Remove calls to helm repo add #11805
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@ymesika: The following tests failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Please notice that It fails because the base ( |
|
/lgtm The original PR was successful on the pre-submit job. The original PR would have failed on the post-submit job. As the PR was merged by an admin, the post-submit job wasn't run. I'd recommend merging this PR. For CNI (if there is any testing in the main repository) we may have to reintroduce it (with the correct URLS for the daily charts) - however, I am unclear if CNI testing is in the e2e testing in the existing repos. Cheers cc @costinm |
|
cc @wenchenglu @duderino this PR is safe to merge. Further gate failures may occur after it merges - the only way to determine this (with admin based merges) is to actually merge the PR. I don't predict any problems with this particular PR, but there may be other latent issues related to the post-submit job not running. Cheers |
|
We need to understand how the broken was introduced in the first place. and anything we can do in the future to prevent this.. any thoughts? |
|
@linsun: changing LGTM is restricted to assignees, and assigning you to the PR failed. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: linsun, sdake, ymesika The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
louiscryan
pushed a commit
to louiscryan/istio
that referenced
this pull request
Feb 20, 2019
istio-testing
pushed a commit
that referenced
this pull request
Feb 21, 2019
* Fix routing when DNS is resolved (#11522) The DNSDomain variable needs to be enhanced to include more then one DNS entry. Change DNSDomain to DNSDomains as a meta and add the dnsConfig in the meta. As now DNSDomain is a slice of strings instead of a string, the variable needs consolidation. * adjust galley dashboard time range (#11627) * Add update permissions to deployments/finalizers for galley clusterrole (#11586) (#11631) (cherry picked from commit f9b6866) * [release-1.1] Update fluentd adapter to be more robust (#11623) * Update fluentd adapter to be more robust * Minor touchup of bad merge * Lint fixes * Fix kubernetesenv workload attributes for multicluster with one control plane (#11581) * remove myself from pilot OWNERS (#11632) * remove me (#11636) Signed-off-by: Kuat Yessenov <kuat@google.com> * add debug logs for citadel authenticate fail (#11633) * move apply plugin below buildscript (#11625) The Cloud Foundry open source licensing scanner has a plugin that identifies dependencies from gradle scripts, but it requires the buildscript and plugins block be before anything else in the file. This change does not affect the build, but makes our lives a smidge easier. Co-authored-by: Teal Stannard <tstannard@pivotal.io> * check key.pem (#11599) * Sample ServiceEntries for apt-get, pip, and git tools showing how to grant access to mesh. (#11508) * Samples for accessing apt-get repo, Github, and pip repo * A Readme explaining the samples * Link to future doc on default external comm capability * Incorporate documentation feedback from venilnoronha * Add support for metadata constraints in RBAC (#11459) * Add support for metadata constraints in RBAC This adds support for mapping RBAC constraints with keys in the a[b] format to Envoy's filter metadata matcher. Signed-off-by: Venil Noronha <veniln@vmware.com> * Use SplitN instead of Split for completeness This updates the metadata matcher definition to use strings.SplitN instead of strings.Split in order to capture the whole binary key in two parts. Signed-off-by: Venil Noronha <veniln@vmware.com> * Accomodate [list] and plain value type constraints This adds logic to accomodate filter metadata matching over both [list] and value type constraints. Signed-off-by: Venil Noronha <veniln@vmware.com> * Add extra experimental. prefix test for matching This adds an extra experimental. prefix test while creating metadata matchers based on Envoy filters. Signed-off-by: Venil Noronha <veniln@vmware.com> * Update comments This updates code comments. Signed-off-by: Venil Noronha <veniln@vmware.com> * add POST to ratings service to demonstrate security policies on HTTP Methods (#10778) * add POST to ratings service * put a space between if and opening parenthesis * add comments * remove extra line-break * Enable remote clusters to check/report to local Mixer (#11585) * Print error message if istio-sidecar-injector invalid, allow toJson as synonym for toJSON (#11570) * Fix racetest in fluentd test (#11647) * Bump the number of connection that can be re-use in Citadel (#11641) * Bump the number of connection that can be re-use in Citadel * A small fix * First cut of xDS APi structural testing using the new integration tests (#11406) * Fixes for k8s ingress (#11343) * Fix ingress in pilot, writeback and multiple namespaces * Fix tests, format * Fix test - the generated service should be left in the namespace of ingress * Additional test fixes, match the new 1.1 semantics * Again make fmt and lint not matching * Break up the helloworld sample into versions (#11650) * Break up the helloworld sample into versions * Moved to default namespace * Seperated gateway file and added labels * Update the doc * Cleanup section updated too * Fix build break due to #11406. (#11677) https://k8s-gubernator.appspot.com/build/istio-prow/pr-logs/pull/istio_istio/11645/istio-integ-local-tests/5215 * make stackdriver e2e test cluster wide (#11674) * Add handling for independent encoding in Report batches to Mixer (#11640) * Add handling for independent encoding in Report batches to Mixer * fix lll * Address review * protect protobag done * exit circleci test early if setup fails (#11572) * wip: exit circleci test early if setup fails Many of the circleci tests will attempt to run the e2e/integration tests even after the test setup fails. This leads to misleading test failures that suggest the problem is with the feature test and not the test setup itself. Example test runs where the setup failed and the test was run but immediately errored out because a dependency was missing: https://circleci.com/gh/istio/istio/316588 https://circleci.com/gh/istio/istio/317262 https://circleci.com/gh/istio/istio/318281 https://circleci.com/gh/istio/istio/316031 https://circleci.com/gh/istio/istio/315952 https://circleci.com/gh/istio/istio/315871 https://circleci.com/gh/istio/istio/315813 ref: https://circleci.com/docs/2.0/configuration-reference/#the-when-attribute ``` By default, CircleCI will execute job steps one at a time, in the order that they are defined in config.yml, until a step fails (returns a non-zero exit code). After a command fails, no further job steps will be executed. Adding the when attribute to a job step allows you to override this default behaviour, and selectively run or skip steps depending on the status of the job. The default value of on_success means that the step will run only if all of the previous steps have been successful (returned exit code 0). A value of always means that the step will run regardless of the exit status of previous steps. This is useful if you have a task that you want to run regardless of whether the previous steps are successful or not. For example, you might have a job step that needs to upload logs or code-coverage data somewhere. ``` * re-add `when: always` to codecov job * Implementation of isolation for EDS (#11672) * Implementation of isolation for EDS * Provide nil proxy for older calls * Always call loadAssignmentsForClusterIsolated * Revert "Always call loadAssignmentsForClusterIsolated" This reverts commit db2c997. * Env variable to disable * Lint * Environment Variable controlled Graceful Termination with low defaults. (#11630) * Feature flag graceful shutdown Turn graceful shutdown off by default for 1.1 with a feature flag that allows users to opt-in. Signed-off-by: Liam White <liam@tetrate.io> * Address pr comments Signed-off-by: Liam White <liam@tetrate.io> * Clean up missed feature flag var Signed-off-by: Liam White <liam@tetrate.io> * Add turn off test case, todo comments and fix agent tests Signed-off-by: Liam White <liam@tetrate.io> * fix lint Signed-off-by: Liam White <liam@tetrate.io> * PR review comments Signed-off-by: Liam White <liam@tetrate.io> * Move TerminationDuration function and tests to Pilot features Signed-off-by: Liam White <liam@tetrate.io> * Update Proxy SHA to latest (release-1.1). (#11687) Signed-off-by: Piotr Sikora <piotrsikora@google.com> * Add empty check for proxy's locality (#11681) Make sure empty proxy locality will fall back to using proxy service's instance locality. * Increase sleep value to account for Galley default aggregation of 1 sec with MCP (#11685) * cache ServiceAccounts and remove it drom Environment (#11442) * cache ServiceAccounts and remove it drom Environment * use allServices var * fix ut * Adding Envoy bootstrap template for a custom Pilot implementation. (#11395) * Adding Envoy bootstrap template for a custom Pilot implementation. New template connects to Pilot using Google gRPC Envoy client, which allows to perform authz by passing additional credentials. Placed into install/gcp due to being GCP installation specific. To enable this template, introducing {{ .discovery_address }} variable, which passes --discoveryAddress flag value "as is", without splitting it into address/port_value parts as currently done for the {{ .pilot_grpc_address }} variable. * Removing static interception listener from gcp_envoy_bootstrap.json as it is generated by the Pilot. * Update bookinfo images, fix the script to bump bookinfo versions (#11701) * add wildcard to digits in the sed regex, for setting version * bump a minor version * Add cli option to Galley to allow metadata on outgoing sink connections. (#11602) * Add cli option to Galley to allow metadata on outgoing sink connections. For use with sinkAddress, outgoing connections to MCP sink servers will have gRPC stream metadata attached as defined by sinkMeta. * Update sinkMeta to use key=value. * Review comments. * Error message if istioctl version doesn't match data plane version (#11592) * Additional error text if istioctl version doesn't match data plane version * Fix typo * Revise wording of error msg * Allow Envoy listener stats to be turned off/on with a pod annotation (#11398) * If sidecar.istio.io/statsPatterns supplied, customize Envoy stats collection * Versionize annotation tag * Change annotation to sidecar.istio.io/v1alpha1/statsInclusionPrefixes per Doug Reid * pin goimports in make fmt (#11645) * fix fmt Signed-off-by: Kuat Yessenov <kuat@google.com> * trying to run docker in circle Signed-off-by: Kuat Yessenov <kuat@google.com> * trying to run docker in circle Signed-off-by: Kuat Yessenov <kuat@google.com> * circling Signed-off-by: Kuat Yessenov <kuat@google.com> * circling Signed-off-by: Kuat Yessenov <kuat@google.com> * just dont use circle Signed-off-by: Kuat Yessenov <kuat@google.com> * add comment Signed-off-by: Kuat Yessenov <kuat@google.com> * Adding namespace declaration in Grafana PersistentVolumeClaim (#11314) When using the Helm chart with a user specific namespace and Grafana persistency enabled, the generated PersistentVolumeClaim for Grafana was missing a namespace, leading in the Grafana pod to be stuck in the Pending state. * Fix the periodic builds, add a non-mcp to presubmit (#11703) * Update api sha (#11709) * issue #11244 - demo should install a default secret for kiali so out-of-box experience is nicer for users kicking the tires (#11272) (#11715) (cherry picked from commit 1ad4e29) * [WIP] Fix sync issue with policy enablement and check enablement (#11707) * Fix sync issue with policy enablement and check enablement * Remove outdated comment * Support customization of Envoy bootstrap config (#11559) (#11702) * Support customization of Envoy bootstrap config This change allows override the default Envoy bootstrap configuration for a resource. A sample is included to show how it can be used. * Format code * Fix tests * Pull in new istio/proxy. (#11717) * Add experimental support for 'allowhttp10' (#11511) * Add AcceptHttp10 option to outbound listeners based on global or per sidecar setting * Clarify this is only for 'sidecar enabled' mode * Format and lint * Move http10 option, it was overriden * Add http10 to test, remove verbose * Format * Format * Use release-1.1 images for release-1.1 branch (#11725) * guard with gateway enabled (#11732) * guard with gateway enabled * remove and * Clean up Helm RBAC rules (#11234) * Add apps apiGroup to istio-security-post-install ClusterRole * Delete empty job file * Clean up ClusterRole apiGroups * Separate Kiali's ClusterRole rules into correct API groups * Fix list indentation * Remove OpenShift-specific "projects" resource from core apiGroup * Consolidate more RBAC rules * Update all RBAC resource apiVersions to v1 * Use service hostname as SNI match for TLS ports if virtual service is missing (#11735) * Use service hostname as SNI match for TLS ports Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * tests Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * bad port name Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * unique port names Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix stateful set Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * handle multiple streams in nodeagent (#11738) * service change * unit test * debug log * lint * remove annoying log * Add duration time to stale EDS (#11568) * Tests for drain duration function (#11691) * Tests for drain duration function Signed-off-by: Liam White <liam@tetrate.io> * Licenses... Signed-off-by: Liam White <liam@tetrate.io> * typo Signed-off-by: Liam White <liam@tetrate.io> * Ability to override SAN from destination rule for ISTIO_MUTUAL (#11747) * Add ability to override SAN from destination rule for ISTIO_MUTUAL Fixes issue #11737 * Reformat code. * Fix the Citadel-apiserver connection proliferation issue. (#11743) * Fix the Citadel-apiserver connection prolification issue. * Small fix on logging. * Add comment. * Small fix on log. * Performance oriented helm defaults for release 1.1 (#11476) * Disable stdio adapter * Disable envoy access log * Add telemetry load shedding defaults based on existing data * Add telemetry limits and update hpa * when proxy locality is empty, apply it with service instance locality (#11727) * Get rid of subcharts (#11767) * Get rid of subcharts Now we can use `helm package istio` in the infrastructure to produce a downloadable Istio chart. Note any `helm package -u istio` usage will fail always, so any usage of that needs to be removed throughout the documentation or infrastructure. Finally the CNI helm chart or manifest must be installed if CNI is enabled. If enabling CNI and the CNI manifest is not installed, the Istio sidecar will fail. * Add dashboard checking to helm charts. * wrong path for dashboards * Fix dashboard test cases. * Change helm package -u to helm package * Another attempt at fixing the dashboards. * Fix rebase error. * update jaeger client (#11765) Signed-off-by: Kuat Yessenov <kuat@google.com> * Fix hostname match function returns wrong result sometimes (#11793) * Fix hostname matching function * wrong method call * fix lint errors * Remove `helm package -u` in favor of `helm package` (#11769) This work removes the ability to include packages from external helm repositories. This is to remove the `helm dep update` step. The hidden implication here is that CNI must be installed indepently but still enabled in the chart for it to be used. Not installing the CNI chart or manifest while enabling CNI will result in sidecar injector failures. * stackdriver adapter memory usage optimization (#11792) * sd adapter memory usage optimization * clean up test. * Remove calls to helm repo add (#11805) * Remove calls to helm repo add * One more place * Create internal interface argument for istio-iptables script. (#11321) * remove 'istiotesting' parent section for 'onenamespace' values. (#11588) * remove istiotesting in onenamespace values. * add comments. * fix typo. * add more tests for external service (#11752) * add more tests * add an error msg * more tests * fix char * rename test yaml file * mark as unreachable for TLS protocol with VS * add another test * remove wikipedia in many tests * remove dash * .* not allowed at hosts ending * looks like no VS for TLS protocol too * rename per shriram comment * address comment * delete not needed file * typos * when host has * must provide endpoints * remove redundant data * [Kiali] changes for the next version (#11513) (#11804) * changes for new kiali version * add create perms * secret is now optional though really required. this, however, let's kiali provide a more user-friendly error message when the secret is missing, rather than failing to start the pod. See https://issues.jboss.org/browse/KIALI-2308 and its parent https://issues.jboss.org/browse/KIALI-2303 (cherry picked from commit 322452a) * use YAML map nil value ({}) for meshNetworks (#11849) since meshNetworks is a map, the correct nil value is {} setting the nil value correctly will allow setting networks by helm command line, using --set : --set global.meshNetworks.network2.endpoints[0].fromRegistry=remote_kubeconfig --set global.meshNetworks.network2.gateways[0].address=0.0.0.0 --set global.meshNetworks.network2.gateways[0].port=15443 * Add configurable Mixer transport error retry (#11795) * Add configurable Mixer transport error retry Adds annotations for the number of retries, base wait time, and max wait time to configure Mixer transport error retry policy. If values are not provided, they will be left unset; defaults will be provided in istio/proxy. * Add more comments * new proxy sha for release-1.1 (#11857) * new proxy sha for release-1.1 * Run deps ensure to api * right sha * Adapt mixer client tests to new mixer filter counters (#11591) * Added new counters from #8224 to Mixer client tests. * Reformat * Add a map to manage FileBasedMetadataConfig (#11753) * use CredentialName for SIMPLE * cvc * rootca * update test. * update test * fix format * update gateway config * fix test * fix lint * fix test * add comments. * add nolint * update cvc * update * update * update * update * update * update * format * dep ensure --update istio.io/api * Revise per comments * Revise * lint * Marshal SDS call credential config using deterministic order * update * update * revise * add comment * update * move MCP settings to meshConfig (#11875) * move MCP settings to meshConfig Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix cert bug * enable allow any for outbound traffic demo profile (#11820) * remove helm repo add (#11896) * merge timeseries before sending (#11876) * Fix listener parsing with ipv6 addresses (#11861) * Fix listener parsing with ipv6 addresses Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com> * Fixing typo Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com> * add sample file to expose bookinfo productpage service as nodeport type (#11858) * add sample file to expose bookinfo productpage service as nodeport type * address comment * build network filters in inbound path, like outbound (#11907) * build network filters in inbound path Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * assorted fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix network filter stack Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
istio-testing
pushed a commit
that referenced
this pull request
Mar 4, 2019
* Fix routing when DNS is resolved (#11522) The DNSDomain variable needs to be enhanced to include more then one DNS entry. Change DNSDomain to DNSDomains as a meta and add the dnsConfig in the meta. As now DNSDomain is a slice of strings instead of a string, the variable needs consolidation. * adjust galley dashboard time range (#11627) * Add update permissions to deployments/finalizers for galley clusterrole (#11586) (#11631) (cherry picked from commit f9b6866) * [release-1.1] Update fluentd adapter to be more robust (#11623) * Update fluentd adapter to be more robust * Minor touchup of bad merge * Lint fixes * Fix kubernetesenv workload attributes for multicluster with one control plane (#11581) * remove myself from pilot OWNERS (#11632) * remove me (#11636) Signed-off-by: Kuat Yessenov <kuat@google.com> * add debug logs for citadel authenticate fail (#11633) * move apply plugin below buildscript (#11625) The Cloud Foundry open source licensing scanner has a plugin that identifies dependencies from gradle scripts, but it requires the buildscript and plugins block be before anything else in the file. This change does not affect the build, but makes our lives a smidge easier. Co-authored-by: Teal Stannard <tstannard@pivotal.io> * check key.pem (#11599) * Sample ServiceEntries for apt-get, pip, and git tools showing how to grant access to mesh. (#11508) * Samples for accessing apt-get repo, Github, and pip repo * A Readme explaining the samples * Link to future doc on default external comm capability * Incorporate documentation feedback from venilnoronha * Add support for metadata constraints in RBAC (#11459) * Add support for metadata constraints in RBAC This adds support for mapping RBAC constraints with keys in the a[b] format to Envoy's filter metadata matcher. Signed-off-by: Venil Noronha <veniln@vmware.com> * Use SplitN instead of Split for completeness This updates the metadata matcher definition to use strings.SplitN instead of strings.Split in order to capture the whole binary key in two parts. Signed-off-by: Venil Noronha <veniln@vmware.com> * Accomodate [list] and plain value type constraints This adds logic to accomodate filter metadata matching over both [list] and value type constraints. Signed-off-by: Venil Noronha <veniln@vmware.com> * Add extra experimental. prefix test for matching This adds an extra experimental. prefix test while creating metadata matchers based on Envoy filters. Signed-off-by: Venil Noronha <veniln@vmware.com> * Update comments This updates code comments. Signed-off-by: Venil Noronha <veniln@vmware.com> * add POST to ratings service to demonstrate security policies on HTTP Methods (#10778) * add POST to ratings service * put a space between if and opening parenthesis * add comments * remove extra line-break * Enable remote clusters to check/report to local Mixer (#11585) * Print error message if istio-sidecar-injector invalid, allow toJson as synonym for toJSON (#11570) * Fix racetest in fluentd test (#11647) * Bump the number of connection that can be re-use in Citadel (#11641) * Bump the number of connection that can be re-use in Citadel * A small fix * First cut of xDS APi structural testing using the new integration tests (#11406) * Fixes for k8s ingress (#11343) * Fix ingress in pilot, writeback and multiple namespaces * Fix tests, format * Fix test - the generated service should be left in the namespace of ingress * Additional test fixes, match the new 1.1 semantics * Again make fmt and lint not matching * Break up the helloworld sample into versions (#11650) * Break up the helloworld sample into versions * Moved to default namespace * Seperated gateway file and added labels * Update the doc * Cleanup section updated too * Fix build break due to #11406. (#11677) https://k8s-gubernator.appspot.com/build/istio-prow/pr-logs/pull/istio_istio/11645/istio-integ-local-tests/5215 * make stackdriver e2e test cluster wide (#11674) * Add handling for independent encoding in Report batches to Mixer (#11640) * Add handling for independent encoding in Report batches to Mixer * fix lll * Address review * protect protobag done * exit circleci test early if setup fails (#11572) * wip: exit circleci test early if setup fails Many of the circleci tests will attempt to run the e2e/integration tests even after the test setup fails. This leads to misleading test failures that suggest the problem is with the feature test and not the test setup itself. Example test runs where the setup failed and the test was run but immediately errored out because a dependency was missing: https://circleci.com/gh/istio/istio/316588 https://circleci.com/gh/istio/istio/317262 https://circleci.com/gh/istio/istio/318281 https://circleci.com/gh/istio/istio/316031 https://circleci.com/gh/istio/istio/315952 https://circleci.com/gh/istio/istio/315871 https://circleci.com/gh/istio/istio/315813 ref: https://circleci.com/docs/2.0/configuration-reference/#the-when-attribute ``` By default, CircleCI will execute job steps one at a time, in the order that they are defined in config.yml, until a step fails (returns a non-zero exit code). After a command fails, no further job steps will be executed. Adding the when attribute to a job step allows you to override this default behaviour, and selectively run or skip steps depending on the status of the job. The default value of on_success means that the step will run only if all of the previous steps have been successful (returned exit code 0). A value of always means that the step will run regardless of the exit status of previous steps. This is useful if you have a task that you want to run regardless of whether the previous steps are successful or not. For example, you might have a job step that needs to upload logs or code-coverage data somewhere. ``` * re-add `when: always` to codecov job * Implementation of isolation for EDS (#11672) * Implementation of isolation for EDS * Provide nil proxy for older calls * Always call loadAssignmentsForClusterIsolated * Revert "Always call loadAssignmentsForClusterIsolated" This reverts commit db2c997. * Env variable to disable * Lint * Environment Variable controlled Graceful Termination with low defaults. (#11630) * Feature flag graceful shutdown Turn graceful shutdown off by default for 1.1 with a feature flag that allows users to opt-in. Signed-off-by: Liam White <liam@tetrate.io> * Address pr comments Signed-off-by: Liam White <liam@tetrate.io> * Clean up missed feature flag var Signed-off-by: Liam White <liam@tetrate.io> * Add turn off test case, todo comments and fix agent tests Signed-off-by: Liam White <liam@tetrate.io> * fix lint Signed-off-by: Liam White <liam@tetrate.io> * PR review comments Signed-off-by: Liam White <liam@tetrate.io> * Move TerminationDuration function and tests to Pilot features Signed-off-by: Liam White <liam@tetrate.io> * Update Proxy SHA to latest (release-1.1). (#11687) Signed-off-by: Piotr Sikora <piotrsikora@google.com> * Add empty check for proxy's locality (#11681) Make sure empty proxy locality will fall back to using proxy service's instance locality. * Increase sleep value to account for Galley default aggregation of 1 sec with MCP (#11685) * cache ServiceAccounts and remove it drom Environment (#11442) * cache ServiceAccounts and remove it drom Environment * use allServices var * fix ut * Adding Envoy bootstrap template for a custom Pilot implementation. (#11395) * Adding Envoy bootstrap template for a custom Pilot implementation. New template connects to Pilot using Google gRPC Envoy client, which allows to perform authz by passing additional credentials. Placed into install/gcp due to being GCP installation specific. To enable this template, introducing {{ .discovery_address }} variable, which passes --discoveryAddress flag value "as is", without splitting it into address/port_value parts as currently done for the {{ .pilot_grpc_address }} variable. * Removing static interception listener from gcp_envoy_bootstrap.json as it is generated by the Pilot. * Update bookinfo images, fix the script to bump bookinfo versions (#11701) * add wildcard to digits in the sed regex, for setting version * bump a minor version * Add cli option to Galley to allow metadata on outgoing sink connections. (#11602) * Add cli option to Galley to allow metadata on outgoing sink connections. For use with sinkAddress, outgoing connections to MCP sink servers will have gRPC stream metadata attached as defined by sinkMeta. * Update sinkMeta to use key=value. * Review comments. * Error message if istioctl version doesn't match data plane version (#11592) * Additional error text if istioctl version doesn't match data plane version * Fix typo * Revise wording of error msg * Allow Envoy listener stats to be turned off/on with a pod annotation (#11398) * If sidecar.istio.io/statsPatterns supplied, customize Envoy stats collection * Versionize annotation tag * Change annotation to sidecar.istio.io/v1alpha1/statsInclusionPrefixes per Doug Reid * pin goimports in make fmt (#11645) * fix fmt Signed-off-by: Kuat Yessenov <kuat@google.com> * trying to run docker in circle Signed-off-by: Kuat Yessenov <kuat@google.com> * trying to run docker in circle Signed-off-by: Kuat Yessenov <kuat@google.com> * circling Signed-off-by: Kuat Yessenov <kuat@google.com> * circling Signed-off-by: Kuat Yessenov <kuat@google.com> * just dont use circle Signed-off-by: Kuat Yessenov <kuat@google.com> * add comment Signed-off-by: Kuat Yessenov <kuat@google.com> * Adding namespace declaration in Grafana PersistentVolumeClaim (#11314) When using the Helm chart with a user specific namespace and Grafana persistency enabled, the generated PersistentVolumeClaim for Grafana was missing a namespace, leading in the Grafana pod to be stuck in the Pending state. * Fix the periodic builds, add a non-mcp to presubmit (#11703) * Update api sha (#11709) * issue #11244 - demo should install a default secret for kiali so out-of-box experience is nicer for users kicking the tires (#11272) (#11715) (cherry picked from commit 1ad4e29) * [WIP] Fix sync issue with policy enablement and check enablement (#11707) * Fix sync issue with policy enablement and check enablement * Remove outdated comment * Support customization of Envoy bootstrap config (#11559) (#11702) * Support customization of Envoy bootstrap config This change allows override the default Envoy bootstrap configuration for a resource. A sample is included to show how it can be used. * Format code * Fix tests * Pull in new istio/proxy. (#11717) * Add experimental support for 'allowhttp10' (#11511) * Add AcceptHttp10 option to outbound listeners based on global or per sidecar setting * Clarify this is only for 'sidecar enabled' mode * Format and lint * Move http10 option, it was overriden * Add http10 to test, remove verbose * Format * Format * Use release-1.1 images for release-1.1 branch (#11725) * guard with gateway enabled (#11732) * guard with gateway enabled * remove and * Clean up Helm RBAC rules (#11234) * Add apps apiGroup to istio-security-post-install ClusterRole * Delete empty job file * Clean up ClusterRole apiGroups * Separate Kiali's ClusterRole rules into correct API groups * Fix list indentation * Remove OpenShift-specific "projects" resource from core apiGroup * Consolidate more RBAC rules * Update all RBAC resource apiVersions to v1 * Use service hostname as SNI match for TLS ports if virtual service is missing (#11735) * Use service hostname as SNI match for TLS ports Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * tests Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * bad port name Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * unique port names Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix stateful set Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * handle multiple streams in nodeagent (#11738) * service change * unit test * debug log * lint * remove annoying log * Add duration time to stale EDS (#11568) * Tests for drain duration function (#11691) * Tests for drain duration function Signed-off-by: Liam White <liam@tetrate.io> * Licenses... Signed-off-by: Liam White <liam@tetrate.io> * typo Signed-off-by: Liam White <liam@tetrate.io> * Ability to override SAN from destination rule for ISTIO_MUTUAL (#11747) * Add ability to override SAN from destination rule for ISTIO_MUTUAL Fixes issue #11737 * Reformat code. * Fix the Citadel-apiserver connection proliferation issue. (#11743) * Fix the Citadel-apiserver connection prolification issue. * Small fix on logging. * Add comment. * Small fix on log. * Performance oriented helm defaults for release 1.1 (#11476) * Disable stdio adapter * Disable envoy access log * Add telemetry load shedding defaults based on existing data * Add telemetry limits and update hpa * when proxy locality is empty, apply it with service instance locality (#11727) * Get rid of subcharts (#11767) * Get rid of subcharts Now we can use `helm package istio` in the infrastructure to produce a downloadable Istio chart. Note any `helm package -u istio` usage will fail always, so any usage of that needs to be removed throughout the documentation or infrastructure. Finally the CNI helm chart or manifest must be installed if CNI is enabled. If enabling CNI and the CNI manifest is not installed, the Istio sidecar will fail. * Add dashboard checking to helm charts. * wrong path for dashboards * Fix dashboard test cases. * Change helm package -u to helm package * Another attempt at fixing the dashboards. * Fix rebase error. * update jaeger client (#11765) Signed-off-by: Kuat Yessenov <kuat@google.com> * Fix hostname match function returns wrong result sometimes (#11793) * Fix hostname matching function * wrong method call * fix lint errors * Remove `helm package -u` in favor of `helm package` (#11769) This work removes the ability to include packages from external helm repositories. This is to remove the `helm dep update` step. The hidden implication here is that CNI must be installed indepently but still enabled in the chart for it to be used. Not installing the CNI chart or manifest while enabling CNI will result in sidecar injector failures. * stackdriver adapter memory usage optimization (#11792) * sd adapter memory usage optimization * clean up test. * Remove calls to helm repo add (#11805) * Remove calls to helm repo add * One more place * Create internal interface argument for istio-iptables script. (#11321) * remove 'istiotesting' parent section for 'onenamespace' values. (#11588) * remove istiotesting in onenamespace values. * add comments. * fix typo. * add more tests for external service (#11752) * add more tests * add an error msg * more tests * fix char * rename test yaml file * mark as unreachable for TLS protocol with VS * add another test * remove wikipedia in many tests * remove dash * .* not allowed at hosts ending * looks like no VS for TLS protocol too * rename per shriram comment * address comment * delete not needed file * typos * when host has * must provide endpoints * remove redundant data * [Kiali] changes for the next version (#11513) (#11804) * changes for new kiali version * add create perms * secret is now optional though really required. this, however, let's kiali provide a more user-friendly error message when the secret is missing, rather than failing to start the pod. See https://issues.jboss.org/browse/KIALI-2308 and its parent https://issues.jboss.org/browse/KIALI-2303 (cherry picked from commit 322452a) * use YAML map nil value ({}) for meshNetworks (#11849) since meshNetworks is a map, the correct nil value is {} setting the nil value correctly will allow setting networks by helm command line, using --set : --set global.meshNetworks.network2.endpoints[0].fromRegistry=remote_kubeconfig --set global.meshNetworks.network2.gateways[0].address=0.0.0.0 --set global.meshNetworks.network2.gateways[0].port=15443 * Add configurable Mixer transport error retry (#11795) * Add configurable Mixer transport error retry Adds annotations for the number of retries, base wait time, and max wait time to configure Mixer transport error retry policy. If values are not provided, they will be left unset; defaults will be provided in istio/proxy. * Add more comments * new proxy sha for release-1.1 (#11857) * new proxy sha for release-1.1 * Run deps ensure to api * right sha * Adapt mixer client tests to new mixer filter counters (#11591) * Added new counters from #8224 to Mixer client tests. * Reformat * Add a map to manage FileBasedMetadataConfig (#11753) * use CredentialName for SIMPLE * cvc * rootca * update test. * update test * fix format * update gateway config * fix test * fix lint * fix test * add comments. * add nolint * update cvc * update * update * update * update * update * update * format * dep ensure --update istio.io/api * Revise per comments * Revise * lint * Marshal SDS call credential config using deterministic order * update * update * revise * add comment * update * move MCP settings to meshConfig (#11875) * move MCP settings to meshConfig Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix cert bug * enable allow any for outbound traffic demo profile (#11820) * remove helm repo add (#11896) * merge timeseries before sending (#11876) * Fix listener parsing with ipv6 addresses (#11861) * Fix listener parsing with ipv6 addresses Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com> * Fixing typo Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com> * add sample file to expose bookinfo productpage service as nodeport type (#11858) * add sample file to expose bookinfo productpage service as nodeport type * address comment * build network filters in inbound path, like outbound (#11907) * build network filters in inbound path Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * assorted fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix network filter stack Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * set allow any as the default for outgoing traffic (#11906) * set allow_any for default * enable egress for demo profile * enabel egress gateway for e2e testing * update comment per costin's comment * adding more docs * delete accidentally checked in file * minor typo * hope to get tests passing * remove spaces * [Kiali][release-1.1] Tell kiali about the new Pilot /version endpoint used to obtain Istio version string (#11833) * rebase (#11879) * citadel uses OpenCensus for self-monitoring (#10048) * citadel and pilot use OpenCensus for self-monitoring Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com> * modify based on 10270 Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com> * Use DefaultRegisterer instead of create a new register Signed-off-by: clyang82 <clyang@cn.ibm.com> * do not accept XDS connection if gateway has no service instances (#11905) * kill XDS if proxy has no service instances Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * undo Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix cloud foundry test case failure * fix mcp test * fix crash * Update istioctl authn tls-check to take into account caller proxy (#11603) (#11924) * Lower resource requirements in demo profile (#11942) * Remove implicit usage of 'busybox:latest' (#11812) * add long description for verify-install (#11928) * add long description for verify-install * review * singular * update pilot mesh config default (#11950) * set allow_any for default * enable egress for demo profile * enabel egress gateway for e2e testing * update comment per costin's comment * adding more docs * delete accidentally checked in file * minor typo * hope to get tests passing * remove spaces * sync default with the mesh file * update test given we changed mesh default * update test * update test * update test * update test * update test * update test * add adapter secret mount into telemetry deployment (#11921) * add gcp credential secret mount into telemetry deployment * update * rename * add optional * remove helm values * update path * do the same thing for policy * mixer: minor doc fixes (#11958) * minor doc fixes Signed-off-by: Kuat Yessenov <kuat@google.com> * review Signed-off-by: Kuat Yessenov <kuat@google.com> * Rename sidecar.istio.io/statsInclusionPrefixes annotation (#11993) * Flexible DNS names (#11986) * WIP Flexible DNS names * More fix * Style filx * Fix error * Fix lint * Fix lint * fix lint * Fix pilot-agent application port 0 (#12001) * fix bug * fix comments * Remove duplicated keys (#10928) Remove duplicated keys in values-istio-test.yaml * Add shortnames for common crds (#11969) * Unit tests for sidecar config to sidcar scope conversion (#11901) * Unit tests for sidecar config to sidcar scope conversion * Unit tests for sidecar config to sidcar scope conversion * fix citadel health check issue. (#11965) * add imagepullsecrets for hook jobs. (#11666) * Add Auth to OOP handler (#10622) * add oop auth * simpliy get auth option logic * clear comment * address comment * custom mtls auth check * lint * add server name into tls config * figure out mixer SAN from mixer own cert * remove unnecessary comment * update customVerify * update customVerify * add test to cover untrusted certs in mtls * remove mtls option * lint * clear diff * test * Don't admit CRDs with unknown top-level keys (#11791) * Don't admit CRDs with unknown top-level keys Use term 'field' for error messages Check when admitting both Pilot and Mixer configurations * The admission control rejected a test yaml as invalid * Improve message wording and resolve TODOs by using 'mock' Kind * Add dynamic discovery and listener initialization for supported k8s resource types (#11871) * wip: dynamically discover supported crd types * fix linter errors * improve logs when resource type not found * increase code coverage * address review comments * add a comment * fix linter error * fix issue for generating custom gateway from chart. (#11970) * Let `kubectl get` show additional columns for popular Istio CRDs (#11734) * Annotate CRDs with the columns we would like printed by * Verbiage change suggested by Frank B * Explicitly include AGE column because some versions of K8s will not create it if additionalPrinterColumns are declared * Update ingress gateway TLS validation for credentialName (#11991) * use CredentialName for SIMPLE * cvc * rootca * update test. * update test * fix format * update gateway config * fix test * fix lint * fix test * add comments. * add nolint * update cvc * update * update * update * update * update * update * format * dep ensure --update istio.io/api * Revise per comments * Revise * lint * Marshal SDS call credential config using deterministic order * update * update * revise * add comment * update * Update validation * Use e2e values for e2e tests (#11952) * Use e2e values for e2e tests New settings were added to give e2e tests reasonable resource requests. However, some this target did not have these values applied, causing too many requests * hardcode e2e for just the failing test instead of all * generate_e2e_test_yaml not called, moving to own target * expose healthcheck port in gateway (#12041) * GetProxyServiceInstances should not depend on endpoint if there is associated services and pod (#11999) * fix incremental EDS bug: proxy may not get listeners config when endpoint arrive later than the first full xDS push * get endpoint by key instead of loop for all * fix memory leak in pilot (#11183) * fix memory leak in pilot * protect Shards and EndpointShardsByService * Make demo-auth use same resource requests as demo (#11956) * rename to TestDestinationRuleExportTo (#12009) Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com> * Fix the logic testing for errors (#12053) * Fix jaeger metrics path template (#11963) * Fix virtual machine parameter from "r" to "k" (#12062) * Istio Perf Dashboard fixes (#12049) * fix mcp source unit test (#12069) * Fix upgrade/downgrade issue, add guard for visibility and make it off by default (#12084) * Add MTLS into mixer connection to oop adapter (#12052) * add oop mtls * address comment * add a comment about how key/certs are generated * New proxy and api sha for istio (#12045) * new proxy sha in istio * New proxy sha for istio * Fixing test * Right intend * MOre fixes * Endpoint locality prioritization (#11981) * Endpoint locality prioritization Defaults to off and has to be enabled via a env var in Pilot as it is an experimental feature and we are close to a release Signed-off-by: Liam White <liam@tetrate.io> * Fix correct spelling of prioritise Signed-off-by: Liam White <liam@tetrate.io> * Don't ignore kube-system in EDS (#12028) This was originally ignored due to a high rate of updates from kube-system. EDSInformer now checks that there were actual meaningful changes made, otherwise they are ignored, so this is no longer and issue. * Istio auth sds e2e (#12100) * use CredentialName for SIMPLE * cvc * rootca * update test. * update test * fix format * update gateway config * fix test * fix lint * fix test * add comments. * add nolint * update cvc * update * update * update * update * update * update * format * dep ensure --update istio.io/api * Revise per comments * Revise * lint * Marshal SDS call credential config using deterministic order * update * update * revise * add comment * update * Update validation * fix istio_auth_sds_e2e * fix TestRouteSNIViaEgressGateway/* * istioctl validation improvements (#11768) Use term 'field' for error messages Look for same top-level fields as admission controller * Hide GODEBUG output from istioctl requests (#12091) * Hide GODEBUG output from istioctl requests * Fix in single function as well * support listen multi-namespaces (#11667) * support listen multi-namespaces Signed-off-by: clyang82 <clyang@cn.ibm.com> * fix kube errors Signed-off-by: clyang82 <clyang@cn.ibm.com> * fix lint error Signed-off-by: clyang82 <clyang@cn.ibm.com> * fix ut error Signed-off-by: clyang82 <clyang@cn.ibm.com> * Add new dep Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com> * replace CA with Citadel Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com> * fix merge issue Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com> * properly handle passthrough and non passthrough on same gateway port (#12071) * properly handle passthrough and non passthrough on same gateway port Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * flimsy tests Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * snafu Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * bring back e2e tests Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Revert "bring back e2e tests" This reverts commit a3fbb48. * fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Improving error message for sidecar readiness (#12123) Currently, the readiness error message doesn't make it clear that the issue is likely Pilot: ``` 2019-02-25T07:22:20.019287Z info Envoy proxy is NOT ready: cds updates: 0 successful, 0 rejected; lds updates: 0 successful, 0 rejected ``` This PR should help users better diagnose these issues in the future. This is a port of PR #12098 into the release-1.1 branch. * Remove mem registry (#11543) (#12026) * Remove mem registry (#11543) * Fix lint * extract Galley root command to server. (#12073) * Replace root command of Galley with server mode. * Fix linter issue. * Remove accidentally added envoy.test (#12136) * Fix the health check probe (#12135) * Fix the health check prob. * Small fix. * Small fix. * Small fix. * Small fix * Fix identity in certs provisioned for VMs. (#12109) * Avoid unnecessary service change events(#11971) (#12148) Unecessary service/instances change events are fired by consul registry, causing TCP connections destroyed by Envoy Fixes #11971 Change-Id: Iaf60a89175c9113cd8cde1556c9bf11d1a367e8f Signed-off-by: zhaohuabing <zhaohuabing@gmail.com> * Removing a leftover to disable ingress (#12120) Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com> * Fix EDS race condition when using localities (#12151) * Fix EDS race condition when using localities Signed-off-by: Liam White <liam@tetrate.io> * Wordz Signed-off-by: Liam White <liam@tetrate.io> * Wire-up excluded resource types list to the CRD check and update logging (#12143) * - Wire-up excluded resource types list to the CRD check. - Update logging. * Revert copyright. * Revert copyright. * Remove VirtualService examples that no longer have an effect (#11892) * Remove no-longer-needed VirtualServices ServiceEntry for github.com not needed to clone https URLs * Modifications after testing using release-1.1-20190214-09-16 * Correct comment explanation * Include pythonhosted.org for 'pypi' and sort/format/dedup the github addresses * Doc fixes. (#12107) * Update jaeger-client-go deps to catch 128bit traceid transport fix (#12166) * Update jaeger-client-go dep * Ensure mixer generates 128bit traceids * Fix DestinationRule issue when there is no Sidecar (#12047) * Fix DestinationRule issue when there is no Sidecar * Default to legacy (current codepath) * Refactor e2e yaml value files (#12076) * Refactor e2e yaml value files This change involes: * renaming uses of old make target * adding all generated files to gitignore * create new target to build all e2e yaml files and another for the demo files that are included in release * move all testing value files, and example value files, to folders * create value files for tests that were using --set * Fix reference to values-e2e.yaml * Fix typo * Add readme and fix test failures * Fix integration tests file * Enable core dump for auth sds test * Actually use coredump * Move istio minimal - needed for docs * resolve conflict * Do not setup SNI match if service has a VIP (#12161) * Do not setup SNI match if service has a VIP Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * missing check Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Upgrade cert-manager to v0.6.2 (#12149) Currently Istio ships with cert-manager v0.5.0 as an optional dependency. This version is outdated and has known issues/limitations with regards to certificates renewal, excessive calls to the ACME APIs, etc. This commit contains minimal changes necessary to upgrade the bundled cert-manager to the most recent stable version. Changes are based on the official Helm Charts distribution of cert-manager. * Doc fixes. (#12180) * fix mixer and pilot upgrade issues. (#12177) * add namespace parameter support (#12104) * add namspace parameter support * add namspace parameter support * add namspace parameter support * fix lint * add test case for proxystatus * Move mixer check annotation to model with defaults (#11859) * Move mixer check annotation to model with defaults * Initialize proto once * Update tests * Add an e2e test to validate fault injection telemetry. (#11773) * Add an e2e test to validate fault injection telemetry. This attempts to provide validation of telemetry for FI to guard against recurrence of issues such as: #11151. It adds a new test in the mixer suite that installs custom virtual service and destination rules that inject faults at 100% (using error code 555). The test validates that the destination workload information is "unknown" and that we receive telemetry with the `FI` response flag. * Add forgotten file to PR * Updates tests to match CNI install procedure (#11877) * Updates tests to match CNI install procedure The CNI install procedure was changed to eliminate dependant helm templates. Changes are required in the test routines to match. * Move daemon start after cluster setup THe daemon start was before the cluster start. * Changes required after testing * debug * Final fix ups * Adress review comments. * Turn policy off by default (#12114) * Simplify files and cleanup base values.yaml * golden files update * switch back to old defaults for rewriteAppHTTPProbe * update golden * override cpu requests for e2e tests * move policy and telemetry to top level for visibility * Update deps for 1.1rc2 (#12213) * Proxy sha and Api sha for istio * Update istio/proxy to pickup istio/proxy#2135 * pilot should wait for kubernetes cache sync before serving (#12214) * Remove test mgmt ports (#12206) * Remove test mgmt ports * Remove todo and fix test * Fix local test * guard mysql proxy with version check (#12225) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Various fixes for the Multicluster e2e test [release-1.1] (#11940) * Choose the correct Istio yaml file for MC * Increase the timeout for the MC test (typically it's 40+ mins) * Set selfSigned flag to false for remote (shared root CA) * Wait for remote addition/deletion to propogate * Enable access log for primary and remote clusters * Fix pilot grpc failure in Consul (#12228)
jeffpak
pushed a commit
to cloudfoundry-attic/istio-release
that referenced
this pull request
Jul 15, 2019
include our PR ontop of istio 1.2.2 Submodule src/istio.io/istio 3632361..d7946d9: > remove unneeded service instance guard for gateway > Change CA client test name (#15104) (#15132) > Update dependency following bugfix in proxy (#15176) > Resolve merge conflict on #15147 (#15167) (#15177) > set nodeagent updateStrategy to RollingUpdate (#15079) (#15129) > redis latency in micros (#15119) > add toleration for Istio components. (#13044) (#15081) > Do not overwrite Citadel storage namespace with env var (#15037) (#15082) > Enable redis filter (#14582) (#15049) > default redis cluster backport (#15052) > merge with release branch (#15062) > Fix Mixer CRD store issue istio/istio#14841 (#15033) (#15036) > Add citadel replicaCount flag back and workloadCertTtl (#14961) (#15066) > Patch #14973 to release-1.2 (#15032) > allow users to disable istio default retries by setting retries to 0 (#14925) (#14931) > Fix regression caused my forward port merge error (#14989) (#14996) > Revert "Adding the build&test logic to release-1.2 (#14957)" (#14998) > Adding the build&test logic to release-1.2 (#14957) > Get full sha for api repo in manifest file (#14939) (#14959) > Empty commit > add templates.useTemplateCRDs values option (#14921) > Wait for Kubernetes before running test cases (#14882) (#14912) > Hide rbac upgrade command (#14917) > Fix missing separators in CRD files (#14844) (#14864) > Fix cni tag and hub for the release (#14806) (#14867) > fix indentation issue. (#14784) (#14880) > Use describe tags so that soft tags are used (#14893) (#14894) > Clean up citadel_extras directory. (#14767) (#14890) > dir (#14855) (#14883) > Fix TestController (serviceregistry) Test by making it non racy (#14886) > trim circleci jobs > 1.2 marker (#14865) > Update jwt resolver to mitigate network errors (#14577) (#14826) (#14863) > Pull in fix for istio/istio#14707. (#14857) > Update default tag in Helm charts for 1.2 (#14813) > Remove tabs (#14804) (#14832) > Fix sd adapter goroutine leak (#14803) (#14845) > rbac: add tests for path with double dots (#14184) (#14591) > Update CNI SHA value (#14812) > remove experimental (#14470) (#14807) > [1.2] bookinfo: add service accounts to the default deployment. (#14824) > Fix broken Node Agent [release 1.2 branch] (#14474) > compare server version using gitversion (#14688) (#14799) > make sure proxyv2 binaries are chmod 755 before the docker build step (#14718) (#14751) (#14802) > watch certs directory instead of cert files to prevent breaking watch in kubernetes (#14540) (#14618) (#14798) > For Sidecar captureMode NONE, bind inbound listener to instance IP instead of wildcard. (#14733) (#14790) > Add cni helm to release archive (#14752) (#14756) > add a unit test in sds service that trigger racing condition and fix (#14715) (#14771) > Remove lowered resource limits from demo (#14674) (#14776) > Update to latest istio.io/pkg repo. (#14748) > Reject TCP/TLS VS without route (#14698) (#14726) > Add jwt tests for authentication (#14670) (#14711) > update adapter comment (#14681) (#14720) > Update comment of template for doc (#14679) (#14722) > fix(pilot metrics): remove unbounded err strings in metrics (#14671) (#14702) > update sample file (#14646) (#14676) > [1.1 -> master] Backport prevent dupe routes (#14617) (#14701) > Fix security vulnerabilities for istio components (#14615) > Use global imagePullPolicy (#14663) (#14685) > [1.2] Fix Citadel using in-memory cert without writing to secret issue. (#14505) > cherry pick 14390 into 1.2 release (#14689) > Fix ads deadlock and race condition (#14635) (#14665) > Expose Citadel root cert expiration timestamp to prometheus (#14569) (#14653) > Apply locality overrides in bootstrap (#14353) (#14566) > Disable flaky tests: locality and sds_vault_flow (#14613) (#14669) > fix nodeagent priorityClass problem (#14032) (#14583) > [Kiali][master] update kiali version (#14561) (#14637) > Add pod locality in updateEDS (#14343) (#14359) > fix multi clusters proxies with same ip (#14377) > Update CA root cert TTL to 10 years (#14547) > Update to latest istio.io/pkg in order to get updated doc generation. (#14410) > check pick 14518 into 1.2 release (#14548) > cherry-pick the fix for PDB issue of cert-manager (#14556) > Cherry-pick gRPC integration test for RBAC v1 (#14535) > clearing envoy stats should not break sidecar /ready probe (#14476) (#14530) > Add initial_fetch_timeout option to Pilot (#14276) (#14451) > Helps to show results for release 1.2 in testgrid (#14463) > Remove admin access during envoy drain period (#14250) (#14482) > Cherry pick 14425 (#14528) > fix quotes for release 1.2 (#14460) > move back the weight for pod antiaffinity term. (#14419) (#14418) > [1.2] Backport 1.1.7 upgrade tests (#14488) > populate accurate version into xds response (#14379) > fix cpu counting (#14468) > fix concurrent r/w (#14459) (#14462) > set max connections for passthrough cluster (#14446) > post cds cache remove cleanup (#14378) > Cherry pick #14043 (#14305) (#14412) > Update Go to 1.12 for e2e-tests (#14270) (#14426) > Protect ads connection with mutex to fix race condition (#14254) (#14370) > Set HTTP connection manager to normalize path. (#14191) (#14352) > fix: Update EDS only after ClusterDiscoveryType is known (#13807) (#14298) > [Cherrypick 1.1 -> 1.2] Backport ingress resources (#14297) > Sort Config in stable ordering (#14080) (#14278) > don't disconnect sds connection when receive empty resourcename (#13934) (#14299) > Add application port option for gateways (#14059) (#14282) > Update deps before creating 1.2 branch (#14272) > Add mysqlfilter feature flag (#14000) > update go-control-plane to 0.8.0 (#14055) > [istioctl] Handle * in services and support multiple namespaces (#13960) > fix #14235 (#14256) > Backport changes to new installer (#14210) > Clean up pilot logging (#14229) > README updates (#14168) > Report Istio version in istioctl proxy-status (#14222) > fixes to consul demo (#13984) > Fix perf dashboard, improve pilot dashboard (#14228) > initial sdsc package for better sds testing. (#14249) > Revert "Lock down development of installer (#13350)" (#14230) > Fixing tags in helm charts (#13993) > Add stats inclusion suffixes, prefixes, regexps (#14212) > [Test Framework] Always apply config for Native Echo (#14216) > Add buggy bookinfo versions for demos and the tutorial (#13690) > [Test Framework] Remove Resetter interface (#14172) > Remove warning for unknown flags in pilot-agent (#14225) > Fix istio/istio#13910 (#13973) > Support gateway service name in meshNetworks (#13392) > set use_remote_address to true for egress listeners in side car mode (#14097) > Allow galley to read from config file (#13594) > lds: support feature that splitting inbound outbound listeners (#13666) > Init registry singleton with sync.once (#14203) > Remove duplicate logging value (#13647) > Require outlierDetection for EDS locality failover (#14099) > Added support for outbound port exclusions (#13970) > Fix istioctl version information (#14207) > [Testing] Refactor locality tests (#14178) > Introduce an explicit flag for enabling endpoint processing. (#14188) > Allow unknown flags in pilot-agent (#14209) > Dedupe Redis tests in e2e tests and new integration test framework (#14192) > use pkg/pool and pkg/attribute (#14198) > attempt to fix flaky helm redis install (#14181) > Improve xDS logging consistency (#13948) > Integration test for traffic shifting (#13673) > Refactor Galley test data set. (#14170) > Update Vendor Files to match go.mod (#14165) > [Test Framework] Support parallel tests (#14076) > [Test Framework] Fix outbound check for Echo (#14166) > [Test Framework] Fix panic in echo test (#14149) > Handle pod delete correctly (#13909) > Configure dnsRefreshRate in bootstrap config (#13982) > Add ability for Galley to serve Mesh Config. (#14107) > Add Namespaces to list of resources Galley can serve over MCP. (#13732) > Highlight the right avenues for community support. (#14093) > Add version to Galley MCP dial out metadata. (#13734) > Initial istioctl integration test in new framework (#13872) > refactor: isolate attribute package (#14092) > fix some config strings in stackdriver (#14086) > Fix outbound traffic test (#14050) > crd multiple versions (#14089) > Fix Workdir calculation in the makefile. (#14090) > bump k8s version when setup minikube (#13966) > refactor eds building cluster LoadAssignment (#13576) > Show mcp client synced status in configz page (#13696) > move verify-install (#13633) > Merge pull request #14041 from howardjohn/master-merge-again > fix kind simpletest (#14085) > Remove unused circle targets (#14044) > Making simpleTest works in KinD (#14078) > devendorize internal stackdriver bindings (#14060) > consolidate ratelimit test samples (#13763) > [Test Framework] Fix call stack in TestContext (#14056) > fixing issue 13980 (#13985) > Add Prow scripts for running Mixer integration tests. (#13997) > [Test Framework] Support annotations in Echo component (#13945) > Fix ProcessStream error reporting on cancel (#13919) > [Testing] Merge YAML utilities (#14023) > [Test Framework] Galley.DeleteConfig Allow nil namespace (#13961) > [Test Framework] Refactor Echo API to hide waiting (#14015) > Fix issue #13728. Create separate connectionManager for different filter chains (#13955) > istio.io/common is now istio.io/pkg (#14027) > Update to newer OpenCensus dependencies. (#14022) > Fix build break (#14021) > Fetch pkg/probe and pkg/util/wait from the common repo. > Get filewatcher from common repo. (#14016) > [ImgBot] Optimize images (#14013) > Take dependency on the common repo. (#14014) > Add grpc to reach-ability e2e test (#13992) > test framework: initialize only uninitialized instance (#13990) > Remove CircleCI gates for aggregated integration tests. (#13971) > Cleanup configs in policies test and fix flaky check and report tests (#13849) > [Testing] Merge file utilities (#13988) > drop unnecessary dependencies (#13927) > [Test Framework] Fix ready timeout endpoints (#13987) > generate correct inbound clusters depending on ipv4 or ipv6 mode (#13959) > No need to hold pod cache lock when getting pod from podstore and reuse function getPodKey (#13975) > Add tracing integration test (#13790) > [Test Framework] Introduce Failer interface (#13953) > add branch info to circle ci test logs (#13952) > fix release script (#13954) > Fix issue #12752. Add delay after applying configuration change (#13827) > Replace README content with a redirect to the wiki. (#13941) > Fix bug(#13764). Support template in values config (#13801) > Add more rbac tests (#13925) > Increase Golang version and memory requirement for Vagrant test env (#13918) > rbac: support reading service definition from a file for the upgrade command (#13829) > Delete depupdate circleci job (#13949) > fix consul sidecar templates to update proxy_init image tag (#13946) > Fix istioctl flaky test (#13932) > [Test Framework] Remove apps component (#13930) > Fix the RBAC group test (#13928) > Add more Prow shell scripts for other integration tests. (#13929) > Add istio-env label when creating test namespaces. (#13706) > [Test Framework] Add support for subtests (#13921) > Update integ-galley-local-presubmit-tests to use the right shell file. (#13922) > Patch #11462 to master (#13917) > use gomodules (#13899) > Add component specific presubmit targets (#13855) > fix a potential problem in RBAC test and refactor the test utility (#13896) > Generate Zsh completion file and add to archive (tools/_istioctl) (#13889) > Add owners for RBAC tests (#13897) > Remove model.NodeType.Ingress (#13568) > fix 13868 (#13893) > commit#1 (#13856) > Upgrade mysql version for bookinfo-mysqldb app to 8.0.16 (#13774) > Add zsh completion file generation (#13871) > [Testing] Refactor locality integration tests (#13793) > Make presubmit tests to exclude flaky and postsubmit tests. (#13852) > update webhook http response error (#13865) > Pass the original user agent to applications in app probes (#13835) > Remove CDS caching logic and related flag (#13737) > Adding helm init for perf tests (#13854) > updateServiceShards only for non k8s registry (#13689) > fix pilot-agent request url (#13821) > Update the version of NodeJS in Dockerfile of bookinfo-ratings app (#13748) > [Testing] Change security tests to use Echo (#13824) > [Testing] Removing unused flaky annotation (#13797) > add istio-multicluster-split-horizon.yaml to gitignore (#13590) > Refactor commands out of 'main' package (#13727) > Update Ruby version in the Dockerfile for bookinfo-details app (#13747) > support isolated namespace for integration test (#13830) > Adds a CNI option to the e2e tests (#12529) > Added corrected link to Bookinfo docs (#13833) > Change time.After to time.NewTimer (#13725) > Remove too noisy log (#13721) > Add a test for IP whitelisting (#13654) > (hzxuzhonghu) Always allow unknown fields when apply json string (#13808) > Update Kubernetes dependencies (#13324) > Mark tests flaking in post-submit as flaky. (#13814) > Combine example and framework tests. (#13809) > Merge all Galley integration tests into a single test suite. (#13792) > fix(telemetry): remove configID from mixer self-monitoring metrics (#13094) > [istioctl] Upgrade rbac policy v1 to v2 locally. (#13627) > Add Yangmin as an owner for security integration test (#13816) > [Testing] Add Flaky label. (#13796) > increase host selection retry max attempts (#13773) > When using plugged certs, use chain cert if avaiable. (#13733) > Add individual owners files to each top-level test folder. (#13783) > update nodeagent base image (#13786) > add ipv6 parameter for rendering proxy config (#13117) > [Test Framework] Various fixes for Echo component (#13757) > [Test Framework] Add custom setup label (#13782) > create release-1.1-latest.txt with build version (#13770) > [Test Framework] Capture cleanup settings from test (#13784) > [Testing] Fix for Envoy baseID (#13755) > [Testing] Fix race in Galley file source (#13779) > add access logs for passthrough listener (#13746) > change endpoint logs to debug level (#13745) > rbac: introduce a general model to abstract the RBAC policy (#13632) > [Test Framework] Fix null yaml files generated (#13767) > Fix the RPM proxy generation (#13712) > [Test Framework] Only wait for namespace if we have cleanup (#13761) > [Test Framework] Adding utility methods to Pilot (#13756) > Extend fake policy backend for OOP adapter integration test (#13729) > Refactor Test Framework API Surface, and add complete Galley component methods. (#13738) > Fix istioctl test (#13750) > Fix unit tests of Vault CA integration (#13683) > [Testing] Refactoring Echo application (#13586) > add samples validation linter (#13736) > fix broken links. (#13741) > Fix isValidIP in iptable-start.sh and add unit test for it. (#13563) > Lock down development of installer (#13350) > release: Update latest stable Istio CNI SHA (#13556) > bootstrap: add test to confirm ISTIO_META_ envvar (#13645) > fix namespace parsing in istioctl validate (#13624) > Fix integration tests and user guide of SDS Vault CA flow (#13685) > correct example text for istioctl authn tls-check command (#13561) > Stop using task lists since they cause GitHub to mark issues as 0/7 completed... > Skip failing test case (#13669) > Template tweakathon. > Another template update. > Try out a template experiment. > fix typo in pilot/cmd/pilot-agent/status/ready/probe.go (#12321) > Add Redis Ratelimiting tests in new test framework (#11209) > Pass componentLogLevel to Envoy to disable deprecation warnings (#13182) > Re-enable Mixer validation (#13379) > show detailed mcp resource information in ctrlz page (#12999) > Remove trailing tab chars from each line ending. (#13570) > cleans up unnecessary left over comment (#13137) > For RBAC v2, add integration tests for authorization of groups and list claims (#13628) > Do not use sh in istioctl. (#13395) > add MacOS support KinD (#13583) > Add integration tests for Istio authorization for groups and list claims (#13557) > Cache values config in sidecar injector (#13480) > fix broken links in readme. (#13610) > Fix several lint issues on Citadel Agent. (#13558) > Update UsingGKE.md (#13560) > remove unused permission in istio_init. (#12978) > make --remote and --s as default for istioctl version command (#13389) > add istioctl experimental auth for checking TLS/JWT/RBAC setting on a pod. (#12774) > Fix bug: when pod occur later than sidecar connection, the sidecar in… (#13229) > make GC more aggressive (#13596) > set GOGC (#13587) > update jinja and urllib3 (#13585) > Fix potential fd leak (#13310) > move istioctl completion generator to its own target (#13567) > rbac: refactor filter generation and split filter logic (#13488) > update to go1.12 (#13531) > Fix RBAC integration tests (#13384) > fix panic (#13548) > Adding the missing validation pieces for CORS (#12840) > Fix SE with non FQDN hosts (#13447) > Fix bug causing deleted endpoints to not be updated (#13402) (#13403) (#13470) > Merge pull request #13477 from howardjohn/master-merge-1.1 > [WIP] Preventing duplicate route entries (#13431) > multicluster: fix panic caused by invalid kubeconfig (#13451) > Support using the kiali-viewer role directly from Helm chart configuration (#13528) > Adding unit tests for gateway (#12792) > attempt to update golangcilint (#13525) > [Test Framework] Expand capability of Echo component (#13175) > Fix configz test failures (#13478) > Sleep to prevent test flakes in outbound traffic (#13514) > Make sure all flags get pulled during init. (#13513) > Fix perfcheck script (#13461) > [Code Mauve]: Get TcpMetrics test working again in new test framework (#13247) > New prow e2e Multi-cluster test for Split Horizon EDS (#12709) > Fix EnableFallthroughRoute for HTTPS traffic (#13440) > Refactor authentication plugin code to support future policy versions (#13441) > [Test Framework] Support Pilot mesh config (#13460) > Remove Servicegraph, and therefore addons. (#12470) > Add integration test for outboundTrafficPolicy (#13099) > Fix test flakes in pkg/cache. (#13454) > [Test Framework] Fix forward echo timeout (#13459) > Scrape internal Grafana metrics. (#12509) > Fix make test-bins (#13124) > Add field to explicitly define Istio kind for config data (#13347) > Fix manual injection when webhook disabled (#13434) > Refactor integration tests of Citadel (#13304) > Fix a linter warning. (#13426) > [Testing] Various fixes for structpath (#13375) > replace ayj with ozevren as istioctl owner (#13335) > Fix envvar linter use. (#13411) > Add integration tests that detect race condition (#13342) > [Testing] Adding integration test instructions (GKE) (#13404) > Add istioctl completion to the 'istioctl' make target. (#13024) > [Testing] Improve logging for echo application (#13376) > min ring size for hash lb policy was getting to zero in default case instead of doc'd 1024 (#13284) > Fixes panic in pilot agent when provided with custom cert paths. (#13409) > Broken productpage css and glyphicons fonts (#13314) > Fix MCP dial-out mode. (#13399) > Enable next step for perf testing (#13381) > Enable more linters and fix warnings/errors. (#13245) > Add locality failover integration testing (#13252) > Adding exec permissions to files. (#13401) > Fix security tests (#13368) > appsv1 mixer (#13164) > spiffe: fix a data race in writing trust domain. (#13343) > [Testing] Minor improvements to kube utilities (#13377) > Simplified issue templates. (#13380) > Initial RPM packaging (#13088) > remove unneeded ClusterRole and ClusteRroleBinding in gateway (#13292) > [Galley] Add NotReadyEndpoints to Synthetic ServiceEntry (#13255) > Disable locality LB tests (#13305) > Add integration tests for RBAC v2 (#13353) > Report circleci status to testgrid k8s dump (#13340) > Single Template injection spec fully at runtime (#13147) > Don't apply locality label unless provided (#13297) > Fixing iptabes ranges (#13291) > Extend istioctl mocking library to allow mocking of authn etc (#13118) > Update OpenShift dependencies; Drop [deprecated] legacy schema (#13160) > Fix again helm copy, was reverted during merge from release 1.1 (#13337) > [Test Framework] Integrate apps with Galley (#13115) > Fix galley integration test race (#13303) > Include js/css files into static folder (#12983) > rbac: fix a data race in listener generation (#13308) > Fixing EDS unit tests (#12995) > Remove kubectl from dockerfile prereqs since it pulls it (#13256) > pre-check: fix a logic error (#13278) > Fixes the multicluster e2e test (#13246) > Fix integration test errors and refactor security integration tests (#13253) > add upstream_transport_failure_reason to access log (#12434) > remove myself from owners (#13231) > Add generated LICENSES.txt to gitignore (#13209) > [Testing] Cleanup PortForwarder (#13250) > Ignore missing resources on kubectl delete (#13225) > Add integration tests for SDS-Vault mTLS flow and SDS-Citadel mTLS flow (#13199) > Implement `role` field in AuthorizationPolicy (#13181) > push client the new root cert when it's changed (#13163) > Fix #10380: Remove hardcoded sidecar template for istioctl kube-inject (#10830) > Remove --platform option (#13187) > align init role label. (#13172) > Merge pull request #13207 from howardjohn/master-merge > fix original destination bug (#13011) > update certificates with expiration time 100 years (#13233) > fix lint (#12988) > Fixing helm order (#13224) > Adding aliases for OWNERS (#13194) > Remove unused mixer.enabled value (#13214) > Adding E2E Test for kiali (#11448) > Adding servicegraph testing to postsubmit (#13190) > [test-framework] Support helm values containing spaces (#13127) > Integration testing for Locality Load Balancing (#13084) > CEL checker mutex (#13192) > Cherrypick: Add wildcard route fallthrough (Fixes ALLOW_ANY, 404s) (#12916) (#12973) > Change exposed port of istio-pilot in consul (#13170) > report succeed after validation (#13165) > Enable disabled mixer tests in New Test Framework (#13151) > Run goimports on generated file (#13195) > Fixing copy for helm, one more time. (#13186) > dependencies: update cel-go and remove protoc-gen-docs (#12711) > Registrator should use master version (#13083) > Export inject.injectionData() (#12426) > added sidecar.istio.io/rewriteAppProbers annotation (#13112) > update go-control-plane (#13154) > Appsv1 pilot (#13050) > Installing istio for perf testing (#13159) > parse cert to get expire time (#13145) > ight modification path (#13148) > Fix HelmDelete command (#12515) > Patch #12805 to master (#13104) > controlPlaneMtls renamed to controlPlaneSecurityEnabled (#13141) > Pilot [networking]: Add upstream idle_timeout to cluster definition (#13066) > Added certmanager flag into helm chart values.yaml (#12953) > Making tags requirement same as those in Kubernetes (#12852) > Enable more linters and fix warnings/errors (#13061) > Refactor solution based on Costin's feedback (#13027) > Copy helm data from the right place (#12808) > Adding sha for istio/tools to manifest.txt for future automation of perf tests (#11706) > [Galley] Fix for ServiceEntry event ordering (#12890) > enable default sidecarscope (#12832) > Allows cleanup.sh to run non-interactively when in terminal (#12635) > Fix small typo (#13089) > Correct the app label for Gateway (#12693) > remove deprecated show-all flag (#13053) > Keep going when problem happens checking remote version (#13060) > generalize artifact injection into Docker images (#12203) > Support controlz for mcp server (#12980) > [Test Framework]: Galley support for deleting config (#13037) > samples/bookinfo: migrate `apiVersion` of deployments to `apps/v1` (#13030) > add param to sidecar to ignore iptables changes (#12829) > appsv1 galley (#13047) > Allow limiting Citadel to marked namespaces only (#12289) > Enable more linters and fix warnings/errors (#12993) > Restore TestMtlsHealthCheck in postsubmit, prow. (#12969) > move pkg/mcp/configz to pkg/mcp/configz/client (#12982) > Reduce logs in security/pkg/nodeagent/sds/ (#13035) > Add documentation about -p 1 for integration test framework. (#13032) > respect locality weight set from ServiceEntry (#12714) (#13012) > Add instructions and scripts to facilitate running E2E tests locally using KinD (#12641) > [Galley] Fix race in strategy shutdown. (#13004) > Exclude Prometheus traffic in rule so that Kiali does not show it. (#12251) > remove old mcp stack (#12092) > small fix for imports (#13013) > first change to apps/v1 for Install (#13015) > fix retry loop in mixer crd watch (#13003) > Add examples/documentation for the test framework. (#13000) > remove deprecated code (#13005) > Add tests for the effect of mTLS setting to reachability (#11624) > mixer: delete old style CRDs from installation (#12710) > Don't fill test logs with "no provious log" (#12857) > Support inline role definition in AuthorizationPolicy (#12849) > Update integration test env flag (#12977) > Use shorter namespace prefixes. (#13001) > samples/bookinfo: easier access to logs (#12584) > Allow some time for the configuration propagation (#12865) > supprt proxy https app probe (#12872) > remove deprecated mcpServerAddrs flag (#12954) > remove unnecessary namespace for webhook configuration (#12981) > Remove Robert Li from tests OWNERS file (#12946) > Restore dump_kubernetes.sh function on OSX (#12159) > Fix LB weight setting for split horizon eds (#12560) (#12827) > Support PKCS#8 private keys. (#12972) > minor patch (#12963) > Merge pull request #12844 from howardjohn/master-merge2 > sidecars with workload selector takes precedence over namespace wide one (#12831) > Fixing typos in unit tests (#12661) > [mixer-e2e-test] add retry to prometheus query in check cache test (#12680) > Hoist exemptLabels to top-level, so that they can apply to prs as well. (#12902) > properly report errors on failure (#12945) > Add edsClusters should be atomic (#12942) > Add environment variables to allow configuring bookinfo hostnames (#12646) > Validate new mixer CRDs (#12918) > 'istioctl experimental dashboard' command to show add-ons and sidecars (#12627) > Clean up Helm README (#12914) > Istio does not use Cluster_LOGICAL_DNS, so remove it (#12905) > linters: enable errcheck (#12933) > Adding unit tests for sidecar scope (#12184) > [Galley] Fix race in runtime strategy (#12927) > remove unused pdb in remote values. (#12943) > Introduce pkg/annotations (#12909) > Add labels to the test framework. (#12819) > Fix the regular expression that splits the deployment scripts. (#12931) > Update to latest doc gen tool. (#12932) > Change Ip Address to readable format in accesslog from stdio/stackdriver adapter (#12850) > Rename types.go to types.gen.go. (#12921) > update api sha (#12862) > Implement EnvoyXdsServer graceful shutdown (#12826) > delete stale file (#12898) > Fix a bunch more linter items. (#12897) > Fix prometheus and citadel connection tests (#12747) > Fix flush behavior in Stackdriver adapter. (#12853) > test: add dump pod events function (#12821) > Minor improvements to the test framework. (#12858) > Make Mixer readiness timeout configurable. (#12640) > Re-enable sidecar_api_test (#12887) > Remove accidental file add (#12895) > Refactor Istio deployment code for clarity and add wait for webhook. (#12888) > Zombie cleanup. (#12878) > mixer: add template CRD flag and set it to false (#12851) > Removing a "TODO" that is not necessary any more (#12841) > galley: support optional crds (#12822) > Disabling Mixer tests using the new TF in K8s. (#12848) > inject sds related param in pilot/mixer deployment (#12809) > Set SAN as critical for workload certs. (#12838) > Disabling flaky parts of Galley integ test (#12837) > Removing depencency on the order of returned IP addresses (#12812) > Add a linter to prevent use of os.Getenv and os.LookupEnv (#12778) > [Galley] Adding ServiceEntry synthesis (#12409) > Implement AuthorizationPolicy with workload selector. (#12050) (#12667) > mixer: switch to simplified config model (#12689) > fix uds socket (#12688) (#12802) > Tell Kubernetes that Istio validation has no side effects (#12670) > Wait for endpoints of policy backend, before trying to use it. (#12763) > upgrade prometheus version. (#12781) > Disable the mtls_healthcheck test until it can be fixed. (#12775) > Convert galley to reload files via SIGUSR1 or a ctrlz handler (#11617) > Enable more linters. (#12751) > Add infrastructure to document env var usage. (#12727) > Collect details/artifacts for failed tests in Prow. (#12753) > Adding galley test for sidecar config validation (#12247) > Adding timeouts in Galley processor tests (#12701) > Configure logging level in proxy and control plane (#12639) > remove redundant code (#12656) > Should not add a worker in GoroutinePool construction func (#12619) > Removed unused code from EDS (#12221) > Remove when: always from CircleCI configuration for integration tests. (#12679) > Fix concurrent map access (#12706) > E2E test for health check under mtls using app prober rewrite. (#11531) > Make error message explicit (#12675) > 'istioctl proxy-config clusters' cluster type column rendering (#12458) > Fixing coping of the data to the bucket during release (#12585) > add image pull secrets for zipkin. (#12327) > Testing: configurable ports for Echo (#12681) > Merge pull request #12685 from howardjohn/big-merge > Cleanup Galley OWNERS file. (#12676) > switching deployment to v1 api (#10578) > Cleaning up Unit tests for RDS (#12581) > Adding sidecars to validating webhook configuration (#12233) (#12643) > mixer: add directive demo adapter (#12505) > [Authz v2] Add additional fields for bindings and validation. (#11800) (#12460) > Fix the MCP Client ConfigZ page (#12626) > authz: add authorization policy CRD to helm-init (#12541) > add istio-init.yaml to .gitignore (#12542) > Log descriptions of pods when tests break (#11904) > Hide most logging CLI options from istioctl (#12633) > Add a config package folder. (#12611) > add a e2e test for oop (#12577) > Remove myself from OWNERS files (#12608) > Cherry-pick Galley/MCP changes from 1.1 => master (#12604) > Merge collab-test-framework to master (#12574) > missing comment on exported function ConstructCustomDNSNames (#12492) > Fix recently broken racetest on master (#12383) > Canonicalize help strings for CLI (#12219) > [Kiali][master] things needed for next version of Kiali (#11823) > Move Distributor interface back to runtime. (#12242) > Testing: support retries in Structpath (#12539) > add a root-ca config (#12491) > Revert "Allow no hosts in the ServiceEntry validation (#12497)" (#12559) > rbac: support authorization policy on gateway (#12415) > Cherry-pick #12414 to master (#12508) > spiffe: remove duplicate constant and some clean up (#12526) > Support multiple root certs for multicluster self-signed Citadel (#12483) > Galley test component: support generic validation (#12430) > merge top-level trafficPolicy (#12418) > Allow no hosts in the ServiceEntry validation (#12497) > Add CRD AuthorizationPolicy for authorization v2 API (#12318) > remove gometalinter (#12375) > Validate Citadel certificate can be used for a CA (#12449) > use syncmap to avoid race conditions (#12433) (#12462) > update stackdriver example operator config (#12169) > add missing .pb.go to list of generated files (#12419) > Add additional fields for ServiceRole, issue: #11516 (#11712) (#12299) > locally running address resolution test can fail (#12425) > Cherry pick PR 11165 (#11259) > Support using labels in authentication policy (#12202) > Patch #11986 to master (#12364) > [Galley] Introduce processing.Listener (#12167) > add the remote flag to the istioctl version command (#12398) > Helm customize sidecarInjectorWebhook & security & servicegraph image (#12392) > Removing the hard-coded istio-system in endpoints.yaml (#12393) > Configuration: no longer hardcode mesh certs (#12189) > fix reviews docker image build issue. (#12345) > Change IP addresses to show up as strings in label maps in accesslog (#11740) > mixer: CEL runtime (#12145) > Update OWNERS (#12361) > fix wrong link for mixer (#12347) > Fix pilot grpc failure in Consul (#12273) > Correct TestAdmitPilot Case (#12281) > Make code more reusable in other contexts (#11353) > Support offline running productpage by packing js and css in image (#12218) > Update to grafana 6.0.0 (#12191) > [Galley] Standardize worker thread lifecycles (#12125) > Galley: introduce custom fake for kubernetes.Interface (#12127) > Istio auth sds e2e (#12100) (#12130) > remove flag: grpc-hostname (#10100) > wait for certs to appear before starting envoy (#12129) > Added changes to support modifying the secure naming SAN identity and… (#10091) > update golangci-lint to 1.15 (#12140) > Minor performance improvements (#12124) > Support codecov.sh on mac (#12131) > Move mcp/ratelimiter out of internal (#11994) > Remove envoy binary from root dir (#12116) > Improving error message for sidecar readiness. (#12098) > Make zipkin template consistent with jaeger in tracing chart (#11777) > Repoint istio/api vendor dependency from release-1.1 => master. (#11998) > Envoy misspelled Enovy (#12006) > Add defaulting support for ratelimiters in MCP options. (#12032) > update labels for citadel health check (#11923) > Remove myself from OWNERS and add utka instead (#11852) > Fix some lint issues > Fixup ratelimiter tests > Merge branch 'master' of github.com:istio/istio > Fix merge for #11661 as subcharts have moved > Merge branch 'MergeMasterInto11' > Remove CNI from requirements.yaml to facilitate testing > Cherrypick istio/istio#11805 > Merge branch 'master' of github.com:istio/istio > Merge branch 'master' of github.com:istio/istio > Revert change and add nolint > Fix updated linter complaints > Update to latest golangci release > Fix some remaining test framework merge issues > Fix some merge cruft, mostly for the integration test framework > Fix line length lint issue > Fix integration test framework merge issues > Fix overly restrictive golang version match > Fix deps and broken merge for mixer test > [WIP] Fix sync issue with policy enablement and check enablement (#11707) > Update api sha (#11709) > Fix the periodic builds, add a non-mcp to presubmit (#11703) > pin goimports in make fmt (#11645) > Allow Envoy listener stats to be turned off/on with a pod annotation (#11398) > Error message if istioctl version doesn't match data plane version (#11592) > Add cli option to Galley to allow metadata on outgoing sink connections. (#11602) > Update bookinfo images, fix the script to bump bookinfo versions (#11701) > Adding Envoy bootstrap template for a custom Pilot implementation. (#11395) > cache ServiceAccounts and remove it drom Environment (#11442) > Increase sleep value to account for Galley default aggregation of 1 sec with MCP (#11685) > Add empty check for proxy's locality (#11681) > Update Proxy SHA to latest (release-1.1). (#11687) > Environment Variable controlled Graceful Termination with low defaults. (#11630) > Implementation of isolation for EDS (#11672) > exit circleci test early if setup fails (#11572) > Add handling for independent encoding in Report batches to Mixer (#11640) > Fix build break due to istio/istio#11406. (#11677) > Break up the helloworld sample into versions (#11650) > Fixes for k8s ingress (#11343) > First cut of xDS APi structural testing using the new integration tests (#11406) > Bump the number of connection that can be re-use in Citadel (#11641) > Fix racetest in fluentd test (#11647) > Print error message if istio-sidecar-injector invalid, allow toJson as synonym for toJSON (#11570) > Enable remote clusters to check/report to local Mixer (#11585) > add POST to ratings service to demonstrate security policies on HTTP Methods (#10778) > Add support for metadata constraints in RBAC (#11459) > Sample ServiceEntries for apt-get, pip, and git tools showing how to grant access to mesh. (#11508) > check key.pem (#11599) > move apply plugin below buildscript (#11625) > add debug logs for citadel authenticate fail (#11633) > remove me (#11636) > remove myself from pilot OWNERS (#11632) > Fix kubernetesenv workload attributes for multicluster with one control plane (#11581) > [release-1.1] Update fluentd adapter to be more robust (#11623) > adjust galley dashboard time range (#11627) > Fix routing when DNS is resolved (#11522) > [mixer:stackdriver] Initial changes to support dst svc edges in graph (#11426) > Doc fixes. (#11619) > Adds missing 1.1 attribute data to testdata for integration tests (#11313) > Make image pull policy configurable in Makefile (#10269) > Set the serviceCluster namespace based on env var, to also support specifying namespace on cli after kubeinject (#11587) > Fix racetest in SDS service (#11615) > Update istio/api to #3094619 release 1.1 subject_alt_names in Service… (#11541) > Fix a few doc issues. (#11596) > add missing attribute declarations (#11595) > revert #11558 Moved subcharts into the istio chart (#11597) > add debug logs to print cert chain (#11575) > Fix non-Linux builds. (#11580) > Moved subcharts into the istio chart (#11558) > remove istio cni subchart tar from source. (#11230) > remove deprecated 'refreshInterval' option in chart. (#11412) > remove chart.version label in pod template. (#11302) > Allow specify the path for SDS k8s token (#11460) > increase control plane component replicas during upgrade test (#11389) > istioctl proxy-status should only exec into running pilot pods (#11539) > Add readiness check for Ingress Gateway (#3063) (#11001) (#11548) > changing the default limits for init proxy (#11540) > Add MCP stress test suite (#11465) > Use credentialName to specify credential resource name and support mTLS for external cert management at ingress gateway. (#11496) > Change default monitoring port (#11421) > Use istio namespace for global destination rule to avoid overwritting mixer policy (#11546) > Fix for flakes in TestSource_MangledNames (#11538) > Remove the istio-remote chart and make it an istio chart values (#11307) > Only require go.opencensus.io on Linux (#11327) > Correct Citadel server log. (#11361) > Locality based load balancing for strict dns clusters (#11381) > Add longer timeouts for Galley tests. (#11517) > HTTP probe rewrite for webhook part. (#10470) > fixing default exports (#11507) > Add mixer status to access log (#11471) > Envoy Graceful Shutdown (#11485) > Add missing values global object and template (#11500) > Make custom gateway works (#11320) > add labels to services and deployments (#11503) > Fixing race condition in Galley Server.Close() (#11484) > Default exports, and config root namespace (#11387) > Zipkin adapter supporting the tracespan template (#11282) (#11483) > Enhance MCP index function to support multiple groups (#11478) > Fix e2e-simple test flake (#11356) (#11481) > disable TestSecretCreationKubernetes (#11479) > Update istio-proxy for source.uid fix (#11428) > Randomize Galley ports for integration testing (#11285) > [pilot] Export virtual service and destination rule metadata (#11384) > Update metadata model. (#11477) > Galley support for MCP Source Client dial out (#11291) > Adding support for named components to the test framework (#11440) > Make TestDuplicateResourceNamesDifferentTypes have consistent ordering. (#11456) > Allow identity domain to be configured in istio: Ensure e2e tests are working with different identity domain (#9226) > fix superfluous condition in pdb. (#11413) > envoy: use any instead of struct (#11419) > Exit on fatal logs (#11335) > mixer: option for alternative language runtime (#11391) > Support gateway agent to read TLS secret set by cert-manager (#11399) > cache proxy service instances to improve performance (#11368) > set conccurency according to cpu resource limit/request if it is not set (#11311) > Loosen secret type for ingress gateway (#11385) > support namespace/host in gateway (#11290) > consistent autoscaling config among control plane components (#11376) > Support multiple Citadels running in one cluster. (#11312) > Revert "Location based Load Balancing (#10720)" (#11371) > incorporate google CA's merge APIs change in nodeagent (#11341) > not make PDB configurable (#11330) > Galley file-source was occluding resources with the same name with different types in the same file (#11257) > extend istio-multi rbac rule (#11339) > [Galley] Restructure runtime package to support multiple states. (#11325) > Adding --controlPlaneBootstrap pilot-agent flag (#11212) > mixer: pod policy override (#10886) > Use sdsName from Gateway config as the resource name in sds config (#11239) > Add response_flags to metrics and logs (#9945) > Update README.md (#9501) > Revert "Fix e2e-simple test flake (#11271)" (#11331) > integrate new MCP stack into galley, pilot, and mixer (#11292) > Fix e2e-simple test flake (#11271) > Update codecov to use skip file as threshold as well (#11294) > Ensure xenial base image present before building proxy_init (#11277) > Add logic to kubeenv adapter Close() to clean-up resources (#10839) > Disable shared span context by default (#11281) > [DO NOT MERGE] Rollout Status timeout during e2e tests (#10996) > Delete the obsolete service control adapter. (#11275) > Galley: Include full Pod resource (#11323) > Allow specifying multiple egress host entries with same namespace (#11258) > Allow ipv6 local traffic. (#10738) > Configure envoy_bootstrap_v2.json to use the configured admin port (#11214) > Incremental EDS only need updated service names (#11117) > Rename node agent in README.md (#11751) > Revert "Merge release-1.1 to master (#11722)" (#11761) > Merge release-1.1 to master (#11722) > Adding support for named components and configuration to test framework. (#11688) > Set the full external client TLS cert in the XFCC header (#10394) > Support customization of Envoy bootstrap config (#11559) > Add 'name' selector to istio-sidecar-injector (#11182) > Fix #10694. Improve error message for wildcard ServiceEntry host (#11637) > Fixes incorrect validation of gateway names (#11642) > fix sed command for MacOS (#11583) > Disable agent TestFull test. (#11563) > Add update permissions to deployments/finalizers for galley clusterrole (#11586) > Cleanup Helm RBAC (#11486) > Label proxy images (#11524) > fix ctrlz listen address (#11468) > Support NotMethods (#11544) > [Kiali] changes for the next version (#11513) > Fix 10971 p1 injector (#11512) (#11530) > Remove sidecar injection in istio-init jobs (#11363) > Remove unneded annotations (#11528) > make stackdriver e2e test cluster wide (#11519) > Set seconds as the value of MaxAge instead of Duration.String (#11447) (#11452) > Use print() function in both Python 2 and Python 3 (#10943) > Skip spybackend test when in racetest (#11497) > Set VALID_TOKEN to address SDS disconnection problem (#11242) (#11255) > enable vm mesh extension e2e test (#11251) > Quote accessLogFormat in configmap template in helm chart (#11449) > Zipkin adapter supporting the tracespan template (#11282) > revert deleted TLS validation logic (#11453) > Remove deprecated filter enabled field (#11473) > Unify zipkin address in helm (#11352) > Correct field map in EnvoyJSONLogFormat (#11438) > Adding istio-init chart to release (#11443) > Only add localhost IP if no other IP address were found (#11367) (#11370) > Change pilot authn status report to show simple TLS and mTLS mode (#11432) > Increase integ test deployment timeout (#11423) (#11433) > add request for memory so mem based hpa also works (#10755) > Corrected non privileged ports range (#11411) > Fix e2e-simple test flake (#11356) > Fix some small typos in helm charts (#11405) > Fix a flaky e2e_simpleTests (#11408) > optimize: register CRD in parallel (#11227) > Remove post-install job and (kubectl) apply security policy CRs to k8s directly (#11248) > do not dispatch is no instances accumulated (#11382) > Loops ends after first iteration (#11378) > Fix simpletest flake in citadel testing (#11359) > Merge pull request #11200 from hklai/1.1-master > Remove duplicate setting of authentication validation context. (#11326) > Removed duplicated timeout arguments to test (#11231) > Adding namespace declaration in Grafana PersistentVolumeClaim (#11305) > issue #11244 - demo should install a default secret for kiali so out-of-box experience is nicer for users kicking the tires (#11272) > fix memory leak in pilot (#11184) > Location based Load Balancing (cherry-pick #10720 from release-1.1 to master) (#11256) > Cherry Picked: Fix sidecars not retrieving updated mesh networks configuration (#11263) > Avoid lock copying on assignement (#11229) > Add diemtvu to pilot owners (#8880) > typo fix for previous partially merged PR (#11206) > Various code improvements in Pilot code (#11192) > Remove unused variables (#11049) > Fix a racetest in protoBag (#11187) > fix rds push when pilot restart (#11177) > Add 'destination.port' to testdata attributes (#10744) > Merge pull request #11154 from hklai/1.1-master > Merge release-1.1 into master (#11096) > Merge pull request #10843 from hklai/1.1-master > Fix misleading README files. (#10742) > Check VM IPv4 forward settings before starting minikube (#10739) > Fix uninitialized error (#10572) > Fix expired certs in unit tests. (#10713) > Push the istio-cni to gcr.io (#10536) > Delete uneeded release files (#10445) > get manifest from release tools path (#10451) (#10452) (#10455) > get manifest from release tools path (#10451) > Merge pull request #10448 from rkpagadala/master > Merge pull request #10439 from hklai/release > Merge pull request #10419 from rkpagadala/master > Merge pull request #10388 from rkpagadala/master > Revert "Permit port to domain validation. (#9656)" (#10278) > Merge pull request #10256 from ayj/cherry-pick-10222 > Merge pull request #10250 from john-a-joyce/cni_sha_update > Permit port to domain validation. (#9656) > Merge pull request #10219 from hklai/1.1-master > Fix TCP Connections Closed instance definition (#10218) > Merge pull request #10186 from hklai/1.1-master > remove workaround of setting secure naming in node agent, instead set directly in pilot (#10185) > Add telemetry-gateway subchart to helm requirements (#10178) > Add the CNI artifacts to the release process (#9973) > injector changes for health check, pilot agent take over app readiness check. (#9266) > Add adapter tuning install options to helm (#9979) > Istio cni e2e (#9577) > Do not fail envoy health probe if a config was rejected (#9786) > add basic unit tests to mixer plugin (#9479) > remove old code that assumes tag were created before building (#10095) (#10098) > Update Proxy SHA and go-control-plane (#9915) > Added the env NODE_NAME to the gateways to facilitate talking to a daemonset (#10076) > mixer: implement route directives (#9088) (#9965) > optimize to reduce memory usage (#9481) > Fixes flaky secret controller unit tests (#10043) > ensure closing server when return with error (#9229) > check config store in args validation (#9715) > Add size limits to dump_kubernetes (#9907) > [test-framework] Dump state when kube environment fails to start (#10008) > [test-framework] Fix linter errors in prep for 1.1 merge (#10017) > fixs typo: dont -> don't (#9741) > Add newline into mixer debug information (#9810) > Ceremonial PR (#10000) > [test-framework] Major refactor (#9510) > Add function to create kubeClient for istio CRDs by passing in a restconfig (#9914) > Add response_flags to metrics and logs (#9945) > Dumps the logs from the remote cluster (#9936) > update time duration for waiting initial push done (#9891) (#9941) > Adding istioctl and upgrade release qualification (#9947) (#9967) > helm: parameterize namespace in dest rule (#9834) > Add zipkin deployment option to helm (#9910) > Add istio.io repo (#9920) > fix typo: falta -> fatal (#9953) > Use pool for protobags (#9603) > Update README.md (#9501) > Fix some issues on perf dashboard (#9539) > fix license check tool (#9893) > [test-framework] Extending deployment timeouts to match old framework (#9903) > [test-framework] Fixing system deploy and undeploy (#9885) > Fix MCP Legacy Mixer config conversion logic. (#9862) (#9873) > Adding integration tests to circle periodic (#9868) > Adding "kind/test failure" to stalebot exempt list (#9870) > Adding codecov diff script (#9839) > fix typo (#9830) Signed-off-by: Amelia Downs <adowns@pivotal.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As can be seen in this dummy PR (#11806), almost all tests are currently broken with the following error:
Probably due to recent changes introduced by @sdake.
cc @duderino @wenchenglu