, 0xc3, 0x57, 0x7f, 0x6b, 0x00, 0xae, 0x9e, 0x9a, 0x50, 0xd3, 0xe7, 0xb8, 0xde, 0xe6, - 0x79, 0x6e, 0x2d, 0x39, 0x9e, 0xeb, 0xb9, 0xd9, 0x3b, 0xcb, 0x1d, 0x1a, 0x15, 0x1d, 0xec, 0xd0, - 0x16, 0x7a, 0x37, 0x34, 0xdc, 0x73, 0x72, 0x86, 0x42, 0xb2, 0xdc, 0xa2, 0x35, 0xeb, 0x3c, 0x86, - 0x80, 0x92, 0x63, 0xfa, 0xb1, 0x87, 0xdd, 0x96, 0xd4, 0xd9, 0xf2, 0x3b, 0x58, 0x8d, 0x21, 0x6a, - 0x09, 0x32, 0xf5, 0x4f, 0x4b, 0x30, 0x93, 0x3b, 0x42, 0xb4, 0x02, 0xe3, 0xd8, 0x75, 0x57, 0x3d, - 0x62, 0x10, 0x9b, 0x9a, 0xd8, 0xf2, 0x0b, 0xcc, 0x46, 0x8a, 0x82, 0xd9, 0x1d, 0xd8, 0x35, 0x99, - 0x11, 0x26, 0xed, 0x0e, 0xf1, 0x84, 0x16, 0xa3, 0x84, 0x71, 0x5d, 0x0f, 0x15, 0x6a, 0x71, 0x3a, - 0xe4, 0xb4, 0xa8, 0xff, 0x97, 0x71, 0x51, 0xee, 0x7c, 0xf4, 0xb9, 0x5a, 0x6f, 0xc1, 0xa4, 0x8f, - 0xdb, 0x2e, 0x8f, 0xf9, 0xd8, 0xc7, 0xa2, 0xe2, 0xa0, 0x3c, 0x8c, 0xb3, 0x0d, 0xea, 0x4e, 0xe2, - 0xf5, 0xf1, 0xd9, 0xec, 0xd3, 0x73, 0xff, 0x37, 0x25, 0xa8, 0x26, 0xbe, 0xe2, 0x3e, 0x8c, 0x1a, - 0x98, 0x62, 0xc3, 0x69, 0x66, 0xab, 0x70, 0x0a, 0xc4, 0x35, 0xd1, 0x1c, 0xdc, 0x56, 0x49, 0x6c, - 0xf4, 0x01, 0x94, 0x2d, 0xb3, 0xd9, 0xa2, 0x3e, 0x25, 0x6e, 0x96, 0xf7, 0x04, 0xe9, 0x26, 0x43, - 0x68, 0x50, 0xe2, 0x06, 0x89, 0x56, 0x21, 0x05, 0xba, 0x0b, 0x23, 0x3f, 0x34, 0xdd, 0x43, 0x33, - 0x28, 0x21, 0x39, 0x9f, 0xa6, 0xfd, 0x8a, 0xb7, 0x06, 0xbc, 0x27, 0x70, 0xd5, 0x5b, 0x30, 0x95, - 0x33, 0x28, 0x66, 0x09, 0x62, 0x59, 0x5a, 0x47, 0xa8, 0x58, 0xc1, 0xa3, 0xfa, 0xe7, 0x25, 0x98, - 0xc9, 0x1d, 0x4b, 0x77, 0x1a, 0x26, 0x80, 0x85, 0xf7, 0x7b, 0x8f, 0x5b, 0x6e, 0x32, 0x2c, 0x3b, - 0x06, 0xe2, 0x7f, 0x1b, 0xc1, 0xfa, 0x8c, 0x73, 0x4f, 0x0c, 0x82, 0x96, 0x60, 0x84, 0xdf, 0xca, - 0x91, 0x02, 0x06, 0x8d, 0xc4, 0x54, 0x17, 0x01, 0x65, 0x3f, 0xfc, 0x94, 0x2f, 0xfb, 0xc9, 0x08, - 0xd4, 0x64, 0xed, 0xc2, 0x73, 0x31, 0xe4, 0x83, 0xe8, 0xaa, 0x33, 0x93, 0x2d, 0x27, 0xfb, 0xef, - 0x72, 0xd9, 0xf9, 0x0e, 0x8c, 0x7c, 0x8d, 0x49, 0x33, 0x94, 0x21, 0x57, 0x33, 0x84, 0x9f, 0xf0, - 0xe6, 0x60, 0x0d, 0x05, 0xf2, 0x05, 0xc6, 0x8f, 0xcf, 0xc1, 0x98, 0x1b, 0xd4, 0x3b, 0x12, 0xc6, - 0x5f, 0xf8, 0x8c, 0xee, 0x44, 0x37, 0xb1, 0x23, 0xe9, 0x4a, 0xdc, 0x5d, 0xee, 0x5f, 0xdf, 0x09, - 0x59, 0x72, 0xb4, 0xcb, 0xf7, 0xe4, 0xf1, 0x24, 0x5a, 0x06, 0x70, 0x5c, 0x62, 0xeb, 0xc4, 0xf6, - 0x3b, 0x41, 0x55, 0xcd, 0x97, 0x33, 0xa4, 0x3b, 0x21, 0x4a, 0x10, 0xce, 0x12, 0x11, 0x15, 0xb8, - 0x90, 0xfe, 0xd5, 0x51, 0xd8, 0x52, 0x7a, 0xc0, 0xc4, 0x39, 0xf5, 0x80, 0xbf, 0x2f, 0xc1, 0xa5, - 0x2e, 0x4b, 0x10, 0x84, 0x35, 0x94, 0x32, 0x61, 0x0d, 0x03, 0x51, 0x58, 0xc3, 0x63, 0x28, 0x93, - 0x63, 0xd7, 0xf1, 0x62, 0x19, 0xa1, 0x37, 0x4f, 0x59, 0xdc, 0xf5, 0x00, 0x37, 0x90, 0x78, 0x21, - 0x71, 0xb2, 0xc4, 0xca, 0x70, 0x5f, 0x25, 0x56, 0xd4, 0x03, 0x58, 0xe8, 0xf5, 0x4a, 0x66, 0x2d, - 0xc6, 0x63, 0xa3, 0x0a, 0x5b, 0x8b, 0xf1, 0xa8, 0xa8, 0x9f, 0x95, 0x60, 0x3a, 0x6f, 0xf3, 0xf7, - 0x29, 0x63, 0x52, 0x06, 0xec, 0x40, 0x3f, 0x06, 0x6c, 0xf8, 0xf7, 0x78, 0x83, 0xf1, 0xbf, 0xc7, - 0xeb, 0xe7, 0xaf, 0xed, 0xfe, 0x64, 0x40, 0x9c, 0x22, 0x29, 0x01, 0x55, 0x88, 0x1d, 0xde, 0x0b, - 0xfd, 0x99, 0x83, 0x69, 0x47, 0x76, 0xa2, 0xcb, 0x2d, 0x8e, 0x14, 0x48, 0x0a, 0x41, 0xc2, 0x7d, - 0xb8, 0x2e, 0xb6, 0x1b, 0xd4, 0xf1, 0x70, 0x93, 0xb0, 0x21, 0x4a, 0xf7, 0x6f, 0x1a, 0xcc, 0xa6, - 0xd9, 0x25, 0x9e, 0x6f, 0xfa, 0xb4, 0x48, 0x82, 0xad, 0x44, 0x45, 0x37, 0xa1, 0xee, 0x8b, 0x4e, - 0xa2, 0x82, 0x8d, 0xe2, 0x6a, 0x35, 0x03, 0xe7, 0xb7, 0xb9, 0xfc, 0x44, 0xe3, 0xe1, 0x97, 0xf2, - 0xff, 0xec, 0x22, 0x88, 0xfa, 0x10, 0x2e, 0x77, 0xfd, 0x20, 0x74, 0x15, 0xa0, 0x8d, 0x8f, 0x9f, - 0x72, 0x85, 0xd0, 0x97, 0xff, 0x09, 0x58, 0x6e, 0xe3, 0x63, 0x7e, 0x80, 0xf9, 0xea, 0x5f, 0x45, - 0x13, 0x9c, 0x38, 0xcc, 0x8a, 0x4c, 0xf0, 0x5b, 0x30, 0xe9, 0x32, 0x13, 0xaa, 0x41, 0xb1, 0x47, - 0x3b, 0x2e, 0xbf, 0x3a, 0x93, 0x79, 0x1c, 0xd9, 0x06, 0x34, 0x0f, 0xe5, 0x1f, 0x74, 0x88, 0x77, - 0x12, 0x86, 0x60, 0xd5, 0xb4, 0x08, 0xd0, 0xa7, 0x83, 0x1b, 0xa9, 0x50, 0xfd, 0x1a, 0x1f, 0xe1, - 0x1d, 0x97, 0xfa, 0x8f, 0x09, 0x76, 0x45, 0x25, 0x7b, 0x2d, 0x01, 0x63, 0x47, 0x4f, 0x1b, 0x1f, - 0x37, 0x5c, 0x2c, 0xf3, 0x95, 0x6b, 0x5a, 0xf8, 0x8c, 0xde, 0x81, 0x21, 0x76, 0x4c, 0x75, 0x3d, - 0x0a, 0xc4, 0x9c, 0x6c, 0x3b, 0x46, 0x70, 0x02, 0x71, 0x74, 0xf5, 0xdb, 0xa1, 0xa0, 0x4a, 0x23, - 0x20, 0x04, 0x43, 0xba, 0xdb, 0x09, 0x66, 0x9a, 0xff, 0x56, 0x7f, 0xb7, 0x04, 0x53, 0x9f, 0x9a, - 0xd8, 0x32, 0x2f, 0xc4, 0x89, 0x7b, 0x05, 0xca, 0x4c, 0x7b, 0x79, 0x7a, 0x60, 0x5a, 0x81, 0x4b, - 0x6a, 0x8c, 0x01, 0x64, 0xb8, 0x41, 0x5d, 0xde, 0x61, 0x3c, 0x3d, 0x24, 0x27, 0x02, 0x67, 0x50, - 0xfe, 0x6b, 0x60, 0x78, 0xb7, 0xc1, 0x30, 0xd5, 0x5f, 0x94, 0x60, 0x9a, 0x0f, 0x6a, 0x0d, 0xfb, - 0xad, 0x7d, 0x07, 0x7b, 0x41, 0x1d, 0xc1, 0xa4, 0x37, 0xba, 0x94, 0xf6, 0x46, 0xb3, 0x13, 0xb0, - 0xe3, 0x13, 0xcf, 0xc6, 0x6d, 0x12, 0x29, 0xed, 0x71, 0x10, 0x7a, 0x15, 0x6a, 0x2e, 0xf6, 0x7d, - 0xb7, 0xe5, 0x61, 0x3f, 0x76, 0xbb, 0x92, 0x04, 0x32, 0x23, 0xed, 0xc8, 0x24, 0xcf, 0x76, 0x6c, - 0xeb, 0x84, 0x33, 0x76, 0x6f, 0xfd, 0x2b, 0x81, 0xcf, 0xc6, 0xd9, 0xf4, 0xf0, 0x01, 0xb6, 0xf1, - 0x67, 0xda, 0x66, 0xf0, 0x27, 0x91, 0x11, 0x84, 0x57, 0x4f, 0xe4, 0xfb, 0x81, 0x35, 0xcb, 0x28, - 0xb7, 0x10, 0xa0, 0xfe, 0xa8, 0x04, 0x88, 0x7f, 0xfe, 0x45, 0x08, 0xcd, 0x85, 0xac, 0xd0, 0x2c, - 0x27, 0x45, 0x62, 0x5d, 0x08, 0xbf, 0xe0, 0xff, 0x0c, 0xad, 0x98, 0x90, 0x1c, 0x8a, 0x09, 0x49, - 0xf5, 0x2f, 0x46, 0xa1, 0xc2, 0x87, 0x75, 0xde, 0x24, 0x2d, 0xe1, 0xd3, 0x5e, 0x23, 0x6d, 0x47, - 0x5c, 0x4e, 0x14, 0x49, 0xd2, 0x4a, 0xd3, 0x04, 0x52, 0x60, 0x30, 0x23, 0x05, 0x86, 0x22, 0x29, - 0x50, 0x34, 0x01, 0xab, 0x4b, 0xc5, 0xd9, 0x91, 0xee, 0x15, 0x67, 0xdf, 0x8d, 0x05, 0xd9, 0x65, - 0xd4, 0xbc, 0x9c, 0xfd, 0x14, 0x8b, 0xaf, 0x7b, 0x1f, 0xca, 0x46, 0xc0, 0xd6, 0x72, 0x73, 0x5f, - 0x4b, 0xd1, 0xa6, 0xd8, 0x5e, 0x8b, 0x08, 0xe2, 0x21, 0x85, 0x99, 0xdc, 0xf1, 0x2c, 0xcf, 0x44, - 0x5a, 0x76, 0x4a, 0x37, 0x9c, 0xc8, 0xea, 0x86, 0xbf, 0xfe, 0xef, 0xa3, 0xff, 0x61, 0xff, 0xff, - 0xf8, 0x8f, 0xa3, 0x30, 0xc2, 0x77, 0x8f, 0x8f, 0x3e, 0x80, 0x0a, 0x13, 0xc3, 0x6d, 0xf1, 0x7f, - 0xa8, 0xd9, 0x3a, 0x28, 0x99, 0x3f, 0x4b, 0xd5, 0xe2, 0xf8, 0xe8, 0x35, 0x18, 0xd4, 0x6d, 0x53, - 0x6e, 0xd3, 0xd8, 0xd9, 0x17, 0xfe, 0x0b, 0xaf, 0xc6, 0xda, 0xd1, 0x7b, 0x50, 0xe5, 0xb5, 0x64, - 0x75, 0xc7, 0x23, 0x46, 0xf8, 0x2f, 0xc3, 0x31, 0x8b, 0x29, 0xf1, 0x7f, 0x8c, 0x5a, 0x02, 0x19, - 0x2d, 0xc2, 0x48, 0x93, 0xff, 0x05, 0x8e, 0x14, 0xb6, 0xb3, 0xf9, 0x7f, 0x8d, 0xa3, 0x49, 0x2c, - 0x74, 0x17, 0xc6, 0x64, 0x41, 0xa9, 0xe0, 0x50, 0x56, 0x32, 0x55, 0x32, 0xc3, 0x7a, 0x1b, 0x01, - 0x26, 0x7f, 0x0b, 0x2f, 0x29, 0x2b, 0xcd, 0xb9, 0xd9, 0x74, 0x5d, 0xf8, 0xf0, 0x2d, 0xfc, 0x09, - 0x3d, 0x84, 0x51, 0x29, 0xb6, 0x0b, 0x57, 0x7f, 0x08, 0x08, 0xd0, 0x9b, 0x30, 0xdc, 0x36, 0x8f, - 0x49, 0xf0, 0xe7, 0xac, 0x33, 0xa9, 0xca, 0x20, 0x41, 0x0d, 0x1d, 0x8e, 0x83, 0xee, 0x43, 0x99, - 0xed, 0x21, 0xdc, 0x24, 0x36, 0x0d, 0xab, 0xa7, 0x86, 0x04, 0xa9, 0xe4, 0x6d, 0x2d, 0xc2, 0xe5, - 0x75, 0x1c, 0x4d, 0xcb, 0x09, 0xfe, 0xed, 0x60, 0x26, 0x37, 0x09, 0x47, 0x13, 0x38, 0xec, 0x2d, - 0x51, 0x55, 0x9b, 0x4b, 0xe9, 0xb7, 0x9c, 0x52, 0xd0, 0xe6, 0x61, 0x22, 0xe1, 0x22, 0xf8, 0x57, - 0x84, 0x9c, 0x60, 0xca, 0x9c, 0x2c, 0x8b, 0xbb, 0x99, 0x80, 0x64, 0xa5, 0xdb, 0xed, 0x69, 0x4c, - 0x4c, 0x7e, 0x0e, 0xb3, 0x7e, 0xf2, 0x72, 0x48, 0xd6, 0x49, 0x97, 0x7b, 0x2f, 0xee, 0xa1, 0xcc, - 0xbb, 0x44, 0xd2, 0xba, 0x90, 0x33, 0x93, 0x9e, 0xca, 0x7f, 0x77, 0x18, 0x4f, 0x33, 0x68, 0xc2, - 0x13, 0xa2, 0x05, 0x78, 0x6c, 0x8e, 0x0f, 0x99, 0x6c, 0x95, 0x66, 0xe4, 0x4c, 0x4a, 0xe4, 0x06, - 0x73, 0xcc, 0x71, 0x90, 0x02, 0xa3, 0x47, 0x4c, 0x93, 0x76, 0x6c, 0x19, 0x87, 0x16, 0x3c, 0xf2, - 0xa3, 0x4f, 0xfe, 0x37, 0x72, 0xa8, 0x4f, 0x4e, 0x16, 0x38, 0xfa, 0x52, 0x34, 0xaa, 0x02, 0xb3, - 0xf9, 0xbc, 0xa7, 0x5e, 0x87, 0xab, 0xa7, 0x0a, 0x09, 0x75, 0x16, 0xa6, 0xf3, 0x52, 0xf5, 0xd4, - 0xff, 0x0d, 0xb5, 0xc4, 0x1f, 0x8b, 0x5d, 0x6c, 0xe5, 0xbb, 0x9b, 0xb7, 0x44, 0x48, 0x0c, 0xaa, - 0xc2, 0x98, 0xfc, 0x33, 0x10, 0xa3, 0xfe, 0x12, 0x7b, 0xb2, 0x9c, 0xe6, 0x53, 0xc7, 0xb6, 0x4e, - 0xea, 0x25, 0x54, 0x61, 0x6f, 0x3c, 0x70, 0x3c, 0x9d, 0xd4, 0x07, 0x6e, 0xbe, 0xdb, 0x25, 0xc3, - 0x8b, 0x61, 0xad, 0xad, 0x3f, 0x5a, 0xfe, 0x6c, 0x73, 0xaf, 0xfe, 0x12, 0x02, 0x18, 0x69, 0xec, - 0x69, 0x1b, 0xab, 0x7b, 0xf5, 0x12, 0x1a, 0x85, 0xc1, 0x9d, 0x47, 0x8f, 0xea, 0x03, 0x37, 0xdf, - 0xc8, 0x89, 0x55, 0x45, 0x63, 0x30, 0xf4, 0x49, 0x63, 0x67, 0xbb, 0xfe, 0x12, 0xfb, 0xb5, 0xb7, - 0xfe, 0xc5, 0x5e, 0xbd, 0x74, 0xf3, 0x76, 0xe0, 0xbc, 0x66, 0xfd, 0x08, 0x2f, 0x4c, 0xfd, 0x25, - 0x54, 0x8b, 0x39, 0x24, 0xc5, 0xa8, 0xa4, 0xab, 0xb2, 0x3e, 0xb0, 0x02, 0x5f, 0x85, 0x7f, 0x1d, - 0xbf, 0x3f, 0xc2, 0xe7, 0xe1, 0xed, 0xff, 0x0a, 0x00, 0x00, 0xff, 0xff, 0x55, 0x70, 0x57, 0xfa, - 0x79, 0x7e, 0x00, 0x00, + // 7542 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x5b, 0x6f, 0x1c, 0x57, + 0x7a, 0xa0, 0x9b, 0xf7, 0xfe, 0xd8, 0x4d, 0x36, 0x0f, 0x2f, 0x2a, 0x51, 0x94, 0x44, 0x97, 0x6d, + 0x59, 0x23, 0x7b, 0x28, 0x89, 0x96, 0x25, 0x59, 0xb6, 0x35, 0xe6, 0x4d, 0x16, 0x6d, 0xde, 0xa6, + 0x9a, 0x96, 0x2f, 0xb3, 0x3b, 0xda, 0xc3, 0xaa, 0xc3, 0x66, 0x99, 0xd5, 0x55, 0x35, 0x55, 0xa7, + 0x29, 0xd2, 0xc0, 0x62, 0x77, 0x9f, 0x16, 0xd8, 0x97, 0xc5, 0x2e, 0x76, 0x81, 0x3c, 0xe4, 0x8a, + 0x4c, 0x90, 0x79, 0x1b, 0x24, 0x79, 0xc8, 0x4b, 0x1e, 0x13, 0x20, 0x3f, 0x21, 0x98, 0x97, 0x41, + 0x80, 0x20, 0x40, 0x7e, 0x40, 0x9e, 0x66, 0x80, 0x04, 0xe7, 0x52, 0xf7, 0x6a, 0x76, 0xb1, 0x9b, + 0xb4, 0x1c, 0x78, 0xde, 0xaa, 0xbe, 0xf3, 0x7d, 0xa7, 0xaa, 0xce, 0xe5, 0xbb, 0x9f, 0xaf, 0xe0, + 0x96, 0x7b, 0xd8, 0xb8, 0x8d, 0x5d, 0xd3, 0xbf, 0x6d, 0xfa, 0xd4, 0x74, 0x6e, 0x1f, 0xdd, 0xc5, + 0x96, 0x7b, 0x80, 0xef, 0xde, 0x3e, 0xc2, 0x56, 0x8b, 0xf8, 0xcf, 0xe9, 0x89, 0x4b, 0xfc, 0x05, + 0xd7, 0x73, 0xa8, 0x83, 0x46, 0x82, 0xc6, 0xd9, 0x6b, 0x0d, 0xc7, 0x69, 0x58, 0xe4, 0x36, 0x87, + 0xef, 0xb5, 0xf6, 0x6f, 0x1b, 0x2d, 0x0f, 0x53, 0xd3, 0xb1, 0x05, 0xe6, 0xac, 0x7a, 0xf8, 0xd0, + 0x5f, 0x30, 0x1d, 0xd6, 0xf1, 0x6d, 0xdd, 0xf1, 0xc8, 0xed, 0xa3, 0xbb, 0xb7, 0x1b, 0xc4, 0x26, + 0x1e, 0xa6, 0xc4, 0x90, 0x38, 0x1f, 0x35, 0x4c, 0x7a, 0xd0, 0xda, 0x5b, 0xd0, 0x9d, 0xe6, 0xed, + 0x86, 0xd3, 0x70, 0xa2, 0xce, 0xc2, 0x8b, 0xf4, 0x53, 0x5e, 0x78, 0xd8, 0x75, 0x89, 0x27, 0xdf, + 0x47, 0xfd, 0x87, 0x12, 0xa0, 0x25, 0xc3, 0x70, 0xec, 0x75, 0xbb, 0xe1, 0x11, 0xdf, 0x5f, 0x71, + 0xec, 0x7d, 0xb3, 0x81, 0xee, 0xc1, 0x30, 0xb1, 0xf1, 0x9e, 0x45, 0x0c, 0xa5, 0x34, 0x5f, 0xba, + 0x39, 0xba, 0x38, 0xbb, 0x20, 0x3a, 0x5a, 0x08, 0x3a, 0x5a, 0x58, 0x76, 0x1c, 0xeb, 0x19, 0xfb, + 0x40, 0x2d, 0x40, 0x45, 0x53, 0x30, 0x78, 0xe0, 0xf8, 0xd4, 0x57, 0xfa, 0xe6, 0xfb, 0x6f, 0x96, + 0x35, 0x71, 0x83, 0x96, 0x61, 0x14, 0xdb, 0xb6, 0x43, 0xf9, 0xc7, 0xf9, 0x4a, 0x3f, 0xef, 0x6f, + 0x7e, 0x21, 0x18, 0x88, 0x85, 0xdd, 0x13, 0x97, 0x6c, 0x62, 0xb7, 0x4e, 0x3d, 0xd3, 0x6e, 0xac, + 0xdb, 0x94, 0x78, 0xfb, 0x58, 0x27, 0x5a, 0x9c, 0x08, 0x2d, 0x42, 0x3f, 0xb5, 0x7c, 0x65, 0xa0, + 0x20, 0x2d, 0x43, 0x56, 0x35, 0x80, 0x25, 0x4f, 0x3f, 0x90, 0x5f, 0x34, 0x05, 0x83, 0xb8, 0x69, + 0xdc, 0xbf, 0xc7, 0xbf, 0xa7, 0xaa, 0x89, 0x1b, 0xa4, 0xc0, 0xb0, 0xeb, 0xea, 0xf7, 0xef, 0x59, + 0x44, 0xe9, 0xe3, 0xf0, 0xe0, 0x96, 0xe1, 0xfb, 0xef, 0xbc, 0x77, 0xe7, 0x98, 0xbf, 0x6f, 0x55, + 0x13, 0x37, 0xea, 0xaf, 0xfb, 0xa1, 0xbc, 0xb2, 0xb5, 0xde, 0xd3, 0x28, 0xd5, 0xa0, 0xff, 0xa0, + 0xb5, 0xc7, 0x9f, 0x57, 0xd6, 0xd8, 0x25, 0xba, 0x05, 0xfd, 0x14, 0x37, 0xe4, 0xc8, 0x28, 0xd1, + 0xd7, 0x89, 0xcf, 0xda, 0xf6, 0xb6, 0x5a, 0xcd, 0x3d, 0xe2, 0x69, 0x0c, 0x89, 0xbd, 0x97, 0xd9, + 0xc4, 0x0d, 0xc2, 0xc7, 0xa2, 0xac, 0x89, 0x1b, 0x74, 0x0d, 0xc0, 0x6d, 0x59, 0xd6, 0x8e, 0x63, + 0x99, 0xfa, 0x89, 0x32, 0xc8, 0x9b, 0x62, 0x10, 0x34, 0x07, 0x65, 0xdd, 0x36, 0x97, 0x4d, 0x7b, + 0xd5, 0xf4, 0x94, 0x21, 0xde, 0x1c, 0x01, 0x18, 0xb5, 0x6e, 0x9b, 0xec, 0xa3, 0x58, 0xf3, 0xb0, + 0xa0, 0x8e, 0x20, 0xe8, 0x26, 0x8c, 0xcb, 0xbb, 0x27, 0xa6, 0x45, 0xb6, 0x70, 0x93, 0x28, 0x23, + 0x1c, 0x29, 0x0d, 0x46, 0x6f, 0xc3, 0x04, 0x39, 0xd6, 0xad, 0x96, 0xc1, 0x6f, 0x7d, 0x17, 0xeb, + 0xc4, 0x57, 0xca, 0x7c, 0x35, 0x64, 0x1b, 0xd0, 0x06, 0x8c, 0xb9, 0x8e, 0xb1, 0x14, 0x5b, 0x1c, + 0x50, 0x6c, 0x82, 0x97, 0xfb, 0x94, 0x92, 0x96, 0xa2, 0x45, 0x37, 0xa1, 0xe6, 0xfa, 0xee, 0x73, + 0xdd, 0x6a, 0xf9, 0x94, 0x78, 0xcf, 0x3d, 0xc7, 0x22, 0xca, 0x28, 0x7f, 0xcd, 0x31, 0xd7, 0x77, + 0x57, 0x04, 0x58, 0x73, 0x2c, 0x82, 0x66, 0x61, 0xc4, 0x72, 0x1a, 0x1b, 0xe4, 0x88, 0x58, 0x4a, + 0x85, 0x63, 0x84, 0xf7, 0xea, 0x17, 0x30, 0xbb, 0xb2, 0xf3, 0xd9, 0x2e, 0xf6, 0x1a, 0x84, 0x7e, + 0x46, 0x4d, 0xcb, 0xfc, 0x86, 0x77, 0x2f, 0x67, 0xfc, 0x11, 0x28, 0x94, 0x37, 0x2d, 0x1d, 0x11, + 0x0f, 0x37, 0x48, 0x0c, 0x83, 0x2f, 0x81, 0x41, 0xad, 0x6d, 0xbb, 0xfa, 0xcb, 0x61, 0x98, 0x58, + 0x21, 0x1e, 0xdd, 0xc4, 0x36, 0x6e, 0x10, 0xef, 0x3b, 0xb7, 0x86, 0x6e, 0x40, 0xc5, 0x23, 0xae, + 0x65, 0xea, 0x78, 0xc5, 0x69, 0xd9, 0x94, 0xaf, 0xa2, 0x2a, 0x1f, 0xe9, 0x04, 0x9c, 0x51, 0x93, + 0x26, 0x36, 0x2d, 0xb9, 0x8e, 0xc4, 0x0d, 0x5b, 0x61, 0xe4, 0x98, 0x7a, 0x78, 0xc9, 0x6b, 0xf8, + 0xca, 0x30, 0x9f, 0xf1, 0x08, 0x80, 0x9e, 0x42, 0xc5, 0x76, 0x0c, 0x52, 0x27, 0x16, 0xd1, 0xa9, + 0xe3, 0xf1, 0xe5, 0x53, 0x74, 0x9e, 0x13, 0x94, 0xe8, 0x5d, 0x28, 0x7b, 0xc4, 0x77, 0x5a, 0x9e, + 0x58, 0x59, 0xac, 0x9b, 0xc9, 0xa8, 0x1b, 0x2d, 0x68, 0xe2, 0x94, 0x11, 0x26, 0x52, 0xa1, 0xe2, + 0x3a, 0xc6, 0xaa, 0xed, 0xcb, 0x2d, 0x02, 0xfc, 0xdd, 0x13, 0x30, 0xb4, 0x1a, 0xe0, 0x88, 0xa9, + 0xe1, 0x8b, 0xa7, 0x08, 0xb7, 0x49, 0x50, 0x21, 0x07, 0xe6, 0xf8, 0xc2, 0xa4, 0xe6, 0xd2, 0xfe, + 0xbe, 0x69, 0x9b, 0xf4, 0x64, 0x03, 0xef, 0x11, 0x2b, 0xfc, 0xf4, 0x0a, 0xef, 0xf5, 0xcd, 0x64, + 0xaf, 0x75, 0xcb, 0xd4, 0xc9, 0xf6, 0x7e, 0x9b, 0x11, 0x38, 0xb5, 0x43, 0xf4, 0x02, 0xe6, 0x53, + 0xed, 0xbb, 0xc4, 0x6b, 0x26, 0x1f, 0x5a, 0x3d, 0xfb, 0x43, 0x3b, 0x76, 0x8a, 0x36, 0x61, 0x94, + 0x3a, 0x16, 0xf1, 0xe4, 0xde, 0x1d, 0x3b, 0xfb, 0x33, 0xe2, 0xf4, 0x39, 0xdc, 0x60, 0xbc, 0x07, + 0x6e, 0xb0, 0x0c, 0x65, 0xd7, 0x31, 0xf8, 0x0b, 0xfb, 0x4a, 0xed, 0x0c, 0x1d, 0x45, 0x64, 0xea, + 0x6f, 0x4a, 0x50, 0x0e, 0x57, 0x14, 0x7a, 0x00, 0x43, 0x96, 0xd9, 0x34, 0xa9, 0xaf, 0x94, 0xe6, + 0xfb, 0x6f, 0x8e, 0x2e, 0x5e, 0xcf, 0x59, 0x76, 0x0b, 0x1b, 0x1c, 0x63, 0xcd, 0xa6, 0xde, 0x89, + 0x26, 0xd1, 0xd1, 0x87, 0x30, 0xe2, 0x91, 0x9f, 0xb5, 0x48, 0x20, 0x19, 0x47, 0x17, 0x5f, 0xcd, + 0x23, 0xd5, 0x24, 0x8e, 0x20, 0x0e, 0x49, 0x66, 0xdf, 0x83, 0xd1, 0x58, 0xaf, 0x6c, 0xeb, 0x1f, + 0x92, 0x13, 0xce, 0x2c, 0xca, 0x1a, 0xbb, 0x64, 0x1b, 0x92, 0x6b, 0x1a, 0x92, 0x1d, 0x88, 0x9b, + 0x47, 0x7d, 0x0f, 0x4b, 0xb3, 0xef, 0x43, 0x35, 0xd1, 0xeb, 0x59, 0x88, 0xd5, 0xff, 0x33, 0x0c, + 0xd5, 0x15, 0xc7, 0x23, 0xab, 0x5b, 0xf5, 0x9e, 0x78, 0x95, 0x0a, 0x15, 0x5d, 0x74, 0xb3, 0xce, + 0x99, 0x8e, 0x78, 0x50, 0x02, 0xc6, 0x25, 0x90, 0xb8, 0xdf, 0x95, 0x4c, 0x8c, 0x49, 0xa0, 0x10, + 0x82, 0x16, 0x00, 0xc9, 0xbb, 0x1d, 0xab, 0xd5, 0x30, 0xed, 0xf5, 0x18, 0xfb, 0xca, 0x69, 0xc9, + 0xf0, 0x9b, 0xc1, 0xae, 0xf9, 0x4d, 0x9a, 0x2b, 0x0e, 0xb5, 0xe1, 0x8a, 0xd9, 0xd5, 0x3b, 0xdc, + 0xc3, 0xea, 0x4d, 0x70, 0xb9, 0x91, 0xc2, 0x5c, 0x6e, 0x03, 0xc6, 0x3d, 0xc7, 0xb2, 0x4c, 0xbb, + 0xb1, 0x89, 0x8f, 0xeb, 0x2d, 0xaf, 0x41, 0x24, 0x8b, 0xbc, 0x96, 0x7c, 0x8b, 0x75, 0x9b, 0x6e, + 0x7b, 0xe2, 0x3d, 0x9e, 0x38, 0xde, 0xce, 0x32, 0xef, 0x27, 0x4d, 0x8a, 0xbe, 0x80, 0xe9, 0x08, + 0xf4, 0x99, 0x8d, 0x8f, 0xb0, 0x69, 0xb1, 0x29, 0x95, 0x52, 0xba, 0x48, 0x9f, 0xf9, 0x1d, 0x74, + 0xe4, 0x91, 0xa3, 0x2f, 0x83, 0x47, 0x56, 0xbe, 0x05, 0x1e, 0x59, 0xed, 0x8d, 0x47, 0xaa, 0x5f, + 0xc0, 0xfc, 0x2a, 0xd9, 0xc7, 0x2d, 0x8b, 0xee, 0x38, 0xc6, 0xaa, 0xe9, 0x7b, 0x2d, 0x97, 0x35, + 0x2c, 0xb7, 0x8c, 0x06, 0xa1, 0xbd, 0xec, 0x52, 0xf5, 0x73, 0x98, 0x91, 0x3d, 0x87, 0xab, 0x4b, + 0xf6, 0x17, 0x67, 0x5f, 0xa2, 0xc3, 0x3c, 0xf6, 0x15, 0xf0, 0x19, 0x41, 0x14, 0xb1, 0x2f, 0xf5, + 0xef, 0x2a, 0x30, 0xb9, 0xc6, 0x6d, 0x8b, 0x8f, 0x31, 0x25, 0x2f, 0xf0, 0x89, 0xec, 0xf6, 0x09, + 0xd4, 0x70, 0x8b, 0x3a, 0xbe, 0x8e, 0x2d, 0xb2, 0x56, 0xf8, 0x7d, 0x33, 0x34, 0x8c, 0xbd, 0x84, + 0xb0, 0x4d, 0x7c, 0x2c, 0xf5, 0xf8, 0x04, 0x2c, 0x89, 0x63, 0xda, 0x52, 0xa7, 0x4f, 0xc0, 0xd0, + 0x0d, 0x18, 0xd3, 0x1d, 0xdb, 0x26, 0x3a, 0xdd, 0x35, 0x9b, 0xc4, 0x69, 0x51, 0xc9, 0x5e, 0x52, + 0x50, 0xf4, 0x08, 0xfa, 0x75, 0xb7, 0x25, 0x39, 0xca, 0xeb, 0xd1, 0x48, 0xb4, 0xd7, 0x1a, 0xf9, + 0x34, 0x32, 0x22, 0xf4, 0x23, 0xa8, 0x1a, 0x1e, 0x36, 0xed, 0x55, 0x69, 0xea, 0x71, 0x6e, 0x32, + 0xba, 0x78, 0x39, 0xf3, 0xc1, 0x01, 0x82, 0x96, 0xc4, 0x8f, 0xcf, 0xed, 0x70, 0x71, 0x0e, 0xbc, + 0x08, 0xfd, 0xc4, 0x3e, 0x2a, 0xaa, 0x74, 0x69, 0x0c, 0x19, 0xbd, 0x0b, 0x43, 0x96, 0x10, 0x9e, + 0x82, 0x83, 0x5c, 0x8d, 0xc8, 0xe4, 0x3c, 0x0a, 0x21, 0x29, 0xe7, 0x5b, 0x22, 0x67, 0x18, 0x2f, + 0x74, 0xcd, 0x78, 0xb3, 0x0c, 0x75, 0xb4, 0x07, 0x86, 0xfa, 0xfd, 0xd1, 0xca, 0xde, 0x82, 0x41, + 0xd7, 0xf1, 0x28, 0xd3, 0xc7, 0x98, 0xaa, 0x31, 0x1d, 0xf5, 0xbe, 0xc3, 0xc0, 0x72, 0xbe, 0x04, + 0x4e, 0x52, 0xce, 0x8c, 0x17, 0x96, 0x33, 0x1f, 0x40, 0xd5, 0x27, 0xba, 0x47, 0xe8, 0x33, 0xc7, + 0x6a, 0x35, 0x09, 0x53, 0xb0, 0xd8, 0xb3, 0x66, 0x62, 0x66, 0x47, 0xac, 0x59, 0x4b, 0x22, 0xa3, + 0x1d, 0x40, 0x3e, 0xf1, 0x8e, 0x4c, 0x9d, 0xc4, 0x67, 0x77, 0xa2, 0xe0, 0xea, 0xcc, 0xa1, 0x45, + 0x08, 0x06, 0xe8, 0x89, 0x4b, 0x14, 0xc4, 0x77, 0x2c, 0xbf, 0x46, 0x6f, 0xc1, 0xc0, 0x37, 0x47, + 0xae, 0xad, 0x4c, 0xf2, 0x7e, 0x2f, 0x45, 0xfd, 0x7e, 0x45, 0x3c, 0xe7, 0xd9, 0xce, 0x96, 0x1c, + 0x08, 0x8e, 0x94, 0x66, 0xd3, 0x53, 0x3d, 0xab, 0xb2, 0x19, 0x39, 0x3c, 0x7d, 0x01, 0x72, 0x78, + 0xa6, 0x57, 0x39, 0xbc, 0x09, 0x55, 0x9d, 0x0f, 0x43, 0x30, 0x8f, 0x97, 0xce, 0xf4, 0xe1, 0x5a, + 0x92, 0x1a, 0xfd, 0x04, 0xa6, 0xb0, 0x61, 0x98, 0x6c, 0x0c, 0xb0, 0xb5, 0xe2, 0xd8, 0x14, 0x9b, + 0x36, 0xf1, 0x7c, 0x45, 0x39, 0x5b, 0xaf, 0xb9, 0x9d, 0xa8, 0xbf, 0x2d, 0x01, 0x5a, 0xb3, 0x8f, + 0x9c, 0x93, 0x4d, 0x42, 0x3d, 0x53, 0xef, 0xcd, 0x53, 0x85, 0x60, 0xe0, 0xc0, 0xf1, 0xa9, 0xd4, + 0x45, 0xf9, 0x35, 0x83, 0xb1, 0x4d, 0xc1, 0x85, 0xc3, 0xa0, 0xc6, 0xaf, 0xd1, 0x32, 0x8c, 0x52, + 0xcb, 0xaf, 0x13, 0x4a, 0x4d, 0xbb, 0x51, 0xdc, 0xff, 0x14, 0x27, 0x62, 0x66, 0x25, 0xd5, 0xdd, + 0x4f, 0x09, 0x71, 0xb1, 0x65, 0x1e, 0x91, 0xa2, 0xba, 0xa8, 0x96, 0xa0, 0x52, 0x7f, 0x33, 0x02, + 0x95, 0x8f, 0xb1, 0x65, 0x91, 0x93, 0x5e, 0x5d, 0x74, 0x66, 0x4c, 0x0b, 0x97, 0xa6, 0xff, 0x3d, + 0x18, 0x68, 0x12, 0xff, 0x40, 0xe9, 0xe7, 0xdb, 0x78, 0x3e, 0xce, 0xea, 0xa3, 0x27, 0x2e, 0x6c, + 0x12, 0xff, 0x40, 0x18, 0x27, 0x1c, 0xbb, 0x23, 0x4f, 0x1d, 0x78, 0x19, 0x3c, 0x75, 0xf0, 0x22, + 0x78, 0x6a, 0x51, 0x23, 0x20, 0xc1, 0x4e, 0x87, 0x0b, 0xb3, 0xd3, 0x65, 0x18, 0x13, 0xf3, 0xb3, + 0x64, 0x63, 0xeb, 0xc4, 0x37, 0x03, 0x95, 0xff, 0xb4, 0x19, 0x4d, 0x51, 0xfc, 0x87, 0x51, 0xfd, + 0x53, 0x9c, 0x76, 0xb4, 0x47, 0x4e, 0xfb, 0x0c, 0x66, 0xc4, 0x40, 0xd4, 0x85, 0x54, 0x58, 0x35, + 0x7d, 0xdd, 0x39, 0x22, 0xde, 0x89, 0x94, 0xe8, 0xa7, 0x0c, 0x21, 0xef, 0xac, 0x0d, 0x75, 0x46, + 0x8f, 0xa9, 0x9e, 0xa3, 0x1e, 0x33, 0xd6, 0x83, 0x1e, 0x23, 0x1d, 0x7f, 0xe3, 0x19, 0xc7, 0x5f, + 0xad, 0x80, 0xe3, 0x6f, 0xf6, 0x01, 0x94, 0xc3, 0x4d, 0x7c, 0x26, 0x5f, 0xc0, 0x87, 0x30, 0x99, + 0xa3, 0xf5, 0xb1, 0x2e, 0xb0, 0xeb, 0x06, 0x5d, 0x60, 0xd7, 0xe5, 0xfc, 0xc5, 0xa7, 0xa6, 0x13, + 0xf2, 0x17, 0x76, 0xa3, 0xfe, 0x4b, 0x09, 0xc6, 0x24, 0x7d, 0x40, 0xba, 0x05, 0x93, 0xbc, 0xed, + 0x39, 0xe1, 0xb6, 0x41, 0x43, 0xb4, 0x4a, 0x56, 0x16, 0x53, 0x36, 0x73, 0x4c, 0x07, 0x0d, 0x71, + 0xca, 0xb5, 0x38, 0x61, 0x9c, 0x1d, 0xf6, 0x15, 0x67, 0x87, 0x3f, 0x86, 0x29, 0xf1, 0x16, 0xa6, + 0x9d, 0x78, 0x8d, 0x81, 0xf4, 0x32, 0x97, 0xe1, 0x91, 0xe4, 0x7b, 0x88, 0x2f, 0x58, 0x4f, 0x90, + 0xaa, 0x7f, 0x33, 0x0b, 0x95, 0x8f, 0x2d, 0x67, 0x8f, 0x0b, 0x2f, 0xf6, 0xa5, 0x37, 0x61, 0x00, + 0x7b, 0xfa, 0x81, 0xfc, 0xb4, 0xa9, 0xa8, 0xcf, 0x28, 0x3a, 0xa1, 0x71, 0x0c, 0xf4, 0x29, 0x54, + 0x74, 0xe2, 0x51, 0x73, 0xdf, 0xd4, 0x31, 0x25, 0xbe, 0x72, 0xf3, 0x6c, 0x72, 0x33, 0x41, 0xcc, + 0x9d, 0xf6, 0xbc, 0xf3, 0xd0, 0xe1, 0x2e, 0xe7, 0x24, 0x0d, 0x46, 0x77, 0x60, 0x52, 0x80, 0x34, + 0xc7, 0xa1, 0x11, 0xf6, 0x22, 0xc7, 0xce, 0x6b, 0x62, 0xb6, 0x9b, 0x94, 0xfc, 0xd8, 0x32, 0x0d, + 0x61, 0xca, 0xf4, 0x77, 0xb6, 0xdd, 0xd2, 0x34, 0xe8, 0x3f, 0xc1, 0x15, 0xdd, 0xb1, 0xa9, 0xe7, + 0x58, 0x3b, 0x16, 0xb6, 0x49, 0x9d, 0xe8, 0x2d, 0xcf, 0xa4, 0x27, 0x81, 0x39, 0x38, 0xd0, 0xb1, + 0xcb, 0xd3, 0xc8, 0xd1, 0x53, 0xb8, 0x6e, 0x08, 0x93, 0x56, 0x8c, 0xf2, 0x33, 0xd3, 0x37, 0xf7, + 0x4c, 0xcb, 0xa4, 0x27, 0xa1, 0x40, 0xbf, 0xc7, 0x1d, 0xd5, 0x9d, 0xd0, 0xd0, 0x33, 0x98, 0x94, + 0x28, 0x5b, 0x71, 0xa6, 0x30, 0x74, 0x86, 0x8d, 0x9c, 0xd7, 0x01, 0xb2, 0x61, 0xd6, 0x68, 0x6b, + 0xce, 0x4b, 0x01, 0x72, 0x2b, 0xea, 0xbe, 0x93, 0xe9, 0xcf, 0x1f, 0x74, 0x4a, 0x8f, 0x68, 0x03, + 0x26, 0x0d, 0xd3, 0x67, 0xa3, 0x23, 0x5c, 0xde, 0x2b, 0x07, 0x44, 0x3f, 0x2c, 0x22, 0x6d, 0xf2, + 0xc8, 0xd0, 0x0e, 0xd4, 0x8c, 0x94, 0xcb, 0x40, 0xca, 0x9c, 0xf9, 0xcc, 0x3b, 0xa7, 0x9c, 0x0a, + 0xfc, 0x4d, 0x33, 0xd4, 0xe8, 0x27, 0x80, 0x24, 0x6c, 0x37, 0x26, 0x23, 0x1e, 0x9c, 0x5d, 0x46, + 0xe4, 0x74, 0x13, 0x49, 0xd9, 0xa7, 0xc4, 0x6a, 0xee, 0x12, 0x9f, 0x4a, 0x61, 0x56, 0x40, 0xca, + 0x06, 0x14, 0xe8, 0x23, 0xa8, 0x0a, 0xc8, 0xae, 0x87, 0x75, 0xd3, 0x0e, 0x62, 0x04, 0xa7, 0x75, + 0x91, 0x24, 0x08, 0x18, 0x78, 0x25, 0x62, 0xe0, 0x37, 0x61, 0x9c, 0x6b, 0x61, 0x3b, 0x51, 0x00, + 0xaf, 0x2a, 0x36, 0x6a, 0x0a, 0x8c, 0xea, 0x50, 0x0b, 0x41, 0xc2, 0xc0, 0xf2, 0x95, 0x37, 0xce, + 0xc6, 0x23, 0x32, 0x1d, 0xa0, 0x1b, 0x30, 0xc6, 0xd9, 0x58, 0xb4, 0xf1, 0xc7, 0x84, 0xdf, 0x23, + 0x09, 0x45, 0x5b, 0x30, 0x61, 0x39, 0x3a, 0x66, 0xfb, 0x62, 0x63, 0x4f, 0xee, 0x8c, 0xa2, 0x1e, + 0x7a, 0x2d, 0x4b, 0x8a, 0x96, 0x00, 0x0e, 0x1f, 0xfa, 0x92, 0x79, 0x4a, 0xf1, 0x15, 0x73, 0x2c, + 0x7d, 0xda, 0xda, 0x23, 0x9e, 0x4d, 0x28, 0xf1, 0x13, 0x91, 0x69, 0x2d, 0x46, 0x84, 0x1e, 0x42, + 0xd9, 0x72, 0x1a, 0x4b, 0xfe, 0x27, 0xbe, 0x63, 0x2b, 0xaf, 0x77, 0x9c, 0x89, 0x08, 0x19, 0x3d, + 0x80, 0x61, 0xcb, 0x69, 0x34, 0xd8, 0x27, 0x4c, 0x64, 0xdc, 0x1b, 0x9c, 0x79, 0x6f, 0x88, 0x66, + 0xf9, 0xd4, 0x00, 0x1b, 0xad, 0x40, 0x95, 0xe9, 0xbe, 0x6b, 0xc7, 0x2e, 0xb6, 0x7d, 0xc6, 0xf6, + 0x50, 0x9a, 0x7c, 0x33, 0xde, 0x2c, 0xc9, 0x93, 0x34, 0x68, 0x06, 0x86, 0x18, 0x60, 0x7d, 0x55, + 0x79, 0x97, 0x0f, 0xb5, 0xbc, 0x63, 0x96, 0x02, 0xbb, 0xda, 0x22, 0xf4, 0x85, 0xe3, 0x1d, 0xfa, + 0xd2, 0x74, 0x2d, 0x60, 0x29, 0xc4, 0xa9, 0xd8, 0x84, 0x36, 0x1d, 0xdb, 0xa4, 0x0e, 0x43, 0x62, + 0x36, 0x3f, 0x37, 0x67, 0xab, 0x5a, 0x0a, 0xca, 0xe4, 0x52, 0x93, 0x5a, 0xbe, 0xb4, 0x4c, 0x63, + 0x72, 0x69, 0x73, 0x77, 0xa3, 0x1e, 0xc8, 0x25, 0x86, 0x81, 0x3e, 0x82, 0x4a, 0xb3, 0x65, 0x51, + 0x53, 0xc6, 0x50, 0xa5, 0xdd, 0x39, 0x17, 0xa3, 0x88, 0xb5, 0x4a, 0xca, 0x04, 0x05, 0x52, 0x60, + 0xd8, 0x16, 0xef, 0xa7, 0xbc, 0xc9, 0x3f, 0x39, 0xb8, 0x45, 0xf7, 0x61, 0xc6, 0x75, 0x8c, 0xd5, + 0xad, 0x7a, 0x9d, 0x30, 0x19, 0x18, 0x0b, 0x1b, 0xbf, 0xc5, 0x79, 0x73, 0x9b, 0x56, 0xf4, 0x53, + 0x98, 0x73, 0x9a, 0x26, 0xad, 0x9b, 0x06, 0xd1, 0xb1, 0xb7, 0x6e, 0x7f, 0xcd, 0x39, 0xaa, 0x78, + 0xf8, 0x26, 0x76, 0x95, 0x1b, 0x1d, 0x97, 0xc3, 0xa9, 0xf4, 0xe8, 0x31, 0x54, 0x1c, 0x3b, 0x0a, + 0x56, 0x4b, 0xcb, 0xf8, 0xb4, 0xfe, 0x12, 0xf8, 0x48, 0x83, 0x19, 0xc7, 0x65, 0xbc, 0xc7, 0xf1, + 0x44, 0xc0, 0xf7, 0x73, 0xb2, 0x77, 0xe0, 0x38, 0x87, 0xbe, 0xf2, 0x83, 0x8e, 0x3d, 0xb5, 0xa1, + 0x44, 0x3f, 0x81, 0x69, 0xa7, 0x45, 0xf7, 0x9c, 0x96, 0x6d, 0xec, 0x7a, 0x78, 0x7f, 0xdf, 0xd4, + 0x25, 0xbf, 0x10, 0x06, 0xf6, 0x1b, 0xd1, 0x84, 0x6c, 0xe7, 0xa1, 0xc9, 0x99, 0xc9, 0xef, 0x83, + 0xc9, 0x06, 0x37, 0xe2, 0xee, 0x4f, 0xb0, 0x69, 0x6d, 0xbb, 0xc4, 0x56, 0x2e, 0x77, 0x96, 0x0d, + 0x39, 0x64, 0x8c, 0xa9, 0x09, 0x70, 0x34, 0x82, 0xb3, 0x82, 0xa9, 0xa5, 0xc0, 0xe8, 0x0e, 0x4c, + 0xb8, 0x9e, 0xe9, 0x30, 0xc1, 0xbd, 0x62, 0x61, 0xdf, 0xe7, 0xe9, 0x05, 0x57, 0x18, 0x2e, 0xe7, + 0xe4, 0xd9, 0x46, 0xa6, 0xaf, 0xb8, 0x9e, 0xd3, 0x24, 0xf4, 0x80, 0xb4, 0xfc, 0xa8, 0xff, 0x77, + 0x84, 0xbe, 0x92, 0xd3, 0xc4, 0x7d, 0x62, 0x9e, 0x73, 0x7c, 0xa2, 0xcc, 0xf1, 0xaf, 0x89, 0xfb, + 0xc4, 0x18, 0x38, 0xf4, 0x89, 0xb1, 0x1b, 0xf4, 0x00, 0xca, 0xfc, 0x62, 0xdd, 0x36, 0xa9, 0x72, + 0x55, 0x3a, 0x68, 0x93, 0x04, 0xac, 0x49, 0x12, 0x45, 0xb8, 0xe8, 0x0d, 0xe8, 0xf7, 0x0d, 0x5f, + 0xb9, 0x96, 0xb6, 0xfb, 0xea, 0xab, 0xc1, 0x76, 0x62, 0xed, 0x81, 0xc2, 0x7e, 0xbd, 0x48, 0xa4, + 0x7e, 0x01, 0x10, 0x25, 0x16, 0x69, 0x12, 0xea, 0xc5, 0x46, 0x72, 0x5e, 0xc4, 0xbd, 0xb2, 0x2d, + 0x68, 0x01, 0x86, 0xa8, 0x87, 0x75, 0xe2, 0x29, 0xaf, 0xf2, 0xee, 0x63, 0x1e, 0xb9, 0x5d, 0x0e, + 0x0f, 0xdc, 0xb5, 0x02, 0x0b, 0xcd, 0xc3, 0x28, 0xf5, 0x5a, 0x3e, 0x5d, 0x75, 0x9a, 0xd8, 0xb4, + 0x15, 0x95, 0x77, 0x1c, 0x07, 0xf1, 0x37, 0x88, 0x6e, 0x97, 0x2c, 0x13, 0xfb, 0xc4, 0x57, 0x6e, + 0xf1, 0xbd, 0x99, 0xd3, 0x82, 0x16, 0x61, 0xa8, 0xe5, 0x93, 0xcd, 0x95, 0x1d, 0xe5, 0xb5, 0x8e, + 0x2b, 0x47, 0x62, 0xa2, 0x0f, 0x60, 0x94, 0x0b, 0x1b, 0x8d, 0x34, 0x1d, 0x4a, 0x94, 0xb7, 0x3b, + 0x12, 0xc6, 0xd1, 0xd1, 0x33, 0x50, 0x74, 0x8f, 0x60, 0x4a, 0xc4, 0x7d, 0xfd, 0x48, 0x5f, 0xb3, + 0x0d, 0xd7, 0x31, 0x6d, 0xea, 0x2b, 0x3f, 0xec, 0xd8, 0x55, 0x5b, 0x5a, 0xc6, 0x61, 0x3c, 0x0e, + 0xdd, 0x31, 0x2d, 0x87, 0xae, 0x70, 0xb4, 0x18, 0x82, 0xb2, 0xd0, 0x99, 0xc3, 0x9c, 0x46, 0xcf, + 0x96, 0xb1, 0x6c, 0xe7, 0x3b, 0x62, 0xc9, 0x30, 0xb8, 0x24, 0xbc, 0x2d, 0x96, 0x71, 0x4e, 0x13, + 0x9b, 0x8b, 0x58, 0x8f, 0x01, 0xc1, 0x1d, 0xb1, 0x1a, 0xb2, 0x2d, 0x8c, 0xb7, 0x0a, 0xe8, 0x6e, + 0xb0, 0x52, 0x02, 0x9a, 0xbb, 0x9c, 0xa6, 0x4d, 0x2b, 0x5b, 0x45, 0x7c, 0x80, 0x0d, 0xe5, 0x7e, + 0x7a, 0x15, 0xad, 0x73, 0x78, 0xb0, 0x8a, 0x04, 0x16, 0x7a, 0x1b, 0x26, 0x5c, 0xfe, 0x8d, 0xc4, + 0xa3, 0x3b, 0x9e, 0x73, 0x64, 0x1a, 0xc4, 0x53, 0x1e, 0xf2, 0x47, 0x64, 0x1b, 0xd0, 0x1c, 0x94, + 0xbf, 0x7e, 0x41, 0x25, 0xe7, 0x7a, 0x4f, 0xe4, 0x22, 0x85, 0x00, 0x75, 0x15, 0x2a, 0xf1, 0x67, + 0x74, 0x19, 0xcd, 0x7a, 0x0b, 0x26, 0x73, 0xc4, 0x38, 0xb3, 0x4e, 0x2d, 0x9e, 0xf5, 0x23, 0x2c, + 0x56, 0x71, 0xa3, 0xfe, 0xf3, 0x14, 0x4c, 0xe5, 0xd9, 0x77, 0xdf, 0xcb, 0x10, 0xd5, 0x47, 0x50, + 0xd5, 0x5b, 0x3e, 0x75, 0x9a, 0xd2, 0x25, 0x22, 0x8d, 0x9c, 0x53, 0x35, 0xdc, 0x04, 0x01, 0x1b, + 0x64, 0x83, 0xec, 0xb5, 0x1a, 0x32, 0x91, 0x4c, 0xdc, 0x30, 0x9d, 0xc7, 0x10, 0x4c, 0x46, 0xa4, + 0x8e, 0xc9, 0xbb, 0x6c, 0x48, 0xac, 0xdc, 0x7d, 0x48, 0x0c, 0xce, 0x1c, 0x12, 0x1b, 0x3d, 0x4b, + 0x48, 0x6c, 0x1e, 0x46, 0xc9, 0x31, 0x25, 0x9e, 0x8d, 0xad, 0xf5, 0x1d, 0x5f, 0xa9, 0x70, 0x1e, + 0x18, 0x07, 0xa1, 0x47, 0x09, 0x9d, 0xb6, 0xda, 0xf1, 0x75, 0xe2, 0xca, 0xec, 0x2a, 0x8c, 0x47, + 0x77, 0x4f, 0x29, 0x75, 0x03, 0x47, 0xd1, 0x69, 0x1d, 0xa4, 0x49, 0x62, 0x61, 0xbb, 0xf1, 0xb3, + 0x84, 0xed, 0x6e, 0xc0, 0x98, 0xe5, 0x60, 0x63, 0x19, 0x5b, 0xd8, 0xd6, 0x89, 0xb7, 0xbe, 0xc3, + 0x15, 0xf2, 0xb2, 0x96, 0x82, 0xa2, 0x47, 0xa0, 0xc4, 0x21, 0x75, 0x6e, 0xb7, 0x69, 0xd8, 0x6e, + 0x10, 0x5f, 0x99, 0xe0, 0xe3, 0xd1, 0xb6, 0x1d, 0xad, 0x01, 0x4a, 0xa8, 0xc1, 0x3c, 0x1c, 0xa5, + 0xa0, 0xd3, 0xa2, 0x54, 0x39, 0x04, 0x19, 0xcf, 0xdc, 0xe4, 0x39, 0x7a, 0xe6, 0xa6, 0x2e, 0x30, + 0xc2, 0x38, 0xfd, 0x32, 0xbc, 0xe1, 0x33, 0x17, 0x1a, 0x61, 0xbc, 0x54, 0x20, 0xc2, 0x98, 0x76, + 0x9d, 0x2b, 0x6d, 0x5c, 0xe7, 0xcb, 0x71, 0xd7, 0xf9, 0xe5, 0xb3, 0xe4, 0x6b, 0x45, 0x7e, 0xf4, + 0x77, 0x84, 0x02, 0x36, 0x9b, 0xb6, 0x25, 0x93, 0xcc, 0xbd, 0x6e, 0xf8, 0x71, 0x75, 0x2c, 0x13, + 0xcb, 0xbc, 0xd2, 0x7b, 0x2c, 0x73, 0xee, 0x1c, 0x62, 0x99, 0x57, 0x63, 0xb1, 0xcc, 0xfb, 0x32, + 0x96, 0x29, 0x54, 0x4b, 0xb5, 0xdd, 0x97, 0x7d, 0x75, 0xe4, 0xda, 0x89, 0xb0, 0x66, 0x4e, 0x50, + 0xe0, 0xfa, 0x05, 0x04, 0x05, 0xe6, 0x7b, 0x0d, 0x0a, 0xdc, 0x82, 0x1a, 0x76, 0xf9, 0x62, 0xa0, + 0x21, 0x63, 0x78, 0x95, 0x7f, 0x7f, 0x06, 0x8e, 0xee, 0xc1, 0x74, 0xc0, 0x72, 0x93, 0x46, 0x90, + 0x50, 0x5e, 0xf3, 0x1b, 0xd3, 0x61, 0x87, 0xd7, 0x7a, 0x0c, 0x3b, 0x7c, 0x0a, 0x15, 0xe9, 0x31, + 0x16, 0x2f, 0xfb, 0xfa, 0x19, 0x3d, 0xb5, 0x71, 0xe2, 0xb6, 0x61, 0xd3, 0x37, 0xce, 0x21, 0x6c, + 0x9a, 0x0d, 0xf1, 0xde, 0xe8, 0x29, 0xc4, 0xfb, 0x38, 0xe5, 0xa2, 0x7e, 0xb3, 0xb3, 0x59, 0x9c, + 0xf0, 0x4a, 0xbf, 0x2d, 0x12, 0xf9, 0x6f, 0x76, 0x24, 0x63, 0x68, 0xe8, 0x2b, 0x50, 0x42, 0x23, + 0xe7, 0x39, 0x36, 0x0c, 0xc7, 0x7e, 0x2e, 0xdd, 0xec, 0x81, 0x19, 0xdd, 0x79, 0x8f, 0xcd, 0xd0, + 0x98, 0x7a, 0xeb, 0xd8, 0x41, 0x18, 0x02, 0x7d, 0x18, 0x1c, 0x56, 0xb8, 0x75, 0xb6, 0x01, 0x91, + 0xa7, 0x1a, 0x16, 0x61, 0x3a, 0x7a, 0x35, 0xa1, 0xcb, 0x3c, 0xb7, 0x99, 0xe9, 0xfa, 0x96, 0xd0, + 0xdf, 0xc3, 0x46, 0x61, 0x1e, 0x31, 0x13, 0x4d, 0xfd, 0xfd, 0x12, 0x5c, 0x6a, 0xc3, 0x8b, 0xce, + 0x35, 0x9c, 0x9b, 0x08, 0x43, 0xf6, 0x17, 0x0d, 0x43, 0xaa, 0x07, 0xa0, 0xb4, 0xe3, 0x27, 0x5d, + 0xbe, 0xde, 0x0c, 0x0c, 0xf9, 0xad, 0xfd, 0x7d, 0xf3, 0x58, 0xbe, 0x9f, 0xbc, 0x53, 0x3f, 0x87, + 0xeb, 0x91, 0x7f, 0x6f, 0xcd, 0x3e, 0xda, 0x34, 0x8f, 0x89, 0xb7, 0x64, 0x60, 0x97, 0xf6, 0x96, + 0x17, 0xaf, 0xfe, 0xb2, 0x04, 0x97, 0xda, 0x78, 0x0e, 0xbb, 0xfc, 0x84, 0x0f, 0x60, 0x54, 0xfa, + 0x80, 0xb9, 0x4a, 0xd6, 0x39, 0xb6, 0x14, 0x47, 0x67, 0x2a, 0xa3, 0x5c, 0xb0, 0xdc, 0xad, 0x21, + 0x12, 0x5b, 0xe3, 0x20, 0xd5, 0x00, 0xb4, 0xe1, 0x60, 0xa3, 0x7e, 0x40, 0x0c, 0x23, 0x32, 0x54, + 0x6e, 0x41, 0xcd, 0xc2, 0x94, 0xd8, 0xfa, 0xc9, 0xee, 0x81, 0x47, 0xfc, 0x03, 0xc7, 0x32, 0xa4, + 0xcd, 0x92, 0x81, 0x23, 0x15, 0x06, 0x9a, 0x8e, 0x21, 0x96, 0xc0, 0xd8, 0xe2, 0x58, 0x34, 0xd1, + 0x0c, 0xaa, 0xf1, 0x36, 0xd5, 0x03, 0x88, 0xbc, 0x7a, 0x5d, 0x8e, 0xc4, 0x02, 0x0c, 0x30, 0x6b, + 0xa4, 0xc0, 0x10, 0x70, 0x3c, 0xf5, 0xbf, 0xc1, 0x64, 0x8e, 0x2f, 0xb4, 0xcb, 0x87, 0x0b, 0xb7, + 0xc2, 0xfa, 0xc6, 0x72, 0x81, 0xc7, 0x4b, 0x4c, 0xf5, 0xdf, 0xfa, 0x60, 0x8e, 0xaf, 0xac, 0x98, + 0x81, 0xcb, 0x97, 0x58, 0xb0, 0x22, 0xb6, 0xa1, 0x7a, 0x18, 0x2e, 0x16, 0x66, 0x0e, 0x88, 0x17, + 0xfa, 0x41, 0x9e, 0x17, 0x3a, 0x77, 0x95, 0x6a, 0x49, 0x7a, 0xf4, 0x04, 0x20, 0x72, 0x3f, 0xc9, + 0x37, 0xbd, 0x91, 0xf0, 0x1d, 0xc9, 0xb6, 0x9c, 0xae, 0x62, 0x94, 0xe8, 0x01, 0x0c, 0xfa, 0xd4, + 0x30, 0x1d, 0xb9, 0x79, 0x5f, 0x8d, 0x3b, 0x89, 0x0c, 0xd3, 0xc9, 0xa1, 0x16, 0xf8, 0x68, 0x1d, + 0x46, 0x7d, 0x8a, 0xf5, 0x43, 0xc3, 0x33, 0x8f, 0x48, 0x4e, 0x06, 0x46, 0x3d, 0x6a, 0xcc, 0xe9, + 0x24, 0x4e, 0x8b, 0x96, 0x61, 0xac, 0xe5, 0x93, 0x00, 0x41, 0x5b, 0xf5, 0xa5, 0x3d, 0x79, 0x6a, + 0xb8, 0x24, 0x49, 0xa1, 0xfe, 0xb6, 0x0f, 0x2e, 0xf3, 0xe7, 0x04, 0x7e, 0x8c, 0xdf, 0x0d, 0xff, + 0xb7, 0x39, 0xfc, 0x7f, 0x5b, 0x82, 0x51, 0xfe, 0x1c, 0x39, 0xe0, 0xef, 0xc0, 0x90, 0xf0, 0xbe, + 0xca, 0x91, 0xbe, 0x12, 0xf3, 0xe0, 0x47, 0xb3, 0x14, 0x98, 0x86, 0x02, 0x15, 0x7d, 0x00, 0xe5, + 0x50, 0x96, 0xc9, 0x31, 0xbd, 0x96, 0xa2, 0x0b, 0xf7, 0x57, 0xe0, 0x13, 0x0d, 0x09, 0xd0, 0x32, + 0x8c, 0x60, 0x39, 0xeb, 0x72, 0x34, 0x6f, 0xb4, 0x23, 0x4e, 0xae, 0x0e, 0x2d, 0xa4, 0x53, 0xff, + 0x17, 0xc0, 0x44, 0xe6, 0xfd, 0xbe, 0x73, 0xce, 0x19, 0xe9, 0x74, 0x19, 0xe8, 0xc6, 0xe9, 0x12, + 0xe3, 0x89, 0x83, 0x5d, 0x08, 0xff, 0xa1, 0xb8, 0xf0, 0x3f, 0xdf, 0x83, 0x08, 0x69, 0xf3, 0x6d, + 0xa4, 0x8d, 0xf9, 0xf6, 0xa3, 0xd8, 0x3c, 0x0b, 0x0f, 0xce, 0x6b, 0xb9, 0x8b, 0xab, 0xdd, 0x24, + 0x23, 0x0d, 0x66, 0x7c, 0xe2, 0x33, 0x39, 0x11, 0x18, 0x9e, 0x6b, 0x85, 0xbd, 0x3a, 0x6d, 0x28, + 0x93, 0x7a, 0xd0, 0x68, 0x2f, 0xa7, 0x28, 0x2a, 0x17, 0x60, 0x35, 0x55, 0x2f, 0xfa, 0x14, 0xc5, + 0xd8, 0xcb, 0xf0, 0x38, 0x8c, 0x5f, 0x84, 0xc7, 0x21, 0xed, 0xf3, 0xa9, 0x75, 0xed, 0xf3, 0x91, + 0x7e, 0xbf, 0x89, 0xb3, 0xf8, 0xfd, 0x52, 0xb6, 0x23, 0xea, 0xd1, 0x76, 0x94, 0x19, 0x00, 0x93, + 0x99, 0x14, 0xae, 0xa9, 0x02, 0x11, 0x21, 0xf5, 0x17, 0xa3, 0x30, 0x95, 0xc7, 0x74, 0x73, 0xf9, + 0x61, 0xdf, 0x39, 0xf0, 0xc3, 0xfe, 0x02, 0xfc, 0x70, 0xa0, 0x3d, 0x3f, 0x1c, 0xec, 0x91, 0x1f, + 0x0e, 0x9d, 0xd9, 0xa7, 0x3b, 0x7c, 0x96, 0xb9, 0x0d, 0x79, 0xe8, 0x48, 0x9c, 0x87, 0x7e, 0x04, + 0x15, 0xcb, 0xc1, 0x86, 0x2f, 0x95, 0x72, 0xc9, 0xd1, 0x62, 0x01, 0xef, 0xac, 0xca, 0xae, 0x25, + 0x28, 0xbe, 0xb3, 0xe7, 0x20, 0xd2, 0xfc, 0xbc, 0xd2, 0xf6, 0x38, 0x5b, 0x86, 0x07, 0x8e, 0x5f, + 0x00, 0x0f, 0xac, 0xf5, 0xca, 0x03, 0xa3, 0x70, 0xe3, 0x44, 0xe1, 0x70, 0x23, 0x0f, 0xa3, 0xb9, + 0x8e, 0x47, 0x97, 0x31, 0xd5, 0x0f, 0x36, 0xf1, 0xf1, 0xae, 0xd9, 0x0c, 0xce, 0x0e, 0xe4, 0xb4, + 0xa0, 0x7b, 0x30, 0x9d, 0x84, 0xae, 0xd9, 0xd4, 0x33, 0x89, 0xc8, 0xcf, 0xa8, 0x6a, 0xf9, 0x8d, + 0x49, 0xe1, 0x53, 0x2d, 0x2c, 0x7c, 0xda, 0xcb, 0xc1, 0xb1, 0xae, 0xe5, 0x60, 0x27, 0x41, 0x31, + 0xf5, 0x32, 0x04, 0xc5, 0xf4, 0xb7, 0x70, 0xdc, 0x6e, 0xe6, 0x7c, 0x58, 0xf5, 0xa5, 0x0c, 0xab, + 0x56, 0x8a, 0xb0, 0x6a, 0x0b, 0x50, 0x36, 0x31, 0xa6, 0x4b, 0xfb, 0x77, 0x1e, 0x46, 0x65, 0x61, + 0x03, 0xee, 0x48, 0x10, 0xee, 0x94, 0x38, 0x48, 0xfd, 0xe3, 0x41, 0x18, 0xdf, 0x72, 0x0c, 0xb2, + 0xd4, 0x20, 0x36, 0xed, 0xd1, 0xd6, 0xe6, 0x7c, 0xb4, 0xaf, 0x2b, 0x3e, 0xda, 0x1f, 0xe7, 0xa3, + 0x69, 0x2e, 0x38, 0xd0, 0x35, 0x17, 0x4c, 0x4d, 0xec, 0x60, 0x8f, 0x13, 0xdb, 0x69, 0x47, 0x0c, + 0xbd, 0x8c, 0x1d, 0x31, 0x7c, 0x11, 0x3b, 0x22, 0x2b, 0x3e, 0x46, 0x7a, 0x4f, 0x3f, 0x2f, 0x67, + 0x36, 0x04, 0x14, 0xd9, 0x10, 0xff, 0xb3, 0x04, 0x57, 0x4e, 0xc9, 0x4c, 0x42, 0x8f, 0x13, 0x9e, + 0xac, 0x5b, 0x85, 0xd2, 0x99, 0x16, 0x36, 0x23, 0x2f, 0xd7, 0x4d, 0x18, 0x60, 0x77, 0xa8, 0x0a, + 0xe5, 0xa5, 0x8d, 0x8d, 0xed, 0xcf, 0x9f, 0x2f, 0x6d, 0x7d, 0x59, 0x7b, 0x05, 0x4d, 0x40, 0x55, + 0x5b, 0xfb, 0x78, 0xbd, 0xbe, 0xab, 0x7d, 0xf9, 0x7c, 0x7b, 0x6b, 0xe3, 0xcb, 0x5a, 0x49, 0xfd, + 0xc5, 0x04, 0x8c, 0x8a, 0xb4, 0x8c, 0x5e, 0x36, 0xca, 0x85, 0xa8, 0x5c, 0x6d, 0xcc, 0xcb, 0xb4, + 0x5a, 0x36, 0x90, 0xa3, 0x96, 0x9d, 0xa1, 0x82, 0x47, 0x8e, 0xe1, 0x78, 0x0f, 0x86, 0x7d, 0x91, + 0x0d, 0x57, 0xe4, 0x6c, 0xa9, 0x44, 0x45, 0xaf, 0x43, 0x95, 0xe7, 0x12, 0xd5, 0x71, 0xd3, 0x65, + 0xf2, 0x99, 0x2f, 0xaf, 0x92, 0x96, 0x04, 0x76, 0x5b, 0xb5, 0x23, 0x27, 0x87, 0x1d, 0xf2, 0x73, + 0xd8, 0xa5, 0xb6, 0x39, 0xda, 0x8d, 0xb6, 0x99, 0xe6, 0x52, 0x95, 0xae, 0xb9, 0x94, 0x0e, 0xd7, + 0x0f, 0x83, 0x13, 0x5b, 0x4c, 0xf9, 0x21, 0xde, 0x11, 0xe7, 0xfb, 0x36, 0xd1, 0xd9, 0x83, 0x97, + 0x1a, 0x81, 0xd5, 0x77, 0x4a, 0x7a, 0x43, 0xa7, 0x1e, 0xd0, 0x06, 0xd4, 0x0c, 0xe2, 0x5a, 0xce, + 0x49, 0x93, 0xd8, 0x54, 0x16, 0xb8, 0x28, 0x78, 0xa4, 0x44, 0xcb, 0x50, 0x66, 0x72, 0x4e, 0xc7, + 0xbb, 0xca, 0x39, 0xed, 0xc4, 0x4f, 0x6b, 0x2f, 0x83, 0x9f, 0x4e, 0x5c, 0x04, 0x3f, 0x7d, 0x08, + 0x65, 0x3d, 0x4c, 0x32, 0x45, 0x9d, 0x73, 0x8e, 0x43, 0x64, 0x74, 0x1f, 0x86, 0x65, 0xd8, 0x4f, + 0xe6, 0x2c, 0xc4, 0xec, 0x09, 0xce, 0x8b, 0x92, 0x89, 0xce, 0x01, 0x72, 0x4c, 0xc5, 0x9d, 0x2a, + 0xac, 0xe2, 0x4a, 0x11, 0x3e, 0x7d, 0x16, 0x11, 0x1e, 0x79, 0x07, 0x67, 0xd2, 0xde, 0x41, 0xfe, + 0x7a, 0xb9, 0xde, 0xc1, 0x1c, 0x3b, 0x41, 0xb9, 0x00, 0x3b, 0xe1, 0xf2, 0x39, 0x1f, 0x3b, 0x9b, + 0xed, 0x51, 0x7f, 0xd8, 0x84, 0x2a, 0x76, 0xdd, 0x58, 0xb2, 0xf2, 0x95, 0x33, 0x46, 0x55, 0x13, + 0xd4, 0xe8, 0x00, 0x5e, 0x15, 0x32, 0x65, 0x87, 0x4d, 0xa9, 0xee, 0x58, 0x75, 0xdb, 0x64, 0x2b, + 0x90, 0x7d, 0x57, 0x20, 0xfb, 0x64, 0x52, 0xc1, 0x69, 0xb3, 0xdf, 0xb9, 0x13, 0xb4, 0x0f, 0xf3, + 0x6d, 0x91, 0xd6, 0x6d, 0xf1, 0xa0, 0xab, 0x1d, 0x1f, 0xd4, 0xb1, 0x8f, 0x1c, 0xb5, 0xe3, 0x5a, + 0x0f, 0x6a, 0xc7, 0x8f, 0xa0, 0x22, 0xf6, 0x91, 0x48, 0x28, 0x92, 0x49, 0x0c, 0xe9, 0x05, 0xba, + 0x12, 0x43, 0xd1, 0x12, 0x04, 0xe8, 0x21, 0x5c, 0xfa, 0xfa, 0xc5, 0xa1, 0xcf, 0x04, 0x8d, 0x75, + 0x44, 0xbc, 0xb5, 0x63, 0xea, 0x61, 0xcd, 0x71, 0xe8, 0xca, 0x92, 0x4c, 0xa6, 0x6d, 0xd7, 0x8c, + 0x96, 0x60, 0xd8, 0xe5, 0x85, 0x65, 0x7c, 0x99, 0x52, 0x5b, 0x78, 0x8e, 0x03, 0xba, 0x40, 0x69, + 0x52, 0x33, 0x4a, 0xd3, 0x6b, 0x45, 0x94, 0xa6, 0xbf, 0x2e, 0x01, 0xca, 0xb2, 0x07, 0x7e, 0x6c, + 0x43, 0x00, 0x82, 0x44, 0xbd, 0x92, 0x3c, 0xb6, 0x91, 0x80, 0xa2, 0xcf, 0x60, 0xda, 0x0c, 0x09, + 0x29, 0xdb, 0x1c, 0xc4, 0xdb, 0x8c, 0x94, 0xac, 0x58, 0x11, 0xa3, 0x5c, 0x34, 0x2d, 0x9f, 0x9a, + 0xa9, 0x23, 0x41, 0x83, 0x85, 0x7d, 0x5f, 0xaa, 0xfd, 0x09, 0x98, 0xba, 0x0e, 0x13, 0x19, 0xc6, + 0xd1, 0x65, 0x5c, 0xf7, 0x4f, 0x4a, 0x30, 0x9e, 0x76, 0x78, 0x75, 0xa7, 0xb3, 0xbd, 0x05, 0x7d, + 0x47, 0x77, 0xa5, 0x96, 0x16, 0x5b, 0x40, 0x61, 0xe7, 0xcf, 0xee, 0x4a, 0x0e, 0xd7, 0x77, 0x74, + 0x97, 0x23, 0x2f, 0xca, 0xb8, 0x45, 0x2e, 0xf2, 0x62, 0x88, 0xbc, 0xc8, 0x3e, 0x37, 0xd3, 0x4b, + 0x97, 0x9f, 0xfb, 0xab, 0x52, 0xbc, 0xaf, 0xc5, 0x9e, 0x3e, 0x78, 0x2d, 0x27, 0x28, 0xf6, 0x46, + 0xee, 0xb7, 0x44, 0xf1, 0xb1, 0x9c, 0x98, 0xd8, 0xd3, 0x64, 0x68, 0x2b, 0x13, 0xcb, 0x89, 0xf5, + 0xc3, 0xa3, 0x5c, 0xab, 0x1c, 0x2f, 0x27, 0xb2, 0xa5, 0xd6, 0xe1, 0xca, 0x29, 0x0f, 0xed, 0x72, + 0xc4, 0xfe, 0xbe, 0x0f, 0xe6, 0x4e, 0x7b, 0x85, 0x2e, 0x07, 0xef, 0x5e, 0x74, 0x4e, 0xa8, 0xc0, + 0xa9, 0xd2, 0xe0, 0x90, 0xd0, 0x23, 0x80, 0xe8, 0xac, 0x4d, 0x81, 0x83, 0x91, 0x31, 0x6c, 0x74, + 0x1f, 0x46, 0xa8, 0xe3, 0x3a, 0x96, 0xd3, 0x38, 0x29, 0x70, 0xfe, 0x31, 0xc4, 0x45, 0x4f, 0x79, + 0x6e, 0xf0, 0xbe, 0xd9, 0xd8, 0x3e, 0x22, 0x9e, 0x67, 0x1a, 0xc5, 0xeb, 0x0c, 0xa4, 0xe8, 0xd4, + 0x35, 0xb9, 0x6d, 0xe3, 0xec, 0x14, 0xdd, 0x81, 0x49, 0xbf, 0xb5, 0xe7, 0xeb, 0x9e, 0xb9, 0x47, + 0x8c, 0xe8, 0xb8, 0x5f, 0x89, 0xe7, 0x7c, 0xe6, 0x35, 0xa9, 0x3f, 0x83, 0xd1, 0x58, 0x3a, 0x20, + 0x42, 0x30, 0xc0, 0xd3, 0x63, 0x04, 0x97, 0xe2, 0xd7, 0x61, 0xc5, 0x85, 0xbe, 0x58, 0xc5, 0x85, + 0x59, 0x18, 0x61, 0x2a, 0xf5, 0x4e, 0x54, 0x89, 0x21, 0xbc, 0x47, 0xd7, 0x00, 0x44, 0x75, 0x45, + 0xde, 0x3a, 0xc0, 0x5b, 0x63, 0x10, 0xf5, 0x97, 0x65, 0xa8, 0x65, 0xd6, 0x53, 0x78, 0x3c, 0x20, + 0x6a, 0x09, 0x5e, 0xb2, 0xc0, 0x4a, 0x68, 0x4b, 0xdb, 0xe5, 0x81, 0xe3, 0xb4, 0x89, 0xd6, 0xdf, + 0xc6, 0x44, 0x93, 0x32, 0x63, 0x20, 0x23, 0x33, 0x06, 0x8b, 0x1c, 0x1b, 0x99, 0x63, 0xe6, 0x16, + 0x25, 0x76, 0x58, 0x63, 0xa8, 0xac, 0x45, 0x80, 0x8c, 0xbd, 0x33, 0xdc, 0xb5, 0xbd, 0xb3, 0x04, + 0x63, 0xbe, 0xee, 0x61, 0xae, 0x8a, 0x11, 0xef, 0x08, 0x5b, 0xd2, 0xb9, 0x70, 0x8a, 0x79, 0x93, + 0x22, 0xe0, 0x8e, 0x2d, 0xc7, 0xa6, 0xe4, 0x98, 0xee, 0x60, 0x7a, 0x20, 0x3d, 0x0b, 0x71, 0x50, + 0x5c, 0x6f, 0x86, 0xb4, 0xde, 0x9c, 0x2d, 0x5d, 0x1b, 0xe9, 0xcd, 0xef, 0xc3, 0xb0, 0x4c, 0xaf, + 0x94, 0x66, 0xe1, 0xab, 0x79, 0xa9, 0x00, 0x52, 0x4e, 0x06, 0xc4, 0x92, 0x02, 0x3d, 0x86, 0x11, + 0x5f, 0x1e, 0x27, 0x96, 0xf6, 0xa0, 0x9a, 0x4f, 0x2d, 0x70, 0x82, 0x70, 0x66, 0x40, 0x73, 0xce, + 0x75, 0xbf, 0xbe, 0x47, 0xa1, 0xbe, 0x84, 0xa7, 0xa0, 0x56, 0xd8, 0x53, 0xb0, 0x09, 0xa3, 0x06, + 0xa6, 0x38, 0x20, 0xec, 0xc2, 0xf4, 0x8b, 0xd3, 0xe7, 0xa8, 0xaf, 0xa8, 0x07, 0xf5, 0x55, 0x09, + 0xfc, 0x2d, 0x93, 0xe1, 0xb1, 0x36, 0x01, 0x50, 0xff, 0xac, 0x04, 0x73, 0xa7, 0xa5, 0xa5, 0x74, + 0x29, 0xb6, 0xb6, 0x61, 0xba, 0x29, 0xaa, 0xe4, 0xac, 0x1d, 0xbb, 0xa6, 0x77, 0x12, 0x1e, 0xae, + 0xe8, 0xeb, 0xb4, 0x3d, 0xf3, 0xe9, 0xd4, 0x1d, 0x50, 0xda, 0x2d, 0xfa, 0x2e, 0x05, 0xf6, 0xcf, + 0x4b, 0x70, 0xa9, 0xcd, 0x2e, 0x4c, 0x57, 0x8c, 0x2e, 0x75, 0x53, 0x31, 0x7a, 0x2d, 0x26, 0x47, + 0xfa, 0xd2, 0x79, 0x45, 0x99, 0x07, 0x6f, 0x49, 0xd4, 0x60, 0x1f, 0x07, 0xa4, 0xea, 0x21, 0x5c, + 0xef, 0x80, 0xdc, 0x7d, 0x05, 0xa2, 0x50, 0xf6, 0x55, 0x85, 0xec, 0x53, 0xff, 0xb0, 0x0a, 0xa3, + 0xb1, 0x03, 0x89, 0xf1, 0x9e, 0x5f, 0x2b, 0xde, 0xf3, 0xeb, 0x50, 0xc5, 0xba, 0x4e, 0x7c, 0x7f, + 0xc3, 0x69, 0x3c, 0x31, 0xad, 0x40, 0xe4, 0x26, 0x81, 0xe8, 0x26, 0x8c, 0x47, 0x00, 0xc7, 0x6b, + 0xe2, 0xa0, 0x18, 0x52, 0x1a, 0x8c, 0xd6, 0x61, 0x22, 0x04, 0xad, 0xd9, 0xba, 0x63, 0x04, 0x4a, + 0xcd, 0x58, 0x5c, 0x27, 0xce, 0xa0, 0x68, 0x59, 0x2a, 0x26, 0xc0, 0x71, 0x8b, 0x3a, 0xe2, 0xb4, + 0xad, 0x14, 0x6e, 0x31, 0x08, 0x7b, 0x75, 0x19, 0xd2, 0x90, 0x07, 0x12, 0x45, 0x25, 0xeb, 0x24, + 0x10, 0xbd, 0x0d, 0x13, 0xba, 0xd3, 0x74, 0x1d, 0x9b, 0xd8, 0x74, 0x23, 0xa8, 0xe3, 0x2c, 0xa4, + 0x5c, 0xb6, 0x41, 0x0a, 0x18, 0xbd, 0xe5, 0x79, 0xc4, 0xd6, 0x4f, 0xb8, 0xb0, 0xab, 0x6a, 0x71, + 0x10, 0x93, 0x62, 0x86, 0xed, 0x6b, 0x64, 0xdf, 0x23, 0xfe, 0x81, 0x86, 0x29, 0x29, 0x20, 0xc5, + 0x92, 0x04, 0x51, 0x6d, 0x01, 0x5e, 0x30, 0xb5, 0xd5, 0x74, 0xa5, 0x93, 0xb3, 0x40, 0x6d, 0x81, + 0x80, 0x02, 0x6d, 0xc1, 0x24, 0x89, 0xd5, 0xb7, 0x0a, 0xcc, 0xba, 0x8c, 0xcc, 0xcb, 0x16, 0xc1, + 0xd2, 0xf2, 0x08, 0xd1, 0x63, 0x18, 0xe5, 0xe0, 0x3a, 0xc5, 0xd4, 0x37, 0xa4, 0x0c, 0x3c, 0xbd, + 0x9f, 0x38, 0x01, 0x53, 0xf9, 0x64, 0xc9, 0x6e, 0x69, 0xd4, 0x8b, 0x54, 0x77, 0x51, 0xb9, 0x20, + 0xaf, 0x89, 0xad, 0xa9, 0x00, 0xbc, 0x23, 0x0f, 0x05, 0xc9, 0x4a, 0x06, 0x29, 0x70, 0xe4, 0x81, + 0x1e, 0x8b, 0x7b, 0xa0, 0xef, 0xc0, 0xa4, 0x69, 0x67, 0x9f, 0x28, 0x8a, 0xdd, 0xe4, 0x35, 0xf1, + 0xda, 0x09, 0x76, 0xf2, 0x89, 0x35, 0x59, 0x3b, 0x21, 0x09, 0x46, 0x0b, 0x80, 0x0e, 0x5b, 0x7b, + 0xe4, 0xc8, 0xf4, 0x68, 0xc8, 0x31, 0x84, 0x9c, 0x28, 0x6b, 0x39, 0x2d, 0x89, 0x1a, 0xe1, 0x28, + 0x59, 0x23, 0x9c, 0xe9, 0xf7, 0xae, 0x67, 0x1e, 0x99, 0x16, 0x69, 0x10, 0x43, 0x3a, 0xf3, 0x4e, + 0xd5, 0xef, 0x23, 0x6c, 0xb4, 0x0c, 0x73, 0x1e, 0xc1, 0x86, 0x69, 0x13, 0xdf, 0x5f, 0xb7, 0x4d, + 0x6a, 0x62, 0x6b, 0x95, 0x58, 0xf8, 0xa4, 0x4e, 0x74, 0xc7, 0x36, 0x7c, 0x79, 0x56, 0xff, 0x54, + 0x1c, 0x71, 0xae, 0x53, 0xb6, 0xef, 0x10, 0xcf, 0x74, 0x8c, 0x80, 0x7a, 0x9a, 0x53, 0xb7, 0x69, + 0x45, 0x1f, 0xc0, 0xe5, 0xb0, 0xe5, 0x09, 0x36, 0xad, 0x96, 0x47, 0xa2, 0xf4, 0xe2, 0x19, 0x4e, + 0xda, 0x1e, 0x81, 0x6d, 0x5e, 0x9f, 0x62, 0xda, 0xe2, 0xa7, 0x16, 0x78, 0x4c, 0xb4, 0xaa, 0xc5, + 0x20, 0x49, 0xc9, 0xad, 0x9c, 0xc1, 0xc7, 0x1f, 0x1c, 0x59, 0xbe, 0xcc, 0x79, 0x4a, 0x2d, 0xa2, + 0x11, 0xf0, 0xf0, 0xb0, 0xf2, 0x23, 0x50, 0x5c, 0xe9, 0x71, 0x5a, 0x25, 0x54, 0x38, 0xc4, 0x83, + 0x83, 0x90, 0xe2, 0x70, 0x79, 0xdb, 0x76, 0xb4, 0x0b, 0xd3, 0x7c, 0x6d, 0x2f, 0x05, 0x3c, 0x29, + 0xd8, 0x5e, 0x57, 0xd2, 0x9e, 0xc5, 0xb5, 0x04, 0x5a, 0x70, 0x66, 0x3e, 0x97, 0x18, 0x2d, 0xc2, + 0x94, 0x5c, 0xd9, 0x81, 0x83, 0x4d, 0xac, 0xd8, 0x39, 0xfe, 0x36, 0xb9, 0x6d, 0xd9, 0x03, 0x8f, + 0x57, 0xcf, 0x78, 0xe0, 0x31, 0x7b, 0x0a, 0xf4, 0x5a, 0xee, 0x29, 0xd0, 0x1f, 0xc3, 0x8c, 0x8b, + 0x3d, 0x62, 0xd3, 0xfa, 0x41, 0x8b, 0x1a, 0xce, 0x8b, 0xe8, 0x89, 0xf3, 0x9d, 0x9e, 0xd8, 0x86, + 0x50, 0xfd, 0x1f, 0x7d, 0x30, 0x95, 0x37, 0x3e, 0x17, 0x54, 0x85, 0xaf, 0x2c, 0x6d, 0xc2, 0xb5, + 0xbc, 0x2a, 0x7c, 0xaf, 0xb5, 0x9b, 0xb2, 0x18, 0xea, 0x45, 0x14, 0xe2, 0xfb, 0xc7, 0x12, 0x5c, + 0x6e, 0xfb, 0x40, 0xf6, 0xfa, 0x3c, 0x84, 0x29, 0xcd, 0x5c, 0x76, 0xcd, 0xe5, 0x95, 0x65, 0x12, + 0x9b, 0x1f, 0x83, 0x96, 0x27, 0x61, 0xe4, 0x37, 0x67, 0x1b, 0xf8, 0xaf, 0x1c, 0x3c, 0xf3, 0x08, + 0x53, 0xf2, 0x29, 0x39, 0x09, 0x4a, 0x61, 0x47, 0x10, 0x3e, 0xfd, 0x78, 0x25, 0x7e, 0x06, 0x27, + 0x38, 0x04, 0x9c, 0x80, 0x32, 0x0b, 0xd2, 0xb7, 0x4d, 0x29, 0x41, 0xd9, 0x25, 0x63, 0x96, 0x7e, + 0x6b, 0x8f, 0x09, 0xda, 0x25, 0x4b, 0x14, 0x73, 0x52, 0x86, 0xb8, 0xfd, 0x9e, 0x06, 0xab, 0x3f, + 0x85, 0xf1, 0x54, 0x9d, 0x83, 0x88, 0x63, 0x97, 0xda, 0x9e, 0x34, 0x19, 0x2c, 0x7c, 0xd2, 0x64, + 0x05, 0x2e, 0xb5, 0x29, 0x1c, 0xcc, 0x5e, 0x5b, 0x77, 0x5b, 0x41, 0x49, 0x31, 0xdd, 0x6d, 0x89, + 0x6a, 0x29, 0x4d, 0x47, 0x66, 0x1f, 0xf3, 0x6a, 0x29, 0xec, 0x4e, 0xfd, 0x83, 0x3e, 0x28, 0x87, + 0xa5, 0x15, 0xba, 0x5c, 0x81, 0x0a, 0x0c, 0xb7, 0x0c, 0x9f, 0x5b, 0x9e, 0xa2, 0xf3, 0xe0, 0x16, + 0x3d, 0x86, 0x4a, 0xcb, 0x27, 0x5b, 0x4c, 0x05, 0xb2, 0x3e, 0x79, 0x41, 0x0b, 0x78, 0x71, 0x12, + 0xf8, 0xe8, 0x29, 0x4c, 0xb4, 0x7c, 0xb2, 0xeb, 0xb5, 0x7c, 0xfa, 0xc2, 0xf1, 0xe8, 0xc1, 0x09, + 0xeb, 0xa4, 0xb3, 0x43, 0x27, 0x4b, 0x84, 0xee, 0xc3, 0x20, 0x75, 0x0e, 0x89, 0x5d, 0x78, 0xbd, + 0x0a, 0x74, 0xf5, 0xbf, 0x40, 0x25, 0x7e, 0x72, 0x11, 0xcd, 0x41, 0xb9, 0xe9, 0xb4, 0x6c, 0x61, + 0x67, 0x8b, 0xf1, 0x8d, 0x00, 0xa1, 0x7f, 0xa6, 0x2f, 0xe6, 0x9f, 0x61, 0x1c, 0x9f, 0xf7, 0x10, + 0x3b, 0xbc, 0x12, 0x83, 0xa8, 0xbf, 0x06, 0x18, 0x3b, 0x0f, 0x63, 0x20, 0xe3, 0x15, 0xe9, 0xeb, + 0x14, 0xb8, 0x4e, 0x64, 0x99, 0x3c, 0x62, 0xaf, 0x69, 0xed, 0xd7, 0xcd, 0x86, 0x5d, 0xa8, 0x68, + 0x58, 0x0c, 0x3b, 0x5d, 0x00, 0x63, 0x30, 0x5b, 0x00, 0x63, 0x19, 0x46, 0x0c, 0xdb, 0x67, 0x5b, + 0x4b, 0x6c, 0x97, 0x84, 0xd7, 0x33, 0xf9, 0xf5, 0x0b, 0xab, 0x12, 0x51, 0x96, 0xf0, 0x0f, 0xe8, + 0x78, 0xbd, 0x34, 0xee, 0x47, 0xda, 0x24, 0xfe, 0x81, 0x3c, 0xae, 0x38, 0x5c, 0xa0, 0x5e, 0x5a, + 0x8a, 0x06, 0x7d, 0x01, 0x97, 0xc5, 0x90, 0x45, 0xb1, 0xa3, 0xe5, 0x13, 0x59, 0x61, 0xab, 0x40, + 0x15, 0xaf, 0xf6, 0xc4, 0xe8, 0x13, 0x40, 0xba, 0x49, 0xb1, 0x41, 0xac, 0xa7, 0x04, 0x5b, 0xf4, + 0x80, 0x57, 0x73, 0x29, 0xa0, 0xc4, 0xe6, 0x50, 0x9d, 0x63, 0xee, 0x63, 0x37, 0xa7, 0xf4, 0xb3, + 0xa6, 0x7b, 0xa5, 0xa7, 0x9f, 0xca, 0x8c, 0xbf, 0x70, 0xbc, 0x43, 0xcb, 0xc1, 0x06, 0x9b, 0xca, + 0x5d, 0x6a, 0x05, 0x2a, 0x6d, 0x0a, 0x7c, 0xde, 0x7f, 0xc3, 0xe8, 0xb2, 0x32, 0x73, 0x4e, 0x3c, + 0xb6, 0x76, 0x01, 0xf1, 0xd8, 0x89, 0x8b, 0xce, 0x5d, 0x47, 0x2f, 0xc3, 0xa1, 0x35, 0x79, 0x01, + 0x0e, 0xad, 0xd9, 0xf7, 0xa1, 0x9a, 0x60, 0x0b, 0x67, 0xaa, 0xbb, 0xf9, 0x47, 0x25, 0xa8, 0x9e, + 0xbf, 0x6f, 0x44, 0x85, 0x4a, 0x70, 0x4a, 0x7a, 0x27, 0xf2, 0x41, 0x24, 0x60, 0xa1, 0x3c, 0xe8, + 0x4f, 0xfa, 0xeb, 0xd3, 0x65, 0xb6, 0xd5, 0xff, 0x5f, 0x81, 0xe9, 0xdc, 0x22, 0x5a, 0x5d, 0x8a, + 0x82, 0x53, 0x59, 0x5c, 0x5f, 0x2f, 0x2c, 0x2e, 0x5f, 0x78, 0xf4, 0xe6, 0x68, 0x3f, 0x3f, 0x56, + 0xf7, 0x25, 0x4c, 0xda, 0xe4, 0x88, 0xc8, 0x41, 0xec, 0xf2, 0x4f, 0x18, 0x5a, 0x5e, 0x1f, 0xfc, + 0x7c, 0xb9, 0xf5, 0x02, 0x9f, 0xf8, 0xa9, 0xbe, 0x2b, 0x67, 0x3d, 0x5f, 0x9e, 0xd3, 0x49, 0xc7, + 0x8d, 0x5c, 0x7d, 0x19, 0x1b, 0x79, 0xec, 0xdb, 0x28, 0x02, 0x3d, 0xde, 0x36, 0x75, 0x7e, 0xd2, + 0x23, 0x2f, 0x3c, 0x93, 0x92, 0x25, 0xd7, 0x7d, 0xba, 0xbb, 0xbb, 0xb3, 0xe3, 0x39, 0x7b, 0x01, + 0x1b, 0x3e, 0xb5, 0x90, 0x5a, 0x0e, 0x59, 0x4a, 0xb9, 0x99, 0x38, 0xab, 0x72, 0x63, 0xf2, 0xd9, + 0xe2, 0x1f, 0x22, 0xb7, 0x6d, 0x1c, 0x84, 0x34, 0x98, 0x14, 0xb7, 0x24, 0x21, 0x31, 0x8b, 0x16, + 0x1e, 0xcc, 0x23, 0x4e, 0x4a, 0xae, 0xa9, 0xc2, 0x92, 0xeb, 0x29, 0x8c, 0x39, 0x7b, 0x89, 0xf5, + 0x59, 0x34, 0x7b, 0x29, 0x45, 0x77, 0xde, 0x49, 0xe0, 0x8f, 0xa1, 0x6c, 0x99, 0xfb, 0x44, 0x3f, + 0xd1, 0xad, 0xa0, 0x0c, 0x60, 0xe7, 0x77, 0x8a, 0x48, 0x72, 0x14, 0x12, 0xa5, 0x07, 0x85, 0x24, + 0x47, 0xc0, 0x5f, 0xbe, 0x00, 0x01, 0x3f, 0xdb, 0xa3, 0x80, 0x57, 0xff, 0x77, 0x09, 0x2e, 0xb5, + 0x39, 0x2d, 0xdb, 0xa5, 0x64, 0x78, 0x0c, 0x15, 0xa7, 0x45, 0xdd, 0x16, 0x95, 0x05, 0x3f, 0xfb, + 0x0a, 0x54, 0x64, 0x8c, 0xe1, 0xab, 0xff, 0xda, 0x0f, 0x57, 0x4f, 0x3d, 0x80, 0xdb, 0xe5, 0x7b, + 0xbd, 0xc3, 0xcf, 0xc5, 0x1f, 0xc8, 0xf7, 0xb9, 0x9e, 0x7b, 0xda, 0x77, 0xa9, 0x45, 0xa3, 0x52, + 0xcf, 0x2d, 0x7a, 0x80, 0xde, 0x0b, 0xbd, 0x5e, 0x39, 0x67, 0x8c, 0x43, 0xb2, 0xdc, 0x9a, 0x7d, + 0x6b, 0x3c, 0x19, 0x8a, 0x92, 0x63, 0xfa, 0xb1, 0x87, 0xdd, 0x03, 0x69, 0xf0, 0xe4, 0x77, 0xb0, + 0x12, 0x43, 0xd4, 0x12, 0x64, 0x68, 0x3b, 0x4a, 0x6d, 0x10, 0xa2, 0xee, 0xdd, 0x82, 0xe7, 0x94, + 0x17, 0x64, 0xda, 0x72, 0xba, 0x34, 0xea, 0x36, 0x0c, 0xcb, 0xe0, 0x91, 0x4c, 0x9f, 0xef, 0xb6, + 0x43, 0xd9, 0xcb, 0xec, 0x1a, 0x54, 0x13, 0x2d, 0x5d, 0x46, 0x9a, 0xfe, 0xb4, 0x04, 0xd3, 0xb9, + 0x53, 0x81, 0x96, 0x61, 0x0c, 0xbb, 0xee, 0x8a, 0x47, 0x0c, 0x62, 0x53, 0x13, 0x5b, 0x7e, 0x81, + 0x6e, 0x53, 0x14, 0x68, 0x06, 0x86, 0xb0, 0x6b, 0x7e, 0x4a, 0x42, 0xef, 0x84, 0xb8, 0x43, 0x0b, + 0x51, 0x61, 0x20, 0x5d, 0x0f, 0xcd, 0x6e, 0xa1, 0x7a, 0xe4, 0xb4, 0xa8, 0xff, 0x95, 0x6d, 0x97, + 0xdc, 0x89, 0xef, 0x72, 0x59, 0xbe, 0x0d, 0x13, 0x3e, 0x6e, 0xba, 0x3c, 0x4b, 0x6f, 0x0f, 0x8b, + 0x82, 0xd6, 0x52, 0xd3, 0xcb, 0x36, 0xa8, 0xdb, 0x89, 0xc7, 0xc7, 0x97, 0x4d, 0x97, 0xa3, 0xfe, + 0xdf, 0xfb, 0xa0, 0x92, 0xf8, 0x8a, 0x07, 0x30, 0x6c, 0x60, 0x8a, 0x0d, 0xa7, 0x91, 0x2d, 0xf2, + 0x2e, 0x10, 0x57, 0x45, 0x73, 0xb0, 0x0c, 0x24, 0x36, 0xfa, 0x90, 0xf1, 0xdf, 0xc6, 0x01, 0xf5, + 0x29, 0x71, 0xb3, 0x9b, 0x4c, 0x90, 0x6e, 0x30, 0x84, 0x3a, 0x25, 0x6e, 0x70, 0x02, 0x3d, 0xa4, + 0x40, 0xf7, 0x60, 0xe8, 0x1b, 0xd3, 0x3d, 0x34, 0x83, 0x0a, 0xe5, 0x73, 0x69, 0xda, 0xaf, 0x78, + 0x6b, 0xb0, 0xc9, 0x04, 0x2e, 0x53, 0xb3, 0xb3, 0x27, 0xf9, 0x0b, 0xa8, 0xd9, 0xf1, 0x44, 0xa7, + 0xdb, 0x30, 0x99, 0xf3, 0x61, 0x48, 0x81, 0x61, 0x2c, 0xcb, 0x30, 0x0a, 0x1b, 0x20, 0xb8, 0x55, + 0xff, 0xbc, 0x04, 0xd3, 0xb9, 0xdf, 0xd3, 0x9e, 0x86, 0xc9, 0x78, 0x11, 0x67, 0xdb, 0xe5, 0x3e, + 0x22, 0x79, 0x30, 0x28, 0x06, 0xe2, 0xff, 0xd6, 0x63, 0x7d, 0xc6, 0x57, 0x60, 0x0c, 0x82, 0x16, + 0x61, 0x88, 0xa7, 0x2d, 0x90, 0x02, 0xae, 0x13, 0x89, 0xa9, 0x2e, 0x00, 0xca, 0x0e, 0xde, 0x29, + 0x5f, 0xf6, 0xf3, 0x21, 0xa8, 0xca, 0x0a, 0xd8, 0x3d, 0x2d, 0xea, 0x87, 0x51, 0x2e, 0x48, 0xa6, + 0x14, 0x81, 0xec, 0xbf, 0x4d, 0x36, 0xc8, 0xbb, 0x30, 0xf4, 0x35, 0x26, 0x8d, 0x90, 0xe1, 0x5e, + 0xcd, 0x10, 0x7e, 0xc2, 0x9b, 0x83, 0x75, 0x20, 0x90, 0xcf, 0xf1, 0x04, 0xd3, 0x2c, 0x8c, 0xb8, + 0x41, 0x6d, 0x4c, 0xe1, 0x66, 0x0a, 0xef, 0xd1, 0xdd, 0x28, 0x55, 0x65, 0x28, 0xfd, 0xbb, 0xa2, + 0x36, 0x09, 0x2a, 0xef, 0x86, 0xcb, 0x7a, 0xb8, 0xcd, 0xf7, 0xe4, 0xae, 0xeb, 0x25, 0x00, 0xc7, + 0x25, 0xb6, 0x4e, 0x6c, 0xbf, 0x15, 0x1c, 0x05, 0x7a, 0x35, 0x43, 0xba, 0x1d, 0xa2, 0x04, 0x99, + 0x80, 0x11, 0x51, 0x81, 0x8c, 0x9d, 0xef, 0x8f, 0x4d, 0x90, 0x52, 0x35, 0xc7, 0x7b, 0xfc, 0xbd, + 0xdf, 0x5f, 0xf5, 0xc1, 0xa5, 0x36, 0x53, 0x10, 0x18, 0xaa, 0xa5, 0x8c, 0xa1, 0xda, 0x57, 0xcc, + 0x50, 0x2d, 0x93, 0x63, 0xd7, 0xf1, 0x62, 0x85, 0x38, 0x6e, 0x9d, 0x32, 0xed, 0x6b, 0x01, 0x6e, + 0xc0, 0x4f, 0x43, 0xe2, 0x64, 0xa1, 0xbe, 0xc1, 0xee, 0x0a, 0xf5, 0x65, 0x55, 0xe2, 0xa1, 0xee, + 0x55, 0x62, 0x75, 0x1f, 0xe6, 0x3b, 0x7d, 0x40, 0x9a, 0x9f, 0x97, 0xba, 0xe1, 0xe7, 0xbf, 0x2a, + 0xc1, 0x54, 0x1e, 0x93, 0xe9, 0x92, 0x97, 0xa5, 0x3c, 0x39, 0x7d, 0xdd, 0x78, 0x72, 0xc2, 0x3f, + 0xae, 0xf7, 0xc7, 0xff, 0xb8, 0xde, 0xcd, 0xdf, 0xd2, 0xff, 0xa9, 0x5f, 0x48, 0xab, 0x14, 0x23, + 0xec, 0x71, 0xd9, 0x85, 0x3e, 0x17, 0x88, 0xfb, 0x5c, 0xde, 0x0f, 0x23, 0x3a, 0xfd, 0xe9, 0x50, + 0x5e, 0xe2, 0x15, 0x36, 0x39, 0x52, 0xc0, 0xc1, 0x04, 0x09, 0x8f, 0x62, 0xb9, 0xd8, 0xae, 0x53, + 0xc7, 0xc3, 0x0d, 0xc2, 0x3e, 0x49, 0x3a, 0x6f, 0xd2, 0x60, 0x36, 0x2d, 0x2e, 0xf1, 0x7c, 0xd3, + 0xa7, 0x45, 0xaa, 0xaa, 0x48, 0x54, 0x74, 0x0b, 0x6a, 0xbe, 0xe8, 0x24, 0x2a, 0x47, 0x2e, 0x92, + 0x4b, 0x32, 0x70, 0x9e, 0xcf, 0xc2, 0x25, 0x2d, 0xcf, 0xa8, 0x97, 0x3f, 0x4e, 0x8f, 0x20, 0xc9, + 0xbd, 0x32, 0x72, 0x5e, 0x7b, 0xa5, 0xdc, 0xc3, 0x5e, 0x79, 0x04, 0x97, 0xdb, 0x0e, 0x31, 0xba, + 0x0a, 0xd0, 0xc4, 0xc7, 0xcf, 0xb9, 0x9d, 0xe1, 0xcb, 0x1f, 0xe5, 0x97, 0x9b, 0xf8, 0x98, 0x8b, + 0x7a, 0x5f, 0xfd, 0x8b, 0x68, 0x89, 0x24, 0xc4, 0xfe, 0x39, 0x2d, 0x91, 0x72, 0x7c, 0x89, 0xbc, + 0x0d, 0x13, 0xae, 0xe7, 0xec, 0x91, 0x3a, 0xc5, 0x1e, 0x6d, 0xb9, 0x3c, 0xfd, 0x41, 0x9e, 0x8b, + 0xcc, 0x36, 0xa0, 0x39, 0x28, 0xff, 0xac, 0x45, 0xbc, 0x93, 0x30, 0x2f, 0xb8, 0xaa, 0x45, 0x80, + 0x2e, 0x83, 0x94, 0x48, 0x85, 0xca, 0xd7, 0xf8, 0x08, 0x6f, 0xbb, 0xd4, 0x7f, 0x4a, 0xb0, 0x2b, + 0x7e, 0xfa, 0xa5, 0x25, 0x60, 0x4c, 0xa8, 0x37, 0xf1, 0x71, 0xdd, 0xc5, 0xb2, 0xcc, 0x4e, 0x55, + 0x0b, 0xef, 0xd1, 0xbb, 0x30, 0xc0, 0x14, 0x80, 0xb6, 0x42, 0x56, 0x8c, 0xe1, 0x96, 0x63, 0x04, + 0xb2, 0x9d, 0xa3, 0x9f, 0xef, 0x4f, 0xf1, 0xd5, 0x1f, 0x86, 0x02, 0x25, 0xfd, 0x38, 0x84, 0x60, + 0x40, 0x77, 0x5b, 0xc1, 0x3c, 0xf3, 0x6b, 0xf5, 0xff, 0x96, 0x60, 0xf2, 0x53, 0x13, 0x5b, 0xe6, + 0xb9, 0x84, 0xf5, 0xae, 0x40, 0x99, 0x69, 0x99, 0xcf, 0xf7, 0x4d, 0x2b, 0xf0, 0x6d, 0x8f, 0x30, + 0x80, 0x4c, 0x40, 0xab, 0xc9, 0xa8, 0xf6, 0xf3, 0x43, 0x72, 0x22, 0x70, 0xfa, 0xe5, 0xef, 0xfa, + 0xc3, 0x68, 0x37, 0xc3, 0x54, 0xff, 0xb2, 0x0f, 0xa6, 0xf8, 0x4b, 0xad, 0x62, 0xff, 0x60, 0xcf, + 0xc1, 0x5e, 0x60, 0x0f, 0x26, 0xe3, 0x93, 0xa5, 0x74, 0x7c, 0x92, 0x69, 0x2a, 0x2d, 0x9f, 0x78, + 0x36, 0x6e, 0x92, 0xc8, 0x40, 0x8b, 0x83, 0xd0, 0xeb, 0x50, 0x75, 0xb1, 0xef, 0xbb, 0x07, 0x1e, + 0xf6, 0x63, 0xf1, 0xf6, 0x24, 0x10, 0x3d, 0x86, 0xca, 0x91, 0x49, 0x5e, 0x6c, 0xdb, 0xd6, 0x09, + 0xdf, 0xe8, 0x9d, 0xf5, 0xe4, 0x04, 0x3e, 0x7b, 0xcf, 0x86, 0x87, 0xf7, 0xb1, 0x8d, 0x3f, 0xd3, + 0x36, 0xa4, 0xf2, 0x17, 0x83, 0xf0, 0x8a, 0xe8, 0x7c, 0x37, 0xb2, 0x66, 0x99, 0xae, 0x1d, 0x02, + 0xd0, 0x3d, 0xe9, 0x5f, 0x28, 0x5a, 0xd7, 0x84, 0x63, 0xab, 0xbf, 0x2e, 0x01, 0xe2, 0x83, 0xf6, + 0x5d, 0x11, 0x55, 0xef, 0x09, 0xa1, 0xd4, 0x7f, 0x36, 0xa7, 0x33, 0x2f, 0x03, 0x1a, 0x4a, 0xb9, + 0x81, 0x98, 0x94, 0x53, 0x7f, 0x6f, 0x04, 0x46, 0xf9, 0x17, 0xf6, 0x7a, 0x86, 0x5b, 0x84, 0x59, + 0x57, 0x49, 0xd3, 0x11, 0xf1, 0xf2, 0x22, 0x67, 0xb8, 0xd3, 0x34, 0x01, 0x13, 0xec, 0xcf, 0x30, + 0xc1, 0x81, 0x22, 0x4c, 0xb0, 0xe8, 0xc9, 0xed, 0x36, 0xbf, 0xbe, 0x18, 0x6a, 0xff, 0xeb, 0x8b, + 0xf7, 0x62, 0x89, 0xec, 0x19, 0x4b, 0x21, 0x67, 0xab, 0xc7, 0x72, 0xd8, 0x3f, 0x80, 0xb2, 0x11, + 0xec, 0x38, 0xc9, 0xc5, 0xae, 0xa5, 0x68, 0x53, 0x3b, 0x52, 0x8b, 0x08, 0xe2, 0x69, 0xfb, 0x99, + 0xf2, 0x39, 0xd9, 0x85, 0x19, 0x19, 0x6a, 0x29, 0xf3, 0x62, 0x3c, 0x6b, 0x5e, 0xfc, 0xee, 0x1f, + 0xc3, 0x2f, 0xfb, 0x1f, 0xc3, 0xe7, 0x1c, 0xeb, 0x0e, 0xf3, 0xe3, 0x6b, 0xa9, 0xfc, 0xf8, 0xa4, + 0xe8, 0x9e, 0x28, 0x9c, 0x5f, 0xf4, 0xff, 0xca, 0x30, 0xc4, 0x37, 0xaa, 0x8f, 0x3e, 0x84, 0x51, + 0x26, 0x72, 0x9a, 0xfc, 0x4f, 0x3a, 0x5e, 0xb6, 0xf0, 0xe1, 0x0a, 0xf1, 0xa8, 0xf8, 0xcd, 0x4e, + 0x78, 0x58, 0x2d, 0x86, 0x8f, 0xde, 0x80, 0x7e, 0xdd, 0x36, 0x25, 0x47, 0x88, 0x3d, 0x7a, 0x65, + 0x6b, 0x3d, 0x28, 0x22, 0xae, 0xdb, 0x26, 0x7a, 0x1f, 0x2a, 0xfc, 0x5f, 0x18, 0xba, 0xe3, 0x11, + 0xc3, 0x0e, 0xb8, 0x5c, 0xcc, 0x8a, 0xe7, 0x59, 0xbe, 0x5b, 0xc1, 0x7f, 0x60, 0x12, 0xc8, 0x68, + 0x01, 0x86, 0x1a, 0xfc, 0x3f, 0xab, 0x92, 0x57, 0xcc, 0xe4, 0xff, 0x7f, 0x55, 0x93, 0x58, 0xe8, + 0x1e, 0x8c, 0x84, 0x55, 0x90, 0x33, 0x51, 0xca, 0xe4, 0x6f, 0x16, 0xb5, 0x10, 0x93, 0x3f, 0x85, + 0xff, 0x12, 0x43, 0xda, 0x5a, 0x33, 0xe9, 0x3f, 0x5e, 0x85, 0x4f, 0xe1, 0x77, 0xe8, 0x11, 0x0c, + 0x4b, 0x11, 0x55, 0x58, 0xf2, 0x04, 0x04, 0xe8, 0x2d, 0x18, 0x6c, 0x9a, 0xc7, 0xc4, 0x93, 0x5c, + 0x63, 0x3a, 0x55, 0x0a, 0x30, 0x28, 0x9a, 0xc9, 0x71, 0xd0, 0x03, 0x28, 0xb3, 0x4d, 0x89, 0x1b, + 0xc4, 0xa6, 0xe1, 0xdf, 0x1f, 0x42, 0x82, 0x54, 0x49, 0x1b, 0x2d, 0xc2, 0xe5, 0x75, 0xe8, 0x4d, + 0xcb, 0x09, 0xfe, 0xe3, 0x36, 0x9d, 0x7b, 0x1c, 0x58, 0x13, 0x38, 0xec, 0x29, 0x51, 0x19, 0xcb, + 0x4b, 0xe9, 0xa7, 0x9c, 0x52, 0xc1, 0xf2, 0x51, 0xe2, 0xfc, 0x64, 0xf0, 0xbf, 0xb7, 0x9c, 0xa3, + 0x04, 0x39, 0x87, 0x26, 0xef, 0x65, 0x4e, 0x11, 0x29, 0xed, 0x72, 0x87, 0x62, 0x7c, 0xf7, 0x73, + 0x98, 0xf1, 0x93, 0x11, 0x75, 0xf9, 0x07, 0x28, 0xb9, 0x99, 0xe3, 0x21, 0x86, 0xbc, 0xc8, 0xbb, + 0xd6, 0x86, 0x1c, 0xdd, 0x85, 0x61, 0x2a, 0xff, 0x5b, 0x37, 0x96, 0x5e, 0xa0, 0x09, 0xef, 0x9c, + 0x16, 0xe0, 0xb1, 0x31, 0x3e, 0x64, 0xcc, 0x5a, 0xba, 0x36, 0xa6, 0x53, 0x3c, 0x3c, 0x18, 0x63, + 0x8e, 0x83, 0x14, 0x18, 0x3e, 0x62, 0x56, 0x94, 0x63, 0xcb, 0x2c, 0xec, 0xe0, 0x96, 0x4b, 0x59, + 0x91, 0xc3, 0xaf, 0xa5, 0xb6, 0xf3, 0xe9, 0x52, 0x36, 0x45, 0x83, 0x76, 0x00, 0x45, 0xc3, 0xbb, + 0x2d, 0xff, 0x92, 0x55, 0xf4, 0x6c, 0x8e, 0x96, 0x43, 0x8b, 0xee, 0x40, 0x59, 0xfc, 0x01, 0x94, + 0x6d, 0xf3, 0xc9, 0xf6, 0xdb, 0x7c, 0x84, 0x63, 0xad, 0xd8, 0x26, 0x7a, 0x08, 0xe5, 0x43, 0xfe, + 0xc3, 0x13, 0xf3, 0x1b, 0x52, 0xa0, 0x24, 0x43, 0x84, 0xac, 0x2a, 0x30, 0x93, 0xff, 0x66, 0xea, + 0x75, 0xb8, 0x7a, 0x2a, 0xcf, 0x54, 0x67, 0x60, 0x2a, 0x2f, 0x02, 0xa7, 0xfe, 0x67, 0xa8, 0x26, + 0xfe, 0x67, 0x7e, 0xce, 0x85, 0xba, 0x6b, 0x30, 0x96, 0x54, 0x57, 0x6e, 0xdd, 0x16, 0x09, 0xae, + 0xa8, 0x02, 0x23, 0xf2, 0x9f, 0x90, 0x46, 0xed, 0x15, 0x76, 0x67, 0x39, 0x8d, 0xe7, 0x8e, 0x6d, + 0x9d, 0xd4, 0x4a, 0x68, 0x94, 0xbd, 0xc3, 0xbe, 0xe3, 0xe9, 0xa4, 0xd6, 0x77, 0xeb, 0xbd, 0x36, + 0x07, 0xd0, 0x19, 0xd6, 0xea, 0xda, 0x93, 0xa5, 0xcf, 0x36, 0x76, 0x6b, 0xaf, 0x20, 0x80, 0xa1, + 0xfa, 0xae, 0xb6, 0xbe, 0xb2, 0x5b, 0x2b, 0xa1, 0x61, 0xe8, 0xdf, 0x7e, 0xf2, 0xa4, 0xd6, 0x77, + 0xeb, 0xcd, 0x9c, 0x93, 0x27, 0x68, 0x04, 0x06, 0x3e, 0xa9, 0x6f, 0x6f, 0xd5, 0x5e, 0x61, 0x57, + 0xbb, 0x6b, 0x5f, 0xec, 0xd6, 0x4a, 0xb7, 0xee, 0x04, 0xd1, 0x34, 0xd6, 0x8f, 0xf0, 0x74, 0xd6, + 0x5e, 0x41, 0xd5, 0x58, 0xe0, 0x40, 0xbc, 0x95, 0x0c, 0x29, 0xd4, 0xfa, 0x96, 0xe1, 0xab, 0x91, + 0x60, 0x92, 0xf7, 0x86, 0xf8, 0xc8, 0xbc, 0xf3, 0xef, 0x01, 0x00, 0x00, 0xff, 0xff, 0xd3, 0x91, + 0x3b, 0xbf, 0xc8, 0x8f, 0x00, 0x00, } diff --git a/operator/pkg/apis/istio/v1alpha1/values_types.proto b/operator/pkg/apis/istio/v1alpha1/values_types.proto index fe1e01b3c573..858bf74d51f6 100644 --- a/operator/pkg/apis/istio/v1alpha1/values_types.proto +++ b/operator/pkg/apis/istio/v1alpha1/values_types.proto @@ -357,6 +357,10 @@ message GalleyConfig { TypeMapStringInterface nodeSelector = 13 [deprecated=true]; TypeMapStringInterface podAnnotations = 14 [deprecated=true]; + + string hub = 15; + + StringOrNumber tag = 16; } // GatewayLabelsConfig is a set of Configuration for gateway labels. @@ -929,6 +933,10 @@ message MixerPolicyConfig { TypeMapStringInterface env = 17; TypeSliceOfMapStringInterface tolerations = 18 [deprecated=true]; + + string hub = 19; + + StringOrNumber tag = 20; } // Configuration for Mixer Telemetry. @@ -1007,6 +1015,10 @@ message MixerTelemetryConfig { TypeSliceOfMapStringInterface podAntiAffinityTermLabelSelector = 21 [deprecated=true]; TypeSliceOfMapStringInterface tolerations = 22 [deprecated=true]; + + string hub = 23; + + StringOrNumber tag = 24; } // MultiClusterConfig specifies the Configuration for Istio mesh across multiple clusters through the istio gateways. @@ -1049,6 +1061,10 @@ message NodeAgentConfig { // // See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ TypeMapStringInterface podAnnotations = 8 [deprecated=true]; + + string hub = 9; + + StringOrNumber tag = 10; } // OutboundTrafficPolicyConfig controls the default behavior of the sidecar for handling outbound traffic from the application. @@ -1192,6 +1208,10 @@ message PilotConfig { string jwksResolverExtraRootCA = 32; TypeSliceOfMapStringInterface plugins = 33; + + string hub = 34; + + StringOrNumber tag = 35; } // Controls legacy k8s ingress. Only one pilot profile should enable ingress support. @@ -1675,6 +1695,10 @@ message SidecarInjectorConfig { // Examples: custom-sidecar_injector, docker.io/someuser:custom-sidecar_injector string image = 3; + string hub = 4; + + StringOrNumber tag = 5; + // K8s node selector. Each component can overwrite the default values by adding its node selector block in the relevant section and setting the desired values. // // See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector diff --git a/operator/pkg/translate/translate.go b/operator/pkg/translate/translate.go index 64ae796d1218..03ac48c256cf 100644 --- a/operator/pkg/translate/translate.go +++ b/operator/pkg/translate/translate.go @@ -45,6 +45,10 @@ const ( HelmValuesEnabledSubpath = "enabled" // HelmValuesNamespaceSubpath is the subpath from the component root to the namespace parameter. HelmValuesNamespaceSubpath = "namespace" + // HelmValuesHubSubpath is the subpath from the component root to the hub parameter. + HelmValuesHubSubpath = "hub" + // HelmValuesTagSubpath is the subpath from the component root to the tag parameter. + HelmValuesTagSubpath = "tag" // TranslateConfigFolder is the folder where we store translation configurations TranslateConfigFolder = "translateConfig" // TranslateConfigPrefix is the prefix of IstioOperator's translation configuration file @@ -201,7 +205,7 @@ func (t *Translator) ProtoToValues(ii *v1alpha1.IstioOperatorSpec) (string, erro } // Enabled and namespace fields require special handling because of inheritance rules. - if err := t.setEnablementAndNamespaces(root, ii); err != nil { + if err := t.setComponentProperties(root, ii); err != nil { return "", err } @@ -338,9 +342,9 @@ func (t *Translator) protoToHelmValues(node interface{}, root map[string]interfa return errs } -// setEnablementAndNamespaces translates the enablement and namespace value of each component in the baseYAML values -// tree, based on feature/component inheritance relationship. -func (t *Translator) setEnablementAndNamespaces(root map[string]interface{}, iop *v1alpha1.IstioOperatorSpec) error { +// setComponentProperties translates properties (e.g., enablement and namespace) of each component +// in the baseYAML values tree, based on feature/component inheritance relationship. +func (t *Translator) setComponentProperties(root map[string]interface{}, iop *v1alpha1.IstioOperatorSpec) error { var keys []string for k := range t.ComponentMaps { if k != name.IngressComponentName && k != name.EgressComponentName { @@ -373,6 +377,20 @@ func (t *Translator) setEnablementAndNamespaces(root map[string]interface{}, iop if err := tpath.WriteNode(root, util.PathFromString(c.ToHelmValuesTreeRoot+"."+HelmValuesNamespaceSubpath), ns); err != nil { return err } + + hub, found, _ := tpath.GetFromStructPath(iop, "Components."+string(cn)+".Hub") + if found && hub.(string) != "" { + if err := tpath.WriteNode(root, util.PathFromString(c.ToHelmValuesTreeRoot+"."+HelmValuesHubSubpath), hub); err != nil { + return err + } + } + + tag, found, _ := tpath.GetFromStructPath(iop, "Components."+string(cn)+".Tag") + if found && tag.(string) != "" { + if err := tpath.WriteNode(root, util.PathFromString(c.ToHelmValuesTreeRoot+"."+HelmValuesTagSubpath), tag); err != nil { + return err + } + } } for cn, gns := range t.GlobalNamespaces { diff --git a/operator/pkg/vfs/assets.gen.go b/operator/pkg/vfs/assets.gen.go index 90823b7c2251..4aef31c5dc9c 100644 --- a/operator/pkg/vfs/assets.gen.go +++ b/operator/pkg/vfs/assets.gen.go @@ -10228,7 +10228,7 @@ spec: {{- if contains "/" .Values.sidecarInjectorWebhook.image }} image: "{{ .Values.sidecarInjectorWebhook.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.sidecarInjectorWebhook.image | default "sidecar_injector" }}:{{ .Values.global.tag }}" + image: "{{ .Values.sidecarInjectorWebhook.hub | default .Values.global.hub }}/{{ .Values.sidecarInjectorWebhook.image | default "sidecar_injector" }}:{{ .Values.sidecarInjectorWebhook.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} args: @@ -10593,6 +10593,8 @@ var _chartsIstioControlIstioAutoinjectValuesYaml = []byte(`sidecarInjectorWebhoo rollingMaxSurge: 100% rollingMaxUnavailable: 25% + hub: "" + tag: "" image: sidecar_injector # This enables injection of sidecar in all namespaces, @@ -11259,7 +11261,7 @@ spec: {{- if contains "/" .Values.galley.image }} image: "{{ .Values.galley.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.galley.image | default "galley" }}:{{ .Values.global.tag }}" + image: "{{ .Values.galley.hub | default .Values.global.hub }}/{{ .Values.galley.image | default "galley" }}:{{ .Values.galley.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} ports: @@ -11696,6 +11698,8 @@ func chartsIstioControlIstioConfigTemplatesValidatingwebhookconfigurationYamlTpl } var _chartsIstioControlIstioConfigValuesYaml = []byte(`galley: + hub: "" + tag: "" image: galley replicaCount: 1 rollingMaxSurge: 100% @@ -13415,7 +13419,7 @@ spec: {{- if contains "/" .Values.pilot.image }} image: "{{ .Values.pilot.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.pilot.image | default "pilot" }}:{{ .Values.global.tag }}" + image: "{{ .Values.pilot.hub | default .Values.global.hub }}/{{ .Values.pilot.image | default "pilot" }}:{{ .Values.pilot.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} args: @@ -14703,6 +14707,9 @@ pilot: rollingMaxSurge: 100% rollingMaxUnavailable: 25% + hub: "" + tag: "" + # Can be a full hub/image:tag image: pilot traceSampling: 1.0 @@ -15626,7 +15633,7 @@ spec: {{- if contains "/" .Values.mixer.policy.image }} image: "{{ .Values.mixer.policy.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.mixer.policy.image }}:{{ .Values.global.tag }}" + image: "{{ .Values.mixer.policy.hub | default .Values.global.hub }}/{{ .Values.mixer.policy.image }}:{{ .Values.mixer.policy.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} ports: @@ -15909,6 +15916,8 @@ func chartsIstioPolicyTemplatesServiceaccountYaml() (*asset, error) { var _chartsIstioPolicyValuesYaml = []byte(`mixer: policy: + hub: "" + tag: "" image: mixer replicaCount: 1 @@ -33353,7 +33362,7 @@ spec: {{- if contains "/" .Values.mixer.telemetry.image }} image: "{{ .Values.mixer.telemetry.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.mixer.telemetry.image }}:{{ .Values.global.tag }}" + image: "{{ .Values.mixer.telemetry.hub | default .Values.global.hub }}/{{ .Values.mixer.telemetry.image }}:{{ .Values.mixer.telemetry.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} ports: @@ -34651,6 +34660,8 @@ var _chartsIstioTelemetryMixerTelemetryValuesYaml = []byte(`mixer: useAdapterCRDs: false telemetry: + hub: "" + tag: "" image: mixer enabled: true replicaCount: 1 @@ -38500,7 +38511,7 @@ spec: {{- if contains "/" .Values.nodeagent.image }} image: "{{ .Values.nodeagent.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.nodeagent.image }}:{{ .Values.global.tag }}" + image: "{{ .Values.nodeagent.hub | default .Values.global.hub }}/{{ .Values.nodeagent.image }}:{{ .Values.nodeagent.tag | default .Values.global.tag }}" {{- end }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default "Always" }} args: @@ -38592,6 +38603,8 @@ var _chartsSecurityNodeagentValuesYaml = []byte(`# # nodeagent: enabled: false + hub: "" + tag: "" image: node-agent-k8s env: # name of authentication provider. diff --git a/operator/python/istio_api/pkg/apis/istio/v1alpha1/values_types_pb2.py b/operator/python/istio_api/pkg/apis/istio/v1alpha1/values_types_pb2.py index 9b82c04bbe9e..462b8ee2a45a 100644 --- a/operator/python/istio_api/pkg/apis/istio/v1alpha1/values_types_pb2.py +++ b/operator/python/istio_api/pkg/apis/istio/v1alpha1/values_types_pb2.py @@ -22,7 +22,7 @@ package='v1alpha1', syntax='proto3', serialized_options=_b('Z\010v1alpha1'), - serialized_pb=_b('\n*pkg/apis/istio/v1alpha1/values_types.proto\x12\x08v1alpha1\x1a\x1egoogle/protobuf/duration.proto\x1a\"k8s.io/api/core/v1/generated.proto\x1a@github.com/gogo/protobuf/protobuf/google/protobuf/wrappers.proto\"\xb6\x01\n\x12\x41\x64\x64onIngressConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x35\n\x0b\x61nnotations\x18\x03 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12-\n\x03tls\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\";\n\nArchConfig\x12\r\n\x05\x61md64\x18\x01 \x01(\r\x12\x0f\n\x07ppc64le\x18\x02 \x01(\r\x12\r\n\x05s390x\x18\x03 \x01(\r\"\xba\x02\n\tCNIConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0b\n\x03hub\x18\x02 \x01(\t\x12\x0b\n\x03tag\x18\x03 \x01(\t\x12\r\n\x05image\x18\x04 \x01(\t\x12\x12\n\npullPolicy\x18\x05 \x01(\t\x12\x11\n\tcniBinDir\x18\x06 \x01(\t\x12\x12\n\ncniConfDir\x18\x07 \x01(\t\x12\x17\n\x0f\x63niConfFileName\x18\x08 \x01(\t\x12\x19\n\x11\x65xcludeNamespaces\x18\t \x03(\t\x12<\n\x0epodAnnotations\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x18\n\x10psp_cluster_role\x18\x0b \x01(\t\x12\x10\n\x08logLevel\x18\x0c \x01(\t\">\n\x1a\x43PUTargetUtilizationConfig\x12 \n\x18targetAverageUtilization\x18\x01 \x01(\x05\"\xc7\x04\n\x11\x43\x65rtManagerConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0b\n\x03hub\x18\x02 \x01(\t\x12\x0b\n\x03tag\x18\x03 \x01(\t\x12\r\n\x05image\x18\x04 \x01(\t\x12\x18\n\x0creplicaCount\x18\x05 \x01(\rB\x02\x18\x01\x12\r\n\x05\x65mail\x18\x06 \x01(\t\x12\x11\n\textraArgs\x18\x07 \x03(\t\x12:\n\x0cnodeSelector\x18\x08 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12*\n\tresources\x18\t \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12\x14\n\x0cpodDnsPolicy\x18\n \x01(\t\x12\x36\n\x0cpodDnsConfig\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0c \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\"\xd1\x01\n\tResources\x12/\n\x06limits\x18\x01 \x03(\x0b\x32\x1f.v1alpha1.Resources.LimitsEntry\x12\x33\n\x08requests\x18\x02 \x03(\x0b\x32!.v1alpha1.Resources.RequestsEntry\x1a-\n\x0bLimitsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x1a/\n\rRequestsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xae\x05\n\rCoreDNSConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x63oreDNSImage\x18\x02 \x01(\t\x12\x12\n\ncoreDNSTag\x18\x03 \x01(\t\x12\x1a\n\x12\x63oreDNSPluginImage\x18\x04 \x01(\t\x12:\n\x0cnodeSelector\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x18\n\x0creplicaCount\x18\x06 \x01(\rB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12*\n\tresources\x18\x08 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12;\n\x0frollingMaxSurge\x18\t \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\n \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0b \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x0c \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\"O\n DefaultPodDisruptionBudgetConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"M\n\x16\x44\x65\x66\x61ultResourcesConfig\x12\x33\n\x08requests\x18\x01 \x01(\x0b\x32!.v1alpha1.ResourcesRequestsConfig\"\xdd\x07\n\x13\x45gressGatewayConfig\x12\x34\n\x10\x61utoscaleEnabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x61utoscaleMax\x18\x02 \x01(\r\x12\x14\n\x0c\x61utoscaleMin\x18\x03 \x01(\r\x12\x16\n\x0e\x63onnectTimeout\x18\x04 \x01(\t\x12\x35\n\x03\x63pu\x18\x05 \x01(\x0b\x32$.v1alpha1.CPUTargetUtilizationConfigB\x02\x18\x01\x12\x30\n\rdrainDuration\x18\x06 \x01(\x0b\x32\x19.google.protobuf.Duration\x12+\n\x07\x65nabled\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x03\x65nv\x18\x08 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12-\n\x06labels\x18\t \x01(\x0b\x32\x1d.v1alpha1.GatewayLabelsConfig\x12:\n\x0cnodeSelector\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0c \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12$\n\x05ports\x18\x0e \x03(\x0b\x32\x15.v1alpha1.PortsConfig\x12*\n\tresources\x18\x0f \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12-\n\rsecretVolumes\x18\x10 \x03(\x0b\x32\x16.v1alpha1.SecretVolume\x12<\n\x12serviceAnnotations\x18\x11 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x0c\n\x04type\x18\x12 \x01(\t\x12%\n\x04zvpn\x18\x13 \x01(\x0b\x32\x17.v1alpha1.ZeroVPNConfig\x12@\n\x0btolerations\x18\x14 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\"\xcc\x01\n\x12\x45nvoyMetricsConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0c\n\x04host\x18\x02 \x01(\t\x12\x0c\n\x04port\x18\x03 \x01(\x05\x12\x35\n\x0btlsSettings\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x36\n\x0ctcpKeepalive\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"\x8d\x05\n\x0cGalleyConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05image\x18\x02 \x01(\t\x12.\n\x04mesh\x18\x03 \x03(\x0b\x32 .v1alpha1.GalleyConfig.MeshEntry\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x04 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x05 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12\x18\n\x0creplicaCount\x18\x06 \x01(\rB\x02\x18\x01\x12*\n\tresources\x18\x07 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12\x32\n\x0e\x65nableAnalysis\x18\x08 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12;\n\x0frollingMaxSurge\x18\t \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\n \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12@\n\x0btolerations\x18\x0b \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x1a+\n\tMeshEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"1\n\x13GatewayLabelsConfig\x12\x0b\n\x03\x61pp\x18\x01 \x01(\t\x12\r\n\x05istio\x18\x02 \x01(\t\"\xb7\x01\n\x0eGatewaysConfig\x12:\n\x13istio_egressgateway\x18\x01 \x01(\x0b\x32\x1d.v1alpha1.EgressGatewayConfig\x12+\n\x07\x65nabled\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12<\n\x14istio_ingressgateway\x18\x04 \x01(\x0b\x32\x1e.v1alpha1.IngressGatewayConfig\"\xb9\x12\n\x0cGlobalConfig\x12\"\n\x04\x61rch\x18\x01 \x01(\x0b\x32\x14.v1alpha1.ArchConfig\x12=\n\x0c\x63\x65rtificates\x18( \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x17\n\x0f\x63onfigNamespace\x18\x02 \x01(\t\x12\x1b\n\x13\x63onfigRootNamespace\x18\x32 \x01(\t\x12\x34\n\x10\x63onfigValidation\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12?\n\x1b\x63ontrolPlaneSecurityEnabled\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\'\n\x1f\x64\x65\x66\x61ultConfigVisibilitySettings\x18\x34 \x03(\t\x12\x41\n\x13\x64\x65\x66\x61ultNodeSelector\x18\x06 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12R\n\x1a\x64\x65\x66\x61ultPodDisruptionBudget\x18\x07 \x01(\x0b\x32*.v1alpha1.DefaultPodDisruptionBudgetConfigB\x02\x18\x01\x12\x37\n\x13\x64isablePolicyChecks\x18\x08 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12>\n\x10\x64\x65\x66\x61ultResources\x18\t \x01(\x0b\x32 .v1alpha1.DefaultResourcesConfigB\x02\x18\x01\x12\x32\n\x0e\x65nableHelmTest\x18\n \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x31\n\renableTracing\x18\x0b \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0b\n\x03hub\x18\x0c \x01(\t\x12\x17\n\x0fimagePullPolicy\x18\r \x01(\t\x12\x41\n\x10imagePullSecrets\x18% \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x16\n\x0eistioNamespace\x18\x0e \x01(\t\x12;\n\x11localityLbSetting\x18\x0f \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x35\n\nk8sIngress\x18\x10 \x01(\x0b\x32!.v1alpha1.KubernetesIngressConfig\x12-\n\tlogAsJson\x18$ \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12.\n\x07logging\x18\x11 \x01(\x0b\x32\x1d.v1alpha1.GlobalLoggingConfig\x12\x34\n\rmeshExpansion\x18\x12 \x01(\x0b\x32\x1d.v1alpha1.MeshExpansionConfig\x12\x0e\n\x06meshID\x18\x35 \x01(\t\x12\x36\n\x0cmeshNetworks\x18\x13 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x16\n\x0emonitoringPort\x18\x14 \x01(\r\x12\"\n\x04mtls\x18\x15 \x01(\x0b\x32\x14.v1alpha1.MTLSConfig\x12\x32\n\x0cmultiCluster\x18\x16 \x01(\x0b\x32\x1c.v1alpha1.MultiClusterConfig\x12\x0f\n\x07network\x18\' \x01(\t\x12\x1e\n\x16podDNSSearchNamespaces\x18+ \x03(\t\x12@\n\x1comitSidecarInjectorConfigMap\x18& \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x30\n\x0coneNamespace\x18\x17 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12:\n\x16operatorManageWebhooks\x18) \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x44\n\x15outboundTrafficPolicy\x18\x18 \x01(\x0b\x32%.v1alpha1.OutboundTrafficPolicyConfig\x12\x37\n\x13policyCheckFailOpen\x18\x19 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x17\n\x0fpolicyNamespace\x18\x1a \x01(\t\x12\x1d\n\x11priorityClassName\x18\x1b \x01(\tB\x02\x18\x01\x12\x1b\n\x13prometheusNamespace\x18\x33 \x01(\t\x12$\n\x05proxy\x18\x1c \x01(\x0b\x32\x15.v1alpha1.ProxyConfig\x12,\n\tproxyInit\x18\x1d \x01(\x0b\x32\x19.v1alpha1.ProxyInitConfig\x12 \n\x03sds\x18\x1e \x01(\x0b\x32\x13.v1alpha1.SDSConfig\x12\x0b\n\x03tag\x18\x1f \x01(\t\x12\x1a\n\x12telemetryNamespace\x18 \x01(\t\x12&\n\x06tracer\x18! \x01(\x0b\x32\x16.v1alpha1.TracerConfig\x12\x13\n\x0btrustDomain\x18\" \x01(\t\x12\x1a\n\x12trustDomainAliases\x18* \x03(\t\x12*\n\x06useMCP\x18# \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12/\n\x0bistioRemote\x18, \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12<\n\x18\x63reateRemoteSvcEndpoints\x18- \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12@\n\x1cremotePilotCreateSvcEndpoint\x18. \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x1b\n\x13remotePolicyAddress\x18/ \x01(\t\x12\x1a\n\x12remotePilotAddress\x18\x30 \x01(\t\x12\x1e\n\x16remoteTelemetryAddress\x18\x31 \x01(\t\x12&\n\x06istiod\x18\x36 \x01(\x0b\x32\x16.v1alpha1.IstiodConfig\x12\x19\n\x11pilotCertProvider\x18\x37 \x01(\t\x12\x11\n\tjwtPolicy\x18\x38 \x01(\t\";\n\x0cIstiodConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"$\n\x13GlobalLoggingConfig\x12\r\n\x05level\x18\x01 \x01(\t\"\xd3\x0e\n\x14IngressGatewayConfig\x12\x34\n\x10\x61utoscaleEnabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x61utoscaleMax\x18\x02 \x01(\r\x12\x14\n\x0c\x61utoscaleMin\x18\x03 \x01(\r\x12\x16\n\x0e\x63onnectTimeout\x18\x04 \x01(\t\x12\x35\n\x03\x63pu\x18\x05 \x01(\x0b\x32$.v1alpha1.CPUTargetUtilizationConfigB\x02\x18\x01\x12\x31\n\rcustomService\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05\x64\x65\x62ug\x18\x07 \x01(\t\x12\x0e\n\x06\x64omain\x18\x08 \x01(\t\x12\x30\n\rdrainDuration\x18\t \x01(\x0b\x32\x19.google.protobuf.Duration\x12+\n\x07\x65nabled\x18\n \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x03\x65nv\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x13\n\x0b\x65xternalIPs\x18\x0c \x03(\t\x12.\n\nk8sIngress\x18\r \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x33\n\x0fk8sIngressHttps\x18\x0e \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x06labels\x18\x0f \x01(\x0b\x32\x1d.v1alpha1.GatewayLabelsConfig\x12\x16\n\x0eloadBalancerIP\x18\x10 \x01(\t\x12 \n\x18loadBalancerSourceRanges\x18\x11 \x03(\t\x12\x31\n\x12meshExpansionPorts\x18\x12 \x03(\x0b\x32\x15.v1alpha1.PortsConfig\x12:\n\x0cnodeSelector\x18\x13 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x14 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x15 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x16 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12$\n\x05ports\x18\x17 \x03(\x0b\x32\x15.v1alpha1.PortsConfig\x12\x18\n\x0creplicaCount\x18\x18 \x01(\rB\x02\x18\x01\x12\x37\n\tresources\x18\x19 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12.\n\x03sds\x18\x1a \x01(\x0b\x32!.v1alpha1.IngressGatewaySdsConfig\x12-\n\rsecretVolumes\x18\x1b \x03(\x0b\x32\x16.v1alpha1.SecretVolume\x12<\n\x12serviceAnnotations\x18\x1c \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x0c\n\x04type\x18\x1d \x01(\t\x12\x30\n\x04zvpn\x18\x1e \x01(\x0b\x32\".v1alpha1.IngressGatewayZvpnConfig\x12;\n\x0frollingMaxSurge\x18\x1f \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x18\n\x10\x61pplicationPorts\x18! \x01(\t\x12\x1d\n\x15\x65xternalTrafficPolicy\x18\" \x01(\t\x12@\n\x0btolerations\x18# \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12=\n\x0cingressPorts\x18$ \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x45\n\x14\x61\x64\x64itionalContainers\x18% \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12>\n\rconfigVolumes\x18& \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x30\n\x0c\x63\x65rtificates\x18\' \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\'\n\x03tls\x18( \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x81\x01\n\x17IngressGatewaySdsConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05image\x18\x02 \x01(\t\x12*\n\tresources\x18\x03 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\"W\n\x18IngressGatewayZvpnConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0e\n\x06suffix\x18\x02 \x01(\t\"N\n\x1fKubernetesEnvMixerAdapterConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x8c\x01\n\x17KubernetesIngressConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12/\n\x0b\x65nableHttps\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x13\n\x0bgatewayName\x18\x03 \x01(\t\"L\n\x12LoadSheddingConfig\x12\x18\n\x10latencyThreshold\x18\x01 \x01(\t\x12\x1c\n\x04mode\x18\x02 \x01(\x0e\x32\x0e.v1alpha1.mode\"c\n\nMTLSConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12(\n\x04\x61uto\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"n\n\x13MeshExpansionConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12*\n\x06useILB\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xc0\x02\n\x1cMixerTelemetryAdaptersConfig\x12@\n\rkubernetesenv\x18\x01 \x01(\x0b\x32).v1alpha1.KubernetesEnvMixerAdapterConfig\x12:\n\nprometheus\x18\x02 \x01(\x0b\x32&.v1alpha1.PrometheusMixerAdapterConfig\x12\x30\n\x05stdio\x18\x03 \x01(\x0b\x32!.v1alpha1.StdioMixerAdapterConfig\x12<\n\x0bstackdriver\x18\x04 \x01(\x0b\x32\'.v1alpha1.StackdriverMixerAdapterConfig\x12\x32\n\x0euseAdapterCRDs\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xbd\x02\n\x19MixerPolicyAdaptersConfig\x12@\n\rkubernetesenv\x18\x01 \x01(\x0b\x32).v1alpha1.KubernetesEnvMixerAdapterConfig\x12:\n\nprometheus\x18\x02 \x01(\x0b\x32&.v1alpha1.PrometheusMixerAdapterConfig\x12\x30\n\x05stdio\x18\x03 \x01(\x0b\x32!.v1alpha1.StdioMixerAdapterConfig\x12<\n\x0bstackdriver\x18\x04 \x01(\x0b\x32\'.v1alpha1.StackdriverMixerAdapterConfig\x12\x32\n\x0euseAdapterCRDs\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xa7\x01\n\x0bMixerConfig\x12+\n\x06policy\x18\x01 \x01(\x0b\x32\x1b.v1alpha1.MixerPolicyConfig\x12\x31\n\ttelemetry\x18\x02 \x01(\x0b\x32\x1e.v1alpha1.MixerTelemetryConfig\x12\x38\n\x08\x61\x64\x61pters\x18\x03 \x01(\x0b\x32&.v1alpha1.MixerTelemetryAdaptersConfig\"\xdf\x03\n\x11MixerPolicyConfig\x12\x34\n\x10\x61utoscaleEnabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x61utoscaleMax\x18\x02 \x01(\r\x12\x14\n\x0c\x61utoscaleMin\x18\x03 \x01(\r\x12\x35\n\x03\x63pu\x18\x04 \x01(\x0b\x32$.v1alpha1.CPUTargetUtilizationConfigB\x02\x18\x01\x12+\n\x07\x65nabled\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05image\x18\x06 \x01(\t\x12<\n\x0epodAnnotations\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x18\n\x0creplicaCount\x18\x08 \x01(\rB\x02\x18\x01\x12\x35\n\x08\x61\x64\x61pters\x18\t \x01(\x0b\x32#.v1alpha1.MixerPolicyAdaptersConfig\x12:\n\x16sessionAffinityEnabled\x18\n \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12*\n\tresources\x18\x0b \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\"\x9d\x08\n\x14MixerTelemetryConfig\x12\x34\n\x10\x61utoscaleEnabled\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x61utoscaleMax\x18\x03 \x01(\r\x12\x14\n\x0c\x61utoscaleMin\x18\x04 \x01(\r\x12\x35\n\x03\x63pu\x18\x05 \x01(\x0b\x32$.v1alpha1.CPUTargetUtilizationConfigB\x02\x18\x01\x12+\n\x07\x65nabled\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x03\x65nv\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\r\n\x05image\x18\x08 \x01(\t\x12\x32\n\x0cloadshedding\x18\t \x01(\x0b\x32\x1c.v1alpha1.LoadSheddingConfig\x12:\n\x0cnodeSelector\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x18\n\x0creplicaCount\x18\x0c \x01(\rB\x02\x18\x01\x12;\n\x0frollingMaxSurge\x18\x0f \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\x10 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12*\n\x06useMCP\x18\x11 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x1a\n\x12reportBatchMaxTime\x18\x12 \x01(\t\x12\x1d\n\x15reportBatchMaxEntries\x18\x13 \x01(\r\x12*\n\tresources\x18\r \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12:\n\x16sessionAffinityEnabled\x18\x0e \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x14 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x15 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\x16 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\"V\n\x12MultiClusterConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x13\n\x0b\x63lusterName\x18\x02 \x01(\t\"\xa4\x03\n\x0fNodeAgentConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x03\x65nv\x18\x02 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\r\n\x05image\x18\x03 \x01(\t\x12:\n\x0cnodeSelector\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\x05 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x06 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x07 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\"\x81\x01\n\x1bOutboundTrafficPolicyConfig\x12\x38\n\x04mode\x18\x02 \x01(\x0e\x32*.v1alpha1.OutboundTrafficPolicyConfig.Mode\"(\n\x04Mode\x12\r\n\tALLOW_ANY\x10\x00\x12\x11\n\rREGISTRY_ONLY\x10\x01\"\x89\x0c\n\x0bPilotConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x34\n\x10\x61utoscaleEnabled\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x61utoscaleMin\x18\x03 \x01(\r\x12\x14\n\x0c\x61utoscaleMax\x18\x04 \x01(\r\x12\x18\n\x0creplicaCount\x18\x05 \x01(\rB\x02\x18\x01\x12\r\n\x05image\x18\x06 \x01(\t\x12+\n\x07sidecar\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x15\n\rtraceSampling\x18\x08 \x01(\x01\x12*\n\tresources\x18\t \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12\x17\n\x0f\x63onfigNamespace\x18\n \x01(\t\x12\x35\n\x03\x63pu\x18\x0b \x01(\x0b\x32$.v1alpha1.CPUTargetUtilizationConfigB\x02\x18\x01\x12:\n\x0cnodeSelector\x18\x0c \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x42\n\x1fkeepaliveMaxServerConnectionAge\x18\r \x01(\x0b\x32\x19.google.protobuf.Duration\x12:\n\x10\x64\x65ploymentLabels\x18\x0e \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x36\n\x0cmeshNetworks\x18\x0f \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x10 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x11 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12-\n\tconfigMap\x18\x12 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x07ingress\x18\x13 \x01(\x0b\x32\x1c.v1alpha1.PilotIngressConfig\x12*\n\x06useMCP\x18\x14 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x03\x65nv\x18\x15 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12+\n\x06policy\x18\x16 \x01(\x0b\x32\x1b.v1alpha1.PilotPolicyConfig\x12;\n\x0frollingMaxSurge\x18\x18 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\x19 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12@\n\x0btolerations\x18\x1a \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12>\n\rappNamespaces\x18\x1b \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x45\n!enableProtocolSniffingForOutbound\x18\x1c \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x44\n enableProtocolSniffingForInbound\x18\x1d \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12<\n\x0epodAnnotations\x18\x1e \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x31\n\x0c\x63onfigSource\x18\x1f \x01(\x0b\x32\x1b.v1alpha1.PilotConfigSource\"\x82\x01\n\x12PilotIngressConfig\x12\x16\n\x0eingressService\x18\x01 \x01(\t\x12>\n\x15ingressControllerMode\x18\x02 \x01(\x0e\x32\x1f.v1alpha1.ingressControllerMode\x12\x14\n\x0cingressClass\x18\x03 \x01(\t\"@\n\x11PilotPolicyConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x90\x01\n\x0fTelemetryConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\'\n\x02v1\x18\x02 \x01(\x0b\x32\x1b.v1alpha1.TelemetryV1Config\x12\'\n\x02v2\x18\x03 \x01(\x0b\x32\x1b.v1alpha1.TelemetryV2Config\"@\n\x11TelemetryV1Config\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xb8\x01\n\x11TelemetryV2Config\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x39\n\nprometheus\x18\x02 \x01(\x0b\x32%.v1alpha1.TelemetryV2PrometheusConfig\x12;\n\x0bstackdriver\x18\x03 \x01(\x0b\x32&.v1alpha1.TelemetryV2StackDriverConfig\"J\n\x1bTelemetryV2PrometheusConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x90\x02\n\x1cTelemetryV2StackDriverConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12+\n\x07logging\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12.\n\nmonitoring\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12,\n\x08topology\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x38\n\x0e\x63onfigOverride\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"0\n\x11PilotConfigSource\x12\x1b\n\x13subscribedResources\x18\x01 \x01(\t\"O\n\x0bPortsConfig\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0c\n\x04port\x18\x02 \x01(\x05\x12\x10\n\x08nodePort\x18\x03 \x01(\x05\x12\x12\n\ntargetPort\x18\x04 \x01(\x05\"\xf9\x05\n\x10PrometheusConfig\x12<\n\x18\x63reatePrometheusResource\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12+\n\x07\x65nabled\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x18\n\x0creplicaCount\x18\x03 \x01(\rB\x02\x18\x01\x12\x0b\n\x03hub\x18\x04 \x01(\t\x12\x0b\n\x03tag\x18\x05 \x01(\t\x12\x11\n\tretention\x18\x06 \x01(\t\x12:\n\x0cnodeSelector\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x31\n\x0escrapeInterval\x18\x08 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x13\n\x0b\x63ontextPath\x18\t \x01(\t\x12-\n\x07ingress\x18\n \x01(\x0b\x32\x1c.v1alpha1.AddonIngressConfig\x12\x32\n\x07service\x18\x0b \x01(\x0b\x32!.v1alpha1.PrometheusServiceConfig\x12\x34\n\x08security\x18\x0c \x01(\x0b\x32\".v1alpha1.PrometheusSecurityConfig\x12@\n\x0btolerations\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x0f \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12*\n\tresources\x18\x10 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\"\x85\x01\n\x1cPrometheusMixerAdapterConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x38\n\x15metricsExpiryDuration\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\"G\n\x18PrometheusSecurityConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x8d\x01\n\x17PrometheusServiceConfig\x12\x35\n\x0b\x61nnotations\x18\x01 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12;\n\x08nodePort\x18\x02 \x01(\x0b\x32).v1alpha1.PrometheusServiceNodePortConfig\"\\\n\x1fPrometheusServiceNodePortConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0c\n\x04port\x18\x02 \x01(\r\"\xfa\x08\n\x0bProxyConfig\x12+\n\x07\x65nabled\x18# \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x15\n\raccessLogFile\x18\x01 \x01(\t\x12\x17\n\x0f\x61\x63\x63\x65ssLogFormat\x18\x02 \x01(\t\x12\x36\n\x11\x61\x63\x63\x65ssLogEncoding\x18\x03 \x01(\x0e\x32\x1b.v1alpha1.accessLogEncoding\x12\x12\n\nautoInject\x18\x04 \x01(\t\x12\x15\n\rclusterDomain\x18\x05 \x01(\t\x12\x19\n\x11\x63omponentLogLevel\x18\x06 \x01(\t\x12\x13\n\x0b\x63oncurrency\x18\x07 \x01(\r\x12\x31\n\x0e\x64nsRefreshRate\x18\x08 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x32\n\x0e\x65nableCoreDump\x18\t \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x39\n\x13\x65nvoyMetricsService\x18\n \x01(\x0b\x32\x1c.v1alpha1.EnvoyMetricsConfig\x12\x31\n\x0b\x65nvoyStatsd\x18\x0b \x01(\x0b\x32\x1c.v1alpha1.EnvoyMetricsConfig\x12\x1b\n\x13\x65xcludeInboundPorts\x18\x0c \x01(\t\x12\x17\n\x0f\x65xcludeIPRanges\x18\r \x01(\t\x12\r\n\x05image\x18\x0e \x01(\t\x12\x1b\n\x13includeInboundPorts\x18\x0f \x01(\t\x12\x17\n\x0fincludeIPRanges\x18\x10 \x01(\t\x12\x1a\n\x12kubevirtInterfaces\x18\x11 \x01(\t\x12\x10\n\x08logLevel\x18\x12 \x01(\t\x12.\n\nprivileged\x18\x13 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12$\n\x1creadinessInitialDelaySeconds\x18\x14 \x01(\r\x12\x1e\n\x16readinessPeriodSeconds\x18\x15 \x01(\r\x12!\n\x19readinessFailureThreshold\x18\x16 \x01(\r\x12\x12\n\nstatusPort\x18\x17 \x01(\r\x12*\n\tresources\x18\x18 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12 \n\x06tracer\x18\x19 \x01(\x0e\x32\x10.v1alpha1.tracer\x12 \n\x18protocolDetectionTimeout\x18\x1a \x01(\t\x12=\n\x15\x65nvoyAccessLogService\x18\x1b \x01(\x0b\x32\x1e.v1alpha1.EnvoyAccessLogConfig\x12\x1c\n\x14\x65xcludeOutboundPorts\x18\x1c \x01(\t\x12\x30\n\rdrainDuration\x18\x1d \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x16\n\x0e\x63onnectTimeout\x18\x1e \x01(\t\x12\x39\n\x16parentShutdownDuration\x18 \x01(\x0b\x32\x19.google.protobuf.Duration\"\xd1\x01\n\x14\x45nvoyAccessLogConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0c\n\x04host\x18\x02 \x01(\t\x12\x0c\n\x04port\x18\x03 \x01(\t\x12\x38\n\x0btlsSettings\x18\x04 \x01(\x0b\x32#.v1alpha1.EnvoyAccessLogtlsSettings\x12\x36\n\x0ctcpKeepalive\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"\x96\x01\n\x19\x45nvoyAccessLogtlsSettings\x12\x0c\n\x04mode\x18\x01 \x01(\t\x12\x19\n\x11\x63lientCertificate\x18\x02 \x01(\t\x12\x12\n\nprivateKey\x18\x03 \x01(\t\x12\x16\n\x0e\x63\x61\x43\x65rtificates\x18\x04 \x01(\t\x12\x0b\n\x03sni\x18\x05 \x01(\t\x12\x17\n\x0fsubjectAltNames\x18\x06 \x03(\t\"L\n\x0fProxyInitConfig\x12\r\n\x05image\x18\x01 \x01(\t\x12*\n\tresources\x18\x05 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\"6\n\x17ResourcesRequestsConfig\x12\x0b\n\x03\x63pu\x18\x01 \x01(\t\x12\x0e\n\x06memory\x18\x02 \x01(\t\"\xe3\x01\n\tSDSConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0f\n\x07udsPath\x18\x02 \x01(\t\x12\x30\n\x0cuseNormalJwt\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x35\n\x11useTrustworthyJwt\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12/\n\x05token\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"C\n\x0cSecretVolume\x12\x11\n\tmountPath\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12\x12\n\nsecretName\x18\x03 \x01(\t\"\xc7\x05\n\x0eSecurityConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x18\n\x0creplicaCount\x18\x02 \x01(\rB\x02\x18\x01\x12\r\n\x05image\x18\x03 \x01(\t\x12.\n\nselfSigned\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x13\n\x0btrustDomain\x18\x05 \x01(\t\x12\x38\n\x08\x64nsCerts\x18\x06 \x03(\x0b\x32&.v1alpha1.SecurityConfig.DnsCertsEntry\x12\x34\n\x10\x63reateMeshPolicy\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12=\n\x19\x65nableNamespacesByDefault\x18\x08 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x36\n\x12\x63itadelHealthCheck\x18\t \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12:\n\x0cnodeSelector\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12-\n\x03\x65nv\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12<\n\x0epodAnnotations\x18\x0c \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x17\n\x0fworkloadCertTtl\x18\r \x01(\t\x12@\n\x0btolerations\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x1a/\n\rDnsCertsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"x\n\rServiceConfig\x12\x35\n\x0b\x61nnotations\x18\x01 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x14\n\x0c\x65xternalPort\x18\x02 \x01(\r\x12\x0c\n\x04name\x18\x03 \x01(\t\x12\x0c\n\x04type\x18\x12 \x01(\t\"\x84\x07\n\x15SidecarInjectorConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12=\n\x19\x65nableNamespacesByDefault\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05image\x18\x03 \x01(\t\x12:\n\x0cnodeSelector\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x44\n\x13neverInjectSelector\x18\x0b \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x45\n\x14\x61lwaysInjectSelector\x18\x0c \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12\x18\n\x0creplicaCount\x18\x0f \x01(\rB\x02\x18\x01\x12\x37\n\x13rewriteAppHTTPProbe\x18\x10 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12.\n\nselfSigned\x18\x11 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x13\n\x0binjectLabel\x18\x12 \x01(\t\x12=\n\x13injectedAnnotations\x18\x13 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12*\n\tresources\x18\x14 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12\x38\n\x0eobjectSelector\x18\x15 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12@\n\x0btolerations\x18\x16 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\"x\n\x17StdioMixerAdapterConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x30\n\x0coutputAsJson\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xe7\x01\n\x1dStackdriverMixerAdapterConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x04\x61uth\x18\x02 \x01(\x0b\x32\x1f.v1alpha1.StackdriverAuthConfig\x12\x31\n\x06tracer\x18\x03 \x01(\x0b\x32!.v1alpha1.StackdriverTracerConfig\x12\x37\n\x0c\x63ontextGraph\x18\x04 \x01(\x0b\x32!.v1alpha1.StackdriverContextGraph\"w\n\x15StackdriverAuthConfig\x12\x32\n\x0e\x61ppCredentials\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0e\n\x06\x61piKey\x18\x02 \x01(\t\x12\x1a\n\x12serviceAccountPath\x18\x03 \x01(\t\"a\n\x17StackdriverTracerConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x19\n\x11sampleProbability\x18\x02 \x01(\r\"F\n\x17StackdriverContextGraph\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xa0\x01\n\x0cTracerConfig\x12.\n\x07\x64\x61tadog\x18\x01 \x01(\x0b\x32\x1d.v1alpha1.TracerDatadogConfig\x12\x32\n\tlightstep\x18\x02 \x01(\x0b\x32\x1f.v1alpha1.TracerLightStepConfig\x12,\n\x06zipkin\x18\x03 \x01(\x0b\x32\x1c.v1alpha1.TracerZipkinConfig\"&\n\x13TracerDatadogConfig\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\"}\n\x15TracerLightStepConfig\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12\x13\n\x0b\x61\x63\x63\x65ssToken\x18\x02 \x01(\t\x12\x12\n\ncacertPath\x18\x03 \x01(\t\x12*\n\x06secure\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"%\n\x12TracerZipkinConfig\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\"\xfb\x04\n\rTracingConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12/\n\x07ingress\x18\x02 \x01(\x0b\x32\x1e.v1alpha1.TracingIngressConfig\x12-\n\x06jaeger\x18\x03 \x01(\x0b\x32\x1d.v1alpha1.TracingJaegerConfig\x12:\n\x0cnodeSelector\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x10\n\x08provider\x18\x05 \x01(\t\x12(\n\x07service\x18\x06 \x01(\x0b\x32\x17.v1alpha1.ServiceConfig\x12-\n\x06zipkin\x18\x07 \x01(\x0b\x32\x1d.v1alpha1.TracingZipkinConfig\x12\x35\n\nopencensus\x18\x08 \x01(\x0b\x32!.v1alpha1.TracingOpencensusConfig\x12\x13\n\x0b\x63ontextPath\x18\t \x01(\t\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\x0f \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\"\xab\x01\n\x17TracingOpencensusConfig\x12\x0b\n\x03hub\x18\x01 \x01(\t\x12\x0b\n\x03tag\x18\x02 \x01(\t\x12=\n\texporters\x18\x03 \x01(\x0b\x32*.v1alpha1.TracingOpencensusExportersConfig\x12\x37\n\tresources\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\"Y\n TracingOpencensusExportersConfig\x12\x35\n\x0bstackdriver\x18\x01 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"\xb8\x01\n\x14TracingIngressConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x35\n\x0b\x61nnotations\x18\x02 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\r\n\x05hosts\x18\x03 \x03(\t\x12-\n\x03tls\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"\xd8\x01\n\x13TracingJaegerConfig\x12\x0b\n\x03hub\x18\x01 \x01(\t\x12\x0b\n\x03tag\x18\x02 \x01(\t\x12\x33\n\x06memory\x18\x03 \x01(\x0b\x32#.v1alpha1.TracingJaegerMemoryConfig\x12\x17\n\x0fspanStorageType\x18\x04 \x01(\t\x12+\n\x07persist\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x18\n\x10storageClassName\x18\x06 \x01(\t\x12\x12\n\naccessMode\x18\x07 \x01(\t\"/\n\x19TracingJaegerMemoryConfig\x12\x12\n\nmax_traces\x18\x01 \x01(\r\"\xe2\x01\n\x13TracingZipkinConfig\x12\x0b\n\x03hub\x18\x01 \x01(\t\x12\x0b\n\x03tag\x18\x02 \x01(\t\x12\x19\n\x11probeStartupDelay\x18\x03 \x01(\r\x12\x11\n\tqueryPort\x18\x04 \x01(\r\x12*\n\tresources\x18\x05 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12\x14\n\x0cjavaOptsHeap\x18\x06 \x01(\r\x12\x10\n\x08maxSpans\x18\x07 \x01(\r\x12/\n\x04node\x18\x08 \x01(\x0b\x32!.v1alpha1.TracingZipkinNodeConfig\"\'\n\x17TracingZipkinNodeConfig\x12\x0c\n\x04\x63pus\x18\x01 \x01(\r\"o\n\x13KialiSecurityConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x11\n\tcert_file\x18\x02 \x01(\t\x12\x18\n\x10private_key_file\x18\x03 \x01(\t\"\xaf\x01\n\x14KialiDashboardConfig\x12\x12\n\nsecretName\x18\x01 \x01(\t\x12\x13\n\x0busernameKey\x18\x02 \x01(\t\x12\x15\n\rpassphraseKey\x18\x03 \x01(\t\x12\x30\n\x0cviewOnlyMode\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x12\n\ngrafanaURL\x18\x05 \x01(\t\x12\x11\n\tjaegerURL\x18\x06 \x01(\t\"r\n\x12KialiIngressConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x13\n\x0b\x61nnotations\x18\x02 \x01(\t\x12\x0b\n\x03tls\x18\x03 \x01(\t\x12\r\n\x05hosts\x18\x04 \x03(\t\"\xcf\x05\n\x0bKialiConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x34\n\x10\x63reateDemoSecret\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0b\n\x03hub\x18\x03 \x01(\t\x12\x0b\n\x03tag\x18\x04 \x01(\t\x12\x18\n\x0creplicaCount\x18\x05 \x01(\rB\x02\x18\x01\x12\x1b\n\x13prometheusNamespace\x18\x06 \x01(\t\x12/\n\x08security\x18\x07 \x01(\x0b\x32\x1d.v1alpha1.KialiSecurityConfig\x12\x31\n\tdashboard\x18\x08 \x01(\x0b\x32\x1e.v1alpha1.KialiDashboardConfig\x12-\n\x07ingress\x18\t \x01(\x0b\x32\x1c.v1alpha1.KialiIngressConfig\x12\x13\n\x0b\x63ontextPath\x18\x0f \x01(\t\x12:\n\x0cnodeSelector\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0c \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\"\x96\x06\n\x06Values\x12\x30\n\x0b\x63\x65rtmanager\x18\x01 \x01(\x0b\x32\x1b.v1alpha1.CertManagerConfig\x12 \n\x03\x63ni\x18\x02 \x01(\x0b\x32\x13.v1alpha1.CNIConfig\x12-\n\x0cistiocoredns\x18\x03 \x01(\x0b\x32\x17.v1alpha1.CoreDNSConfig\x12&\n\x06galley\x18\x04 \x01(\x0b\x32\x16.v1alpha1.GalleyConfig\x12*\n\x08gateways\x18\x05 \x01(\x0b\x32\x18.v1alpha1.GatewaysConfig\x12&\n\x06global\x18\x06 \x01(\x0b\x32\x16.v1alpha1.GlobalConfig\x12\x31\n\x07grafana\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12$\n\x05mixer\x18\x08 \x01(\x0b\x32\x15.v1alpha1.MixerConfig\x12,\n\tnodeagent\x18\t \x01(\x0b\x32\x19.v1alpha1.NodeAgentConfig\x12$\n\x05pilot\x18\n \x01(\x0b\x32\x15.v1alpha1.PilotConfig\x12,\n\ttelemetry\x18\x17 \x01(\x0b\x32\x19.v1alpha1.TelemetryConfig\x12.\n\nprometheus\x18\x0b \x01(\x0b\x32\x1a.v1alpha1.PrometheusConfig\x12*\n\x08security\x18\x0c \x01(\x0b\x32\x18.v1alpha1.SecurityConfig\x12?\n\x16sidecarInjectorWebhook\x18\r \x01(\x0b\x32\x1f.v1alpha1.SidecarInjectorConfig\x12(\n\x07tracing\x18\x0e \x01(\x0b\x32\x17.v1alpha1.TracingConfig\x12$\n\x05kiali\x18\x0f \x01(\x0b\x32\x15.v1alpha1.KialiConfig\x12\x0f\n\x07version\x18\x10 \x01(\t\x12\x34\n\x10\x63lusterResources\x18\x11 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x18\n\x16TypeMapStringInterface\"\x1f\n\x1dTypeSliceOfMapStringInterface\"\x16\n\x14TypeIntOrStringForPB\"L\n\rZeroVPNConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0e\n\x06suffix\x18\x02 \x01(\t*/\n\x04mode\x12\x0c\n\x08\x64isabled\x10\x00\x12\x0c\n\x08log_only\x10\x01\x12\x0b\n\x07\x65nforce\x10\x02*9\n\x15ingressControllerMode\x12\x0b\n\x07\x44\x45\x46\x41ULT\x10\x00\x12\n\n\x06STRICT\x10\x01\x12\x07\n\x03OFF\x10\x02*\'\n\x11\x61\x63\x63\x65ssLogEncoding\x12\x08\n\x04JSON\x10\x00\x12\x08\n\x04TEXT\x10\x01*0\n\x06tracer\x12\n\n\x06zipkin\x10\x00\x12\r\n\tlightstep\x10\x01\x12\x0b\n\x07\x64\x61tadog\x10\x02\x42\nZ\x08v1alpha1b\x06proto3'), + serialized_pb=_b('\n*pkg/apis/istio/v1alpha1/values_types.proto\x12\x08v1alpha1\x1a\x1egoogle/protobuf/duration.proto\x1a\"k8s.io/api/core/v1/generated.proto\x1a@github.com/gogo/protobuf/protobuf/google/protobuf/wrappers.proto\"\xb6\x01\n\x12\x41\x64\x64onIngressConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x35\n\x0b\x61nnotations\x18\x03 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12-\n\x03tls\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\";\n\nArchConfig\x12\r\n\x05\x61md64\x18\x01 \x01(\r\x12\x0f\n\x07ppc64le\x18\x02 \x01(\r\x12\r\n\x05s390x\x18\x03 \x01(\r\"\xd4\x02\n\tCNIConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0b\n\x03hub\x18\x02 \x01(\t\x12%\n\x03tag\x18\x03 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\x12\r\n\x05image\x18\x04 \x01(\t\x12\x12\n\npullPolicy\x18\x05 \x01(\t\x12\x11\n\tcniBinDir\x18\x06 \x01(\t\x12\x12\n\ncniConfDir\x18\x07 \x01(\t\x12\x17\n\x0f\x63niConfFileName\x18\x08 \x01(\t\x12\x19\n\x11\x65xcludeNamespaces\x18\t \x03(\t\x12<\n\x0epodAnnotations\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x18\n\x10psp_cluster_role\x18\x0b \x01(\t\x12\x10\n\x08logLevel\x18\x0c \x01(\t\">\n\x1a\x43PUTargetUtilizationConfig\x12 \n\x18targetAverageUtilization\x18\x01 \x01(\x05\"\xd8\x05\n\x11\x43\x65rtManagerConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0b\n\x03hub\x18\x02 \x01(\t\x12%\n\x03tag\x18\x03 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\x12\r\n\x05image\x18\x04 \x01(\t\x12\x18\n\x0creplicaCount\x18\x05 \x01(\rB\x02\x18\x01\x12\r\n\x05\x65mail\x18\x06 \x01(\t\x12\x11\n\textraArgs\x18\x07 \x03(\t\x12:\n\x0cnodeSelector\x18\x08 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12*\n\tresources\x18\t \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12\x14\n\x0cpodDnsPolicy\x18\n \x01(\t\x12\x36\n\x0cpodDnsConfig\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0c \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x0f \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x37\n\tpodLabels\x18\x10 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\"\xd1\x01\n\tResources\x12/\n\x06limits\x18\x01 \x03(\x0b\x32\x1f.v1alpha1.Resources.LimitsEntry\x12\x33\n\x08requests\x18\x02 \x03(\x0b\x32!.v1alpha1.Resources.RequestsEntry\x1a-\n\x0bLimitsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x1a/\n\rRequestsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xae\x05\n\rCoreDNSConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x63oreDNSImage\x18\x02 \x01(\t\x12\x12\n\ncoreDNSTag\x18\x03 \x01(\t\x12\x1a\n\x12\x63oreDNSPluginImage\x18\x04 \x01(\t\x12:\n\x0cnodeSelector\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x18\n\x0creplicaCount\x18\x06 \x01(\rB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12*\n\tresources\x18\x08 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12;\n\x0frollingMaxSurge\x18\t \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\n \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0b \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x0c \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\"O\n DefaultPodDisruptionBudgetConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"M\n\x16\x44\x65\x66\x61ultResourcesConfig\x12\x33\n\x08requests\x18\x01 \x01(\x0b\x32!.v1alpha1.ResourcesRequestsConfig\"\xe4\t\n\x13\x45gressGatewayConfig\x12\x34\n\x10\x61utoscaleEnabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x61utoscaleMax\x18\x02 \x01(\r\x12\x14\n\x0c\x61utoscaleMin\x18\x03 \x01(\r\x12\x16\n\x0e\x63onnectTimeout\x18\x04 \x01(\t\x12\x35\n\x03\x63pu\x18\x05 \x01(\x0b\x32$.v1alpha1.CPUTargetUtilizationConfigB\x02\x18\x01\x12\x30\n\rdrainDuration\x18\x06 \x01(\x0b\x32\x19.google.protobuf.Duration\x12+\n\x07\x65nabled\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x03\x65nv\x18\x08 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12-\n\x06labels\x18\t \x01(\x0b\x32\x1d.v1alpha1.GatewayLabelsConfig\x12:\n\x0cnodeSelector\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0c \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12$\n\x05ports\x18\x0e \x03(\x0b\x32\x15.v1alpha1.PortsConfig\x12*\n\tresources\x18\x0f \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12-\n\rsecretVolumes\x18\x10 \x03(\x0b\x32\x16.v1alpha1.SecretVolume\x12<\n\x12serviceAnnotations\x18\x11 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x0c\n\x04type\x18\x12 \x01(\t\x12%\n\x04zvpn\x18\x13 \x01(\x0b\x32\x17.v1alpha1.ZeroVPNConfig\x12@\n\x0btolerations\x18\x14 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12;\n\x0frollingMaxSurge\x18\x15 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\x16 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12>\n\rconfigVolumes\x18\x17 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x45\n\x14\x61\x64\x64itionalContainers\x18\x18 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\"\xcc\x01\n\x12\x45nvoyMetricsConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0c\n\x04host\x18\x02 \x01(\t\x12\x0c\n\x04port\x18\x03 \x01(\x05\x12\x35\n\x0btlsSettings\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x36\n\x0ctcpKeepalive\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"\xfb\x06\n\x0cGalleyConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05image\x18\x02 \x01(\t\x12.\n\x04mesh\x18\x03 \x03(\x0b\x32 .v1alpha1.GalleyConfig.MeshEntry\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x04 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x05 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12\x18\n\x0creplicaCount\x18\x06 \x01(\rB\x02\x18\x01\x12*\n\tresources\x18\x07 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12\x32\n\x0e\x65nableAnalysis\x18\x08 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12;\n\x0frollingMaxSurge\x18\t \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\n \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12@\n\x0btolerations\x18\x0b \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12>\n\x16\x65nableServiceDiscovery\x18\x0c \x01(\x0b\x32\x1a.google.protobuf.BoolValueB\x02\x18\x01\x12:\n\x0cnodeSelector\x18\r \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x0e \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x0b\n\x03hub\x18\x0f \x01(\t\x12%\n\x03tag\x18\x10 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\x1a+\n\tMeshEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"1\n\x13GatewayLabelsConfig\x12\x0b\n\x03\x61pp\x18\x01 \x01(\t\x12\r\n\x05istio\x18\x02 \x01(\t\"\xb7\x01\n\x0eGatewaysConfig\x12:\n\x13istio_egressgateway\x18\x01 \x01(\x0b\x32\x1d.v1alpha1.EgressGatewayConfig\x12+\n\x07\x65nabled\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12<\n\x14istio_ingressgateway\x18\x04 \x01(\x0b\x32\x1e.v1alpha1.IngressGatewayConfig\"\x9c\x13\n\x0cGlobalConfig\x12\"\n\x04\x61rch\x18\x01 \x01(\x0b\x32\x14.v1alpha1.ArchConfig\x12=\n\x0c\x63\x65rtificates\x18( \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x17\n\x0f\x63onfigNamespace\x18\x02 \x01(\t\x12\x1b\n\x13\x63onfigRootNamespace\x18\x32 \x01(\t\x12\x34\n\x10\x63onfigValidation\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12?\n\x1b\x63ontrolPlaneSecurityEnabled\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\'\n\x1f\x64\x65\x66\x61ultConfigVisibilitySettings\x18\x34 \x03(\t\x12\x41\n\x13\x64\x65\x66\x61ultNodeSelector\x18\x06 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12R\n\x1a\x64\x65\x66\x61ultPodDisruptionBudget\x18\x07 \x01(\x0b\x32*.v1alpha1.DefaultPodDisruptionBudgetConfigB\x02\x18\x01\x12\x37\n\x13\x64isablePolicyChecks\x18\x08 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12>\n\x10\x64\x65\x66\x61ultResources\x18\t \x01(\x0b\x32 .v1alpha1.DefaultResourcesConfigB\x02\x18\x01\x12G\n\x12\x64\x65\x66\x61ultTolerations\x18\x37 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12\x32\n\x0e\x65nableHelmTest\x18\n \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x31\n\renableTracing\x18\x0b \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0b\n\x03hub\x18\x0c \x01(\t\x12\x17\n\x0fimagePullPolicy\x18\r \x01(\t\x12\x41\n\x10imagePullSecrets\x18% \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x16\n\x0eistioNamespace\x18\x0e \x01(\t\x12;\n\x11localityLbSetting\x18\x0f \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x35\n\nk8sIngress\x18\x10 \x01(\x0b\x32!.v1alpha1.KubernetesIngressConfig\x12-\n\tlogAsJson\x18$ \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12.\n\x07logging\x18\x11 \x01(\x0b\x32\x1d.v1alpha1.GlobalLoggingConfig\x12\x34\n\rmeshExpansion\x18\x12 \x01(\x0b\x32\x1d.v1alpha1.MeshExpansionConfig\x12\x0e\n\x06meshID\x18\x35 \x01(\t\x12\x36\n\x0cmeshNetworks\x18\x13 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x16\n\x0emonitoringPort\x18\x14 \x01(\r\x12\"\n\x04mtls\x18\x15 \x01(\x0b\x32\x14.v1alpha1.MTLSConfig\x12\x32\n\x0cmultiCluster\x18\x16 \x01(\x0b\x32\x1c.v1alpha1.MultiClusterConfig\x12\x0f\n\x07network\x18\' \x01(\t\x12\x1e\n\x16podDNSSearchNamespaces\x18+ \x03(\t\x12@\n\x1comitSidecarInjectorConfigMap\x18& \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x30\n\x0coneNamespace\x18\x17 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12:\n\x16operatorManageWebhooks\x18) \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x44\n\x15outboundTrafficPolicy\x18\x18 \x01(\x0b\x32%.v1alpha1.OutboundTrafficPolicyConfig\x12\x37\n\x13policyCheckFailOpen\x18\x19 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x17\n\x0fpolicyNamespace\x18\x1a \x01(\t\x12\x1d\n\x11priorityClassName\x18\x1b \x01(\tB\x02\x18\x01\x12\x1b\n\x13prometheusNamespace\x18\x33 \x01(\t\x12$\n\x05proxy\x18\x1c \x01(\x0b\x32\x15.v1alpha1.ProxyConfig\x12,\n\tproxyInit\x18\x1d \x01(\x0b\x32\x19.v1alpha1.ProxyInitConfig\x12 \n\x03sds\x18\x1e \x01(\x0b\x32\x13.v1alpha1.SDSConfig\x12%\n\x03tag\x18\x1f \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\x12\x1a\n\x12telemetryNamespace\x18 \x01(\t\x12&\n\x06tracer\x18! \x01(\x0b\x32\x16.v1alpha1.TracerConfig\x12\x13\n\x0btrustDomain\x18\" \x01(\t\x12\x1a\n\x12trustDomainAliases\x18* \x03(\t\x12*\n\x06useMCP\x18# \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12/\n\x0bistioRemote\x18, \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12<\n\x18\x63reateRemoteSvcEndpoints\x18- \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12@\n\x1cremotePilotCreateSvcEndpoint\x18. \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x1b\n\x13remotePolicyAddress\x18/ \x01(\t\x12\x1a\n\x12remotePilotAddress\x18\x30 \x01(\t\x12\x1e\n\x16remoteTelemetryAddress\x18\x31 \x01(\t\x12&\n\x06istiod\x18\x36 \x01(\x0b\x32\x16.v1alpha1.IstiodConfig\x12\x19\n\x11pilotCertProvider\x18\x38 \x01(\t\x12\x11\n\tjwtPolicy\x18\x39 \x01(\t\";\n\x0cIstiodConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"$\n\x13GlobalLoggingConfig\x12\r\n\x05level\x18\x01 \x01(\t\"\xee\x0f\n\x14IngressGatewayConfig\x12\x34\n\x10\x61utoscaleEnabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x61utoscaleMax\x18\x02 \x01(\r\x12\x14\n\x0c\x61utoscaleMin\x18\x03 \x01(\r\x12\x16\n\x0e\x63onnectTimeout\x18\x04 \x01(\t\x12\x35\n\x03\x63pu\x18\x05 \x01(\x0b\x32$.v1alpha1.CPUTargetUtilizationConfigB\x02\x18\x01\x12\x31\n\rcustomService\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05\x64\x65\x62ug\x18\x07 \x01(\t\x12\x0e\n\x06\x64omain\x18\x08 \x01(\t\x12\x30\n\rdrainDuration\x18\t \x01(\x0b\x32\x19.google.protobuf.Duration\x12+\n\x07\x65nabled\x18\n \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x03\x65nv\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x13\n\x0b\x65xternalIPs\x18\x0c \x03(\t\x12.\n\nk8sIngress\x18\r \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x33\n\x0fk8sIngressHttps\x18\x0e \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x06labels\x18\x0f \x01(\x0b\x32\x1d.v1alpha1.GatewayLabelsConfig\x12\x16\n\x0eloadBalancerIP\x18\x10 \x01(\t\x12 \n\x18loadBalancerSourceRanges\x18\x11 \x03(\t\x12\x31\n\x12meshExpansionPorts\x18\x12 \x03(\x0b\x32\x15.v1alpha1.PortsConfig\x12:\n\x0cnodeSelector\x18\x13 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x14 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x15 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x16 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12$\n\x05ports\x18\x17 \x03(\x0b\x32\x15.v1alpha1.PortsConfig\x12\x18\n\x0creplicaCount\x18\x18 \x01(\rB\x02\x18\x01\x12\x37\n\tresources\x18\x19 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12.\n\x03sds\x18\x1a \x01(\x0b\x32!.v1alpha1.IngressGatewaySdsConfig\x12-\n\rsecretVolumes\x18\x1b \x03(\x0b\x32\x16.v1alpha1.SecretVolume\x12<\n\x12serviceAnnotations\x18\x1c \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x0c\n\x04type\x18\x1d \x01(\t\x12\x30\n\x04zvpn\x18\x1e \x01(\x0b\x32\".v1alpha1.IngressGatewayZvpnConfig\x12;\n\x0frollingMaxSurge\x18\x1f \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x18\n\x10\x61pplicationPorts\x18! \x01(\t\x12\x1d\n\x15\x65xternalTrafficPolicy\x18\" \x01(\t\x12@\n\x0btolerations\x18# \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12=\n\x0cingressPorts\x18$ \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x45\n\x14\x61\x64\x64itionalContainers\x18% \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12>\n\rconfigVolumes\x18& \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x30\n\x0c\x63\x65rtificates\x18\' \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\'\n\x03tls\x18( \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x42\n\x18telemetry_addon_gateways\x18) \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x36\n\x05hosts\x18* \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x1d\n\x15telemetry_domain_name\x18+ \x01(\t\"\x81\x01\n\x17IngressGatewaySdsConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05image\x18\x02 \x01(\t\x12*\n\tresources\x18\x03 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\"W\n\x18IngressGatewayZvpnConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0e\n\x06suffix\x18\x02 \x01(\t\"N\n\x1fKubernetesEnvMixerAdapterConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x8c\x01\n\x17KubernetesIngressConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12/\n\x0b\x65nableHttps\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x13\n\x0bgatewayName\x18\x03 \x01(\t\"L\n\x12LoadSheddingConfig\x12\x18\n\x10latencyThreshold\x18\x01 \x01(\t\x12\x1c\n\x04mode\x18\x02 \x01(\x0e\x32\x0e.v1alpha1.mode\"c\n\nMTLSConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12(\n\x04\x61uto\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"n\n\x13MeshExpansionConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12*\n\x06useILB\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xc0\x02\n\x1cMixerTelemetryAdaptersConfig\x12@\n\rkubernetesenv\x18\x01 \x01(\x0b\x32).v1alpha1.KubernetesEnvMixerAdapterConfig\x12:\n\nprometheus\x18\x02 \x01(\x0b\x32&.v1alpha1.PrometheusMixerAdapterConfig\x12\x30\n\x05stdio\x18\x03 \x01(\x0b\x32!.v1alpha1.StdioMixerAdapterConfig\x12<\n\x0bstackdriver\x18\x04 \x01(\x0b\x32\'.v1alpha1.StackdriverMixerAdapterConfig\x12\x32\n\x0euseAdapterCRDs\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xbd\x02\n\x19MixerPolicyAdaptersConfig\x12@\n\rkubernetesenv\x18\x01 \x01(\x0b\x32).v1alpha1.KubernetesEnvMixerAdapterConfig\x12:\n\nprometheus\x18\x02 \x01(\x0b\x32&.v1alpha1.PrometheusMixerAdapterConfig\x12\x30\n\x05stdio\x18\x03 \x01(\x0b\x32!.v1alpha1.StdioMixerAdapterConfig\x12<\n\x0bstackdriver\x18\x04 \x01(\x0b\x32\'.v1alpha1.StackdriverMixerAdapterConfig\x12\x32\n\x0euseAdapterCRDs\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xa7\x01\n\x0bMixerConfig\x12+\n\x06policy\x18\x01 \x01(\x0b\x32\x1b.v1alpha1.MixerPolicyConfig\x12\x31\n\ttelemetry\x18\x02 \x01(\x0b\x32\x1e.v1alpha1.MixerTelemetryConfig\x12\x38\n\x08\x61\x64\x61pters\x18\x03 \x01(\x0b\x32&.v1alpha1.MixerTelemetryAdaptersConfig\"\xea\x07\n\x11MixerPolicyConfig\x12\x34\n\x10\x61utoscaleEnabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x61utoscaleMax\x18\x02 \x01(\r\x12\x14\n\x0c\x61utoscaleMin\x18\x03 \x01(\r\x12\x35\n\x03\x63pu\x18\x04 \x01(\x0b\x32$.v1alpha1.CPUTargetUtilizationConfigB\x02\x18\x01\x12+\n\x07\x65nabled\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05image\x18\x06 \x01(\t\x12<\n\x0epodAnnotations\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x18\n\x0creplicaCount\x18\x08 \x01(\rB\x02\x18\x01\x12\x35\n\x08\x61\x64\x61pters\x18\t \x01(\x0b\x32#.v1alpha1.MixerPolicyAdaptersConfig\x12:\n\x16sessionAffinityEnabled\x18\n \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12*\n\tresources\x18\x0b \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12;\n\x0frollingMaxSurge\x18\x0c \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\r \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x0f \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12:\n\x0cnodeSelector\x18\x10 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12-\n\x03\x65nv\x18\x11 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12@\n\x0btolerations\x18\x12 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12\x0b\n\x03hub\x18\x13 \x01(\t\x12%\n\x03tag\x18\x14 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\"\xd1\x08\n\x14MixerTelemetryConfig\x12\x34\n\x10\x61utoscaleEnabled\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x61utoscaleMax\x18\x03 \x01(\r\x12\x14\n\x0c\x61utoscaleMin\x18\x04 \x01(\r\x12\x35\n\x03\x63pu\x18\x05 \x01(\x0b\x32$.v1alpha1.CPUTargetUtilizationConfigB\x02\x18\x01\x12+\n\x07\x65nabled\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x03\x65nv\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\r\n\x05image\x18\x08 \x01(\t\x12\x32\n\x0cloadshedding\x18\t \x01(\x0b\x32\x1c.v1alpha1.LoadSheddingConfig\x12:\n\x0cnodeSelector\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x18\n\x0creplicaCount\x18\x0c \x01(\rB\x02\x18\x01\x12;\n\x0frollingMaxSurge\x18\x0f \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\x10 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12*\n\x06useMCP\x18\x11 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x1a\n\x12reportBatchMaxTime\x18\x12 \x01(\t\x12\x1d\n\x15reportBatchMaxEntries\x18\x13 \x01(\r\x12*\n\tresources\x18\r \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12:\n\x16sessionAffinityEnabled\x18\x0e \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x14 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x15 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\x16 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12\x0b\n\x03hub\x18\x17 \x01(\t\x12%\n\x03tag\x18\x18 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\"V\n\x12MultiClusterConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x13\n\x0b\x63lusterName\x18\x02 \x01(\t\"\x96\x04\n\x0fNodeAgentConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x03\x65nv\x18\x02 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\r\n\x05image\x18\x03 \x01(\t\x12:\n\x0cnodeSelector\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\x05 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x06 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x07 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x08 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x0b\n\x03hub\x18\t \x01(\t\x12%\n\x03tag\x18\n \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\"\x81\x01\n\x1bOutboundTrafficPolicyConfig\x12\x38\n\x04mode\x18\x02 \x01(\x0e\x32*.v1alpha1.OutboundTrafficPolicyConfig.Mode\"(\n\x04Mode\x12\r\n\tALLOW_ANY\x10\x00\x12\x11\n\rREGISTRY_ONLY\x10\x01\"\x98\r\n\x0bPilotConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x34\n\x10\x61utoscaleEnabled\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x14\n\x0c\x61utoscaleMin\x18\x03 \x01(\r\x12\x14\n\x0c\x61utoscaleMax\x18\x04 \x01(\r\x12\x18\n\x0creplicaCount\x18\x05 \x01(\rB\x02\x18\x01\x12\r\n\x05image\x18\x06 \x01(\t\x12+\n\x07sidecar\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x15\n\rtraceSampling\x18\x08 \x01(\x01\x12*\n\tresources\x18\t \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12\x17\n\x0f\x63onfigNamespace\x18\n \x01(\t\x12\x35\n\x03\x63pu\x18\x0b \x01(\x0b\x32$.v1alpha1.CPUTargetUtilizationConfigB\x02\x18\x01\x12:\n\x0cnodeSelector\x18\x0c \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x42\n\x1fkeepaliveMaxServerConnectionAge\x18\r \x01(\x0b\x32\x19.google.protobuf.Duration\x12:\n\x10\x64\x65ploymentLabels\x18\x0e \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x36\n\x0cmeshNetworks\x18\x0f \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x10 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x11 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12-\n\tconfigMap\x18\x12 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x07ingress\x18\x13 \x01(\x0b\x32\x1c.v1alpha1.PilotIngressConfig\x12*\n\x06useMCP\x18\x14 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x03\x65nv\x18\x15 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12+\n\x06policy\x18\x16 \x01(\x0b\x32\x1b.v1alpha1.PilotPolicyConfig\x12;\n\x0frollingMaxSurge\x18\x18 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\x19 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12@\n\x0btolerations\x18\x1a \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12>\n\rappNamespaces\x18\x1b \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x45\n!enableProtocolSniffingForOutbound\x18\x1c \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x44\n enableProtocolSniffingForInbound\x18\x1d \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12<\n\x0epodAnnotations\x18\x1e \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x31\n\x0c\x63onfigSource\x18\x1f \x01(\x0b\x32\x1b.v1alpha1.PilotConfigSource\x12\x1f\n\x17jwksResolverExtraRootCA\x18 \x01(\t\x12\x38\n\x07plugins\x18! \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x0b\n\x03hub\x18\" \x01(\t\x12%\n\x03tag\x18# \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\"\x82\x01\n\x12PilotIngressConfig\x12\x16\n\x0eingressService\x18\x01 \x01(\t\x12>\n\x15ingressControllerMode\x18\x02 \x01(\x0e\x32\x1f.v1alpha1.ingressControllerMode\x12\x14\n\x0cingressClass\x18\x03 \x01(\t\"@\n\x11PilotPolicyConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x90\x01\n\x0fTelemetryConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\'\n\x02v1\x18\x02 \x01(\x0b\x32\x1b.v1alpha1.TelemetryV1Config\x12\'\n\x02v2\x18\x03 \x01(\x0b\x32\x1b.v1alpha1.TelemetryV2Config\"@\n\x11TelemetryV1Config\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xb8\x01\n\x11TelemetryV2Config\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x39\n\nprometheus\x18\x02 \x01(\x0b\x32%.v1alpha1.TelemetryV2PrometheusConfig\x12;\n\x0bstackdriver\x18\x03 \x01(\x0b\x32&.v1alpha1.TelemetryV2StackDriverConfig\"J\n\x1bTelemetryV2PrometheusConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x90\x02\n\x1cTelemetryV2StackDriverConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12+\n\x07logging\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12.\n\nmonitoring\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12,\n\x08topology\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x38\n\x0e\x63onfigOverride\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"0\n\x11PilotConfigSource\x12\x1b\n\x13subscribedResources\x18\x01 \x03(\t\"O\n\x0bPortsConfig\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0c\n\x04port\x18\x02 \x01(\x05\x12\x10\n\x08nodePort\x18\x03 \x01(\x05\x12\x12\n\ntargetPort\x18\x04 \x01(\x05\"\xa6\x07\n\x10PrometheusConfig\x12<\n\x18\x63reatePrometheusResource\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12+\n\x07\x65nabled\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x18\n\x0creplicaCount\x18\x03 \x01(\rB\x02\x18\x01\x12\x0b\n\x03hub\x18\x04 \x01(\t\x12%\n\x03tag\x18\x05 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\x12\x11\n\tretention\x18\x06 \x01(\t\x12:\n\x0cnodeSelector\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x31\n\x0escrapeInterval\x18\x08 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x13\n\x0b\x63ontextPath\x18\t \x01(\t\x12-\n\x07ingress\x18\n \x01(\x0b\x32\x1c.v1alpha1.AddonIngressConfig\x12\x32\n\x07service\x18\x0b \x01(\x0b\x32!.v1alpha1.PrometheusServiceConfig\x12\x34\n\x08security\x18\x0c \x01(\x0b\x32\".v1alpha1.PrometheusSecurityConfig\x12@\n\x0btolerations\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x0f \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12*\n\tresources\x18\x10 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12@\n\x0b\x64\x61tasources\x18\x11 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x12 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x11\n\x05image\x18\x13 \x01(\tB\x02\x18\x01\"\x85\x01\n\x1cPrometheusMixerAdapterConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x38\n\x15metricsExpiryDuration\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\"G\n\x18PrometheusSecurityConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x8d\x01\n\x17PrometheusServiceConfig\x12\x35\n\x0b\x61nnotations\x18\x01 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12;\n\x08nodePort\x18\x02 \x01(\x0b\x32).v1alpha1.PrometheusServiceNodePortConfig\"\\\n\x1fPrometheusServiceNodePortConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0c\n\x04port\x18\x02 \x01(\r\"\xfa\x08\n\x0bProxyConfig\x12+\n\x07\x65nabled\x18# \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x15\n\raccessLogFile\x18\x01 \x01(\t\x12\x17\n\x0f\x61\x63\x63\x65ssLogFormat\x18\x02 \x01(\t\x12\x36\n\x11\x61\x63\x63\x65ssLogEncoding\x18\x03 \x01(\x0e\x32\x1b.v1alpha1.accessLogEncoding\x12\x12\n\nautoInject\x18\x04 \x01(\t\x12\x15\n\rclusterDomain\x18\x05 \x01(\t\x12\x19\n\x11\x63omponentLogLevel\x18\x06 \x01(\t\x12\x13\n\x0b\x63oncurrency\x18\x07 \x01(\r\x12\x31\n\x0e\x64nsRefreshRate\x18\x08 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x32\n\x0e\x65nableCoreDump\x18\t \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x39\n\x13\x65nvoyMetricsService\x18\n \x01(\x0b\x32\x1c.v1alpha1.EnvoyMetricsConfig\x12\x31\n\x0b\x65nvoyStatsd\x18\x0b \x01(\x0b\x32\x1c.v1alpha1.EnvoyMetricsConfig\x12\x1b\n\x13\x65xcludeInboundPorts\x18\x0c \x01(\t\x12\x17\n\x0f\x65xcludeIPRanges\x18\r \x01(\t\x12\r\n\x05image\x18\x0e \x01(\t\x12\x1b\n\x13includeInboundPorts\x18\x0f \x01(\t\x12\x17\n\x0fincludeIPRanges\x18\x10 \x01(\t\x12\x1a\n\x12kubevirtInterfaces\x18\x11 \x01(\t\x12\x10\n\x08logLevel\x18\x12 \x01(\t\x12.\n\nprivileged\x18\x13 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12$\n\x1creadinessInitialDelaySeconds\x18\x14 \x01(\r\x12\x1e\n\x16readinessPeriodSeconds\x18\x15 \x01(\r\x12!\n\x19readinessFailureThreshold\x18\x16 \x01(\r\x12\x12\n\nstatusPort\x18\x17 \x01(\r\x12*\n\tresources\x18\x18 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12 \n\x06tracer\x18\x19 \x01(\x0e\x32\x10.v1alpha1.tracer\x12 \n\x18protocolDetectionTimeout\x18\x1a \x01(\t\x12=\n\x15\x65nvoyAccessLogService\x18\x1b \x01(\x0b\x32\x1e.v1alpha1.EnvoyAccessLogConfig\x12\x1c\n\x14\x65xcludeOutboundPorts\x18\x1c \x01(\t\x12\x30\n\rdrainDuration\x18\x1d \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x16\n\x0e\x63onnectTimeout\x18\x1e \x01(\t\x12\x39\n\x16parentShutdownDuration\x18 \x01(\x0b\x32\x19.google.protobuf.Duration\"\xd1\x01\n\x14\x45nvoyAccessLogConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0c\n\x04host\x18\x02 \x01(\t\x12\x0c\n\x04port\x18\x03 \x01(\t\x12\x38\n\x0btlsSettings\x18\x04 \x01(\x0b\x32#.v1alpha1.EnvoyAccessLogtlsSettings\x12\x36\n\x0ctcpKeepalive\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"\x96\x01\n\x19\x45nvoyAccessLogtlsSettings\x12\x0c\n\x04mode\x18\x01 \x01(\t\x12\x19\n\x11\x63lientCertificate\x18\x02 \x01(\t\x12\x12\n\nprivateKey\x18\x03 \x01(\t\x12\x16\n\x0e\x63\x61\x43\x65rtificates\x18\x04 \x01(\t\x12\x0b\n\x03sni\x18\x05 \x01(\t\x12\x17\n\x0fsubjectAltNames\x18\x06 \x03(\t\"L\n\x0fProxyInitConfig\x12\r\n\x05image\x18\x01 \x01(\t\x12*\n\tresources\x18\x05 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\"6\n\x17ResourcesRequestsConfig\x12\x0b\n\x03\x63pu\x18\x01 \x01(\t\x12\x0e\n\x06memory\x18\x02 \x01(\t\"\xe3\x01\n\tSDSConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0f\n\x07udsPath\x18\x02 \x01(\t\x12\x30\n\x0cuseNormalJwt\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x35\n\x11useTrustworthyJwt\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12/\n\x05token\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"C\n\x0cSecretVolume\x12\x11\n\tmountPath\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12\x12\n\nsecretName\x18\x03 \x01(\t\"\x9d\x08\n\x0eSecurityConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x18\n\x0creplicaCount\x18\x02 \x01(\rB\x02\x18\x01\x12\r\n\x05image\x18\x03 \x01(\t\x12.\n\nselfSigned\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x13\n\x0btrustDomain\x18\x05 \x01(\t\x12\x38\n\x08\x64nsCerts\x18\x06 \x03(\x0b\x32&.v1alpha1.SecurityConfig.DnsCertsEntry\x12\x34\n\x10\x63reateMeshPolicy\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12=\n\x19\x65nableNamespacesByDefault\x18\x08 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x36\n\x12\x63itadelHealthCheck\x18\t \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12:\n\x0cnodeSelector\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12-\n\x03\x65nv\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12<\n\x0epodAnnotations\x18\x0c \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x17\n\x0fworkloadCertTtl\x18\r \x01(\t\x12@\n\x0btolerations\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12*\n\tresources\x18\x0f \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12;\n\x0frollingMaxSurge\x18\x10 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\x11 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x12 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x13 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x1a/\n\rDnsCertsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"x\n\rServiceConfig\x12\x35\n\x0b\x61nnotations\x18\x01 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x14\n\x0c\x65xternalPort\x18\x02 \x01(\r\x12\x0c\n\x04name\x18\x03 \x01(\t\x12\x0c\n\x04type\x18\x12 \x01(\t\"\xab\t\n\x15SidecarInjectorConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12=\n\x19\x65nableNamespacesByDefault\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\r\n\x05image\x18\x03 \x01(\t\x12\x0b\n\x03hub\x18\x04 \x01(\t\x12%\n\x03tag\x18\x05 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\x12:\n\x0cnodeSelector\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x44\n\x13neverInjectSelector\x18\x0b \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\x45\n\x14\x61lwaysInjectSelector\x18\x0c \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12\x18\n\x0creplicaCount\x18\x0f \x01(\rB\x02\x18\x01\x12\x37\n\x13rewriteAppHTTPProbe\x18\x10 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12.\n\nselfSigned\x18\x11 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x13\n\x0binjectLabel\x18\x12 \x01(\t\x12=\n\x13injectedAnnotations\x18\x13 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12*\n\tresources\x18\x14 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12\x38\n\x0eobjectSelector\x18\x15 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12@\n\x0btolerations\x18\x16 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12\x33\n\tlifecycle\x18\x17 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12<\n\x0epodAnnotations\x18\x18 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12;\n\x0frollingMaxSurge\x18\x19 \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\x12\x41\n\x15rollingMaxUnavailable\x18\x1a \x01(\x0b\x32\x1e.v1alpha1.TypeIntOrStringForPBB\x02\x18\x01\"x\n\x17StdioMixerAdapterConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x30\n\x0coutputAsJson\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xb5\x03\n\x1dStackdriverMixerAdapterConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12-\n\x04\x61uth\x18\x02 \x01(\x0b\x32\x1f.v1alpha1.StackdriverAuthConfig\x12\x31\n\x06tracer\x18\x03 \x01(\x0b\x32!.v1alpha1.StackdriverTracerConfig\x12\x37\n\x0c\x63ontextGraph\x18\x04 \x01(\x0b\x32!.v1alpha1.StackdriverContextGraph\x12\x46\n\x07logging\x18\x05 \x01(\x0b\x32\x35.v1alpha1.StackdriverMixerAdapterConfig.EnabledConfig\x12\x46\n\x07metrics\x18\x06 \x01(\x0b\x32\x35.v1alpha1.StackdriverMixerAdapterConfig.EnabledConfig\x1a<\n\rEnabledConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"w\n\x15StackdriverAuthConfig\x12\x32\n\x0e\x61ppCredentials\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0e\n\x06\x61piKey\x18\x02 \x01(\t\x12\x1a\n\x12serviceAccountPath\x18\x03 \x01(\t\"a\n\x17StackdriverTracerConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x19\n\x11sampleProbability\x18\x02 \x01(\r\"F\n\x17StackdriverContextGraph\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\xd7\x01\n\x0cTracerConfig\x12.\n\x07\x64\x61tadog\x18\x01 \x01(\x0b\x32\x1d.v1alpha1.TracerDatadogConfig\x12\x32\n\tlightstep\x18\x02 \x01(\x0b\x32\x1f.v1alpha1.TracerLightStepConfig\x12,\n\x06zipkin\x18\x03 \x01(\x0b\x32\x1c.v1alpha1.TracerZipkinConfig\x12\x35\n\x0bstackdriver\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"&\n\x13TracerDatadogConfig\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\"}\n\x15TracerLightStepConfig\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12\x13\n\x0b\x61\x63\x63\x65ssToken\x18\x02 \x01(\t\x12\x12\n\ncacertPath\x18\x03 \x01(\t\x12*\n\x06secure\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"%\n\x12TracerZipkinConfig\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\"\xfb\x04\n\rTracingConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12/\n\x07ingress\x18\x02 \x01(\x0b\x32\x1e.v1alpha1.TracingIngressConfig\x12-\n\x06jaeger\x18\x03 \x01(\x0b\x32\x1d.v1alpha1.TracingJaegerConfig\x12:\n\x0cnodeSelector\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12\x10\n\x08provider\x18\x05 \x01(\t\x12(\n\x07service\x18\x06 \x01(\x0b\x32\x17.v1alpha1.ServiceConfig\x12-\n\x06zipkin\x18\x07 \x01(\x0b\x32\x1d.v1alpha1.TracingZipkinConfig\x12\x35\n\nopencensus\x18\x08 \x01(\x0b\x32!.v1alpha1.TracingOpencensusConfig\x12\x13\n\x0b\x63ontextPath\x18\t \x01(\t\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\x0f \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\"\x83\x02\n\x17TracingOpencensusConfig\x12\x0b\n\x03hub\x18\x01 \x01(\t\x12%\n\x03tag\x18\x02 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\x12=\n\texporters\x18\x03 \x01(\x0b\x32*.v1alpha1.TracingOpencensusExportersConfig\x12\x37\n\tresources\x18\x05 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x06 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\"Y\n TracingOpencensusExportersConfig\x12\x35\n\x0bstackdriver\x18\x01 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"\xb8\x01\n\x14TracingIngressConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x35\n\x0b\x61nnotations\x18\x02 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\r\n\x05hosts\x18\x03 \x03(\t\x12-\n\x03tls\x18\x04 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"\xf8\x02\n\x13TracingJaegerConfig\x12\x0b\n\x03hub\x18\x01 \x01(\t\x12%\n\x03tag\x18\x02 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\x12\r\n\x05image\x18\n \x01(\t\x12\x33\n\x06memory\x18\x03 \x01(\x0b\x32#.v1alpha1.TracingJaegerMemoryConfig\x12\x17\n\x0fspanStorageType\x18\x04 \x01(\t\x12+\n\x07persist\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x18\n\x10storageClassName\x18\x06 \x01(\t\x12\x12\n\naccessMode\x18\x07 \x01(\t\x12\x37\n\tresources\x18\x08 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\t \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\"/\n\x19TracingJaegerMemoryConfig\x12\x12\n\nmax_traces\x18\x01 \x01(\r\"\xc9\x02\n\x13TracingZipkinConfig\x12\x0b\n\x03hub\x18\x01 \x01(\t\x12%\n\x03tag\x18\x02 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\x12\r\n\x05image\x18\t \x01(\t\x12\x19\n\x11probeStartupDelay\x18\x03 \x01(\r\x12\x11\n\tqueryPort\x18\x04 \x01(\r\x12*\n\tresources\x18\x05 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\x12\x14\n\x0cjavaOptsHeap\x18\x06 \x01(\r\x12\x10\n\x08maxSpans\x18\x07 \x01(\r\x12/\n\x04node\x18\x08 \x01(\x0b\x32!.v1alpha1.TracingZipkinNodeConfig\x12<\n\x0epodAnnotations\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\"\'\n\x17TracingZipkinNodeConfig\x12\x0c\n\x04\x63pus\x18\x01 \x01(\r\"o\n\x13KialiSecurityConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x11\n\tcert_file\x18\x02 \x01(\t\x12\x18\n\x10private_key_file\x18\x03 \x01(\t\"\xdf\x01\n\x14KialiDashboardConfig\x12\x12\n\nsecretName\x18\x01 \x01(\t\x12\x13\n\x0busernameKey\x18\x02 \x01(\t\x12\x15\n\rpassphraseKey\x18\x03 \x01(\t\x12\x30\n\x0cviewOnlyMode\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x12\n\ngrafanaURL\x18\x05 \x01(\t\x12\x11\n\tjaegerURL\x18\x06 \x01(\t\x12.\n\x04\x61uth\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\"\xbd\x01\n\x12KialiIngressConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x35\n\x0b\x61nnotations\x18\x02 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12\x34\n\x03tls\x18\x03 \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterface\x12\r\n\x05hosts\x18\x04 \x03(\t\"\xa8\x06\n\x0bKialiConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x34\n\x10\x63reateDemoSecret\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0b\n\x03hub\x18\x03 \x01(\t\x12%\n\x03tag\x18\x04 \x01(\x0b\x32\x18.v1alpha1.StringOrNumber\x12\x18\n\x0creplicaCount\x18\x05 \x01(\rB\x02\x18\x01\x12\x1b\n\x13prometheusNamespace\x18\x06 \x01(\t\x12/\n\x08security\x18\x07 \x01(\x0b\x32\x1d.v1alpha1.KialiSecurityConfig\x12\x31\n\tdashboard\x18\x08 \x01(\x0b\x32\x1e.v1alpha1.KialiDashboardConfig\x12-\n\x07ingress\x18\t \x01(\x0b\x32\x1c.v1alpha1.KialiIngressConfig\x12\x13\n\x0b\x63ontextPath\x18\x0f \x01(\t\x12:\n\x0cnodeSelector\x18\n \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12<\n\x0epodAnnotations\x18\x0b \x01(\x0b\x32 .v1alpha1.TypeMapStringInterfaceB\x02\x18\x01\x12Q\n\x1cpodAntiAffinityLabelSelector\x18\x0c \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12U\n podAntiAffinityTermLabelSelector\x18\r \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12@\n\x0btolerations\x18\x0e \x01(\x0b\x32\'.v1alpha1.TypeSliceOfMapStringInterfaceB\x02\x18\x01\x12\x11\n\x05image\x18\x10 \x01(\tB\x02\x18\x01\x12*\n\tresources\x18\x11 \x01(\x0b\x32\x13.v1alpha1.ResourcesB\x02\x18\x01\"\xab\x07\n\x06Values\x12\x30\n\x0b\x63\x65rtmanager\x18\x01 \x01(\x0b\x32\x1b.v1alpha1.CertManagerConfig\x12 \n\x03\x63ni\x18\x02 \x01(\x0b\x32\x13.v1alpha1.CNIConfig\x12-\n\x0cistiocoredns\x18\x03 \x01(\x0b\x32\x17.v1alpha1.CoreDNSConfig\x12&\n\x06galley\x18\x04 \x01(\x0b\x32\x16.v1alpha1.GalleyConfig\x12*\n\x08gateways\x18\x05 \x01(\x0b\x32\x18.v1alpha1.GatewaysConfig\x12&\n\x06global\x18\x06 \x01(\x0b\x32\x16.v1alpha1.GlobalConfig\x12\x31\n\x07grafana\x18\x07 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12$\n\x05mixer\x18\x08 \x01(\x0b\x32\x15.v1alpha1.MixerConfig\x12,\n\tnodeagent\x18\t \x01(\x0b\x32\x19.v1alpha1.NodeAgentConfig\x12$\n\x05pilot\x18\n \x01(\x0b\x32\x15.v1alpha1.PilotConfig\x12,\n\ttelemetry\x18\x17 \x01(\x0b\x32\x19.v1alpha1.TelemetryConfig\x12.\n\nprometheus\x18\x0b \x01(\x0b\x32\x1a.v1alpha1.PrometheusConfig\x12*\n\x08security\x18\x0c \x01(\x0b\x32\x18.v1alpha1.SecurityConfig\x12?\n\x16sidecarInjectorWebhook\x18\r \x01(\x0b\x32\x1f.v1alpha1.SidecarInjectorConfig\x12(\n\x07tracing\x18\x0e \x01(\x0b\x32\x17.v1alpha1.TracingConfig\x12$\n\x05kiali\x18\x0f \x01(\x0b\x32\x15.v1alpha1.KialiConfig\x12\x0f\n\x07version\x18\x10 \x01(\t\x12\x34\n\x10\x63lusterResources\x18\x11 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12<\n\x12prometheusOperator\x18\x12 \x01(\x0b\x32 .v1alpha1.TypeMapStringInterface\x12&\n\tistio_cni\x18\x13 \x01(\x0b\x32\x13.v1alpha1.CNIConfig\x12-\n\tkustomize\x18\x14 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x18\n\x16TypeMapStringInterface\"\x1f\n\x1dTypeSliceOfMapStringInterface\"\x16\n\x14TypeIntOrStringForPB\"L\n\rZeroVPNConfig\x12+\n\x07\x65nabled\x18\x01 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\x12\x0e\n\x06suffix\x18\x02 \x01(\t\"\x10\n\x0eStringOrNumber*/\n\x04mode\x12\x0c\n\x08\x64isabled\x10\x00\x12\x0c\n\x08log_only\x10\x01\x12\x0b\n\x07\x65nforce\x10\x02*9\n\x15ingressControllerMode\x12\x0b\n\x07\x44\x45\x46\x41ULT\x10\x00\x12\n\n\x06STRICT\x10\x01\x12\x07\n\x03OFF\x10\x02*\'\n\x11\x61\x63\x63\x65ssLogEncoding\x12\x08\n\x04JSON\x10\x00\x12\x08\n\x04TEXT\x10\x01*0\n\x06tracer\x12\n\n\x06zipkin\x10\x00\x12\r\n\tlightstep\x10\x01\x12\x0b\n\x07\x64\x61tadog\x10\x02\x42\nZ\x08v1alpha1b\x06proto3'), dependencies=[ google_dot_protobuf_dot_duration__pb2.DESCRIPTOR, k8s_dot_io_dot_api_dot_core_dot_v1_dot_generated__pb2.DESCRIPTOR, @@ -50,8 +50,8 @@ ], containing_type=None, serialized_options=None, - serialized_start=24880, - serialized_end=24927, + serialized_start=28440, + serialized_end=28487, ) _sym_db.RegisterEnumDescriptor(_MODE) @@ -77,8 +77,8 @@ ], containing_type=None, serialized_options=None, - serialized_start=24929, - serialized_end=24986, + serialized_start=28489, + serialized_end=28546, ) _sym_db.RegisterEnumDescriptor(_INGRESSCONTROLLERMODE) @@ -100,8 +100,8 @@ ], containing_type=None, serialized_options=None, - serialized_start=24988, - serialized_end=25027, + serialized_start=28548, + serialized_end=28587, ) _sym_db.RegisterEnumDescriptor(_ACCESSLOGENCODING) @@ -127,8 +127,8 @@ ], containing_type=None, serialized_options=None, - serialized_start=25029, - serialized_end=25077, + serialized_start=28589, + serialized_end=28637, ) _sym_db.RegisterEnumDescriptor(_TRACER) @@ -163,8 +163,8 @@ ], containing_type=None, serialized_options=None, - serialized_start=12584, - serialized_end=12624, + serialized_start=14199, + serialized_end=14239, ) _sym_db.RegisterEnumDescriptor(_OUTBOUNDTRAFFICPOLICYCONFIG_MODE) @@ -289,8 +289,8 @@ serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( name='tag', full_name='v1alpha1.CNIConfig.tag', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), @@ -370,7 +370,7 @@ oneofs=[ ], serialized_start=437, - serialized_end=751, + serialized_end=777, ) @@ -400,8 +400,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=753, - serialized_end=815, + serialized_start=779, + serialized_end=841, ) @@ -428,8 +428,8 @@ serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( name='tag', full_name='v1alpha1.CertManagerConfig.tag', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), @@ -510,6 +510,20 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAnnotations', full_name='v1alpha1.CertManagerConfig.podAnnotations', index=14, + number=15, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podLabels', full_name='v1alpha1.CertManagerConfig.podLabels', index=15, + number=16, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), ], extensions=[ ], @@ -522,8 +536,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=818, - serialized_end=1401, + serialized_start=844, + serialized_end=1572, ) @@ -560,8 +574,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1519, - serialized_end=1564, + serialized_start=1690, + serialized_end=1735, ) _RESOURCES_REQUESTSENTRY = _descriptor.Descriptor( @@ -597,8 +611,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1566, - serialized_end=1613, + serialized_start=1737, + serialized_end=1784, ) _RESOURCES = _descriptor.Descriptor( @@ -634,8 +648,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1404, - serialized_end=1613, + serialized_start=1575, + serialized_end=1784, ) @@ -749,8 +763,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1616, - serialized_end=2302, + serialized_start=1787, + serialized_end=2473, ) @@ -780,8 +794,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2304, - serialized_end=2383, + serialized_start=2475, + serialized_end=2554, ) @@ -811,8 +825,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2385, - serialized_end=2462, + serialized_start=2556, + serialized_end=2633, ) @@ -963,6 +977,34 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='rollingMaxSurge', full_name='v1alpha1.EgressGatewayConfig.rollingMaxSurge', index=20, + number=21, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='rollingMaxUnavailable', full_name='v1alpha1.EgressGatewayConfig.rollingMaxUnavailable', index=21, + number=22, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='configVolumes', full_name='v1alpha1.EgressGatewayConfig.configVolumes', index=22, + number=23, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='additionalContainers', full_name='v1alpha1.EgressGatewayConfig.additionalContainers', index=23, + number=24, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -975,8 +1017,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2465, - serialized_end=3454, + serialized_start=2636, + serialized_end=3888, ) @@ -1034,8 +1076,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=3457, - serialized_end=3661, + serialized_start=3891, + serialized_end=4095, ) @@ -1072,8 +1114,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4274, - serialized_end=4317, + serialized_start=4946, + serialized_end=4989, ) _GALLEYCONFIG = _descriptor.Descriptor( @@ -1160,6 +1202,41 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='enableServiceDiscovery', full_name='v1alpha1.GalleyConfig.enableServiceDiscovery', index=11, + number=12, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='nodeSelector', full_name='v1alpha1.GalleyConfig.nodeSelector', index=12, + number=13, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAnnotations', full_name='v1alpha1.GalleyConfig.podAnnotations', index=13, + number=14, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='hub', full_name='v1alpha1.GalleyConfig.hub', index=14, + number=15, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='tag', full_name='v1alpha1.GalleyConfig.tag', index=15, + number=16, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -1172,8 +1249,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=3664, - serialized_end=4317, + serialized_start=4098, + serialized_end=4989, ) @@ -1210,8 +1287,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4319, - serialized_end=4368, + serialized_start=4991, + serialized_end=5040, ) @@ -1255,8 +1332,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4371, - serialized_end=4554, + serialized_start=5043, + serialized_end=5226, ) @@ -1345,309 +1422,316 @@ is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='enableHelmTest', full_name='v1alpha1.GlobalConfig.enableHelmTest', index=11, + name='defaultTolerations', full_name='v1alpha1.GlobalConfig.defaultTolerations', index=11, + number=55, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='enableHelmTest', full_name='v1alpha1.GlobalConfig.enableHelmTest', index=12, number=10, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='enableTracing', full_name='v1alpha1.GlobalConfig.enableTracing', index=12, + name='enableTracing', full_name='v1alpha1.GlobalConfig.enableTracing', index=13, number=11, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='hub', full_name='v1alpha1.GlobalConfig.hub', index=13, + name='hub', full_name='v1alpha1.GlobalConfig.hub', index=14, number=12, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='imagePullPolicy', full_name='v1alpha1.GlobalConfig.imagePullPolicy', index=14, + name='imagePullPolicy', full_name='v1alpha1.GlobalConfig.imagePullPolicy', index=15, number=13, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='imagePullSecrets', full_name='v1alpha1.GlobalConfig.imagePullSecrets', index=15, + name='imagePullSecrets', full_name='v1alpha1.GlobalConfig.imagePullSecrets', index=16, number=37, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='istioNamespace', full_name='v1alpha1.GlobalConfig.istioNamespace', index=16, + name='istioNamespace', full_name='v1alpha1.GlobalConfig.istioNamespace', index=17, number=14, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='localityLbSetting', full_name='v1alpha1.GlobalConfig.localityLbSetting', index=17, + name='localityLbSetting', full_name='v1alpha1.GlobalConfig.localityLbSetting', index=18, number=15, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='k8sIngress', full_name='v1alpha1.GlobalConfig.k8sIngress', index=18, + name='k8sIngress', full_name='v1alpha1.GlobalConfig.k8sIngress', index=19, number=16, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='logAsJson', full_name='v1alpha1.GlobalConfig.logAsJson', index=19, + name='logAsJson', full_name='v1alpha1.GlobalConfig.logAsJson', index=20, number=36, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='logging', full_name='v1alpha1.GlobalConfig.logging', index=20, + name='logging', full_name='v1alpha1.GlobalConfig.logging', index=21, number=17, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='meshExpansion', full_name='v1alpha1.GlobalConfig.meshExpansion', index=21, + name='meshExpansion', full_name='v1alpha1.GlobalConfig.meshExpansion', index=22, number=18, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='meshID', full_name='v1alpha1.GlobalConfig.meshID', index=22, + name='meshID', full_name='v1alpha1.GlobalConfig.meshID', index=23, number=53, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='meshNetworks', full_name='v1alpha1.GlobalConfig.meshNetworks', index=23, + name='meshNetworks', full_name='v1alpha1.GlobalConfig.meshNetworks', index=24, number=19, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='monitoringPort', full_name='v1alpha1.GlobalConfig.monitoringPort', index=24, + name='monitoringPort', full_name='v1alpha1.GlobalConfig.monitoringPort', index=25, number=20, type=13, cpp_type=3, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='mtls', full_name='v1alpha1.GlobalConfig.mtls', index=25, + name='mtls', full_name='v1alpha1.GlobalConfig.mtls', index=26, number=21, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='multiCluster', full_name='v1alpha1.GlobalConfig.multiCluster', index=26, + name='multiCluster', full_name='v1alpha1.GlobalConfig.multiCluster', index=27, number=22, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='network', full_name='v1alpha1.GlobalConfig.network', index=27, + name='network', full_name='v1alpha1.GlobalConfig.network', index=28, number=39, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='podDNSSearchNamespaces', full_name='v1alpha1.GlobalConfig.podDNSSearchNamespaces', index=28, + name='podDNSSearchNamespaces', full_name='v1alpha1.GlobalConfig.podDNSSearchNamespaces', index=29, number=43, type=9, cpp_type=9, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='omitSidecarInjectorConfigMap', full_name='v1alpha1.GlobalConfig.omitSidecarInjectorConfigMap', index=29, + name='omitSidecarInjectorConfigMap', full_name='v1alpha1.GlobalConfig.omitSidecarInjectorConfigMap', index=30, number=38, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='oneNamespace', full_name='v1alpha1.GlobalConfig.oneNamespace', index=30, + name='oneNamespace', full_name='v1alpha1.GlobalConfig.oneNamespace', index=31, number=23, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='operatorManageWebhooks', full_name='v1alpha1.GlobalConfig.operatorManageWebhooks', index=31, + name='operatorManageWebhooks', full_name='v1alpha1.GlobalConfig.operatorManageWebhooks', index=32, number=41, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='outboundTrafficPolicy', full_name='v1alpha1.GlobalConfig.outboundTrafficPolicy', index=32, + name='outboundTrafficPolicy', full_name='v1alpha1.GlobalConfig.outboundTrafficPolicy', index=33, number=24, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='policyCheckFailOpen', full_name='v1alpha1.GlobalConfig.policyCheckFailOpen', index=33, + name='policyCheckFailOpen', full_name='v1alpha1.GlobalConfig.policyCheckFailOpen', index=34, number=25, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='policyNamespace', full_name='v1alpha1.GlobalConfig.policyNamespace', index=34, + name='policyNamespace', full_name='v1alpha1.GlobalConfig.policyNamespace', index=35, number=26, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='priorityClassName', full_name='v1alpha1.GlobalConfig.priorityClassName', index=35, + name='priorityClassName', full_name='v1alpha1.GlobalConfig.priorityClassName', index=36, number=27, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='prometheusNamespace', full_name='v1alpha1.GlobalConfig.prometheusNamespace', index=36, + name='prometheusNamespace', full_name='v1alpha1.GlobalConfig.prometheusNamespace', index=37, number=51, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='proxy', full_name='v1alpha1.GlobalConfig.proxy', index=37, + name='proxy', full_name='v1alpha1.GlobalConfig.proxy', index=38, number=28, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='proxyInit', full_name='v1alpha1.GlobalConfig.proxyInit', index=38, + name='proxyInit', full_name='v1alpha1.GlobalConfig.proxyInit', index=39, number=29, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='sds', full_name='v1alpha1.GlobalConfig.sds', index=39, + name='sds', full_name='v1alpha1.GlobalConfig.sds', index=40, number=30, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='tag', full_name='v1alpha1.GlobalConfig.tag', index=40, - number=31, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), + name='tag', full_name='v1alpha1.GlobalConfig.tag', index=41, + number=31, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='telemetryNamespace', full_name='v1alpha1.GlobalConfig.telemetryNamespace', index=41, + name='telemetryNamespace', full_name='v1alpha1.GlobalConfig.telemetryNamespace', index=42, number=32, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='tracer', full_name='v1alpha1.GlobalConfig.tracer', index=42, + name='tracer', full_name='v1alpha1.GlobalConfig.tracer', index=43, number=33, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='trustDomain', full_name='v1alpha1.GlobalConfig.trustDomain', index=43, + name='trustDomain', full_name='v1alpha1.GlobalConfig.trustDomain', index=44, number=34, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='trustDomainAliases', full_name='v1alpha1.GlobalConfig.trustDomainAliases', index=44, + name='trustDomainAliases', full_name='v1alpha1.GlobalConfig.trustDomainAliases', index=45, number=42, type=9, cpp_type=9, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='useMCP', full_name='v1alpha1.GlobalConfig.useMCP', index=45, + name='useMCP', full_name='v1alpha1.GlobalConfig.useMCP', index=46, number=35, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='istioRemote', full_name='v1alpha1.GlobalConfig.istioRemote', index=46, + name='istioRemote', full_name='v1alpha1.GlobalConfig.istioRemote', index=47, number=44, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='createRemoteSvcEndpoints', full_name='v1alpha1.GlobalConfig.createRemoteSvcEndpoints', index=47, + name='createRemoteSvcEndpoints', full_name='v1alpha1.GlobalConfig.createRemoteSvcEndpoints', index=48, number=45, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='remotePilotCreateSvcEndpoint', full_name='v1alpha1.GlobalConfig.remotePilotCreateSvcEndpoint', index=48, + name='remotePilotCreateSvcEndpoint', full_name='v1alpha1.GlobalConfig.remotePilotCreateSvcEndpoint', index=49, number=46, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='remotePolicyAddress', full_name='v1alpha1.GlobalConfig.remotePolicyAddress', index=49, + name='remotePolicyAddress', full_name='v1alpha1.GlobalConfig.remotePolicyAddress', index=50, number=47, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='remotePilotAddress', full_name='v1alpha1.GlobalConfig.remotePilotAddress', index=50, + name='remotePilotAddress', full_name='v1alpha1.GlobalConfig.remotePilotAddress', index=51, number=48, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='remoteTelemetryAddress', full_name='v1alpha1.GlobalConfig.remoteTelemetryAddress', index=51, + name='remoteTelemetryAddress', full_name='v1alpha1.GlobalConfig.remoteTelemetryAddress', index=52, number=49, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='istiod', full_name='v1alpha1.GlobalConfig.istiod', index=52, + name='istiod', full_name='v1alpha1.GlobalConfig.istiod', index=53, number=54, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='pilotCertProvider', full_name='v1alpha1.GlobalConfig.pilotCertProvider', index=53, - number=55, type=9, cpp_type=9, label=1, + name='pilotCertProvider', full_name='v1alpha1.GlobalConfig.pilotCertProvider', index=54, + number=56, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='jwtPolicy', full_name='v1alpha1.GlobalConfig.jwtPolicy', index=54, - number=56, type=9, cpp_type=9, label=1, + name='jwtPolicy', full_name='v1alpha1.GlobalConfig.jwtPolicy', index=55, + number=57, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, @@ -1664,8 +1748,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4557, - serialized_end=6918, + serialized_start=5229, + serialized_end=7689, ) @@ -1695,8 +1779,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=6920, - serialized_end=6979, + serialized_start=7691, + serialized_end=7750, ) @@ -1726,8 +1810,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=6981, - serialized_end=7017, + serialized_start=7752, + serialized_end=7788, ) @@ -2018,6 +2102,27 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='telemetry_addon_gateways', full_name='v1alpha1.IngressGatewayConfig.telemetry_addon_gateways', index=40, + number=41, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='hosts', full_name='v1alpha1.IngressGatewayConfig.hosts', index=41, + number=42, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='telemetry_domain_name', full_name='v1alpha1.IngressGatewayConfig.telemetry_domain_name', index=42, + number=43, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -2030,8 +2135,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=7020, - serialized_end=8895, + serialized_start=7791, + serialized_end=9821, ) @@ -2075,8 +2180,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=8898, - serialized_end=9027, + serialized_start=9824, + serialized_end=9953, ) @@ -2113,8 +2218,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=9029, - serialized_end=9116, + serialized_start=9955, + serialized_end=10042, ) @@ -2144,8 +2249,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=9118, - serialized_end=9196, + serialized_start=10044, + serialized_end=10122, ) @@ -2189,8 +2294,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=9199, - serialized_end=9339, + serialized_start=10125, + serialized_end=10265, ) @@ -2227,8 +2332,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=9341, - serialized_end=9417, + serialized_start=10267, + serialized_end=10343, ) @@ -2265,8 +2370,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=9419, - serialized_end=9518, + serialized_start=10345, + serialized_end=10444, ) @@ -2303,8 +2408,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=9520, - serialized_end=9630, + serialized_start=10446, + serialized_end=10556, ) @@ -2362,8 +2467,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=9633, - serialized_end=9953, + serialized_start=10559, + serialized_end=10879, ) @@ -2421,8 +2526,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=9956, - serialized_end=10273, + serialized_start=10882, + serialized_end=11199, ) @@ -2466,8 +2571,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=10276, - serialized_end=10443, + serialized_start=11202, + serialized_end=11369, ) @@ -2555,6 +2660,69 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='rollingMaxSurge', full_name='v1alpha1.MixerPolicyConfig.rollingMaxSurge', index=11, + number=12, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='rollingMaxUnavailable', full_name='v1alpha1.MixerPolicyConfig.rollingMaxUnavailable', index=12, + number=13, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAntiAffinityLabelSelector', full_name='v1alpha1.MixerPolicyConfig.podAntiAffinityLabelSelector', index=13, + number=14, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAntiAffinityTermLabelSelector', full_name='v1alpha1.MixerPolicyConfig.podAntiAffinityTermLabelSelector', index=14, + number=15, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='nodeSelector', full_name='v1alpha1.MixerPolicyConfig.nodeSelector', index=15, + number=16, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='env', full_name='v1alpha1.MixerPolicyConfig.env', index=16, + number=17, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='tolerations', full_name='v1alpha1.MixerPolicyConfig.tolerations', index=17, + number=18, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='hub', full_name='v1alpha1.MixerPolicyConfig.hub', index=18, + number=19, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='tag', full_name='v1alpha1.MixerPolicyConfig.tag', index=19, + number=20, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -2567,8 +2735,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=10446, - serialized_end=10925, + serialized_start=11372, + serialized_end=12374, ) @@ -2726,6 +2894,20 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='hub', full_name='v1alpha1.MixerTelemetryConfig.hub', index=21, + number=23, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='tag', full_name='v1alpha1.MixerTelemetryConfig.tag', index=22, + number=24, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -2738,8 +2920,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=10928, - serialized_end=11981, + serialized_start=12377, + serialized_end=13482, ) @@ -2776,8 +2958,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=11983, - serialized_end=12069, + serialized_start=13484, + serialized_end=13570, ) @@ -2837,6 +3019,27 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAnnotations', full_name='v1alpha1.NodeAgentConfig.podAnnotations', index=7, + number=8, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='hub', full_name='v1alpha1.NodeAgentConfig.hub', index=8, + number=9, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='tag', full_name='v1alpha1.NodeAgentConfig.tag', index=9, + number=10, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -2849,8 +3052,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=12072, - serialized_end=12492, + serialized_start=13573, + serialized_end=14107, ) @@ -2881,8 +3084,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=12495, - serialized_end=12624, + serialized_start=14110, + serialized_end=14239, ) @@ -3103,6 +3306,34 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='jwksResolverExtraRootCA', full_name='v1alpha1.PilotConfig.jwksResolverExtraRootCA', index=30, + number=32, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='plugins', full_name='v1alpha1.PilotConfig.plugins', index=31, + number=33, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='hub', full_name='v1alpha1.PilotConfig.hub', index=32, + number=34, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='tag', full_name='v1alpha1.PilotConfig.tag', index=33, + number=35, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -3115,8 +3346,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=12627, - serialized_end=14172, + serialized_start=14242, + serialized_end=15930, ) @@ -3160,8 +3391,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=14175, - serialized_end=14305, + serialized_start=15933, + serialized_end=16063, ) @@ -3191,8 +3422,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=14307, - serialized_end=14371, + serialized_start=16065, + serialized_end=16129, ) @@ -3236,8 +3467,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=14374, - serialized_end=14518, + serialized_start=16132, + serialized_end=16276, ) @@ -3267,8 +3498,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=14520, - serialized_end=14584, + serialized_start=16278, + serialized_end=16342, ) @@ -3312,8 +3543,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=14587, - serialized_end=14771, + serialized_start=16345, + serialized_end=16529, ) @@ -3343,8 +3574,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=14773, - serialized_end=14847, + serialized_start=16531, + serialized_end=16605, ) @@ -3402,8 +3633,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=14850, - serialized_end=15122, + serialized_start=16608, + serialized_end=16880, ) @@ -3416,8 +3647,8 @@ fields=[ _descriptor.FieldDescriptor( name='subscribedResources', full_name='v1alpha1.PilotConfigSource.subscribedResources', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), + number=1, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), @@ -3433,8 +3664,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=15124, - serialized_end=15172, + serialized_start=16882, + serialized_end=16930, ) @@ -3485,8 +3716,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=15174, - serialized_end=15253, + serialized_start=16932, + serialized_end=17011, ) @@ -3527,8 +3758,8 @@ serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( name='tag', full_name='v1alpha1.PrometheusConfig.tag', index=4, - number=5, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), + number=5, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), @@ -3609,6 +3840,27 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='datasources', full_name='v1alpha1.PrometheusConfig.datasources', index=16, + number=17, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAnnotations', full_name='v1alpha1.PrometheusConfig.podAnnotations', index=17, + number=18, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='image', full_name='v1alpha1.PrometheusConfig.image', index=18, + number=19, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), ], extensions=[ ], @@ -3621,8 +3873,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=15256, - serialized_end=16017, + serialized_start=17014, + serialized_end=17948, ) @@ -3659,8 +3911,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=16020, - serialized_end=16153, + serialized_start=17951, + serialized_end=18084, ) @@ -3690,8 +3942,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=16155, - serialized_end=16226, + serialized_start=18086, + serialized_end=18157, ) @@ -3728,8 +3980,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=16229, - serialized_end=16370, + serialized_start=18160, + serialized_end=18301, ) @@ -3766,8 +4018,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=16372, - serialized_end=16464, + serialized_start=18303, + serialized_end=18395, ) @@ -4014,8 +4266,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=16467, - serialized_end=17613, + serialized_start=18398, + serialized_end=19544, ) @@ -4073,8 +4325,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=17616, - serialized_end=17825, + serialized_start=19547, + serialized_end=19756, ) @@ -4139,8 +4391,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=17828, - serialized_end=17978, + serialized_start=19759, + serialized_end=19909, ) @@ -4177,8 +4429,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=17980, - serialized_end=18056, + serialized_start=19911, + serialized_end=19987, ) @@ -4215,8 +4467,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=18058, - serialized_end=18112, + serialized_start=19989, + serialized_end=20043, ) @@ -4274,8 +4526,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=18115, - serialized_end=18342, + serialized_start=20046, + serialized_end=20273, ) @@ -4319,8 +4571,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=18344, - serialized_end=18411, + serialized_start=20275, + serialized_end=20342, ) @@ -4357,8 +4609,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=19078, - serialized_end=19125, + serialized_start=21351, + serialized_end=21398, ) _SECURITYCONFIG = _descriptor.Descriptor( @@ -4466,6 +4718,41 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='resources', full_name='v1alpha1.SecurityConfig.resources', index=14, + number=15, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='rollingMaxSurge', full_name='v1alpha1.SecurityConfig.rollingMaxSurge', index=15, + number=16, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='rollingMaxUnavailable', full_name='v1alpha1.SecurityConfig.rollingMaxUnavailable', index=16, + number=17, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAntiAffinityLabelSelector', full_name='v1alpha1.SecurityConfig.podAntiAffinityLabelSelector', index=17, + number=18, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAntiAffinityTermLabelSelector', full_name='v1alpha1.SecurityConfig.podAntiAffinityTermLabelSelector', index=18, + number=19, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), ], extensions=[ ], @@ -4478,8 +4765,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=18414, - serialized_end=19125, + serialized_start=20345, + serialized_end=21398, ) @@ -4530,8 +4817,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=19127, - serialized_end=19247, + serialized_start=21400, + serialized_end=21520, ) @@ -4564,96 +4851,138 @@ is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='nodeSelector', full_name='v1alpha1.SidecarInjectorConfig.nodeSelector', index=3, + name='hub', full_name='v1alpha1.SidecarInjectorConfig.hub', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='tag', full_name='v1alpha1.SidecarInjectorConfig.tag', index=4, + number=5, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='nodeSelector', full_name='v1alpha1.SidecarInjectorConfig.nodeSelector', index=5, number=10, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='neverInjectSelector', full_name='v1alpha1.SidecarInjectorConfig.neverInjectSelector', index=4, + name='neverInjectSelector', full_name='v1alpha1.SidecarInjectorConfig.neverInjectSelector', index=6, number=11, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='alwaysInjectSelector', full_name='v1alpha1.SidecarInjectorConfig.alwaysInjectSelector', index=5, + name='alwaysInjectSelector', full_name='v1alpha1.SidecarInjectorConfig.alwaysInjectSelector', index=7, number=12, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='podAntiAffinityLabelSelector', full_name='v1alpha1.SidecarInjectorConfig.podAntiAffinityLabelSelector', index=6, + name='podAntiAffinityLabelSelector', full_name='v1alpha1.SidecarInjectorConfig.podAntiAffinityLabelSelector', index=8, number=13, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='podAntiAffinityTermLabelSelector', full_name='v1alpha1.SidecarInjectorConfig.podAntiAffinityTermLabelSelector', index=7, + name='podAntiAffinityTermLabelSelector', full_name='v1alpha1.SidecarInjectorConfig.podAntiAffinityTermLabelSelector', index=9, number=14, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='replicaCount', full_name='v1alpha1.SidecarInjectorConfig.replicaCount', index=8, + name='replicaCount', full_name='v1alpha1.SidecarInjectorConfig.replicaCount', index=10, number=15, type=13, cpp_type=3, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='rewriteAppHTTPProbe', full_name='v1alpha1.SidecarInjectorConfig.rewriteAppHTTPProbe', index=9, + name='rewriteAppHTTPProbe', full_name='v1alpha1.SidecarInjectorConfig.rewriteAppHTTPProbe', index=11, number=16, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='selfSigned', full_name='v1alpha1.SidecarInjectorConfig.selfSigned', index=10, + name='selfSigned', full_name='v1alpha1.SidecarInjectorConfig.selfSigned', index=12, number=17, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='injectLabel', full_name='v1alpha1.SidecarInjectorConfig.injectLabel', index=11, + name='injectLabel', full_name='v1alpha1.SidecarInjectorConfig.injectLabel', index=13, number=18, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='injectedAnnotations', full_name='v1alpha1.SidecarInjectorConfig.injectedAnnotations', index=12, + name='injectedAnnotations', full_name='v1alpha1.SidecarInjectorConfig.injectedAnnotations', index=14, number=19, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='resources', full_name='v1alpha1.SidecarInjectorConfig.resources', index=13, + name='resources', full_name='v1alpha1.SidecarInjectorConfig.resources', index=15, number=20, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='objectSelector', full_name='v1alpha1.SidecarInjectorConfig.objectSelector', index=14, + name='objectSelector', full_name='v1alpha1.SidecarInjectorConfig.objectSelector', index=16, number=21, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='tolerations', full_name='v1alpha1.SidecarInjectorConfig.tolerations', index=15, + name='tolerations', full_name='v1alpha1.SidecarInjectorConfig.tolerations', index=17, number=22, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='lifecycle', full_name='v1alpha1.SidecarInjectorConfig.lifecycle', index=18, + number=23, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAnnotations', full_name='v1alpha1.SidecarInjectorConfig.podAnnotations', index=19, + number=24, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='rollingMaxSurge', full_name='v1alpha1.SidecarInjectorConfig.rollingMaxSurge', index=20, + number=25, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='rollingMaxUnavailable', full_name='v1alpha1.SidecarInjectorConfig.rollingMaxUnavailable', index=21, + number=26, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), ], extensions=[ ], @@ -4666,8 +4995,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=19250, - serialized_end=20150, + serialized_start=21523, + serialized_end=22718, ) @@ -4704,8 +5033,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=20152, - serialized_end=20272, + serialized_start=22720, + serialized_end=22840, ) @@ -4735,8 +5064,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=22889, - serialized_end=22949, + serialized_start=23220, + serialized_end=23280, ) _STACKDRIVERMIXERADAPTERCONFIG = _descriptor.Descriptor( @@ -4774,10 +5103,24 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='logging', full_name='v1alpha1.StackdriverMixerAdapterConfig.logging', index=4, + number=5, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='metrics', full_name='v1alpha1.StackdriverMixerAdapterConfig.metrics', index=5, + number=6, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], - nested_types=[], + nested_types=[_STACKDRIVERMIXERADAPTERCONFIG_ENABLEDCONFIG, ], enum_types=[ ], serialized_options=None, @@ -4786,8 +5129,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=20275, - serialized_end=20506, + serialized_start=22843, + serialized_end=23280, ) @@ -4831,8 +5174,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=20508, - serialized_end=20627, + serialized_start=23282, + serialized_end=23401, ) @@ -4869,8 +5212,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=20629, - serialized_end=20726, + serialized_start=23403, + serialized_end=23500, ) @@ -4900,8 +5243,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=20728, - serialized_end=20798, + serialized_start=23502, + serialized_end=23572, ) @@ -4933,6 +5276,13 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='stackdriver', full_name='v1alpha1.TracerConfig.stackdriver', index=3, + number=4, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -4945,8 +5295,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=20801, - serialized_end=20961, + serialized_start=23575, + serialized_end=23790, ) @@ -4976,8 +5326,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=20963, - serialized_end=21001, + serialized_start=23792, + serialized_end=23830, ) @@ -5028,8 +5378,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=21003, - serialized_end=21128, + serialized_start=23832, + serialized_end=23957, ) @@ -5059,8 +5409,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=21130, - serialized_end=21167, + serialized_start=23959, + serialized_end=23996, ) @@ -5167,8 +5517,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=21170, - serialized_end=21805, + serialized_start=23999, + serialized_end=24634, ) @@ -5188,8 +5538,8 @@ serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( name='tag', full_name='v1alpha1.TracingOpencensusConfig.tag', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), @@ -5207,6 +5557,13 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAnnotations', full_name='v1alpha1.TracingOpencensusConfig.podAnnotations', index=4, + number=6, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), ], extensions=[ ], @@ -5219,8 +5576,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=21808, - serialized_end=21979, + serialized_start=24637, + serialized_end=24896, ) @@ -5250,8 +5607,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=21981, - serialized_end=22070, + serialized_start=24898, + serialized_end=24987, ) @@ -5302,8 +5659,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=22073, - serialized_end=22257, + serialized_start=24990, + serialized_end=25174, ) @@ -5323,46 +5680,67 @@ serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( name='tag', full_name='v1alpha1.TracingJaegerConfig.tag', index=1, - number=2, type=9, cpp_type=9, label=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='image', full_name='v1alpha1.TracingJaegerConfig.image', index=2, + number=10, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='memory', full_name='v1alpha1.TracingJaegerConfig.memory', index=2, + name='memory', full_name='v1alpha1.TracingJaegerConfig.memory', index=3, number=3, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='spanStorageType', full_name='v1alpha1.TracingJaegerConfig.spanStorageType', index=3, + name='spanStorageType', full_name='v1alpha1.TracingJaegerConfig.spanStorageType', index=4, number=4, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='persist', full_name='v1alpha1.TracingJaegerConfig.persist', index=4, + name='persist', full_name='v1alpha1.TracingJaegerConfig.persist', index=5, number=5, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='storageClassName', full_name='v1alpha1.TracingJaegerConfig.storageClassName', index=5, + name='storageClassName', full_name='v1alpha1.TracingJaegerConfig.storageClassName', index=6, number=6, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='accessMode', full_name='v1alpha1.TracingJaegerConfig.accessMode', index=6, + name='accessMode', full_name='v1alpha1.TracingJaegerConfig.accessMode', index=7, number=7, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='resources', full_name='v1alpha1.TracingJaegerConfig.resources', index=8, + number=8, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAnnotations', full_name='v1alpha1.TracingJaegerConfig.podAnnotations', index=9, + number=9, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), ], extensions=[ ], @@ -5375,8 +5753,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=22260, - serialized_end=22476, + serialized_start=25177, + serialized_end=25553, ) @@ -5406,8 +5784,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=22478, - serialized_end=22525, + serialized_start=25555, + serialized_end=25602, ) @@ -5427,53 +5805,67 @@ serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( name='tag', full_name='v1alpha1.TracingZipkinConfig.tag', index=1, - number=2, type=9, cpp_type=9, label=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='image', full_name='v1alpha1.TracingZipkinConfig.image', index=2, + number=9, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='probeStartupDelay', full_name='v1alpha1.TracingZipkinConfig.probeStartupDelay', index=2, + name='probeStartupDelay', full_name='v1alpha1.TracingZipkinConfig.probeStartupDelay', index=3, number=3, type=13, cpp_type=3, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='queryPort', full_name='v1alpha1.TracingZipkinConfig.queryPort', index=3, + name='queryPort', full_name='v1alpha1.TracingZipkinConfig.queryPort', index=4, number=4, type=13, cpp_type=3, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='resources', full_name='v1alpha1.TracingZipkinConfig.resources', index=4, + name='resources', full_name='v1alpha1.TracingZipkinConfig.resources', index=5, number=5, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='javaOptsHeap', full_name='v1alpha1.TracingZipkinConfig.javaOptsHeap', index=5, + name='javaOptsHeap', full_name='v1alpha1.TracingZipkinConfig.javaOptsHeap', index=6, number=6, type=13, cpp_type=3, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='maxSpans', full_name='v1alpha1.TracingZipkinConfig.maxSpans', index=6, + name='maxSpans', full_name='v1alpha1.TracingZipkinConfig.maxSpans', index=7, number=7, type=13, cpp_type=3, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='node', full_name='v1alpha1.TracingZipkinConfig.node', index=7, + name='node', full_name='v1alpha1.TracingZipkinConfig.node', index=8, number=8, type=11, cpp_type=10, label=1, has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='podAnnotations', full_name='v1alpha1.TracingZipkinConfig.podAnnotations', index=9, + number=10, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), ], extensions=[ ], @@ -5486,8 +5878,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=22528, - serialized_end=22754, + serialized_start=25605, + serialized_end=25934, ) @@ -5517,8 +5909,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=22756, - serialized_end=22795, + serialized_start=25936, + serialized_end=25975, ) @@ -5562,8 +5954,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=22797, - serialized_end=22908, + serialized_start=25977, + serialized_end=26088, ) @@ -5616,6 +6008,13 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='auth', full_name='v1alpha1.KialiDashboardConfig.auth', index=6, + number=7, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -5628,8 +6027,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=22911, - serialized_end=23086, + serialized_start=26091, + serialized_end=26314, ) @@ -5649,15 +6048,15 @@ serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( name='annotations', full_name='v1alpha1.KialiIngressConfig.annotations', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( name='tls', full_name='v1alpha1.KialiIngressConfig.tls', index=2, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), @@ -5680,8 +6079,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=23088, - serialized_end=23202, + serialized_start=26317, + serialized_end=26506, ) @@ -5715,8 +6114,8 @@ serialized_options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( name='tag', full_name='v1alpha1.KialiConfig.tag', index=3, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), + number=4, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), @@ -5797,6 +6196,20 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='image', full_name='v1alpha1.KialiConfig.image', index=15, + number=16, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='resources', full_name='v1alpha1.KialiConfig.resources', index=16, + number=17, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=_b('\030\001'), file=DESCRIPTOR), ], extensions=[ ], @@ -5809,8 +6222,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=23205, - serialized_end=23924, + serialized_start=26509, + serialized_end=27317, ) @@ -5947,6 +6360,27 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='prometheusOperator', full_name='v1alpha1.Values.prometheusOperator', index=18, + number=18, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='istio_cni', full_name='v1alpha1.Values.istio_cni', index=19, + number=19, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='kustomize', full_name='v1alpha1.Values.kustomize', index=20, + number=20, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + serialized_options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -5959,8 +6393,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=23927, - serialized_end=24717, + serialized_start=27320, + serialized_end=28259, ) @@ -5983,8 +6417,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=24719, - serialized_end=24743, + serialized_start=28261, + serialized_end=28285, ) @@ -6007,8 +6441,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=24745, - serialized_end=24776, + serialized_start=28287, + serialized_end=28318, ) @@ -6031,8 +6465,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=24778, - serialized_end=24800, + serialized_start=28320, + serialized_end=28342, ) @@ -6069,8 +6503,32 @@ extension_ranges=[], oneofs=[ ], - serialized_start=24802, - serialized_end=24878, + serialized_start=28344, + serialized_end=28420, +) + + +_STRINGORNUMBER = _descriptor.Descriptor( + name='StringOrNumber', + full_name='v1alpha1.StringOrNumber', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + serialized_options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=28422, + serialized_end=28438, ) _ADDONINGRESSCONFIG.fields_by_name['enabled'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE @@ -6140,6 +6598,7 @@ _GALLEYCONFIG.fields_by_name['enableServiceDiscovery'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE _GALLEYCONFIG.fields_by_name['nodeSelector'].message_type = _TYPEMAPSTRINGINTERFACE _GALLEYCONFIG.fields_by_name['podAnnotations'].message_type = _TYPEMAPSTRINGINTERFACE +_GALLEYCONFIG.fields_by_name['tag'].message_type = _STRINGORNUMBER _GATEWAYSCONFIG.fields_by_name['istio_egressgateway'].message_type = _EGRESSGATEWAYCONFIG _GATEWAYSCONFIG.fields_by_name['enabled'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE _GATEWAYSCONFIG.fields_by_name['istio_ingressgateway'].message_type = _INGRESSGATEWAYCONFIG @@ -6247,6 +6706,7 @@ _MIXERPOLICYCONFIG.fields_by_name['nodeSelector'].message_type = _TYPEMAPSTRINGINTERFACE _MIXERPOLICYCONFIG.fields_by_name['env'].message_type = _TYPEMAPSTRINGINTERFACE _MIXERPOLICYCONFIG.fields_by_name['tolerations'].message_type = _TYPESLICEOFMAPSTRINGINTERFACE +_MIXERPOLICYCONFIG.fields_by_name['tag'].message_type = _STRINGORNUMBER _MIXERTELEMETRYCONFIG.fields_by_name['autoscaleEnabled'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE _MIXERTELEMETRYCONFIG.fields_by_name['cpu'].message_type = _CPUTARGETUTILIZATIONCONFIG _MIXERTELEMETRYCONFIG.fields_by_name['enabled'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE @@ -6262,6 +6722,7 @@ _MIXERTELEMETRYCONFIG.fields_by_name['podAntiAffinityLabelSelector'].message_type = _TYPESLICEOFMAPSTRINGINTERFACE _MIXERTELEMETRYCONFIG.fields_by_name['podAntiAffinityTermLabelSelector'].message_type = _TYPESLICEOFMAPSTRINGINTERFACE _MIXERTELEMETRYCONFIG.fields_by_name['tolerations'].message_type = _TYPESLICEOFMAPSTRINGINTERFACE +_MIXERTELEMETRYCONFIG.fields_by_name['tag'].message_type = _STRINGORNUMBER _MULTICLUSTERCONFIG.fields_by_name['enabled'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE _NODEAGENTCONFIG.fields_by_name['enabled'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE _NODEAGENTCONFIG.fields_by_name['env'].message_type = _TYPEMAPSTRINGINTERFACE @@ -6270,6 +6731,7 @@ _NODEAGENTCONFIG.fields_by_name['podAntiAffinityLabelSelector'].message_type = _TYPESLICEOFMAPSTRINGINTERFACE _NODEAGENTCONFIG.fields_by_name['podAntiAffinityTermLabelSelector'].message_type = _TYPESLICEOFMAPSTRINGINTERFACE _NODEAGENTCONFIG.fields_by_name['podAnnotations'].message_type = _TYPEMAPSTRINGINTERFACE +_NODEAGENTCONFIG.fields_by_name['tag'].message_type = _STRINGORNUMBER _OUTBOUNDTRAFFICPOLICYCONFIG.fields_by_name['mode'].enum_type = _OUTBOUNDTRAFFICPOLICYCONFIG_MODE _OUTBOUNDTRAFFICPOLICYCONFIG_MODE.containing_type = _OUTBOUNDTRAFFICPOLICYCONFIG _PILOTCONFIG.fields_by_name['enabled'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE @@ -6297,6 +6759,7 @@ _PILOTCONFIG.fields_by_name['podAnnotations'].message_type = _TYPEMAPSTRINGINTERFACE _PILOTCONFIG.fields_by_name['configSource'].message_type = _PILOTCONFIGSOURCE _PILOTCONFIG.fields_by_name['plugins'].message_type = _TYPESLICEOFMAPSTRINGINTERFACE +_PILOTCONFIG.fields_by_name['tag'].message_type = _STRINGORNUMBER _PILOTINGRESSCONFIG.fields_by_name['ingressControllerMode'].enum_type = _INGRESSCONTROLLERMODE _PILOTPOLICYCONFIG.fields_by_name['enabled'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE _TELEMETRYCONFIG.fields_by_name['enabled'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE @@ -6371,6 +6834,7 @@ _SERVICECONFIG.fields_by_name['annotations'].message_type = _TYPEMAPSTRINGINTERFACE _SIDECARINJECTORCONFIG.fields_by_name['enabled'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE _SIDECARINJECTORCONFIG.fields_by_name['enableNamespacesByDefault'].message_type = github_dot_com_dot_gogo_dot_protobuf_dot_protobuf_dot_google_dot_protobuf_dot_wrappers__pb2._BOOLVALUE +_SIDECARINJECTORCONFIG.fields_by_name['tag'].message_type = _STRINGORNUMBER _SIDECARINJECTORCONFIG.fields_by_name['nodeSelector'].message_type = _TYPEMAPSTRINGINTERFACE _SIDECARINJECTORCONFIG.fields_by_name['neverInjectSelector'].message_type = _TYPESLICEOFMAPSTRINGINTERFACE _SIDECARINJECTORCONFIG.fields_by_name['alwaysInjectSelector'].message_type = _TYPESLICEOFMAPSTRINGINTERFACE @@ -6561,634 +7025,634 @@ DESCRIPTOR.enum_types_by_name['tracer'] = _TRACER _sym_db.RegisterFileDescriptor(DESCRIPTOR) -AddonIngressConfig = _reflection.GeneratedProtocolMessageType('AddonIngressConfig', (_message.Message,), { - 'DESCRIPTOR': _ADDONINGRESSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +AddonIngressConfig = _reflection.GeneratedProtocolMessageType('AddonIngressConfig', (_message.Message,), dict( + DESCRIPTOR=_ADDONINGRESSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.AddonIngressConfig) -}) +)) _sym_db.RegisterMessage(AddonIngressConfig) -ArchConfig = _reflection.GeneratedProtocolMessageType('ArchConfig', (_message.Message,), { - 'DESCRIPTOR': _ARCHCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +ArchConfig = _reflection.GeneratedProtocolMessageType('ArchConfig', (_message.Message,), dict( + DESCRIPTOR=_ARCHCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.ArchConfig) -}) +)) _sym_db.RegisterMessage(ArchConfig) -CNIConfig = _reflection.GeneratedProtocolMessageType('CNIConfig', (_message.Message,), { - 'DESCRIPTOR': _CNICONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +CNIConfig = _reflection.GeneratedProtocolMessageType('CNIConfig', (_message.Message,), dict( + DESCRIPTOR=_CNICONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.CNIConfig) -}) +)) _sym_db.RegisterMessage(CNIConfig) -CPUTargetUtilizationConfig = _reflection.GeneratedProtocolMessageType('CPUTargetUtilizationConfig', (_message.Message,), { - 'DESCRIPTOR': _CPUTARGETUTILIZATIONCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +CPUTargetUtilizationConfig = _reflection.GeneratedProtocolMessageType('CPUTargetUtilizationConfig', (_message.Message,), dict( + DESCRIPTOR=_CPUTARGETUTILIZATIONCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.CPUTargetUtilizationConfig) -}) +)) _sym_db.RegisterMessage(CPUTargetUtilizationConfig) -CertManagerConfig = _reflection.GeneratedProtocolMessageType('CertManagerConfig', (_message.Message,), { - 'DESCRIPTOR': _CERTMANAGERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +CertManagerConfig = _reflection.GeneratedProtocolMessageType('CertManagerConfig', (_message.Message,), dict( + DESCRIPTOR=_CERTMANAGERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.CertManagerConfig) -}) +)) _sym_db.RegisterMessage(CertManagerConfig) -Resources = _reflection.GeneratedProtocolMessageType('Resources', (_message.Message,), { +Resources = _reflection.GeneratedProtocolMessageType('Resources', (_message.Message,), dict( - 'LimitsEntry': _reflection.GeneratedProtocolMessageType('LimitsEntry', (_message.Message,), { - 'DESCRIPTOR': _RESOURCES_LIMITSENTRY, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' + LimitsEntry=_reflection.GeneratedProtocolMessageType('LimitsEntry', (_message.Message,), dict( + DESCRIPTOR=_RESOURCES_LIMITSENTRY, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.Resources.LimitsEntry) - }), + )), - 'RequestsEntry': _reflection.GeneratedProtocolMessageType('RequestsEntry', (_message.Message,), { - 'DESCRIPTOR': _RESOURCES_REQUESTSENTRY, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' + RequestsEntry=_reflection.GeneratedProtocolMessageType('RequestsEntry', (_message.Message,), dict( + DESCRIPTOR=_RESOURCES_REQUESTSENTRY, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.Resources.RequestsEntry) - }), - 'DESCRIPTOR': _RESOURCES, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' + )), + DESCRIPTOR=_RESOURCES, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.Resources) -}) +)) _sym_db.RegisterMessage(Resources) _sym_db.RegisterMessage(Resources.LimitsEntry) _sym_db.RegisterMessage(Resources.RequestsEntry) -CoreDNSConfig = _reflection.GeneratedProtocolMessageType('CoreDNSConfig', (_message.Message,), { - 'DESCRIPTOR': _COREDNSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +CoreDNSConfig = _reflection.GeneratedProtocolMessageType('CoreDNSConfig', (_message.Message,), dict( + DESCRIPTOR=_COREDNSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.CoreDNSConfig) -}) +)) _sym_db.RegisterMessage(CoreDNSConfig) -DefaultPodDisruptionBudgetConfig = _reflection.GeneratedProtocolMessageType('DefaultPodDisruptionBudgetConfig', (_message.Message,), { - 'DESCRIPTOR': _DEFAULTPODDISRUPTIONBUDGETCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +DefaultPodDisruptionBudgetConfig = _reflection.GeneratedProtocolMessageType('DefaultPodDisruptionBudgetConfig', (_message.Message,), dict( + DESCRIPTOR=_DEFAULTPODDISRUPTIONBUDGETCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.DefaultPodDisruptionBudgetConfig) -}) +)) _sym_db.RegisterMessage(DefaultPodDisruptionBudgetConfig) -DefaultResourcesConfig = _reflection.GeneratedProtocolMessageType('DefaultResourcesConfig', (_message.Message,), { - 'DESCRIPTOR': _DEFAULTRESOURCESCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +DefaultResourcesConfig = _reflection.GeneratedProtocolMessageType('DefaultResourcesConfig', (_message.Message,), dict( + DESCRIPTOR=_DEFAULTRESOURCESCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.DefaultResourcesConfig) -}) +)) _sym_db.RegisterMessage(DefaultResourcesConfig) -EgressGatewayConfig = _reflection.GeneratedProtocolMessageType('EgressGatewayConfig', (_message.Message,), { - 'DESCRIPTOR': _EGRESSGATEWAYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +EgressGatewayConfig = _reflection.GeneratedProtocolMessageType('EgressGatewayConfig', (_message.Message,), dict( + DESCRIPTOR=_EGRESSGATEWAYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.EgressGatewayConfig) -}) +)) _sym_db.RegisterMessage(EgressGatewayConfig) -EnvoyMetricsConfig = _reflection.GeneratedProtocolMessageType('EnvoyMetricsConfig', (_message.Message,), { - 'DESCRIPTOR': _ENVOYMETRICSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +EnvoyMetricsConfig = _reflection.GeneratedProtocolMessageType('EnvoyMetricsConfig', (_message.Message,), dict( + DESCRIPTOR=_ENVOYMETRICSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.EnvoyMetricsConfig) -}) +)) _sym_db.RegisterMessage(EnvoyMetricsConfig) -GalleyConfig = _reflection.GeneratedProtocolMessageType('GalleyConfig', (_message.Message,), { +GalleyConfig = _reflection.GeneratedProtocolMessageType('GalleyConfig', (_message.Message,), dict( - 'MeshEntry': _reflection.GeneratedProtocolMessageType('MeshEntry', (_message.Message,), { - 'DESCRIPTOR': _GALLEYCONFIG_MESHENTRY, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' + MeshEntry=_reflection.GeneratedProtocolMessageType('MeshEntry', (_message.Message,), dict( + DESCRIPTOR=_GALLEYCONFIG_MESHENTRY, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.GalleyConfig.MeshEntry) - }), - 'DESCRIPTOR': _GALLEYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' + )), + DESCRIPTOR=_GALLEYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.GalleyConfig) -}) +)) _sym_db.RegisterMessage(GalleyConfig) _sym_db.RegisterMessage(GalleyConfig.MeshEntry) -GatewayLabelsConfig = _reflection.GeneratedProtocolMessageType('GatewayLabelsConfig', (_message.Message,), { - 'DESCRIPTOR': _GATEWAYLABELSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +GatewayLabelsConfig = _reflection.GeneratedProtocolMessageType('GatewayLabelsConfig', (_message.Message,), dict( + DESCRIPTOR=_GATEWAYLABELSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.GatewayLabelsConfig) -}) +)) _sym_db.RegisterMessage(GatewayLabelsConfig) -GatewaysConfig = _reflection.GeneratedProtocolMessageType('GatewaysConfig', (_message.Message,), { - 'DESCRIPTOR': _GATEWAYSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +GatewaysConfig = _reflection.GeneratedProtocolMessageType('GatewaysConfig', (_message.Message,), dict( + DESCRIPTOR=_GATEWAYSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.GatewaysConfig) -}) +)) _sym_db.RegisterMessage(GatewaysConfig) -GlobalConfig = _reflection.GeneratedProtocolMessageType('GlobalConfig', (_message.Message,), { - 'DESCRIPTOR': _GLOBALCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +GlobalConfig = _reflection.GeneratedProtocolMessageType('GlobalConfig', (_message.Message,), dict( + DESCRIPTOR=_GLOBALCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.GlobalConfig) -}) +)) _sym_db.RegisterMessage(GlobalConfig) -IstiodConfig = _reflection.GeneratedProtocolMessageType('IstiodConfig', (_message.Message,), { - 'DESCRIPTOR': _ISTIODCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +IstiodConfig = _reflection.GeneratedProtocolMessageType('IstiodConfig', (_message.Message,), dict( + DESCRIPTOR=_ISTIODCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.IstiodConfig) -}) +)) _sym_db.RegisterMessage(IstiodConfig) -GlobalLoggingConfig = _reflection.GeneratedProtocolMessageType('GlobalLoggingConfig', (_message.Message,), { - 'DESCRIPTOR': _GLOBALLOGGINGCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +GlobalLoggingConfig = _reflection.GeneratedProtocolMessageType('GlobalLoggingConfig', (_message.Message,), dict( + DESCRIPTOR=_GLOBALLOGGINGCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.GlobalLoggingConfig) -}) +)) _sym_db.RegisterMessage(GlobalLoggingConfig) -IngressGatewayConfig = _reflection.GeneratedProtocolMessageType('IngressGatewayConfig', (_message.Message,), { - 'DESCRIPTOR': _INGRESSGATEWAYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +IngressGatewayConfig = _reflection.GeneratedProtocolMessageType('IngressGatewayConfig', (_message.Message,), dict( + DESCRIPTOR=_INGRESSGATEWAYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.IngressGatewayConfig) -}) +)) _sym_db.RegisterMessage(IngressGatewayConfig) -IngressGatewaySdsConfig = _reflection.GeneratedProtocolMessageType('IngressGatewaySdsConfig', (_message.Message,), { - 'DESCRIPTOR': _INGRESSGATEWAYSDSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +IngressGatewaySdsConfig = _reflection.GeneratedProtocolMessageType('IngressGatewaySdsConfig', (_message.Message,), dict( + DESCRIPTOR=_INGRESSGATEWAYSDSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.IngressGatewaySdsConfig) -}) +)) _sym_db.RegisterMessage(IngressGatewaySdsConfig) -IngressGatewayZvpnConfig = _reflection.GeneratedProtocolMessageType('IngressGatewayZvpnConfig', (_message.Message,), { - 'DESCRIPTOR': _INGRESSGATEWAYZVPNCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +IngressGatewayZvpnConfig = _reflection.GeneratedProtocolMessageType('IngressGatewayZvpnConfig', (_message.Message,), dict( + DESCRIPTOR=_INGRESSGATEWAYZVPNCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.IngressGatewayZvpnConfig) -}) +)) _sym_db.RegisterMessage(IngressGatewayZvpnConfig) -KubernetesEnvMixerAdapterConfig = _reflection.GeneratedProtocolMessageType('KubernetesEnvMixerAdapterConfig', (_message.Message,), { - 'DESCRIPTOR': _KUBERNETESENVMIXERADAPTERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +KubernetesEnvMixerAdapterConfig = _reflection.GeneratedProtocolMessageType('KubernetesEnvMixerAdapterConfig', (_message.Message,), dict( + DESCRIPTOR=_KUBERNETESENVMIXERADAPTERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.KubernetesEnvMixerAdapterConfig) -}) +)) _sym_db.RegisterMessage(KubernetesEnvMixerAdapterConfig) -KubernetesIngressConfig = _reflection.GeneratedProtocolMessageType('KubernetesIngressConfig', (_message.Message,), { - 'DESCRIPTOR': _KUBERNETESINGRESSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +KubernetesIngressConfig = _reflection.GeneratedProtocolMessageType('KubernetesIngressConfig', (_message.Message,), dict( + DESCRIPTOR=_KUBERNETESINGRESSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.KubernetesIngressConfig) -}) +)) _sym_db.RegisterMessage(KubernetesIngressConfig) -LoadSheddingConfig = _reflection.GeneratedProtocolMessageType('LoadSheddingConfig', (_message.Message,), { - 'DESCRIPTOR': _LOADSHEDDINGCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +LoadSheddingConfig = _reflection.GeneratedProtocolMessageType('LoadSheddingConfig', (_message.Message,), dict( + DESCRIPTOR=_LOADSHEDDINGCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.LoadSheddingConfig) -}) +)) _sym_db.RegisterMessage(LoadSheddingConfig) -MTLSConfig = _reflection.GeneratedProtocolMessageType('MTLSConfig', (_message.Message,), { - 'DESCRIPTOR': _MTLSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +MTLSConfig = _reflection.GeneratedProtocolMessageType('MTLSConfig', (_message.Message,), dict( + DESCRIPTOR=_MTLSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.MTLSConfig) -}) +)) _sym_db.RegisterMessage(MTLSConfig) -MeshExpansionConfig = _reflection.GeneratedProtocolMessageType('MeshExpansionConfig', (_message.Message,), { - 'DESCRIPTOR': _MESHEXPANSIONCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +MeshExpansionConfig = _reflection.GeneratedProtocolMessageType('MeshExpansionConfig', (_message.Message,), dict( + DESCRIPTOR=_MESHEXPANSIONCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.MeshExpansionConfig) -}) +)) _sym_db.RegisterMessage(MeshExpansionConfig) -MixerTelemetryAdaptersConfig = _reflection.GeneratedProtocolMessageType('MixerTelemetryAdaptersConfig', (_message.Message,), { - 'DESCRIPTOR': _MIXERTELEMETRYADAPTERSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +MixerTelemetryAdaptersConfig = _reflection.GeneratedProtocolMessageType('MixerTelemetryAdaptersConfig', (_message.Message,), dict( + DESCRIPTOR=_MIXERTELEMETRYADAPTERSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.MixerTelemetryAdaptersConfig) -}) +)) _sym_db.RegisterMessage(MixerTelemetryAdaptersConfig) -MixerPolicyAdaptersConfig = _reflection.GeneratedProtocolMessageType('MixerPolicyAdaptersConfig', (_message.Message,), { - 'DESCRIPTOR': _MIXERPOLICYADAPTERSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +MixerPolicyAdaptersConfig = _reflection.GeneratedProtocolMessageType('MixerPolicyAdaptersConfig', (_message.Message,), dict( + DESCRIPTOR=_MIXERPOLICYADAPTERSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.MixerPolicyAdaptersConfig) -}) +)) _sym_db.RegisterMessage(MixerPolicyAdaptersConfig) -MixerConfig = _reflection.GeneratedProtocolMessageType('MixerConfig', (_message.Message,), { - 'DESCRIPTOR': _MIXERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +MixerConfig = _reflection.GeneratedProtocolMessageType('MixerConfig', (_message.Message,), dict( + DESCRIPTOR=_MIXERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.MixerConfig) -}) +)) _sym_db.RegisterMessage(MixerConfig) -MixerPolicyConfig = _reflection.GeneratedProtocolMessageType('MixerPolicyConfig', (_message.Message,), { - 'DESCRIPTOR': _MIXERPOLICYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +MixerPolicyConfig = _reflection.GeneratedProtocolMessageType('MixerPolicyConfig', (_message.Message,), dict( + DESCRIPTOR=_MIXERPOLICYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.MixerPolicyConfig) -}) +)) _sym_db.RegisterMessage(MixerPolicyConfig) -MixerTelemetryConfig = _reflection.GeneratedProtocolMessageType('MixerTelemetryConfig', (_message.Message,), { - 'DESCRIPTOR': _MIXERTELEMETRYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +MixerTelemetryConfig = _reflection.GeneratedProtocolMessageType('MixerTelemetryConfig', (_message.Message,), dict( + DESCRIPTOR=_MIXERTELEMETRYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.MixerTelemetryConfig) -}) +)) _sym_db.RegisterMessage(MixerTelemetryConfig) -MultiClusterConfig = _reflection.GeneratedProtocolMessageType('MultiClusterConfig', (_message.Message,), { - 'DESCRIPTOR': _MULTICLUSTERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +MultiClusterConfig = _reflection.GeneratedProtocolMessageType('MultiClusterConfig', (_message.Message,), dict( + DESCRIPTOR=_MULTICLUSTERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.MultiClusterConfig) -}) +)) _sym_db.RegisterMessage(MultiClusterConfig) -NodeAgentConfig = _reflection.GeneratedProtocolMessageType('NodeAgentConfig', (_message.Message,), { - 'DESCRIPTOR': _NODEAGENTCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +NodeAgentConfig = _reflection.GeneratedProtocolMessageType('NodeAgentConfig', (_message.Message,), dict( + DESCRIPTOR=_NODEAGENTCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.NodeAgentConfig) -}) +)) _sym_db.RegisterMessage(NodeAgentConfig) -OutboundTrafficPolicyConfig = _reflection.GeneratedProtocolMessageType('OutboundTrafficPolicyConfig', (_message.Message,), { - 'DESCRIPTOR': _OUTBOUNDTRAFFICPOLICYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +OutboundTrafficPolicyConfig = _reflection.GeneratedProtocolMessageType('OutboundTrafficPolicyConfig', (_message.Message,), dict( + DESCRIPTOR=_OUTBOUNDTRAFFICPOLICYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.OutboundTrafficPolicyConfig) -}) +)) _sym_db.RegisterMessage(OutboundTrafficPolicyConfig) -PilotConfig = _reflection.GeneratedProtocolMessageType('PilotConfig', (_message.Message,), { - 'DESCRIPTOR': _PILOTCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +PilotConfig = _reflection.GeneratedProtocolMessageType('PilotConfig', (_message.Message,), dict( + DESCRIPTOR=_PILOTCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.PilotConfig) -}) +)) _sym_db.RegisterMessage(PilotConfig) -PilotIngressConfig = _reflection.GeneratedProtocolMessageType('PilotIngressConfig', (_message.Message,), { - 'DESCRIPTOR': _PILOTINGRESSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +PilotIngressConfig = _reflection.GeneratedProtocolMessageType('PilotIngressConfig', (_message.Message,), dict( + DESCRIPTOR=_PILOTINGRESSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.PilotIngressConfig) -}) +)) _sym_db.RegisterMessage(PilotIngressConfig) -PilotPolicyConfig = _reflection.GeneratedProtocolMessageType('PilotPolicyConfig', (_message.Message,), { - 'DESCRIPTOR': _PILOTPOLICYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +PilotPolicyConfig = _reflection.GeneratedProtocolMessageType('PilotPolicyConfig', (_message.Message,), dict( + DESCRIPTOR=_PILOTPOLICYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.PilotPolicyConfig) -}) +)) _sym_db.RegisterMessage(PilotPolicyConfig) -TelemetryConfig = _reflection.GeneratedProtocolMessageType('TelemetryConfig', (_message.Message,), { - 'DESCRIPTOR': _TELEMETRYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TelemetryConfig = _reflection.GeneratedProtocolMessageType('TelemetryConfig', (_message.Message,), dict( + DESCRIPTOR=_TELEMETRYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TelemetryConfig) -}) +)) _sym_db.RegisterMessage(TelemetryConfig) -TelemetryV1Config = _reflection.GeneratedProtocolMessageType('TelemetryV1Config', (_message.Message,), { - 'DESCRIPTOR': _TELEMETRYV1CONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TelemetryV1Config = _reflection.GeneratedProtocolMessageType('TelemetryV1Config', (_message.Message,), dict( + DESCRIPTOR=_TELEMETRYV1CONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TelemetryV1Config) -}) +)) _sym_db.RegisterMessage(TelemetryV1Config) -TelemetryV2Config = _reflection.GeneratedProtocolMessageType('TelemetryV2Config', (_message.Message,), { - 'DESCRIPTOR': _TELEMETRYV2CONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TelemetryV2Config = _reflection.GeneratedProtocolMessageType('TelemetryV2Config', (_message.Message,), dict( + DESCRIPTOR=_TELEMETRYV2CONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TelemetryV2Config) -}) +)) _sym_db.RegisterMessage(TelemetryV2Config) -TelemetryV2PrometheusConfig = _reflection.GeneratedProtocolMessageType('TelemetryV2PrometheusConfig', (_message.Message,), { - 'DESCRIPTOR': _TELEMETRYV2PROMETHEUSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TelemetryV2PrometheusConfig = _reflection.GeneratedProtocolMessageType('TelemetryV2PrometheusConfig', (_message.Message,), dict( + DESCRIPTOR=_TELEMETRYV2PROMETHEUSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TelemetryV2PrometheusConfig) -}) +)) _sym_db.RegisterMessage(TelemetryV2PrometheusConfig) -TelemetryV2StackDriverConfig = _reflection.GeneratedProtocolMessageType('TelemetryV2StackDriverConfig', (_message.Message,), { - 'DESCRIPTOR': _TELEMETRYV2STACKDRIVERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TelemetryV2StackDriverConfig = _reflection.GeneratedProtocolMessageType('TelemetryV2StackDriverConfig', (_message.Message,), dict( + DESCRIPTOR=_TELEMETRYV2STACKDRIVERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TelemetryV2StackDriverConfig) -}) +)) _sym_db.RegisterMessage(TelemetryV2StackDriverConfig) -PilotConfigSource = _reflection.GeneratedProtocolMessageType('PilotConfigSource', (_message.Message,), { - 'DESCRIPTOR': _PILOTCONFIGSOURCE, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +PilotConfigSource = _reflection.GeneratedProtocolMessageType('PilotConfigSource', (_message.Message,), dict( + DESCRIPTOR=_PILOTCONFIGSOURCE, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.PilotConfigSource) -}) +)) _sym_db.RegisterMessage(PilotConfigSource) -PortsConfig = _reflection.GeneratedProtocolMessageType('PortsConfig', (_message.Message,), { - 'DESCRIPTOR': _PORTSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +PortsConfig = _reflection.GeneratedProtocolMessageType('PortsConfig', (_message.Message,), dict( + DESCRIPTOR=_PORTSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.PortsConfig) -}) +)) _sym_db.RegisterMessage(PortsConfig) -PrometheusConfig = _reflection.GeneratedProtocolMessageType('PrometheusConfig', (_message.Message,), { - 'DESCRIPTOR': _PROMETHEUSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +PrometheusConfig = _reflection.GeneratedProtocolMessageType('PrometheusConfig', (_message.Message,), dict( + DESCRIPTOR=_PROMETHEUSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.PrometheusConfig) -}) +)) _sym_db.RegisterMessage(PrometheusConfig) -PrometheusMixerAdapterConfig = _reflection.GeneratedProtocolMessageType('PrometheusMixerAdapterConfig', (_message.Message,), { - 'DESCRIPTOR': _PROMETHEUSMIXERADAPTERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +PrometheusMixerAdapterConfig = _reflection.GeneratedProtocolMessageType('PrometheusMixerAdapterConfig', (_message.Message,), dict( + DESCRIPTOR=_PROMETHEUSMIXERADAPTERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.PrometheusMixerAdapterConfig) -}) +)) _sym_db.RegisterMessage(PrometheusMixerAdapterConfig) -PrometheusSecurityConfig = _reflection.GeneratedProtocolMessageType('PrometheusSecurityConfig', (_message.Message,), { - 'DESCRIPTOR': _PROMETHEUSSECURITYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +PrometheusSecurityConfig = _reflection.GeneratedProtocolMessageType('PrometheusSecurityConfig', (_message.Message,), dict( + DESCRIPTOR=_PROMETHEUSSECURITYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.PrometheusSecurityConfig) -}) +)) _sym_db.RegisterMessage(PrometheusSecurityConfig) -PrometheusServiceConfig = _reflection.GeneratedProtocolMessageType('PrometheusServiceConfig', (_message.Message,), { - 'DESCRIPTOR': _PROMETHEUSSERVICECONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +PrometheusServiceConfig = _reflection.GeneratedProtocolMessageType('PrometheusServiceConfig', (_message.Message,), dict( + DESCRIPTOR=_PROMETHEUSSERVICECONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.PrometheusServiceConfig) -}) +)) _sym_db.RegisterMessage(PrometheusServiceConfig) -PrometheusServiceNodePortConfig = _reflection.GeneratedProtocolMessageType('PrometheusServiceNodePortConfig', (_message.Message,), { - 'DESCRIPTOR': _PROMETHEUSSERVICENODEPORTCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +PrometheusServiceNodePortConfig = _reflection.GeneratedProtocolMessageType('PrometheusServiceNodePortConfig', (_message.Message,), dict( + DESCRIPTOR=_PROMETHEUSSERVICENODEPORTCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.PrometheusServiceNodePortConfig) -}) +)) _sym_db.RegisterMessage(PrometheusServiceNodePortConfig) -ProxyConfig = _reflection.GeneratedProtocolMessageType('ProxyConfig', (_message.Message,), { - 'DESCRIPTOR': _PROXYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +ProxyConfig = _reflection.GeneratedProtocolMessageType('ProxyConfig', (_message.Message,), dict( + DESCRIPTOR=_PROXYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.ProxyConfig) -}) +)) _sym_db.RegisterMessage(ProxyConfig) -EnvoyAccessLogConfig = _reflection.GeneratedProtocolMessageType('EnvoyAccessLogConfig', (_message.Message,), { - 'DESCRIPTOR': _ENVOYACCESSLOGCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +EnvoyAccessLogConfig = _reflection.GeneratedProtocolMessageType('EnvoyAccessLogConfig', (_message.Message,), dict( + DESCRIPTOR=_ENVOYACCESSLOGCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.EnvoyAccessLogConfig) -}) +)) _sym_db.RegisterMessage(EnvoyAccessLogConfig) -EnvoyAccessLogtlsSettings = _reflection.GeneratedProtocolMessageType('EnvoyAccessLogtlsSettings', (_message.Message,), { - 'DESCRIPTOR': _ENVOYACCESSLOGTLSSETTINGS, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +EnvoyAccessLogtlsSettings = _reflection.GeneratedProtocolMessageType('EnvoyAccessLogtlsSettings', (_message.Message,), dict( + DESCRIPTOR=_ENVOYACCESSLOGTLSSETTINGS, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.EnvoyAccessLogtlsSettings) -}) +)) _sym_db.RegisterMessage(EnvoyAccessLogtlsSettings) -ProxyInitConfig = _reflection.GeneratedProtocolMessageType('ProxyInitConfig', (_message.Message,), { - 'DESCRIPTOR': _PROXYINITCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +ProxyInitConfig = _reflection.GeneratedProtocolMessageType('ProxyInitConfig', (_message.Message,), dict( + DESCRIPTOR=_PROXYINITCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.ProxyInitConfig) -}) +)) _sym_db.RegisterMessage(ProxyInitConfig) -ResourcesRequestsConfig = _reflection.GeneratedProtocolMessageType('ResourcesRequestsConfig', (_message.Message,), { - 'DESCRIPTOR': _RESOURCESREQUESTSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +ResourcesRequestsConfig = _reflection.GeneratedProtocolMessageType('ResourcesRequestsConfig', (_message.Message,), dict( + DESCRIPTOR=_RESOURCESREQUESTSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.ResourcesRequestsConfig) -}) +)) _sym_db.RegisterMessage(ResourcesRequestsConfig) -SDSConfig = _reflection.GeneratedProtocolMessageType('SDSConfig', (_message.Message,), { - 'DESCRIPTOR': _SDSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +SDSConfig = _reflection.GeneratedProtocolMessageType('SDSConfig', (_message.Message,), dict( + DESCRIPTOR=_SDSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.SDSConfig) -}) +)) _sym_db.RegisterMessage(SDSConfig) -SecretVolume = _reflection.GeneratedProtocolMessageType('SecretVolume', (_message.Message,), { - 'DESCRIPTOR': _SECRETVOLUME, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +SecretVolume = _reflection.GeneratedProtocolMessageType('SecretVolume', (_message.Message,), dict( + DESCRIPTOR=_SECRETVOLUME, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.SecretVolume) -}) +)) _sym_db.RegisterMessage(SecretVolume) -SecurityConfig = _reflection.GeneratedProtocolMessageType('SecurityConfig', (_message.Message,), { +SecurityConfig = _reflection.GeneratedProtocolMessageType('SecurityConfig', (_message.Message,), dict( - 'DnsCertsEntry': _reflection.GeneratedProtocolMessageType('DnsCertsEntry', (_message.Message,), { - 'DESCRIPTOR': _SECURITYCONFIG_DNSCERTSENTRY, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' + DnsCertsEntry=_reflection.GeneratedProtocolMessageType('DnsCertsEntry', (_message.Message,), dict( + DESCRIPTOR=_SECURITYCONFIG_DNSCERTSENTRY, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.SecurityConfig.DnsCertsEntry) - }), - 'DESCRIPTOR': _SECURITYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' + )), + DESCRIPTOR=_SECURITYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.SecurityConfig) -}) +)) _sym_db.RegisterMessage(SecurityConfig) _sym_db.RegisterMessage(SecurityConfig.DnsCertsEntry) -ServiceConfig = _reflection.GeneratedProtocolMessageType('ServiceConfig', (_message.Message,), { - 'DESCRIPTOR': _SERVICECONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +ServiceConfig = _reflection.GeneratedProtocolMessageType('ServiceConfig', (_message.Message,), dict( + DESCRIPTOR=_SERVICECONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.ServiceConfig) -}) +)) _sym_db.RegisterMessage(ServiceConfig) -SidecarInjectorConfig = _reflection.GeneratedProtocolMessageType('SidecarInjectorConfig', (_message.Message,), { - 'DESCRIPTOR': _SIDECARINJECTORCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +SidecarInjectorConfig = _reflection.GeneratedProtocolMessageType('SidecarInjectorConfig', (_message.Message,), dict( + DESCRIPTOR=_SIDECARINJECTORCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.SidecarInjectorConfig) -}) +)) _sym_db.RegisterMessage(SidecarInjectorConfig) -StdioMixerAdapterConfig = _reflection.GeneratedProtocolMessageType('StdioMixerAdapterConfig', (_message.Message,), { - 'DESCRIPTOR': _STDIOMIXERADAPTERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +StdioMixerAdapterConfig = _reflection.GeneratedProtocolMessageType('StdioMixerAdapterConfig', (_message.Message,), dict( + DESCRIPTOR=_STDIOMIXERADAPTERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.StdioMixerAdapterConfig) -}) +)) _sym_db.RegisterMessage(StdioMixerAdapterConfig) -StackdriverMixerAdapterConfig = _reflection.GeneratedProtocolMessageType('StackdriverMixerAdapterConfig', (_message.Message,), { +StackdriverMixerAdapterConfig = _reflection.GeneratedProtocolMessageType('StackdriverMixerAdapterConfig', (_message.Message,), dict( - 'EnabledConfig': _reflection.GeneratedProtocolMessageType('EnabledConfig', (_message.Message,), { - 'DESCRIPTOR': _STACKDRIVERMIXERADAPTERCONFIG_ENABLEDCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' + EnabledConfig=_reflection.GeneratedProtocolMessageType('EnabledConfig', (_message.Message,), dict( + DESCRIPTOR=_STACKDRIVERMIXERADAPTERCONFIG_ENABLEDCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.StackdriverMixerAdapterConfig.EnabledConfig) - }), - 'DESCRIPTOR': _STACKDRIVERMIXERADAPTERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' + )), + DESCRIPTOR=_STACKDRIVERMIXERADAPTERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.StackdriverMixerAdapterConfig) -}) +)) _sym_db.RegisterMessage(StackdriverMixerAdapterConfig) _sym_db.RegisterMessage(StackdriverMixerAdapterConfig.EnabledConfig) -StackdriverAuthConfig = _reflection.GeneratedProtocolMessageType('StackdriverAuthConfig', (_message.Message,), { - 'DESCRIPTOR': _STACKDRIVERAUTHCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +StackdriverAuthConfig = _reflection.GeneratedProtocolMessageType('StackdriverAuthConfig', (_message.Message,), dict( + DESCRIPTOR=_STACKDRIVERAUTHCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.StackdriverAuthConfig) -}) +)) _sym_db.RegisterMessage(StackdriverAuthConfig) -StackdriverTracerConfig = _reflection.GeneratedProtocolMessageType('StackdriverTracerConfig', (_message.Message,), { - 'DESCRIPTOR': _STACKDRIVERTRACERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +StackdriverTracerConfig = _reflection.GeneratedProtocolMessageType('StackdriverTracerConfig', (_message.Message,), dict( + DESCRIPTOR=_STACKDRIVERTRACERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.StackdriverTracerConfig) -}) +)) _sym_db.RegisterMessage(StackdriverTracerConfig) -StackdriverContextGraph = _reflection.GeneratedProtocolMessageType('StackdriverContextGraph', (_message.Message,), { - 'DESCRIPTOR': _STACKDRIVERCONTEXTGRAPH, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +StackdriverContextGraph = _reflection.GeneratedProtocolMessageType('StackdriverContextGraph', (_message.Message,), dict( + DESCRIPTOR=_STACKDRIVERCONTEXTGRAPH, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.StackdriverContextGraph) -}) +)) _sym_db.RegisterMessage(StackdriverContextGraph) -TracerConfig = _reflection.GeneratedProtocolMessageType('TracerConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracerConfig = _reflection.GeneratedProtocolMessageType('TracerConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracerConfig) -}) +)) _sym_db.RegisterMessage(TracerConfig) -TracerDatadogConfig = _reflection.GeneratedProtocolMessageType('TracerDatadogConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACERDATADOGCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracerDatadogConfig = _reflection.GeneratedProtocolMessageType('TracerDatadogConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACERDATADOGCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracerDatadogConfig) -}) +)) _sym_db.RegisterMessage(TracerDatadogConfig) -TracerLightStepConfig = _reflection.GeneratedProtocolMessageType('TracerLightStepConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACERLIGHTSTEPCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracerLightStepConfig = _reflection.GeneratedProtocolMessageType('TracerLightStepConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACERLIGHTSTEPCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracerLightStepConfig) -}) +)) _sym_db.RegisterMessage(TracerLightStepConfig) -TracerZipkinConfig = _reflection.GeneratedProtocolMessageType('TracerZipkinConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACERZIPKINCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracerZipkinConfig = _reflection.GeneratedProtocolMessageType('TracerZipkinConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACERZIPKINCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracerZipkinConfig) -}) +)) _sym_db.RegisterMessage(TracerZipkinConfig) -TracingConfig = _reflection.GeneratedProtocolMessageType('TracingConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACINGCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracingConfig = _reflection.GeneratedProtocolMessageType('TracingConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACINGCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracingConfig) -}) +)) _sym_db.RegisterMessage(TracingConfig) -TracingOpencensusConfig = _reflection.GeneratedProtocolMessageType('TracingOpencensusConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACINGOPENCENSUSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracingOpencensusConfig = _reflection.GeneratedProtocolMessageType('TracingOpencensusConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACINGOPENCENSUSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracingOpencensusConfig) -}) +)) _sym_db.RegisterMessage(TracingOpencensusConfig) -TracingOpencensusExportersConfig = _reflection.GeneratedProtocolMessageType('TracingOpencensusExportersConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACINGOPENCENSUSEXPORTERSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracingOpencensusExportersConfig = _reflection.GeneratedProtocolMessageType('TracingOpencensusExportersConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACINGOPENCENSUSEXPORTERSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracingOpencensusExportersConfig) -}) +)) _sym_db.RegisterMessage(TracingOpencensusExportersConfig) -TracingIngressConfig = _reflection.GeneratedProtocolMessageType('TracingIngressConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACINGINGRESSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracingIngressConfig = _reflection.GeneratedProtocolMessageType('TracingIngressConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACINGINGRESSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracingIngressConfig) -}) +)) _sym_db.RegisterMessage(TracingIngressConfig) -TracingJaegerConfig = _reflection.GeneratedProtocolMessageType('TracingJaegerConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACINGJAEGERCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracingJaegerConfig = _reflection.GeneratedProtocolMessageType('TracingJaegerConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACINGJAEGERCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracingJaegerConfig) -}) +)) _sym_db.RegisterMessage(TracingJaegerConfig) -TracingJaegerMemoryConfig = _reflection.GeneratedProtocolMessageType('TracingJaegerMemoryConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACINGJAEGERMEMORYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracingJaegerMemoryConfig = _reflection.GeneratedProtocolMessageType('TracingJaegerMemoryConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACINGJAEGERMEMORYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracingJaegerMemoryConfig) -}) +)) _sym_db.RegisterMessage(TracingJaegerMemoryConfig) -TracingZipkinConfig = _reflection.GeneratedProtocolMessageType('TracingZipkinConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACINGZIPKINCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracingZipkinConfig = _reflection.GeneratedProtocolMessageType('TracingZipkinConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACINGZIPKINCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracingZipkinConfig) -}) +)) _sym_db.RegisterMessage(TracingZipkinConfig) -TracingZipkinNodeConfig = _reflection.GeneratedProtocolMessageType('TracingZipkinNodeConfig', (_message.Message,), { - 'DESCRIPTOR': _TRACINGZIPKINNODECONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TracingZipkinNodeConfig = _reflection.GeneratedProtocolMessageType('TracingZipkinNodeConfig', (_message.Message,), dict( + DESCRIPTOR=_TRACINGZIPKINNODECONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TracingZipkinNodeConfig) -}) +)) _sym_db.RegisterMessage(TracingZipkinNodeConfig) -KialiSecurityConfig = _reflection.GeneratedProtocolMessageType('KialiSecurityConfig', (_message.Message,), { - 'DESCRIPTOR': _KIALISECURITYCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +KialiSecurityConfig = _reflection.GeneratedProtocolMessageType('KialiSecurityConfig', (_message.Message,), dict( + DESCRIPTOR=_KIALISECURITYCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.KialiSecurityConfig) -}) +)) _sym_db.RegisterMessage(KialiSecurityConfig) -KialiDashboardConfig = _reflection.GeneratedProtocolMessageType('KialiDashboardConfig', (_message.Message,), { - 'DESCRIPTOR': _KIALIDASHBOARDCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +KialiDashboardConfig = _reflection.GeneratedProtocolMessageType('KialiDashboardConfig', (_message.Message,), dict( + DESCRIPTOR=_KIALIDASHBOARDCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.KialiDashboardConfig) -}) +)) _sym_db.RegisterMessage(KialiDashboardConfig) -KialiIngressConfig = _reflection.GeneratedProtocolMessageType('KialiIngressConfig', (_message.Message,), { - 'DESCRIPTOR': _KIALIINGRESSCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +KialiIngressConfig = _reflection.GeneratedProtocolMessageType('KialiIngressConfig', (_message.Message,), dict( + DESCRIPTOR=_KIALIINGRESSCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.KialiIngressConfig) -}) +)) _sym_db.RegisterMessage(KialiIngressConfig) -KialiConfig = _reflection.GeneratedProtocolMessageType('KialiConfig', (_message.Message,), { - 'DESCRIPTOR': _KIALICONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +KialiConfig = _reflection.GeneratedProtocolMessageType('KialiConfig', (_message.Message,), dict( + DESCRIPTOR=_KIALICONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.KialiConfig) -}) +)) _sym_db.RegisterMessage(KialiConfig) -Values = _reflection.GeneratedProtocolMessageType('Values', (_message.Message,), { - 'DESCRIPTOR': _VALUES, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +Values = _reflection.GeneratedProtocolMessageType('Values', (_message.Message,), dict( + DESCRIPTOR=_VALUES, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.Values) -}) +)) _sym_db.RegisterMessage(Values) -TypeMapStringInterface = _reflection.GeneratedProtocolMessageType('TypeMapStringInterface', (_message.Message,), { - 'DESCRIPTOR': _TYPEMAPSTRINGINTERFACE, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TypeMapStringInterface = _reflection.GeneratedProtocolMessageType('TypeMapStringInterface', (_message.Message,), dict( + DESCRIPTOR=_TYPEMAPSTRINGINTERFACE, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TypeMapStringInterface) -}) +)) _sym_db.RegisterMessage(TypeMapStringInterface) -TypeSliceOfMapStringInterface = _reflection.GeneratedProtocolMessageType('TypeSliceOfMapStringInterface', (_message.Message,), { - 'DESCRIPTOR': _TYPESLICEOFMAPSTRINGINTERFACE, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TypeSliceOfMapStringInterface = _reflection.GeneratedProtocolMessageType('TypeSliceOfMapStringInterface', (_message.Message,), dict( + DESCRIPTOR=_TYPESLICEOFMAPSTRINGINTERFACE, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TypeSliceOfMapStringInterface) -}) +)) _sym_db.RegisterMessage(TypeSliceOfMapStringInterface) -TypeIntOrStringForPB = _reflection.GeneratedProtocolMessageType('TypeIntOrStringForPB', (_message.Message,), { - 'DESCRIPTOR': _TYPEINTORSTRINGFORPB, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +TypeIntOrStringForPB = _reflection.GeneratedProtocolMessageType('TypeIntOrStringForPB', (_message.Message,), dict( + DESCRIPTOR=_TYPEINTORSTRINGFORPB, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.TypeIntOrStringForPB) -}) +)) _sym_db.RegisterMessage(TypeIntOrStringForPB) -ZeroVPNConfig = _reflection.GeneratedProtocolMessageType('ZeroVPNConfig', (_message.Message,), { - 'DESCRIPTOR': _ZEROVPNCONFIG, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +ZeroVPNConfig = _reflection.GeneratedProtocolMessageType('ZeroVPNConfig', (_message.Message,), dict( + DESCRIPTOR=_ZEROVPNCONFIG, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.ZeroVPNConfig) -}) +)) _sym_db.RegisterMessage(ZeroVPNConfig) -StringOrNumber = _reflection.GeneratedProtocolMessageType('StringOrNumber', (_message.Message,), { - 'DESCRIPTOR': _STRINGORNUMBER, - '__module__': 'pkg.apis.istio.v1alpha1.values_types_pb2' +StringOrNumber = _reflection.GeneratedProtocolMessageType('StringOrNumber', (_message.Message,), dict( + DESCRIPTOR=_STRINGORNUMBER, + __module__='pkg.apis.istio.v1alpha1.values_types_pb2' # @@protoc_insertion_point(class_scope:v1alpha1.StringOrNumber) -}) +)) _sym_db.RegisterMessage(StringOrNumber) From 7040936f513d8bf08bece4a0b3838b0097f5beb0 Mon Sep 17 00:00:00 2001 From: Ed Snible Date: Sat, 25 Jan 2020 02:41:08 -0500 Subject: [PATCH 19/31] Don't expect meaningful data from Kubernetes during --dry-run (#20448) --- operator/pkg/manifest/installer.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/operator/pkg/manifest/installer.go b/operator/pkg/manifest/installer.go index dfc7e6d4f499..a697b44fd003 100644 --- a/operator/pkg/manifest/installer.go +++ b/operator/pkg/manifest/installer.go @@ -268,7 +268,7 @@ func ApplyManifest(componentName name.ComponentName, manifestStr, version string // TODO: remove this when `kubectl --prune` supports empty objects // (https://github.com/kubernetes/kubernetes/issues/40635) // Delete all resources for a disabled component - if len(objects) == 0 { + if len(objects) == 0 && !opts.DryRun { getOpts := opts getOpts.Output = "yaml" getOpts.ExtraArgs = []string{"--all-namespaces", "--selector", componentLabel} @@ -363,16 +363,16 @@ func GetKubectlGetItems(stdoutGet string) ([]interface{}, error) { return nil, err } if yamlGet["kind"] != "List" { - return nil, fmt.Errorf("`kubectl get` returned a yaml whose kind is not List") + return nil, fmt.Errorf("`kubectl get` returned YAML whose kind is not List") } if _, ok := yamlGet["items"]; !ok { - return nil, fmt.Errorf("`kubectl get` returned a yaml without 'items' in the root") + return nil, fmt.Errorf("`kubectl get` returned YAML without 'items'") } switch items := yamlGet["items"].(type) { case []interface{}: return items, nil } - return nil, fmt.Errorf("`kubectl get` returned a yaml incorrecnt type 'items' in the root") + return nil, fmt.Errorf("`kubectl get` returned incorrect 'items' type") } func DeploymentExists(kubeconfig, context, namespace, name string) (bool, error) { From 140f2eeb138aa4171e057ddb63d75e0fd922901c Mon Sep 17 00:00:00 2001 From: Brian Avery Date: Sat, 25 Jan 2020 02:41:22 -0500 Subject: [PATCH 20/31] Added wait on virtual service and removed sleep (#20524) --- .../istioio/trafficmanagement/scripts/traffic_shifting.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/integration/istioio/trafficmanagement/scripts/traffic_shifting.txt b/tests/integration/istioio/trafficmanagement/scripts/traffic_shifting.txt index 1a4218b7a919..e775356149b7 100644 --- a/tests/integration/istioio/trafficmanagement/scripts/traffic_shifting.txt +++ b/tests/integration/istioio/trafficmanagement/scripts/traffic_shifting.txt @@ -87,7 +87,6 @@ virtualservice.networking.istio.io/ratings created virtualservice.networking.istio.io/details created # $endsnippet -sleep 10 # Step 2: verify no rating stars visible, (reviews-v3 traffic=0%) verify_traffic_shift 0 @@ -98,6 +97,8 @@ $ kubectl apply -f @samples/bookinfo/networking/virtual-service-reviews-50-v3.ya # $verify virtualservice.networking.istio.io/reviews configured # $endsnippet +istioctl experimental wait --for=distribution VirtualService reviews.default + # Step 4: Confirm the rule was replaced From a665136fab1d6e61df6481e45edff24c7532d806 Mon Sep 17 00:00:00 2001 From: Rama Chavali Date: Sat, 25 Jan 2020 13:59:50 +0530 Subject: [PATCH 21/31] add mirror percentage support in http route (#20474) * add mirror percentage support in http route Signed-off-by: Rama Chavali * default to 100 if nothing is specified Signed-off-by: Rama Chavali * fix condition Signed-off-by: Rama Chavali * 100 denominator Signed-off-by: Rama Chavali * case order Signed-off-by: Rama Chavali * add zero mirror case Signed-off-by: Rama Chavali * handle zero case Signed-off-by: Rama Chavali * pass percent Signed-off-by: Rama Chavali * fix compile Signed-off-by: Rama Chavali * add tests Signed-off-by: Rama Chavali * revert template change Signed-off-by: Rama Chavali --- .../networking/core/v1alpha3/route/route.go | 48 ++++++---- .../v1alpha3/route/route_internal_test.go | 88 +++++++++++++++++++ pkg/config/validation/validation.go | 6 ++ pkg/config/validation/validation_test.go | 25 ++++++ 4 files changed, 151 insertions(+), 16 deletions(-) diff --git a/pilot/pkg/networking/core/v1alpha3/route/route.go b/pilot/pkg/networking/core/v1alpha3/route/route.go index 62f472452cde..4d9b80a5ac1f 100644 --- a/pilot/pkg/networking/core/v1alpha3/route/route.go +++ b/pilot/pkg/networking/core/v1alpha3/route/route.go @@ -432,21 +432,10 @@ func translateRoute(push *model.PushContext, node *model.Proxy, in *networking.H out.ResponseHeadersToRemove = responseHeadersToRemove if in.Mirror != nil { - var percent uint32 = 100 - if in.MirrorPercent != nil { - percent = in.MirrorPercent.GetValue() - } - - if percent > 0 { - n := GetDestinationCluster(in.Mirror, serviceRegistry[host.Name(in.Mirror.Host)], port) + if mp := mirrorPercent(in); mp != nil { action.RequestMirrorPolicy = &route.RouteAction_RequestMirrorPolicy{ - Cluster: n, - RuntimeFraction: &core.RuntimeFractionalPercent{ - DefaultValue: &xdstype.FractionalPercent{ - Numerator: percent, - Denominator: xdstype.FractionalPercent_HUNDRED, - }, - }, + Cluster: GetDestinationCluster(in.Mirror, serviceRegistry[host.Name(in.Mirror.Host)], port), + RuntimeFraction: mp, } } } @@ -527,6 +516,33 @@ func translateRoute(push *model.PushContext, node *model.Proxy, in *networking.H // SortHeaderValueOption type and the functions below (Len, Less and Swap) are for sort.Stable for type HeaderValueOption type SortHeaderValueOption []*core.HeaderValueOption +// mirrorPercent computes the mirror percent to be used based on "Mirror" data in route. +func mirrorPercent(in *networking.HTTPRoute) *core.RuntimeFractionalPercent { + switch { + case in.MirrorPercentage != nil: + if in.MirrorPercentage.GetValue() > 0 { + return &core.RuntimeFractionalPercent{ + DefaultValue: translatePercentToFractionalPercent(in.MirrorPercentage), + } + } + // If zero percent is provided explicitly, we should not mirror. + return nil + case in.MirrorPercent != nil: + if in.MirrorPercent.GetValue() > 0 { + return &core.RuntimeFractionalPercent{ + DefaultValue: translateIntegerToFractionalPercent((int32(in.MirrorPercent.GetValue()))), + } + } + // If zero percent is provided explicitly, we should not mirror. + return nil + default: + // Default to 100 percent if percent is not given. + return &core.RuntimeFractionalPercent{ + DefaultValue: translateIntegerToFractionalPercent(100), + } + } +} + // Len is i the sort.Interface for SortHeaderValueOption func (b SortHeaderValueOption) Len() int { return len(b) @@ -831,8 +847,8 @@ func translatePercentToFractionalPercent(p *networking.Percent) *xdstype.Fractio // envoy.type.FractionalPercent instance. func translateIntegerToFractionalPercent(p int32) *xdstype.FractionalPercent { return &xdstype.FractionalPercent{ - Numerator: uint32(p * 10000), - Denominator: xdstype.FractionalPercent_MILLION, + Numerator: uint32(p), + Denominator: xdstype.FractionalPercent_HUNDRED, } } diff --git a/pilot/pkg/networking/core/v1alpha3/route/route_internal_test.go b/pilot/pkg/networking/core/v1alpha3/route/route_internal_test.go index 00927237f11d..3d58451f8954 100644 --- a/pilot/pkg/networking/core/v1alpha3/route/route_internal_test.go +++ b/pilot/pkg/networking/core/v1alpha3/route/route_internal_test.go @@ -19,9 +19,11 @@ import ( "testing" "time" + core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" envoy_type "github.com/envoyproxy/go-control-plane/envoy/type" + xdstype "github.com/envoyproxy/go-control-plane/envoy/type" envoy_type_matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" "github.com/gogo/protobuf/types" "github.com/golang/protobuf/ptypes/wrappers" @@ -483,3 +485,89 @@ func TestTranslateCORSPolicy(t *testing.T) { }) } } + +func TestMirrorPercent(t *testing.T) { + cases := []struct { + name string + route *networking.HTTPRoute + want *core.RuntimeFractionalPercent + }{ + { + name: "zero mirror percent", + route: &networking.HTTPRoute{ + Mirror: &networking.Destination{}, + MirrorPercent: &types.UInt32Value{Value: 0.0}, + }, + want: nil, + }, + { + name: "mirror with no value given", + route: &networking.HTTPRoute{ + Mirror: &networking.Destination{}, + }, + want: &core.RuntimeFractionalPercent{ + DefaultValue: &xdstype.FractionalPercent{ + Numerator: 100, + Denominator: xdstype.FractionalPercent_HUNDRED, + }, + }, + }, + { + name: "mirror with actual percent", + route: &networking.HTTPRoute{ + Mirror: &networking.Destination{}, + MirrorPercent: &types.UInt32Value{Value: 50}, + }, + want: &core.RuntimeFractionalPercent{ + DefaultValue: &xdstype.FractionalPercent{ + Numerator: 50, + Denominator: xdstype.FractionalPercent_HUNDRED, + }, + }, + }, + { + name: "zero mirror percentage", + route: &networking.HTTPRoute{ + Mirror: &networking.Destination{}, + MirrorPercentage: &networking.Percent{Value: 0.0}, + }, + want: nil, + }, + { + name: "mirrorpercentage with actual percent", + route: &networking.HTTPRoute{ + Mirror: &networking.Destination{}, + MirrorPercentage: &networking.Percent{Value: 50.0}, + }, + want: &core.RuntimeFractionalPercent{ + DefaultValue: &xdstype.FractionalPercent{ + Numerator: 500000, + Denominator: xdstype.FractionalPercent_MILLION, + }, + }, + }, + { + name: "mirrorpercentage takes precedence when both are given", + route: &networking.HTTPRoute{ + Mirror: &networking.Destination{}, + MirrorPercent: &types.UInt32Value{Value: 40}, + MirrorPercentage: &networking.Percent{Value: 50.0}, + }, + want: &core.RuntimeFractionalPercent{ + DefaultValue: &xdstype.FractionalPercent{ + Numerator: 500000, + Denominator: xdstype.FractionalPercent_MILLION, + }, + }, + }, + } + + for _, tt := range cases { + t.Run(tt.name, func(t *testing.T) { + mp := mirrorPercent(tt.route) + if !reflect.DeepEqual(mp, tt.want) { + t.Errorf("Unexpected mirro percent want %v, got %v", tt.want, mp) + } + }) + } +} diff --git a/pkg/config/validation/validation.go b/pkg/config/validation/validation.go index 24701dcae8b6..f00a89782ec9 100644 --- a/pkg/config/validation/validation.go +++ b/pkg/config/validation/validation.go @@ -2166,6 +2166,12 @@ func validateHTTPRoute(http *networking.HTTPRoute) (errs error) { } } + if http.MirrorPercentage != nil { + if value := http.MirrorPercentage.GetValue(); value > 100 { + errs = appendErrors(errs, fmt.Errorf("mirror_percentage must have a max value of 100 (it has %f)", value)) + } + } + errs = appendErrors(errs, validateDestination(http.Mirror)) errs = appendErrors(errs, validateHTTPRedirect(http.Redirect)) errs = appendErrors(errs, validateHTTPRetry(http.Retries)) diff --git a/pkg/config/validation/validation_test.go b/pkg/config/validation/validation_test.go index e8d0f3191fb5..ca5771498440 100644 --- a/pkg/config/validation/validation_test.go +++ b/pkg/config/validation/validation_test.go @@ -2263,6 +2263,31 @@ func TestValidateHTTPRoute(t *testing.T) { }}, Match: []*networking.HTTPMatchRequest{nil}, }, valid: true}, + {name: "invalid mirror percent", route: &networking.HTTPRoute{ + MirrorPercent: &types.UInt32Value{Value: 101}, + Route: []*networking.HTTPRouteDestination{{ + Destination: &networking.Destination{Host: "foo.bar"}, + }}, + Match: []*networking.HTTPMatchRequest{nil}, + }, valid: false}, + {name: "invalid mirror percentage", route: &networking.HTTPRoute{ + MirrorPercentage: &networking.Percent{ + Value: 101, + }, + Route: []*networking.HTTPRouteDestination{{ + Destination: &networking.Destination{Host: "foo.bar"}, + }}, + Match: []*networking.HTTPMatchRequest{nil}, + }, valid: false}, + {name: "valid mirror percentage", route: &networking.HTTPRoute{ + MirrorPercentage: &networking.Percent{ + Value: 1, + }, + Route: []*networking.HTTPRouteDestination{{ + Destination: &networking.Destination{Host: "foo.bar"}, + }}, + Match: []*networking.HTTPMatchRequest{nil}, + }, valid: true}, } for _, tc := range testCases { From 0b0526e644d43622a9de964ba3ccc2d9bad06fad Mon Sep 17 00:00:00 2001 From: Tao HE <1579288+elfinhe@users.noreply.github.com> Date: Sat, 25 Jan 2020 00:29:57 -0800 Subject: [PATCH 22/31] Update the CNI integ test with component level hub and tag. (#20516) --- tests/integration/pilot/cni/cni_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/integration/pilot/cni/cni_test.go b/tests/integration/pilot/cni/cni_test.go index abca9cc14b16..2bc805ec8a3b 100644 --- a/tests/integration/pilot/cni/cni_test.go +++ b/tests/integration/pilot/cni/cni_test.go @@ -35,8 +35,6 @@ func TestMain(m *testing.M) { components: cni: enabled: true -values: - cni: hub: gcr.io/istio-testing tag: latest ` From b7f2bbf05c8d1de1533f8f3faf9eb3a0326daaf0 Mon Sep 17 00:00:00 2001 From: Jack Kleeman Date: Sun, 26 Jan 2020 01:35:22 +0000 Subject: [PATCH 23/31] Ensure CDS is set up for all destinations of VirtualService (#20408) * Ensure CDS is set up for all destinations of VirtualService Currently if you have a restrictive hosts field in your Sidecar object, you'll need to add hosts for every service that is a destination of any VirtualService you might call. This is problematic as VirtualServices can change and then you'll end up with routes pointing to clusters that aren't available. We don't necessarily want these services to get virtual hosts, as we might only want to call them through the VirtualService, so we need to add them here in ConvertToSidecarScope. We parse the VS objects for all possible destinations, and add them to the list of services that we handle for CDS purposes, on top of the services requested in the hosts field. When parsing, we default to hostnames in the same config namespace, before allowing hostnames from other namespaces, picking randomly. I believe that this is the same as or close to existing behaviour for hostname disambiguation. * Create helper virtualServiceDestinations * Add tests for virtual service CDS inference * Improve comments and make deterministic * Add more tests --- pilot/pkg/model/push_context.go | 56 +++++--- pilot/pkg/model/sidecar.go | 78 ++++++++--- pilot/pkg/model/sidecar_test.go | 225 +++++++++++++++++++++++++++++++- 3 files changed, 323 insertions(+), 36 deletions(-) diff --git a/pilot/pkg/model/push_context.go b/pilot/pkg/model/push_context.go index ae33083c9140..da5d4477c43f 100644 --- a/pilot/pkg/model/push_context.go +++ b/pilot/pkg/model/push_context.go @@ -541,6 +541,41 @@ func (ps *PushContext) UpdateMetrics() { } } +func virtualServiceDestinations(v *networking.VirtualService) []*networking.Destination { + if v == nil { + return nil + } + + var ds []*networking.Destination + + for _, h := range v.Http { + for _, r := range h.Route { + if r.Destination != nil { + ds = append(ds, r.Destination) + } + } + if h.Mirror != nil { + ds = append(ds, h.Mirror) + } + } + for _, t := range v.Tcp { + for _, r := range t.Route { + if r.Destination != nil { + ds = append(ds, r.Destination) + } + } + } + for _, t := range v.Tls { + for _, r := range t.Route { + if r.Destination != nil { + ds = append(ds, r.Destination) + } + } + } + + return ds +} + // GatewayServices returns the set of services which are referred from the proxy gateways. func (ps *PushContext) GatewayServices(proxy *Proxy) []*Service { svcs := ps.Services(proxy) @@ -561,25 +596,8 @@ func (ps *PushContext) GatewayServices(proxy *Proxy) []*Service { return svcs } - for _, h := range vs.Http { - for _, r := range h.Route { - hostsFromGateways[r.Destination.Host] = struct{}{} - } - if h.Mirror != nil { - hostsFromGateways[h.Mirror.Host] = struct{}{} - } - } - - for _, h := range vs.Tls { - for _, r := range h.Route { - hostsFromGateways[r.Destination.Host] = struct{}{} - } - } - - for _, h := range vs.Tcp { - for _, r := range h.Route { - hostsFromGateways[r.Destination.Host] = struct{}{} - } + for _, d := range virtualServiceDestinations(vs) { + hostsFromGateways[d.Host] = struct{}{} } } diff --git a/pilot/pkg/model/sidecar.go b/pilot/pkg/model/sidecar.go index 34c1370cfc77..e5411dd3438f 100644 --- a/pilot/pkg/model/sidecar.go +++ b/pilot/pkg/model/sidecar.go @@ -15,6 +15,7 @@ package model import ( + "sort" "strings" xdsapi "github.com/envoyproxy/go-control-plane/envoy/api/v2" @@ -216,26 +217,71 @@ func ConvertToSidecarScope(ps *PushContext, sidecarConfig *Config, configNamespa // Assign namespace dependencies out.namespaceDependencies = make(map[string]struct{}) + + addService := func(s *Service) { + if s == nil { + return + } + if foundSvc, found := servicesAdded[string(s.Hostname)]; !found { + servicesAdded[string(s.Hostname)] = s + out.services = append(out.services, s) + out.namespaceDependencies[s.Attributes.Namespace] = struct{}{} + } else if foundSvc.Attributes.Namespace == s.Attributes.Namespace && s.Ports != nil && len(s.Ports) > 0 { + // merge the ports to service when each listener generates partial service + // we only merge if the found service is in the same namespace as the one we're trying to add + os := servicesAdded[string(s.Hostname)] + for _, p := range s.Ports { + found := false + for _, osp := range os.Ports { + if p.Port == osp.Port { + found = true + break + } + } + if !found { + os.Ports = append(os.Ports, p) + } + } + } + } + for _, listener := range out.EgressListeners { + // First add the explicitly requested services, which take priority for _, s := range listener.services { - if _, found := servicesAdded[string(s.Hostname)]; !found { - servicesAdded[string(s.Hostname)] = s - out.services = append(out.services, s) - out.namespaceDependencies[s.Attributes.Namespace] = struct{}{} - } else if s.Ports != nil && len(s.Ports) > 0 { - // merge the ports to service when each listener generates partial service - os := servicesAdded[string(s.Hostname)] - for _, p := range s.Ports { - found := false - for _, osp := range os.Ports { - if p.Port == osp.Port { - found = true - break - } + addService(s) + } + + // Infer more possible destinations from virtual services + // Services chosen here will not override services explicitly requested in listener.services. + // That way, if there is ambiguity around what hostname to pick, a user can specify the one they + // want in the hosts field, and the potentially random choice below won't matter + for _, vs := range listener.virtualServices { + v := vs.Spec.(*networking.VirtualService) + for _, d := range virtualServiceDestinations(v) { + // Default to this hostname in our config namespace + if s, ok := ps.ServiceByHostnameAndNamespace[host.Name(d.Host)][configNamespace]; ok { + // This won't overwrite hostnames that have already been found eg because they were requested in hosts + addService(s) + } else { + // We couldn't find the hostname in our config namespace + // We have to pick one arbitrarily for now, so we'll pick the first namespace alphabetically + // TODO: could we choose services more intelligently based on their ports? + byNamespace := ps.ServiceByHostnameAndNamespace[host.Name(d.Host)] + if len(byNamespace) == 0 { + // This hostname isn't found anywhere + log.Debugf("Could not find service hostname %s parsed from %s", d.Host, vs.Key()) + continue } - if !found { - os.Ports = append(os.Ports, p) + + ns := make([]string, 0, len(byNamespace)) + for k := range byNamespace { + ns = append(ns, k) } + sort.Strings(ns) + + // Pick first namespace alphabetically + // This won't overwrite hostnames that have already been found eg because they were requested in hosts + addService(byNamespace[ns[0]]) } } } diff --git a/pilot/pkg/model/sidecar_test.go b/pilot/pkg/model/sidecar_test.go index d27212b7086e..33863b255fc6 100644 --- a/pilot/pkg/model/sidecar_test.go +++ b/pilot/pkg/model/sidecar_test.go @@ -21,6 +21,8 @@ import ( "strings" "testing" + "istio.io/istio/pkg/config/schema/collections" + "istio.io/api/mesh/v1alpha1" networking "istio.io/api/networking/v1alpha3" @@ -309,6 +311,42 @@ var ( }, } + configs11 = &Config{ + ConfigMeta: ConfigMeta{ + Name: "sidecar-scope-with-http-proxy-match-virtual-service", + }, + Spec: &networking.Sidecar{ + Egress: []*networking.IstioEgressListener{ + { + Port: &networking.Port{ + Number: 7443, + Protocol: "http_proxy", + Name: "grpc-tls", + }, + Hosts: []string{"foo/virtualbar"}, + }, + }, + }, + } + + configs12 = &Config{ + ConfigMeta: ConfigMeta{ + Name: "sidecar-scope-with-http-proxy-match-virtual-service-and-service", + }, + Spec: &networking.Sidecar{ + Egress: []*networking.IstioEgressListener{ + { + Port: &networking.Port{ + Number: 7443, + Protocol: "http_proxy", + Name: "grpc-tls", + }, + Hosts: []string{"foo/virtualbar", "ns2/foo.svc.cluster.local"}, + }, + }, + }, + } + services1 = []*Service{ {Hostname: "bar"}, } @@ -488,6 +526,79 @@ var ( }, }, } + + services12 = []*Service{ + { + Hostname: "foo.svc.cluster.local", + Ports: port7443, + Attributes: ServiceAttributes{ + Name: "foo", + Namespace: "ns1", + }, + }, + { + Hostname: "foo.svc.cluster.local", + Ports: port8000, + Attributes: ServiceAttributes{ + Name: "foo", + Namespace: "ns2", + }, + }, + { + Hostname: "baz.svc.cluster.local", + Ports: port7443, + Attributes: ServiceAttributes{ + Name: "baz", + Namespace: "ns3", + }, + }, + } + + services13 = []*Service{ + { + Hostname: "foo.svc.cluster.local", + Ports: port7443, + Attributes: ServiceAttributes{ + Name: "foo", + Namespace: "ns1", + }, + }, + { + Hostname: "foo.svc.cluster.local", + Ports: port8000, + Attributes: ServiceAttributes{ + Name: "foo", + Namespace: "mynamespace", + }, + }, + { + Hostname: "baz.svc.cluster.local", + Ports: port7443, + Attributes: ServiceAttributes{ + Name: "baz", + Namespace: "ns3", + }, + }, + } + + virtualServices1 = []Config{ + { + ConfigMeta: ConfigMeta{Type: collections.IstioNetworkingV1Alpha3Virtualservices.Resource().Kind(), + Version: collections.IstioNetworkingV1Alpha3Virtualservices.Resource().Version(), + Name: "virtualbar", + Namespace: "foo", + }, + Spec: &networking.VirtualService{ + Hosts: []string{"virtualbar"}, + Http: []*networking.HTTPRoute{ + { + Mirror: &networking.Destination{Host: "foo.svc.cluster.local"}, + Route: []*networking.HTTPRouteDestination{{Destination: &networking.Destination{Host: "baz.svc.cluster.local"}}}, + }, + }, + }, + }, + } ) func TestCreateSidecarScope(t *testing.T) { @@ -495,7 +606,8 @@ func TestCreateSidecarScope(t *testing.T) { name string sidecarConfig *Config // list of available service for a given proxy - services []*Service + services []*Service + virtualServices []Config // list of services expected to be in the listener excpectedServices []*Service }{ @@ -504,11 +616,13 @@ func TestCreateSidecarScope(t *testing.T) { nil, nil, nil, + nil, }, { "no-sidecar-config-with-service", nil, services1, + nil, []*Service{ { Hostname: "bar", @@ -520,11 +634,14 @@ func TestCreateSidecarScope(t *testing.T) { configs1, nil, nil, + nil, }, { "sidecar-with-multiple-egress-with-service", configs1, services1, + nil, + []*Service{ { Hostname: "bar", @@ -535,6 +652,7 @@ func TestCreateSidecarScope(t *testing.T) { "sidecar-with-multiple-egress-with-service-on-same-port", configs1, services3, + nil, []*Service{ { Hostname: "bar", @@ -548,6 +666,7 @@ func TestCreateSidecarScope(t *testing.T) { "sidecar-with-multiple-egress-with-multiple-service", configs1, services4, + nil, []*Service{ { Hostname: "bar", @@ -562,23 +681,27 @@ func TestCreateSidecarScope(t *testing.T) { configs2, nil, nil, + nil, }, { "sidecar-with-zero-egress-multiple-service", configs2, services4, nil, + nil, }, { "sidecar-with-multiple-egress-noport", configs3, nil, nil, + nil, }, { "sidecar-with-multiple-egress-noport-with-specific-service", configs3, services2, + nil, []*Service{ { Hostname: "bar", @@ -592,6 +715,7 @@ func TestCreateSidecarScope(t *testing.T) { "sidecar-with-multiple-egress-noport-with-services", configs3, services4, + nil, []*Service{ { Hostname: "bar", @@ -605,6 +729,7 @@ func TestCreateSidecarScope(t *testing.T) { "sidecar-with-egress-port-match-with-services-with-and-without-port", configs4, services5, + nil, []*Service{ { Hostname: "bar", @@ -615,6 +740,7 @@ func TestCreateSidecarScope(t *testing.T) { "sidecar-with-egress-port-trims-service-non-matching-ports", configs5, services6, + nil, []*Service{ { Hostname: "bar", @@ -626,6 +752,7 @@ func TestCreateSidecarScope(t *testing.T) { "sidecar-with-egress-port-merges-service-ports", configs6, services6, + nil, []*Service{ { Hostname: "bar", @@ -637,6 +764,7 @@ func TestCreateSidecarScope(t *testing.T) { "sidecar-with-egress-port-trims-and-merges-service-ports", configs6, services7, + nil, []*Service{ { Hostname: "bar", @@ -656,6 +784,7 @@ func TestCreateSidecarScope(t *testing.T) { "two-egresslisteners-one-with-port-and-without-port", configs7, services8, + nil, []*Service{ { Hostname: "bookinginfo.com", @@ -671,6 +800,7 @@ func TestCreateSidecarScope(t *testing.T) { "service-port-used-while-cloning", configs8, services9, + nil, []*Service{ { Hostname: "foo.svc.cluster.local", @@ -682,6 +812,7 @@ func TestCreateSidecarScope(t *testing.T) { "wild-card-egress-listener-match", configs9, services10, + nil, []*Service{ { Hostname: "foo.svc.cluster.local", @@ -705,6 +836,7 @@ func TestCreateSidecarScope(t *testing.T) { "wild-card-egress-listener-match-with-two-ports", configs9, services11, + nil, []*Service{ { Hostname: "foo.svc.cluster.local", @@ -728,6 +860,7 @@ func TestCreateSidecarScope(t *testing.T) { "http-proxy-protocol-matches-any-port", configs10, services7, + nil, []*Service{ { Hostname: "bar", @@ -739,6 +872,86 @@ func TestCreateSidecarScope(t *testing.T) { }, }, }, + { + "virtual-service", + configs11, + services11, + virtualServices1, + []*Service{ + { + Hostname: "foo.svc.cluster.local", + Ports: port7443, + }, + { + Hostname: "baz.svc.cluster.local", + Ports: port7443, + }, + }, + }, + { + "virtual-service-prefer-required", + configs12, + services12, + virtualServices1, + []*Service{ + { + Hostname: "foo.svc.cluster.local", + // Ports should not be merged even though virtual service will select the service with 7443 + // as ns1 comes before ns2, because 8000 was already picked explicitly and is in different namespace + Ports: port8000, + }, + { + Hostname: "baz.svc.cluster.local", + Ports: port7443, + }, + }, + }, + { + "virtual-service-prefer-config-namespace", + configs11, + services13, + virtualServices1, + []*Service{ + { + Hostname: "foo.svc.cluster.local", + Ports: port8000, + }, + { + Hostname: "baz.svc.cluster.local", + Ports: port7443, + }, + }, + }, + { + "virtual-service-pick-alphabetical", + configs11, + // Ambiguous; same hostname in ns1 and ns2, neither is config namespace + // ns1 should always win + services12, + virtualServices1, + []*Service{ + { + Hostname: "foo.svc.cluster.local", + Ports: port7443, + }, + { + Hostname: "baz.svc.cluster.local", + Ports: port7443, + }, + }, + }, + { + "virtual-service-bad-host", + configs11, + services9, + virtualServices1, + []*Service{ + { + Hostname: "foo.svc.cluster.local", + Ports: port7443, + }, + }, + }, } for idx, tt := range tests { @@ -749,6 +962,16 @@ func TestCreateSidecarScope(t *testing.T) { ps.Mesh = &meshConfig if tt.services != nil { ps.publicServices = append(ps.publicServices, tt.services...) + + for _, s := range tt.services { + if _, f := ps.ServiceByHostnameAndNamespace[s.Hostname]; !f { + ps.ServiceByHostnameAndNamespace[s.Hostname] = map[string]*Service{} + } + ps.ServiceByHostnameAndNamespace[s.Hostname][s.Attributes.Namespace] = s + } + } + if tt.virtualServices != nil { + ps.publicVirtualServices = append(ps.publicVirtualServices, tt.virtualServices...) } sidecarConfig := tt.sidecarConfig From 12bdcba785b22c4c5a76a2487a1eeb766e5b3fb3 Mon Sep 17 00:00:00 2001 From: John Howard Date: Sat, 25 Jan 2020 18:34:35 -0800 Subject: [PATCH 24/31] perf: remove expensive Sprintf calls on hot paths (#20320) * perf: remove expensive Sprintf calls on hot paths These are called many times, so they add up pretty quick to ~3% of pilot CPU usage. Not that much, but worth switching over to a simple concatenation which is ~5x faster (https://dev.to/pmalhaire/concatenate-strings-in-golang-a-quick-benchmark-4ahh) * Fix build --- pilot/pkg/model/service.go | 4 ++-- pilot/pkg/model/service_test.go | 6 ++++++ pilot/pkg/networking/core/v1alpha3/listener.go | 9 +++++---- pilot/pkg/networking/core/v1alpha3/route/route.go | 6 +++--- pilot/pkg/networking/util/util.go | 5 +++-- pkg/config/host/name.go | 2 +- 6 files changed, 20 insertions(+), 12 deletions(-) diff --git a/pilot/pkg/model/service.go b/pilot/pkg/model/service.go index a17ab4808c82..453c2ca54ce0 100644 --- a/pilot/pkg/model/service.go +++ b/pilot/pkg/model/service.go @@ -586,7 +586,7 @@ func ParseServiceKey(s string) (hostname host.Name, ports PortList, lc labels.Co // BuildSubsetKey generates a unique string referencing service instances for a given service name, a subset and a port. // The proxy queries Pilot with this key to obtain the list of instances in a subset. func BuildSubsetKey(direction TrafficDirection, subsetName string, hostname host.Name, port int) string { - return fmt.Sprintf("%s|%d|%s|%s", direction, port, subsetName, hostname) + return string(direction) + "|" + strconv.Itoa(port) + "|" + subsetName + "|" + string(hostname) } // BuildDNSSrvSubsetKey generates a unique string referencing service instances for a given service name, a subset and a port. @@ -594,7 +594,7 @@ func BuildSubsetKey(direction TrafficDirection, subsetName string, hostname host // This is used only for the SNI-DNAT router. Do not use for other purposes. // The DNS Srv format of the cluster is also used as the default SNI string for Istio mTLS connections func BuildDNSSrvSubsetKey(direction TrafficDirection, subsetName string, hostname host.Name, port int) string { - return fmt.Sprintf("%s_.%d_.%s_.%s", direction, port, subsetName, hostname) + return string(direction) + "_." + strconv.Itoa(port) + "_." + subsetName + "_." + string(hostname) } // IsValidSubsetKey checks if a string is valid for subset key parsing. diff --git a/pilot/pkg/model/service_test.go b/pilot/pkg/model/service_test.go index e6d12eb19fef..6382a8cdc2dd 100644 --- a/pilot/pkg/model/service_test.go +++ b/pilot/pkg/model/service_test.go @@ -263,3 +263,9 @@ func TestGetLocality(t *testing.T) { }) } } + +func BenchmarkBuildSubsetKey(b *testing.B) { + for n := 0; n < b.N; n++ { + _ = BuildSubsetKey(TrafficDirectionInbound, "v1", "someHost", 80) + } +} diff --git a/pilot/pkg/networking/core/v1alpha3/listener.go b/pilot/pkg/networking/core/v1alpha3/listener.go index b56f6c9c4b5f..6e35a4e4023f 100644 --- a/pilot/pkg/networking/core/v1alpha3/listener.go +++ b/pilot/pkg/networking/core/v1alpha3/listener.go @@ -20,6 +20,7 @@ import ( "net" "reflect" "sort" + "strconv" "strings" "time" @@ -1136,7 +1137,7 @@ func (configgen *ConfigGeneratorImpl) buildSidecarOutboundHTTPListenerOptsForPor if len(listenerOpts.bind) == 0 { // no user specified bind. Use 0.0.0.0:Port listenerOpts.bind = actualWildcard } - *listenerMapKey = fmt.Sprintf("%s:%d", listenerOpts.bind, pluginParams.Port.Port) + *listenerMapKey = listenerOpts.bind + ":" + strconv.Itoa(pluginParams.Port.Port) var exists bool @@ -1195,9 +1196,9 @@ func (configgen *ConfigGeneratorImpl) buildSidecarOutboundHTTPListenerOptsForPor } else { if pluginParams.ListenerProtocol == plugin.ListenerProtocolAuto && util.IsProtocolSniffingEnabledForOutbound(node) && listenerOpts.bind != actualWildcard && pluginParams.Service != nil { - rdsName = fmt.Sprintf("%s:%d", pluginParams.Service.Hostname, pluginParams.Port.Port) + rdsName = string(pluginParams.Service.Hostname) + ":" + strconv.Itoa(pluginParams.Port.Port) } else { - rdsName = fmt.Sprintf("%d", pluginParams.Port.Port) + rdsName = strconv.Itoa(pluginParams.Port.Port) } } httpOpts := &httpListenerOpts{ @@ -2009,7 +2010,7 @@ func buildListener(opts buildListenerOpts) *xdsapi.Listener { listener := &xdsapi.Listener{ // TODO: need to sanitize the opts.bind if its a UDS socket, as it could have colons, that envoy // doesn't like - Name: fmt.Sprintf("%s_%d", opts.bind, opts.port), + Name: opts.bind + "_" + strconv.Itoa(opts.port), Address: util.BuildAddress(opts.bind, uint32(opts.port)), ListenerFilters: listenerFilters, FilterChains: filterChains, diff --git a/pilot/pkg/networking/core/v1alpha3/route/route.go b/pilot/pkg/networking/core/v1alpha3/route/route.go index 4d9b80a5ac1f..c0b434445ff0 100644 --- a/pilot/pkg/networking/core/v1alpha3/route/route.go +++ b/pilot/pkg/networking/core/v1alpha3/route/route.go @@ -778,7 +778,7 @@ func getRouteOperation(in *route.Route, vsName string, port int) string { if ps != nil { switch ps.(type) { case *route.RouteMatch_Prefix: - path = fmt.Sprintf("%s*", m.GetPrefix()) + path = m.GetPrefix() + "*" case *route.RouteMatch_Path: path = m.GetPath() case *route.RouteMatch_Regex: @@ -795,9 +795,9 @@ func getRouteOperation(in *route.Route, vsName string, port int) string { if c := in.GetRoute().GetCluster(); model.IsValidSubsetKey(c) { // Parse host and port from cluster name. _, _, h, p := model.ParseSubsetKey(c) - return fmt.Sprintf("%s:%d%s", h, p, path) + return string(h) + ":" + strconv.Itoa(p) + path } - return fmt.Sprintf("%s:%d%s", vsName, port, path) + return vsName + ":" + strconv.Itoa(port) + path } // BuildDefaultHTTPInboundRoute builds a default inbound route. diff --git a/pilot/pkg/networking/util/util.go b/pilot/pkg/networking/util/util.go index 69771b97093b..821a66a3c29a 100644 --- a/pilot/pkg/networking/util/util.go +++ b/pilot/pkg/networking/util/util.go @@ -431,14 +431,15 @@ func cloneLocalityLbEndpoints(endpoints []*endpoint.LocalityLbEndpoints) []*endp // name.namespace of the config, the type, etc. Used by Mixer client // to generate attributes for policy and telemetry. func BuildConfigInfoMetadata(config model.ConfigMeta) *core.Metadata { + s := "/apis/" + config.Group + "/" + config.Version + "/namespaces/" + config.Namespace + "/" + + strcase.CamelCaseToKebabCase(config.Type) + "/" + config.Name return &core.Metadata{ FilterMetadata: map[string]*pstruct.Struct{ IstioMetadataKey: { Fields: map[string]*pstruct.Value{ "config": { Kind: &pstruct.Value_StringValue{ - StringValue: fmt.Sprintf("/apis/%s/%s/namespaces/%s/%s/%s", config.Group, config.Version, config.Namespace, - strcase.CamelCaseToKebabCase(config.Type), config.Name), + StringValue: s, }, }, }, diff --git a/pkg/config/host/name.go b/pkg/config/host/name.go index b1ae42207780..d8874c092fea 100644 --- a/pkg/config/host/name.go +++ b/pkg/config/host/name.go @@ -86,5 +86,5 @@ func (n Name) SubsetOf(o Name) bool { } func (n Name) isWildCarded() bool { - return len(n) > 0 && string(n[0]) == "*" + return len(n) > 0 && n[0] == '*' } From 5d7128b34bd2563ac7954a76f828757c8f84b234 Mon Sep 17 00:00:00 2001 From: John Howard Date: Sat, 25 Jan 2020 21:09:51 -0800 Subject: [PATCH 25/31] Attempt to fix race in destination rule (#20529) This mirrors what we do for virtual service Fixes failures like https://prow.istio.io/view/gcs/istio-prow/pr-logs/pull/istio_istio/20524/unit-tests_istio/7352 --- pilot/pkg/model/push_context.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pilot/pkg/model/push_context.go b/pilot/pkg/model/push_context.go index da5d4477c43f..11d7d024cde6 100644 --- a/pilot/pkg/model/push_context.go +++ b/pilot/pkg/model/push_context.go @@ -1380,7 +1380,16 @@ func (ps *PushContext) initDestinationRules(env *Environment) error { if err != nil { return err } - ps.SetDestinationRules(configs) + + // values returned from ConfigStore.List are immutable. + // Therefore, we make a copy + destRules := make([]Config, len(configs)) + + for i := range destRules { + destRules[i] = configs[i].DeepCopy() + } + + ps.SetDestinationRules(destRules) return nil } From a326b5da88cb3b65361eb1012119f3f270683f8d Mon Sep 17 00:00:00 2001 From: Istio Automation Date: Sun, 26 Jan 2020 17:05:12 -0800 Subject: [PATCH 26/31] Automator: update istio/api@master dependency in istio/istio@master (#20533) * Automator: update istio/api@master dependency in istio/istio@master * Run make gen Co-authored-by: John Howard --- go.mod | 2 +- go.sum | 4 ++-- install/kubernetes/helm/istio-init/files/crd-all.gen.yaml | 1 + manifests/base/files/crd-all.gen.yaml | 1 + .../cmd/mesh/testdata/manifest-generate/output/all_on.yaml | 1 + .../testdata/manifest-generate/output/component_hub_tag.yaml | 1 + .../manifest-generate/output/flag_output_set_profile.yaml | 1 + .../manifest-generate/output/flag_output_set_values.yaml | 1 + .../testdata/manifest-generate/output/flag_set_values.yaml | 1 + .../manifest-generate/output/ingressgateway_k8s_settings.yaml | 1 + operator/pkg/vfs/assets.gen.go | 1 + 11 files changed, 12 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 74d3f176d8bb..4bacb6077d8c 100644 --- a/go.mod +++ b/go.mod @@ -150,7 +150,7 @@ require ( gopkg.in/d4l3k/messagediff.v1 v1.2.1 gopkg.in/square/go-jose.v2 v2.3.1 gopkg.in/yaml.v2 v2.2.7 - istio.io/api v0.0.0-20200117194847-776c2d7b730b + istio.io/api v0.0.0-20200126041626-2e8814b40f58 istio.io/gogo-genproto v0.0.0-20191024203824-d079cc8b1d55 istio.io/pkg v0.0.0-20191113122952-4f521de9c8ca k8s.io/api v0.17.2 diff --git a/go.sum b/go.sum index 26ece7005a75..93cb5e59a104 100644 --- a/go.sum +++ b/go.sum @@ -940,8 +940,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= istio.io/api v0.0.0-20190515205759-982e5c3888c6/go.mod h1:hhLFQmpHia8zgaM37vb2ml9iS5NfNfqZGRt1pS9aVEo= -istio.io/api v0.0.0-20200117194847-776c2d7b730b h1:DsEoA5rUSByrNudiGyRhqcFYxeGYoCRPE4wpk6MasTE= -istio.io/api v0.0.0-20200117194847-776c2d7b730b/go.mod h1:bcY3prusO/6vA6zGHz4PNG2v79clPyTw06Xx3fprJSQ= +istio.io/api v0.0.0-20200126041626-2e8814b40f58 h1:Xve3Oz/+mJHkgtFNiqbMlF1PxZ0ZmP7aCz8D4SUzvCs= +istio.io/api v0.0.0-20200126041626-2e8814b40f58/go.mod h1:bcY3prusO/6vA6zGHz4PNG2v79clPyTw06Xx3fprJSQ= istio.io/gogo-genproto v0.0.0-20190930162913-45029607206a/go.mod h1:OzpAts7jljZceG4Vqi5/zXy/pOg1b209T3jb7Nv5wIs= istio.io/gogo-genproto v0.0.0-20191024203824-d079cc8b1d55 h1:nvpx66mnuGvXYP4IfCWfUqB9YhiXBF3MvUDsclNnDzI= istio.io/gogo-genproto v0.0.0-20191024203824-d079cc8b1d55/go.mod h1:OzpAts7jljZceG4Vqi5/zXy/pOg1b209T3jb7Nv5wIs= diff --git a/install/kubernetes/helm/istio-init/files/crd-all.gen.yaml b/install/kubernetes/helm/istio-init/files/crd-all.gen.yaml index 294d2f965dde..c2f73abfc61a 100644 --- a/install/kubernetes/helm/istio-init/files/crd-all.gen.yaml +++ b/install/kubernetes/helm/istio-init/files/crd-all.gen.yaml @@ -3094,6 +3094,7 @@ spec: - REMOVE - INSERT_BEFORE - INSERT_AFTER + - INSERT_FIRST type: string value: description: The JSON config of the object being patched. diff --git a/manifests/base/files/crd-all.gen.yaml b/manifests/base/files/crd-all.gen.yaml index 294d2f965dde..c2f73abfc61a 100644 --- a/manifests/base/files/crd-all.gen.yaml +++ b/manifests/base/files/crd-all.gen.yaml @@ -3094,6 +3094,7 @@ spec: - REMOVE - INSERT_BEFORE - INSERT_AFTER + - INSERT_FIRST type: string value: description: The JSON config of the object being patched. diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml index 0df365d9bd9b..b9d715679f5a 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/all_on.yaml @@ -3812,6 +3812,7 @@ spec: - REMOVE - INSERT_BEFORE - INSERT_AFTER + - INSERT_FIRST type: string value: description: The JSON config of the object being patched. diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/component_hub_tag.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/component_hub_tag.yaml index fe8bbfa1a280..242782166209 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/component_hub_tag.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/component_hub_tag.yaml @@ -3567,6 +3567,7 @@ spec: - REMOVE - INSERT_BEFORE - INSERT_AFTER + - INSERT_FIRST type: string value: description: The JSON config of the object being patched. diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml index ced39c6b36f2..a11644af07f8 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_profile.yaml @@ -3145,6 +3145,7 @@ spec: - REMOVE - INSERT_BEFORE - INSERT_AFTER + - INSERT_FIRST type: string value: description: The JSON config of the object being patched. diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml index 2740c2b1b6e0..f5702280c6f9 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_output_set_values.yaml @@ -3145,6 +3145,7 @@ spec: - REMOVE - INSERT_BEFORE - INSERT_AFTER + - INSERT_FIRST type: string value: description: The JSON config of the object being patched. diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml index 3dc258269be4..12fc54e1a658 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/flag_set_values.yaml @@ -3567,6 +3567,7 @@ spec: - REMOVE - INSERT_BEFORE - INSERT_AFTER + - INSERT_FIRST type: string value: description: The JSON config of the object being patched. diff --git a/operator/cmd/mesh/testdata/manifest-generate/output/ingressgateway_k8s_settings.yaml b/operator/cmd/mesh/testdata/manifest-generate/output/ingressgateway_k8s_settings.yaml index 0e5f91ab1272..5cb3e47180a2 100644 --- a/operator/cmd/mesh/testdata/manifest-generate/output/ingressgateway_k8s_settings.yaml +++ b/operator/cmd/mesh/testdata/manifest-generate/output/ingressgateway_k8s_settings.yaml @@ -3567,6 +3567,7 @@ spec: - REMOVE - INSERT_BEFORE - INSERT_AFTER + - INSERT_FIRST type: string value: description: The JSON config of the object being patched. diff --git a/operator/pkg/vfs/assets.gen.go b/operator/pkg/vfs/assets.gen.go index 4aef31c5dc9c..2e253250c3c8 100644 --- a/operator/pkg/vfs/assets.gen.go +++ b/operator/pkg/vfs/assets.gen.go @@ -3413,6 +3413,7 @@ spec: - REMOVE - INSERT_BEFORE - INSERT_AFTER + - INSERT_FIRST type: string value: description: The JSON config of the object being patched. From b14848f1ac9eed612a5aa952d724da279c1ce13a Mon Sep 17 00:00:00 2001 From: John Howard Date: Mon, 27 Jan 2020 07:17:05 -0800 Subject: [PATCH 27/31] Use writable directory for galley probes (#20531) Alternative to https://github.com/istio/tools/pull/695 --- pkg/test/framework/components/galley/native.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/test/framework/components/galley/native.go b/pkg/test/framework/components/galley/native.go index abaf90842e41..b13235b09597 100644 --- a/pkg/test/framework/components/galley/native.go +++ b/pkg/test/framework/components/galley/native.go @@ -282,6 +282,8 @@ func (c *nativeComponent) restart() error { a.EnableValidationServer = false a.EnableValidationController = false a.ValidationWebhookControllerArgs.UnregisterValidationWebhook = false + a.Readiness.Path = "/tmp/readinessProbe" + a.Liveness.Path = "/tmp/livenessProbe" // Bind to an arbitrary port. a.APIAddress = "tcp://0.0.0.0:0" From 6066993cdb10d9a09c8df6af60feec0e0e11dd17 Mon Sep 17 00:00:00 2001 From: John Howard Date: Mon, 27 Jan 2020 09:23:30 -0800 Subject: [PATCH 28/31] Make operator tests default for integration tests (#20427) * Make operator tests default for integration tests * Override istio.io tests * enable galley for conformance * Format --- pkg/test/framework/components/istio/config.go | 2 +- tests/integration/conformance/main_test.go | 10 ++- tests/integration/tests.mk | 72 +++---------------- 3 files changed, 21 insertions(+), 63 deletions(-) diff --git a/pkg/test/framework/components/istio/config.go b/pkg/test/framework/components/istio/config.go index a442278d3ce8..069f02c9f9d9 100644 --- a/pkg/test/framework/components/istio/config.go +++ b/pkg/test/framework/components/istio/config.go @@ -67,7 +67,7 @@ var ( PolicyNamespace: DefaultSystemNamespace, IngressNamespace: DefaultSystemNamespace, EgressNamespace: DefaultSystemNamespace, - Operator: false, + Operator: true, DeployIstio: true, DeployTimeout: 0, UndeployTimeout: 0, diff --git a/tests/integration/conformance/main_test.go b/tests/integration/conformance/main_test.go index a3dfb423dec0..0851fab0e10b 100644 --- a/tests/integration/conformance/main_test.go +++ b/tests/integration/conformance/main_test.go @@ -37,6 +37,14 @@ func loadCases() ([]*conformance.Test, error) { func TestMain(m *testing.M) { framework. NewSuite("conformance_test", m). - SetupOnEnv(environment.Kube, istio.Setup(nil, nil)). + SetupOnEnv(environment.Kube, istio.Setup(nil, func(cfg *istio.Config) { + cfg.ControlPlaneValues = ` +components: + galley: + enabled: true + citadel: + enabled: true +` + })). Run() } diff --git a/tests/integration/tests.mk b/tests/integration/tests.mk index b130eb1e7851..8548152d20c9 100644 --- a/tests/integration/tests.mk +++ b/tests/integration/tests.mk @@ -38,13 +38,6 @@ ifneq ($(INTEGRATION_TEST_WORKDIR),) _INTEGRATION_TEST_WORKDIR_FLAG = --istio.test.work_dir $(INTEGRATION_TEST_WORKDIR) endif -# $(_INTEGRATION_TEST_INSTALL_TYPE) specifies the installation type for a test. -# Useful to override individual targets, as right now the makefile doesn't easily allow this -_INTEGRATION_TEST_INSTALL_TYPE = -ifneq ($(TEST_USE_OPERATOR),) - _INTEGRATION_TEST_INSTALL_TYPE = --istio.test.kube.operator -endif - # $(INTEGRATION_TEST_KUBECONFIG) specifies the kube config file to be used. If not specified, then # ~/.kube/config is used. # TODO: This probably needs to be more intelligent and take environment variables into account. @@ -62,57 +55,23 @@ test.integration.%.kube: | $(JUNIT_REPORT) --istio.test.tag=${TAG} \ --istio.test.pullpolicy=${_INTEGRATION_TEST_PULL_POLICY} \ ${_INTEGRATION_TEST_INGRESS_FLAG} \ - ${_INTEGRATION_TEST_INSTALL_TYPE} \ 2>&1 | tee >($(JUNIT_REPORT) > $(JUNIT_OUT)) # Test targets to run with the new installer. Some targets are filtered now as they are not yet working NEW_INSTALLER_TARGETS = $(shell GOPATH=${GOPATH} go list ../istio/tests/integration/... | grep -v "/mixer\|telemetry/tracing\|/istioctl\|/istioio") -# TODO: Exclude examples and qualification since they are very flaky. TEST_PACKAGES = $(shell go list ./tests/integration/... | grep -v /qualification | grep -v /examples) -# Various tests have issues with the operator currently -# When running in operator mode, skip these tests, until these issues are resolved: -# /sds_citadel_control_plane_auth_disabled: https://github.com/istio/istio/issues/19109 -# /sds_citadel_flow: https://github.com/istio/istio/issues/19109 -# /pilot/ingress: https://github.com/istio/istio/issues/19352 -# /telemetry/metrics: https://github.com/istio/istio/issues/19352 -# /istioio: These tests are tightly coupled to installation method -OPERATOR_TEST_PACKAGES = $(shell go list ./tests/integration/... \ - | grep -v /qualification \ - | grep -v /examples \ - | grep -v /sds_citadel_control_plane_auth_disabled \ - | grep -v /sds_citadel_flow \ - | grep -v /pilot/ingress \ - | grep -v /telemetry/metrics \ - | grep -v /istioio \ -) - -test.integration.operator: $(JUNIT_REPORT) - $(GO) test -p 1 ${T} ${OPERATOR_TEST_PACKAGES} ${_INTEGRATION_TEST_WORKDIR_FLAG} ${_INTEGRATION_TEST_CIMODE_FLAG} -timeout 30m \ - --istio.test.select -postsubmit,-flaky \ - --istio.test.env kube \ - --istio.test.kube.operator \ - --istio.test.kube.config ${INTEGRATION_TEST_KUBECONFIG} \ - --istio.test.hub=${HUB} \ - --istio.test.tag=${TAG} \ - --istio.test.pullpolicy=${_INTEGRATION_TEST_PULL_POLICY} \ - ${_INTEGRATION_TEST_INGRESS_FLAG} \ +# Generate integration test targets for local environment. +test.integration.%.local: | $(JUNIT_REPORT) + $(GO) test -p 1 ${T} -race ./tests/integration/$(subst .,/,$*)/... \ + --istio.test.env native \ 2>&1 | tee >($(JUNIT_REPORT) > $(JUNIT_OUT)) -# Runs tests using the new installer. Istio is deployed before the test and setup and cleanup are disabled. -# For this to work, the -customsetup selector is used. -test.integration.new.installer: istioctl | $(JUNIT_REPORT) - KUBECONFIG=${INTEGRATION_TEST_KUBECONFIG} ${ISTIO_OUT}/istioctl manifest apply \ - --set hub=${HUB} \ - --set tag=${TAG} \ - --skip-confirmation \ - --logtostderr \ - --set values.global.imagePullPolicy=${_INTEGRATION_TEST_PULL_POLICY} - $(GO) test -p 1 ${T} ${NEW_INSTALLER_TARGETS} ${_INTEGRATION_TEST_WORKDIR_FLAG} ${_INTEGRATION_TEST_CIMODE_FLAG} -timeout 30m \ - --istio.test.kube.deploy=false \ - --istio.test.select -postsubmit,-flaky,-customsetup \ - --istio.test.kube.minikube \ +# Generate presubmit integration test targets for each component in kubernetes environment +test.integration.%.kube.presubmit: istioctl | $(JUNIT_REPORT) + PATH=${PATH}:${ISTIO_OUT} $(GO) test -p 1 ${T} ./tests/integration/$(subst .,/,$*)/... ${_INTEGRATION_TEST_WORKDIR_FLAG} ${_INTEGRATION_TEST_CIMODE_FLAG} -timeout 30m \ + --istio.test.select -postsubmit,-flaky \ --istio.test.env kube \ --istio.test.kube.config ${INTEGRATION_TEST_KUBECONFIG} \ --istio.test.hub=${HUB} \ @@ -121,23 +80,16 @@ test.integration.new.installer: istioctl | $(JUNIT_REPORT) ${_INTEGRATION_TEST_INGRESS_FLAG} \ 2>&1 | tee >($(JUNIT_REPORT) > $(JUNIT_OUT)) -# Generate integration test targets for local environment. -test.integration.%.local: | $(JUNIT_REPORT) - $(GO) test -p 1 ${T} -race ./tests/integration/$(subst .,/,$*)/... \ - --istio.test.env native \ - 2>&1 | tee >($(JUNIT_REPORT) > $(JUNIT_OUT)) - -# Generate presubmit integration test targets for each component in kubernetes environment -test.integration.%.kube.presubmit: istioctl | $(JUNIT_REPORT) - PATH=${PATH}:${ISTIO_OUT} $(GO) test -p 1 ${T} ./tests/integration/$(subst .,/,$*)/... ${_INTEGRATION_TEST_WORKDIR_FLAG} ${_INTEGRATION_TEST_CIMODE_FLAG} -timeout 30m \ +test.integration.istioio.kube.presubmit: istioctl | $(JUNIT_REPORT) + PATH=${PATH}:${ISTIO_OUT} $(GO) test -p 1 ${T} ./tests/integration/istioio/... ${_INTEGRATION_TEST_WORKDIR_FLAG} ${_INTEGRATION_TEST_CIMODE_FLAG} -timeout 30m \ --istio.test.select -postsubmit,-flaky \ + --istio.test.kube.operator=false --istio.test.env kube \ --istio.test.kube.config ${INTEGRATION_TEST_KUBECONFIG} \ --istio.test.hub=${HUB} \ --istio.test.tag=${TAG} \ --istio.test.pullpolicy=${_INTEGRATION_TEST_PULL_POLICY} \ ${_INTEGRATION_TEST_INGRESS_FLAG} \ - ${_INTEGRATION_TEST_INSTALL_TYPE} \ 2>&1 | tee >($(JUNIT_REPORT) > $(JUNIT_OUT)) test.integration.istioio.kube.postsubmit: test.integration.istioio.kube.presubmit @@ -171,7 +123,6 @@ test.integration.kube: istioctl | $(JUNIT_REPORT) --istio.test.tag=${TAG} \ --istio.test.pullpolicy=${_INTEGRATION_TEST_PULL_POLICY} \ ${_INTEGRATION_TEST_INGRESS_FLAG} \ - ${_INTEGRATION_TEST_INSTALL_TYPE} \ 2>&1 | tee >($(JUNIT_REPORT) > $(JUNIT_OUT)) # Presubmit integration tests targeting Kubernetes environment. @@ -185,7 +136,6 @@ test.integration.kube.presubmit: istioctl | $(JUNIT_REPORT) --istio.test.tag=${TAG} \ --istio.test.pullpolicy=${_INTEGRATION_TEST_PULL_POLICY} \ ${_INTEGRATION_TEST_INGRESS_FLAG} \ - ${_INTEGRATION_TEST_INSTALL_TYPE} \ 2>&1 | tee >($(JUNIT_REPORT) > $(JUNIT_OUT)) # Integration tests that detect race condition for native environment. From 9bfa71a34d0789991297e045c946ccb91575dca1 Mon Sep 17 00:00:00 2001 From: John Howard Date: Mon, 27 Jan 2020 09:23:39 -0800 Subject: [PATCH 29/31] Update test readme (#20539) Fixes https://github.com/istio/istio/issues/19833 --- tests/integration/README.md | 49 +++---------------------------------- 1 file changed, 4 insertions(+), 45 deletions(-) diff --git a/tests/integration/README.md b/tests/integration/README.md index b9f1b7fa7002..c497230ddaf7 100644 --- a/tests/integration/README.md +++ b/tests/integration/README.md @@ -430,52 +430,9 @@ Tool | Description | [Prow](https://github.com/kubernetes/test-infra/tree/master/prow) | Kubernetes-based CI/CD system developed by the Kubernetes community and is deployed in Google Kubernetes Engine (GKE). [TestGrid](https://k8s-testgrid.appspot.com/istio-release) | A Kubernetes dashboard used for visualizing the status of the Prow jobs. -This section describes the steps for adding new tests to Prow and TestGrid. +Test suites are defined for each toplevel directory (such as `pilot` and `telemetry`), so any tests added to these directories will automatically be run in CI. -#### Step 1: Add a Test Script - -To simplify the process of running tests from Prow, each suite is given its own test script under the -[prow](https://github.com/istio/istio/tree/master/prow) folder. - -Embedded in the name of the script is the following: - -1. Type of test (unit, end-to-end, integration) -1. Component/feature being tested -1. The environment used (i.e. native/local or k8s) -1. Job execution (i.e. presubmit, postsubmit) - -For example, the file `integ-security-k8s-presubmit-tests.sh` runs integration tests for various Istio security -features on Kubernetes during PR pre-submit. - -In general, when creating a new script use similar scripts as a guide. - -#### Step 2: Add a Prow Job - -Istio's Prow jobs are configured in the [istio/test-infra](https://github.com/istio/test-infra) repository. - -The [prow/cluster/jobs/istio/istio](https://github.com/istio/test-infra/tree/master/prow/cluster/jobs/istio/istio) folder -contains configuration files for running Prow jobs against various Istio branches. - -For example, [istio.istio.master.yaml](https://github.com/istio/test-infra/blob/master/prow/cluster/jobs/istio/istio/istio.istio.master.gen.yaml) -configures Prow jobs that run against Istio's master branch. - -Each configuration file contains sections for both **presubmit** and **postsubmit**. To add a new job, add a new config -stanza to one of these sections, using an existing config stanza as a template. - -In general, all tests *should* be required to succeed. However, as flaky tests appear we may need to temporarily disable -certain jobs from gating PR submission. This can be done by adding the following to the configuration: - -```yaml -optional: true -``` - -When this is done, however, a GitHub issue should be raised to address the flake and move the job back to required. - -#### Step 3: Update TestGrid - -TestGrid is owned by the Kubernetes team and its configuration is located in the -[kubernetes/test-infra](https://github.com/kubernetes/test-infra) repository. -Configuring testgrid is explained [here](https://github.com/kubernetes/test-infra/blob/master/testgrid/config.md) +If you need to add a new test suite, it can be added to the [job configuration](https://github.com/istio/test-infra/blob/master/prow/config/jobs/istio.yaml). ## Environments @@ -490,6 +447,8 @@ also explicitly specify the native environment: $ go test ./... -istio.test.env native ``` +Note: this may require you to [enable forwarding from Docker containers to the outside world](https://docs.docker.com/network/bridge/#enable-forwarding-from-docker-containers-to-the-outside-world). + ### Kubernetes Environment The test binaries run in a Kubernetes cluster, but the test logic runs in the test binary. To specify the Kubernetes From f54852324dea73931c98ca690365c580995c574e Mon Sep 17 00:00:00 2001 From: John Howard Date: Mon, 27 Jan 2020 10:24:24 -0800 Subject: [PATCH 30/31] Support file mount to SDS migration (#20511) * Support file mount to SDS migration Currently SDS is a global setting. In pilot-agent we configure metadata to declare we are supporting SDS, but we ignore it in pilot. This checks that metadata in Pilot. We also stop using "1" and use a proper bool. * Fix test * Fix lint --- pilot/pkg/model/context.go | 31 ++++++++++++--- pilot/pkg/model/context_test.go | 33 ++++++++++++++++ pilot/pkg/networking/core/v1alpha3/cluster.go | 2 +- pilot/pkg/networking/core/v1alpha3/gateway.go | 13 +------ .../security/authn/v1alpha1/policy_applier.go | 2 +- .../authn/v1alpha1/policy_applier_test.go | 39 +++++++++++++++---- pkg/bootstrap/config.go | 4 +- pkg/bootstrap/testdata/authsds_golden.json | 4 +- pkg/bootstrap/testdata/runningsds_golden.json | 4 +- 9 files changed, 100 insertions(+), 32 deletions(-) diff --git a/pilot/pkg/model/context.go b/pilot/pkg/model/context.go index fd551bc5cced..209d41d7348f 100644 --- a/pilot/pkg/model/context.go +++ b/pilot/pkg/model/context.go @@ -223,10 +223,31 @@ func (l *PodPortList) UnmarshalJSON(data []byte) error { return nil } +// StringBool defines a boolean that is serialized as a string for legacy reasons +type StringBool bool + +func (s StringBool) MarshalJSON() ([]byte, error) { + return []byte(fmt.Sprintf(`"%t"`, s)), nil +} + +func (s *StringBool) UnmarshalJSON(data []byte) error { + pls, err := strconv.Unquote(string(data)) + if err != nil { + return err + } + b, err := strconv.ParseBool(pls) + if err != nil { + return err + } + *s = StringBool(b) + return nil +} + // NodeMetadata defines the metadata associated with a proxy // Fields should not be assumed to exist on the proxy, especially newly added fields which will not exist // on older versions. // The JSON field names should never change, as they are needed for backward compatibility with older proxies +// nolint: maligned type NodeMetadata struct { // IstioVersion specifies the Istio version associated with the proxy IstioVersion string `json:"ISTIO_VERSION,omitempty"` @@ -319,13 +340,13 @@ type NodeMetadata struct { // SdsTokenPath specifies the path of the SDS token used by the Envoy proxy. // If not set, Pilot uses the default SDS token path. - SdsTokenPath string `json:"SDS_TOKEN_PATH,omitempty"` - UserSds string `json:"USER_SDS,omitempty"` - SdsBase string `json:"BASE,omitempty"` + SdsTokenPath string `json:"SDS_TOKEN_PATH,omitempty"` + UserSds StringBool `json:"USER_SDS,omitempty"` + SdsBase string `json:"BASE,omitempty"` // SdsEnabled indicates if SDS is enabled or not. This is are set to "1" if true - SdsEnabled string `json:"SDS,omitempty"` + SdsEnabled StringBool `json:"SDS,omitempty"` // SdsTrustJwt indicates if SDS trust jwt is enabled or not. This is are set to "1" if true - SdsTrustJwt string `json:"TRUSTJWT,omitempty"` + SdsTrustJwt StringBool `json:"TRUSTJWT,omitempty"` InsecurePath string `json:"istio.io/insecurepath,omitempty"` diff --git a/pilot/pkg/model/context_test.go b/pilot/pkg/model/context_test.go index a7ea3d7094a4..62787687eaaa 100644 --- a/pilot/pkg/model/context_test.go +++ b/pilot/pkg/model/context_test.go @@ -151,6 +151,39 @@ func TestPodPortList(t *testing.T) { } } +func TestStringBool(t *testing.T) { + cases := []struct { + name string + in string + expect string + }{ + {"1", `"1"`, `"true"`}, + {"0", `"0"`, `"false"`}, + {"false", `"false"`, `"false"`}, + {"true", `"true"`, `"true"`}, + {"invalid input", `"foo"`, ``}, + {"no quotes", `true`, ``}, + } + for _, tt := range cases { + t.Run(tt.name, func(t *testing.T) { + var out model.StringBool + if err := json.Unmarshal([]byte(tt.in), &out); err != nil { + if tt.expect == "" { + return + } + t.Fatal(err) + } + b, err := json.Marshal(out) + if err != nil { + t.Fatal(err) + } + if !reflect.DeepEqual(string(b), tt.expect) { + t.Fatalf("Expected %v, got %v", tt.expect, string(b)) + } + }) + } +} + func TestServiceNode(t *testing.T) { cases := []struct { in *model.Proxy diff --git a/pilot/pkg/networking/core/v1alpha3/cluster.go b/pilot/pkg/networking/core/v1alpha3/cluster.go index 25bca724789a..dc1bf5fd84f9 100644 --- a/pilot/pkg/networking/core/v1alpha3/cluster.go +++ b/pilot/pkg/networking/core/v1alpha3/cluster.go @@ -1149,7 +1149,7 @@ func applyUpstreamTLSSettings(opts *buildClusterOpts, tls *networking.TLSSetting } // Fallback to file mount secret instead of SDS if meshConfig.sdsUdsPath isn't set or tls.mode is TLSSettings_MUTUAL. - if opts.push.Mesh.SdsUdsPath == "" || tls.Mode == networking.TLSSettings_MUTUAL { + if !node.Metadata.SdsEnabled || opts.push.Mesh.SdsUdsPath == "" || tls.Mode == networking.TLSSettings_MUTUAL { tlsContext.CommonTlsContext.ValidationContextType = &auth.CommonTlsContext_ValidationContext{ ValidationContext: certValidationContext, } diff --git a/pilot/pkg/networking/core/v1alpha3/gateway.go b/pilot/pkg/networking/core/v1alpha3/gateway.go index c4b465559327..5d41df8acb91 100644 --- a/pilot/pkg/networking/core/v1alpha3/gateway.go +++ b/pilot/pkg/networking/core/v1alpha3/gateway.go @@ -17,7 +17,6 @@ package v1alpha3 import ( "fmt" "sort" - "strconv" "strings" xdsapi "github.com/envoyproxy/go-control-plane/envoy/api/v2" @@ -368,18 +367,14 @@ func (configgen *ConfigGeneratorImpl) createGatewayHTTPFilterChainOpts( // Build a filter chain for the HTTPS server // We know that this is a HTTPS server because this function is called only for ports of type HTTP/HTTPS // where HTTPS server's TLS mode is not passthrough and not nil - enableIngressSdsAgent := false // If proxy sends metadata USER_SDS, then create SDS config for // gateway listener. - if len(node.Metadata.UserSds) > 0 { - enableIngressSdsAgent, _ = strconv.ParseBool(node.Metadata.UserSds) - } return &filterChainOpts{ // This works because we validate that only HTTPS servers can have same port but still different port names // and that no two non-HTTPS servers can be on same port or share port names. // Validation is done per gateway and also during merging sniHosts: getSNIHostsForServer(server), - tlsContext: buildGatewayListenerTLSContext(server, enableIngressSdsAgent, sdsPath, node.Metadata), + tlsContext: buildGatewayListenerTLSContext(server, bool(node.Metadata.UserSds), sdsPath, node.Metadata), httpOpts: &httpListenerOpts{ rds: routeName, useRemoteAddress: true, @@ -591,16 +586,12 @@ func (configgen *ConfigGeneratorImpl) createGatewayTCPFilterChainOpts( // Validation ensures that non-passthrough servers will have certs if filters := buildGatewayNetworkFiltersFromTCPRoutes(node, push, server, gatewaysForWorkload); len(filters) > 0 { - enableIngressSdsAgent := false // If proxy version is over 1.1, and proxy sends metadata USER_SDS, then create SDS config for // gateway listener. - if len(node.Metadata.UserSds) > 0 { - enableIngressSdsAgent, _ = strconv.ParseBool(node.Metadata.UserSds) - } return []*filterChainOpts{ { sniHosts: getSNIHostsForServer(server), - tlsContext: buildGatewayListenerTLSContext(server, enableIngressSdsAgent, push.Mesh.SdsUdsPath, node.Metadata), + tlsContext: buildGatewayListenerTLSContext(server, bool(node.Metadata.UserSds), push.Mesh.SdsUdsPath, node.Metadata), networkFilters: filters, }, } diff --git a/pilot/pkg/security/authn/v1alpha1/policy_applier.go b/pilot/pkg/security/authn/v1alpha1/policy_applier.go index 855a9432471b..229140ca8adf 100644 --- a/pilot/pkg/security/authn/v1alpha1/policy_applier.go +++ b/pilot/pkg/security/authn/v1alpha1/policy_applier.go @@ -372,7 +372,7 @@ func (a v1alpha1PolicyApplier) InboundFilterChain(sdsUdsPath string, node *model } } - if sdsUdsPath == "" { + if !node.Metadata.SdsEnabled || sdsUdsPath == "" { base := meta.SdsBase + constants.AuthCertsPath tlsServerRootCert := model.GetOrDefault(meta.TLSServerRootCert, base+constants.RootCertFilename) diff --git a/pilot/pkg/security/authn/v1alpha1/policy_applier_test.go b/pilot/pkg/security/authn/v1alpha1/policy_applier_test.go index ac8ecefd0690..31afd55f5ded 100644 --- a/pilot/pkg/security/authn/v1alpha1/policy_applier_test.go +++ b/pilot/pkg/security/authn/v1alpha1/policy_applier_test.go @@ -990,7 +990,9 @@ func TestOnInboundFilterChains(t *testing.T) { }, sdsUdsPath: "/tmp/sdsuds.sock", node: &model.Proxy{ - Metadata: &model.NodeMetadata{}, + Metadata: &model.NodeMetadata{ + SdsEnabled: true, + }, }, expected: []plugin.FilterChain{ { @@ -1012,6 +1014,25 @@ func TestOnInboundFilterChains(t *testing.T) { }, }, }, + { + name: "mTLS policy using SDS without node meta", + in: &authn.Policy{ + Peers: []*authn.PeerAuthenticationMethod{ + { + Params: &authn.PeerAuthenticationMethod_Mtls{}, + }, + }, + }, + sdsUdsPath: "/tmp/sdsuds.sock", + node: &model.Proxy{ + Metadata: &model.NodeMetadata{}, + }, + expected: []plugin.FilterChain{ + { + TLSContext: tlsContext, + }, + }, + }, { name: "StrictMTLS with custom cert paths from proxy node metadata", in: &authn.Policy{ @@ -1068,13 +1089,15 @@ func TestOnInboundFilterChains(t *testing.T) { }, } for _, c := range cases { - got := NewPolicyApplier(c.in).InboundFilterChain( - c.sdsUdsPath, - c.node, - ) - if !reflect.DeepEqual(got, c.expected) { - t.Errorf("[%v] unexpected filter chains, got %v, want %v", c.name, got, c.expected) - } + t.Run(c.name, func(t *testing.T) { + got := NewPolicyApplier(c.in).InboundFilterChain( + c.sdsUdsPath, + c.node, + ) + if !reflect.DeepEqual(got, c.expected) { + t.Errorf("[%v] unexpected filter chains, got \n%v, want \n%v", c.name, got, c.expected) + } + }) } } diff --git a/pkg/bootstrap/config.go b/pkg/bootstrap/config.go index d7d775f1cdd4..e531b9c9d9a7 100644 --- a/pkg/bootstrap/config.go +++ b/pkg/bootstrap/config.go @@ -442,8 +442,8 @@ func getNodeMetaData(envs []string, plat platform.Environment, nodeIPs []string, // Set SDS configuration on the metadata, if provided. if sdsEnabled { // sds is enabled - meta.SdsEnabled = "1" - meta.SdsTrustJwt = "1" + meta.SdsEnabled = true + meta.SdsTrustJwt = true } return meta, untypedMeta, nil diff --git a/pkg/bootstrap/testdata/authsds_golden.json b/pkg/bootstrap/testdata/authsds_golden.json index e35ece8b8731..640217eac04e 100644 --- a/pkg/bootstrap/testdata/authsds_golden.json +++ b/pkg/bootstrap/testdata/authsds_golden.json @@ -4,8 +4,8 @@ "cluster": "istio-proxy", "locality": {}, "metadata": {"INSTANCE_IPS":"10.3.3.3,10.4.4.4,10.5.5.5,10.6.6.6", - "SDS": "1", - "TRUSTJWT": "1", + "SDS": "true", + "TRUSTJWT": "true", "EXCHANGE_KEYS":"NAME,NAMESPACE,INSTANCE_IPS,LABELS,OWNER,PLATFORM_METADATA,WORKLOAD_NAME,CANONICAL_TELEMETRY_SERVICE,MESH_ID,SERVICE_ACCOUNT"} }, "stats_config": { diff --git a/pkg/bootstrap/testdata/runningsds_golden.json b/pkg/bootstrap/testdata/runningsds_golden.json index 3c48e09a88e3..4bc2b2e238bf 100644 --- a/pkg/bootstrap/testdata/runningsds_golden.json +++ b/pkg/bootstrap/testdata/runningsds_golden.json @@ -11,8 +11,8 @@ "INSTANCE_IPS":"10.3.3.3,10.4.4.4,10.5.5.5,10.6.6.6", "INTERCEPTION_MODE":"REDIRECT", "ISTIO_VERSION":"release-3.1", - "SDS": "1", - "TRUSTJWT": "1", + "SDS": "true", + "TRUSTJWT": "true", "istio.io/insecurepath":"{\"paths\":[\"/metrics\",\"/live\"]}", "istio-locality": "regionA.zoneB.sub_zoneC", "EXCHANGE_KEYS":"NAME,NAMESPACE,INSTANCE_IPS,LABELS,OWNER,PLATFORM_METADATA,WORKLOAD_NAME,CANONICAL_TELEMETRY_SERVICE,MESH_ID,SERVICE_ACCOUNT", From 647f938e88304ac10cf798ccd44f393d2c228140 Mon Sep 17 00:00:00 2001 From: Rama Chavali Date: Mon, 27 Jan 2020 23:54:33 +0530 Subject: [PATCH 31/31] move mirror integration tests to use mirror_percentage (#20544) * move mirror percent tests to use new variable Signed-off-by: Rama Chavali * change to percentage struct Signed-off-by: Rama Chavali * compare numerator and denominator Signed-off-by: Rama Chavali * compare numerator Signed-off-by: Rama Chavali * handle absent Signed-off-by: Rama Chavali --- tests/integration/pilot/mirror_test.go | 7 ++++++- .../pilot/testdata/traffic-mirroring-template.yaml | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/integration/pilot/mirror_test.go b/tests/integration/pilot/mirror_test.go index ef966b0e4185..55b9bf302e92 100644 --- a/tests/integration/pilot/mirror_test.go +++ b/tests/integration/pilot/mirror_test.go @@ -293,7 +293,12 @@ func checkIfMirrorWasApplied(target echo.Instance, mirrorClusterName string, tc clusterName := fmt.Sprintf("outbound|%d||%s", port.ServicePort, mirrorClusterName) instance.Equals(clusterName, "{.requestMirrorPolicy.cluster}") - instance.Equals(tc.percentage, "{.requestMirrorPolicy.runtimeFraction.defaultValue.numerator}") + if tc.absent { + instance.Equals(tc.percentage, "{.requestMirrorPolicy.runtimeFraction.defaultValue.numerator}") + } else { + instance.Equals(tc.percentage*10000, "{.requestMirrorPolicy.runtimeFraction.defaultValue.numerator}") // Set to MILLION. + instance.Equals("MILLION", "{.requestMirrorPolicy.runtimeFraction.defaultValue.denominator}") + } } else { instance.NotExists("{.requestMirrorPolicy}") } diff --git a/tests/integration/pilot/testdata/traffic-mirroring-template.yaml b/tests/integration/pilot/testdata/traffic-mirroring-template.yaml index cabd1845788c..f72b4c67343d 100644 --- a/tests/integration/pilot/testdata/traffic-mirroring-template.yaml +++ b/tests/integration/pilot/testdata/traffic-mirroring-template.yaml @@ -13,5 +13,6 @@ spec: mirror: host: {{.MirrorHost}} {{- if not .Absent }} - mirror_percent: {{.Percent}} + mirror_percentage: + value: {{.Percent}} {{- end }}