Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for specify redirectCode in HTTPRoute #15650

Merged
merged 1 commit into from
Jul 22, 2019

Conversation

ckcd
Copy link
Contributor

@ckcd ckcd commented Jul 19, 2019

This adds support for specify the redirectCode in HTTPRoute of VirtualService.

Fixes #15292

Related commit in istio.io/api: istio/api@99722f5

[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[X] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure

@istio-testing istio-testing added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. needs-ok-to-test labels Jul 19, 2019
@istio-testing
Copy link
Collaborator

Hi @ckcd. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ckcd
Copy link
Contributor Author

ckcd commented Jul 19, 2019

/assign @rshriram

@rshriram
Copy link
Member

/ok-to-test

@istio-testing istio-testing added approved ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. and removed needs-ok-to-test labels Jul 19, 2019
@istio-testing
Copy link
Collaborator

New changes are detected. LGTM label has been removed.

@istio-testing istio-testing added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed lgtm size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 19, 2019
@istio-testing
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ckcd, rshriram

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ckcd
Copy link
Contributor Author

ckcd commented Jul 20, 2019

/retest

@ckcd
Copy link
Contributor Author

ckcd commented Jul 20, 2019

@rshriram I have already re-push to solve the conflict. So the lgtm label removed. Can you merge this PR ? Thanks ~

@istio-testing
Copy link
Collaborator

@ckcd: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
integ-mixer-k8s-presubmit-tests-master 102bdba link /test integ-mixer-k8s-presubmit-tests-master

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@ckcd
Copy link
Contributor Author

ckcd commented Jul 22, 2019

@rshriram PTAL. Thanks ~

@rshriram rshriram merged commit 55e971e into istio:master Jul 22, 2019
@rshriram
Copy link
Member

/lgtm

geeknoid pushed a commit that referenced this pull request Jul 29, 2019
* Remove test that was moved to istio/pkg repo (#15025)

* Remove test that was moved to istio/pkg repo

* Restore checks of command line typos

* Mock remote test

* Step three in creating local releases. (#15074)

* Local build

* Local build

* Fix shell

* Add docker_tag

* Fix lint

* Removing some dups

* License

* License

* License

* Push images to docker hub

* Httpbin sample fixes (#15070)

* Httpbin sample fixes

* fix link

* Show example of new parameter, fix Trademark, grammar (#15073)

* Add a Mixer integration test for testing K8s integration. (#15039)

* Add a Mixer integration test for testing K8s integration.

* Add the Mixer test as a presubmit gate.

* Add additional check to ensure that pods stay in ready state.

* Increase number of checks.

* Adding more resiliency to the test.

* Make linter happy.

* Re-fix the problem that is being tested.

On the bright side, the test works.

* Do not overwrite Citadel storage namespace with env var (#15037)

* Add a pull request template. (#15080)

While I was here, update the common files.

* [fix] spelling error (#15083)

* Update istio.io/api (#15050)

* update istio.io/api

* tidy

* Enable vulnerability scanning for Istio docker images (#14363)

Currently we build and push docker images for Istio components and sample apps as
part of our build process. In this PR, we have included a way to enable security
vulnerability scanning of these images using IBM's image scanning tool - ImageScanner
(imagescanner.cloud.ibm.com). The results of the image scans are put under a new folder
'vulnerability_scan_results' which will be available to view later.

Fixes Bug: #13262

* copy code coverage to artifacts directory (#15076)

* copy code coverage to artifacts directory

For the eng dashboard, we want to be able to scrape code coverage from
GCS. This change adds the coverage file to the artifacts directory,
which in turn should automatically be uploaded to GCS.

* quote variables to fix shellcheck

* Update to latest version of istio.io/pkg (#15103)

Also, fixed some errors in our GitHub templates.

* update istio api (#15106)

* update istio api

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* set nodeagent updateStrategy to RollingUpdate (#15079)

* Create distroless variant in release scripts . Closes #14696 (#14737)

* Also build distroless images by default. Closes #14696

Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>

* Do not build distroless variant by default

* Use BUILD_VARIANTS for docker.save

Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>

* Add handling of build variants to release scripts

Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>

* Also use distroless variant for release process

Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>

* Add missing dependency

Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>

* Use correct image name in add_extra_artifacts_to_tar_images.

Co-authored-by: Julia Plachetka <julia.plachetka@sap.com>

* Fix variant check.

Co-authored-by: Julia Plachetka <julia.plachetka@sap.com>

* Address comments.

* Fix check for VARIANT_NAME.

Co-authored-by: Julia Plachetka <julia.plachetka@sap.com>

* Refactor and fix TAG issue.

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Fix set_image_vars for distroless

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* [Testing] Adding Docker utilities (#14950)

These are wrappers around the Docker go client library that
simplify the process for the creation of networks, containers, and images.

Not including unit tests here due to the fact that not all CI environments support access to the Docker daemon.

This is split out from #14614

* Change CA client test name (#15104)

* Add istio state metrics for some of the networking resources (#14111)

* Add istio state metrics for some of the networking resources

Ref: https://docs.google.com/document/d/1KMUKRMtbpp-K7hvrG5WKBJgoSABydUh4KCHXxKTg8Bk/edit?ts=5ca534e3
Ref: https://github.com/istio/istio/issues/882

Fix based on feedback
Added test for the metrics

Fix golang error

Updated based on feedback from Oz

Updated based on feedback from Oz

* Fix native error in scenarios_test.go

* fix based on feedback

* fix golang errors

* fix based on feedback

* Fixed based on feedback

* Fix based on feedback

* Fixed golang error

* Fix based on feedback

* Fix scenarios_test.go

* Remove _total from  metric name

* Add junit report for racetest and fix test failures (#15120)

* Add junit report for racetest

* Increase rds wait time

Prow is really slow I guess. I was able to reproduce the failure with a
CPU constrained docker container and raising to 15s resolved the issue.

* Fix secretcontroller test race

* use loadint

* Cleanup management of Envoy binaries (#15063)

* Cleanup management of Envoy binaries

The logic flow for linux vs mac is not currently obvious
and without setting GOOS beforehand, you'll end up with
mac binaries in your dockerfiles.

This PR makes more clear where binaries are used. Docker always uses linux, where tests will use the appropriate binary for the os.

* addressing comments.

* Make Iris Ding an owner (#14948)

* Implement /quitquitquit in pilot-agent to support k8s job exit (#15123)

* Implement /quitquitquit in pilot-agent to support k8s job exit

* lint fix

* add e2e

* fix lint

* Fix release script to handle distroless tags correctly (#15154)

Fixes #15150

* Relax keepalive enforcement policy to avoid dropping connections under load (#15141)

* Relax keepalive enforcement policy to avoid dropping connections under
load.

* lint

* Add comment.

* Move pkg/features/pilot to pilot/pkg/features. (#15064)

* Move pkg/features/pilot to pilot/pkg/features.

This cleans up the /pkg package, in preparation of multi-repo.

* Remove naked os.GetEnv usages.

* Fix call sites.

* Change the default values.

* jwt: add sample jwt token for e2e tests (#15051)

* jwt: add sample jwt token for e2e tests.

* add to Makefile and move to tests/common

* Fix Docker build on OSX (#15140)

Adding cross-compile targets for linux and always include linux images in Docker.

* [Node agent] Add retry for token exchange + improve tests (#15144)

* Add retry for token exchange + improve tests

* Move member functions back to secretcache.go + fix lint

* Update security/pkg/nodeagent/cache/secretcache_test.go

Co-Authored-By: Bot from GolangCI <42910462+golangcibot@users.noreply.github.com>

* Fix linter issue

* Change msg log and refactor  getExchangedToken

* lint

* Resolve merge conflict on #15147 (#15167)

* gaurd use_remote_address by feature flag

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* add tests

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* fix comment

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* change the config name

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* Resolve rebase conflict

* Fix flaky upgrade test (#14856)

* Fix flaky upgrade test

* Address comments

* Run simple tests with distroless variant (#14944)

* Run simple test with distroless images

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Add comment to set_image_vars

* Use e2e-simpleTest.sh to run distroless test

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Use mini-kube for distroless tests

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Add distroless test to circle-ci

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Make tests for distroless work

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Migrate e2e_simple distroless test from circle ci to prow

Co-authored-by: Ulrich Kramer <u.kramer@sap.com>

* Rename test_tag to app_tag and test_hub to app_hub

Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>

* Fix building docker images for distroless variant

Co-authored-by: Ulrich Kramer <u.kramer@sap.com>

* Update go-control-plane to include stackdriver tracing (#15135)

* Update to go-control-plane v0.8.1

* update rbac from v2alpha --> v2

* warn only if remote cluster is unavailable (#15184)

* Correct the nodeport for 80 (#14984)

* Correct the nodeport for 80

Signed-off-by: clyang82 <clyang@cn.ibm.com>

address comments

* drop 0 before var

* [Testing] Add Dockerfile that bundles echo with the sidecar (#15136)

This is split out from #14614

Also moving the existing Dockerfile.app to a more sane location.

* [Testing] Utility for cross-compiling (#14924)

This is split out from #14614 and is needed for dynamically building Docker images for the Echo component.

* refactor(pilot metrics): convert to OpenCensus from Prometheus (#14854)

* refactor(pilot metrics): convert to OpenCensus from Prometheus

* fix(lint issues)

* fix(e2e_test): remove timeout queries from dashboard e2e test

* fix(racetest failure): push_context.go

* fix(data race): workaround freeze access to global in listener.go

* fix(metrics): context init after tag creation

* refactor(monitoring): add monitoring pkg to improve OC ux

* cleanup(monitoring package): refactor monitoring API

* fix(docs): add copyright to file

* fix(data race): copy tags slice before append in WithTags and remove MetricOpts

* refactor(monitoring pkg): adds Tag and TagValue types

* refactor(monitoring): WithTags -> With

* fix(metric): k8sErrors had wrong tag

* More detailed errors when kube-inject fails (#15198)

* Test Framework: Add target for simple new installer tests, and minor fixes (#15138)

* Add test target for new installer and fix issues

This PR accomplishes two things:
* Gets the same tests running on istio/installer running on istio/istio
so changes in istio/istio are less likely to come in that break the
installer repo
* Makes some minor modifications to get the tests passing

In the long term, we will have the test framework actually do the
installer, but there are still some open questions on how that will be
done. In the short term getting this test enabled will help the
installer progress.

* Run format

*  Use strict version for zipkin (#15187)

Signed-off-by: clyang82 <clyang@cn.ibm.com>

* change to apps/v1 (#15210)

* change to apps/v1 for samples (#15212)

* change to appsv1 (#15213)

* Creating helm charts for local release. (#15137)

* Local build

* Local build

* Fix shell

* Add docker_tag

* Fix lint

* Removing some dups

* License

* License

* License

* Push images to docker hub

* Local 5

* branch

* Finish local build with creating helm charts

* shellcheck

* fixes

* Fixes

* right code

* apps/v1 for tests (#15211)

* apps/v1 for tests

* fix typo

* Refactor server.Args out to its own package. (#15202)

* Refactor server.Args out to its own package.

- Move all settings into Args struct.
- Make handling of defaults in command-line uniform.
- Minor code analysis fixes.

* Add missing edit.

* Fix lint errors

* fix server_test.go

* suppress lint check

* Fix imports.

* [Fix] retain CommonLbConfig for HealthyPanicThreshold (#13682) (#15220)

* Align service resolution with Pilot's validation (#15067)

* Align service resolution with Pilot's validation

- This change makes service resolution more aligned with Pilot validation
during the converson of an instance to serviceEntry in Galley

* Use external service endpoints if K8s endpoints are empty

* Fix handler test

* Grant k8s namespace read permissions to Citadel (#15113)

In order to check labels attached to a namespace, Citadel must have k8s
cluster permissions to read namespace resources. In the current
chart defaults, Citadel is not granted *any* namespace related
permissions, despite making a namespace read in the istioEnabledObject
function.

* Fix for Makefile breakage in #15140 (#15196)

Fixes #15192

* [Testing] New utility for downloading Envoy binary (#14922)

This is split out from #14614 and is needed for dynamically building docker images for the Echo component.

Overview:

- Added parsing for istio.deps
- Moved test utilities for downloading and extracting tar.gz files to pkg/test/util
- Added utility for downloading the current release of the envoy linux binary.

* add yamllint (#14904)

* add yamllint check into prow

* fix encoding issue for grafana/values.yaml

* fix encoding issue for values.yaml

* Fix metric description typos (#15111)

Found those while looking at metrics endpoint.

* Replace zipkin test using new integration test framework (#14769)

* Replace zipkin test using new integration test framework

Fix golang errors

Add license headers

Fixed based on feedback

Change calls to product page to 1 from 10 for client tracing

Add ability to query for client trace id

Fix golang error

* Fix golang error

* update kind installation step. (#15251)

*  read rootcert from configured ns to connect to citadel (#15199)

* read rootcert from configured ns to connect to citadel

* fix error nodeagent->citadel in configured ns

* rename

* desc

* Fix testMTlsWithAuthNPolicy by not using --export in kubectl (#15278)

* make keepalive EnforcementPolicy.MinTime equals keepalive interval (#15254)

* Build distroless proxy_init image with go version of istio-iptables (#14985)

* Build distroless proxy_init image with go version of istio-iptables

Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>

* Renamed istio-iptables.sh to istio-iptables for distroless

* [Test Framework] Rewrite Native Echo with Docker (#14614)

This changes the native Echo component to use Docker to address many limitations of the existing native implementation.

The native environment now creates its own Docker network, to which all Echo instance containers are attached. Since they're all on the same Docker network, they have built-in reachability.

The Echo+sidecar Dockerfile is a blend of the existing Dockerfile and the setup used for raw VMs. Going forward, I expect we'll build on this and create a common Dockerfile to support non-k8s use cases.

Limitations:

- This PR does not yet enable mTLS. The connection to Pilot has been switched to TLS, however the mesh config is not truly configurable yet in the native environment. We need to re-think how helm settings might be set for the native environment.

- The Docker images are currently built every time the tests are run. While this guarantees that we're running with the latest, it adds a bit of time to the duration of the test run (e.g. the sidecar image takes ~30s to build). Need to investigate ways of detecting when the image needs to be built to avoid this overhead, as well as the additional storage required for several duplicate Docker images.

- Currently using a copy of Go code for performing the untar of the downloaded Envoy. Should investigate alternatives or write our own version.

- Not currently using the node agent. Once we have a native citadel, we can consider enabling it.

Fixes #13177

* Fixes #15250. Add support for HTTP1.0 for sidecar inbound listeners (#15262)

* Fixes #15250. Add support for HTTP1.0 for sidecar inbound listeners

* Adapt to move of pilot.HTTP10 to features.HTTP10

* Turn off more CircleCI tests covered by prow (#15068)

* Turn everything but cloudfoundry circle test

* Turn on nightly builds for some tests

* Turn off noauth

* change order (#15263)

* jwt: add metric for network fetch (#15013)

* jwt: add metric for network fetch

* fix metrix name

* fix lint

* update to use monitoring pkg

* Update pilot/pkg/model/jwks_resolver_test.go

Co-Authored-By: Bot from GolangCI <42910462+golangcibot@users.noreply.github.com>

* jwt: update to use unified jwt token in e2e tests (#15224)

* jwt: update to use unified jwt token in e2e tests

* fix test

* Include sds stats back into ingress gateway proxy and sidecar proxy. (#15266)

* update

* check sds stats

* check sds stats

* update

* update

* format

* format

* revise

* revise

* fix the handling of empty secret

* update test

* format

* revise

* revise

* add sds stats inclustion into bootstrap config

* revise

* update test

* Fix policybackend indentation (#15298)

* adding date (#15303)

* Make Galley yaml to proto conversion nonstrict (#15307)

* make toProto nonstrict when converting values

* Looks like we also test this in converter, updating there too

* add integ case for virtualservice with and without extra unsupported params

* Add a process package to galley/pkg/server for tracking sub-components (#15203)

* Add a process package to pkg/server for tracking sub-component.

- process.Host is a basic container of multiple sub-components.
- process.Component is an interface to be implemented by sub-components.

* Fix lint errors.

* Accommodate CR feedback.

* Fixing macos docker build (#15294)

This was broken by #14985

* Componentize code by moving it into server/components. (#15227)

* Grafana additional env for config changes (#14796)

* Added section for configuring additional environment variable configs for grafana to override certain grafana.ini settings like adding SMTP settings.

* Removed redundance templating code. Moved grafana env to demo config file.

* Removed demo grafana config file. Moved the env and envSecrets values to grafana chart values file with comments on how to use.

* Fix getServiceLoadBalancer (#15344)

A recent change (#14944) modified this logic which was causing it to no
longer actually poll for the ingress ip -- it would return "" and use
that rather than erroring properly.

With this change we will continue to retry if we don't get a valid IP.

* format code (#15259)

* Fix TestRBACV1Group and TestRBACV2Group (#15314)

* fix JWT token

* use groups instead of group

* one more file

* fix format

* Accommodate CR feedback. (#15340)

* Turn off HPA on demo profile (#15346)

Currently each component has 10m cpu requests and an HPA that scales at
80% CPU usage meaning they will immediately scale up.

This turns off the HPA for the demo.

* Optimize yamllint to run in one process (#15335)

Previously we ran a new process for every yaml file. yamllint can just
take in a list of files to run, and handles this much more efficiently.
On my machine, this broguht runtime from 75s to 15s.

* minor galley component test cleanup (#15348)

* Update KinD e2e test suite (#15308)

* Update KinD e2e test suite

* Set imagePullPolciy=Never per KinD docs
* Fix image loading -- before it was only loading the last image not all
of them
* Set ARTIFACTS_DIR so the script can be run locally

* Fix shellcheck

* Fix accesslog integration tests (#15387)

* Fix accesslog integration tests

The log command was only getting the last 10 results, so it was missing
the logs it was looking for. Additionally, cleaned up the error message
to expose what log was actually missing rather than "one of these 3 logs
was missing"

* Get all logs

* Deflake Redisquota Fixed Window (#14958)

In the flakes, test fails as if the ratelimit rule has not been applied. Adding a retry, so as to give change for the rules to sync in properly

Format the files

Send some initial traffic to boot up the system. This had helped ratelimit tests to be more stable in old framework

Dont change defaultlessthanoverride test as it is not flaky in postsubmits

* Add cert expir time into pushed certs (#15336)

* add cert expir time

* add debug log

* add debug log

* remove debug log

* revise

* revise

* format

* revise

* lint and format

* revise

* fix tests

* lint

* remove waring from yamllint (#15353)

* Use docker.push instead of push in prow tests (#15139)

The push command also does some installgen stuff which wastes 5+
minutes.

* Standardize and increase E2E timeout (#15295)

* fix a typo (#15368)

* add myself to owner file (#15391)

* add myself to owner file

* update

* Fully qualifies images names for all Istio sample charts. (#15195)

Fixes: #14237.

Signed-off-by: Jason Clark <jason.clark@ibm.com>

* Cleanup unused prow scripts (#15389)

These scripts are no longer needed; the prow just just directly call the
targets.

* update istio api and tidy (#15393)

* Fixes #12873. Add support for Sidecar.OutboundTrafficPolicy to configure outbound traffic policy individually per cluster instead of on a cluster global scope (#15257)

* code clean (#15282)

* code clean

* fix ut

* decouple webhook configuration reconciliation (#12571)

* decouple webhook configuration reconciliation

Signed-off-by: clyang82 <clyang@cn.ibm.com>

* remove unused param

Signed-off-by: clyang82 <clyang@cn.ibm.com>

* Address review comments

* try to fix TestJobComplete flake (#15398)

* try to fix TestJobComplete flake

* makes curl in a loop

* fix sh loop

* Add cloudfoundry target for prow (#15404)

* Set tail to high number for access log test (#15395)

A prior commit was settting this to -1, which apparently doesn't work on
all versions of kubectl and wasn't caught because the test is not
required. Setting this to a high number will work on all versions.

* Reenable mixer test (Fix #12750) (#14821)

* Fix #12750

Make TestIngessToPrometheus_ServiceMetric less flaky by sending
more than 1 productpage request.

Ref: https://github.com/istio/istio/issues/14819

Make TestTCPMetric more resilient by sending more than 1 request.

Fix fmt

* Make util.SendTraffic use new method signature

* Allow /quitquitquit on localhost only (#15406)

* Allow /quitquitquit on localhost only

* Add tests

* Fix linter

* Remove debugging code

* Update bookinfo sample to propagate Datadog headers (#14442)

* Propagate datadog tracing headers in bookinfo apps

* Changes requested in review comments

* update proxy sha to cb503fe (#15342)

* update proxy sha

cb503fe Update Envoy-WASM SHA to latest. (#2295)
e2e9c43 Fix header parsing in JWT filter (#2291)
716f81b Update Envoy WASM sha to the latest (#2286)
6f1a58c Limit resource usage on Prow. (#2289)
bfc559d Fix checks on master. (#2287)
2a21f69 Set Istio authn filter to prefer using Envoy jwt filter if found (#2281)
e954534 Update common files. (#2280)
5c150dd Fix lint (#2279)
b00c974 add insufficient include (#2275)
af8f3c8 Report StopIteration if connection is closed (#2270)
362fdf1 Update Envoy SHA to latest with option to select WASM runtimes. (#2273)
59ad44d Add a simple setup for testing communication between 2 envoys (#2262)
c77759c Use envoy-wasm as upstream (#2252)
ac78dc0 Import common files into this repo. (#2251)
5747f69 Replace qiwzhang who has left the project with crazyxy. (#2241) (#2243)
83f6566 Replace qiwzhang who has left the project with crazyxy. (#2241)

* fix listeners

* update go-control-plane

* Align httpstatus fault validation with envoy (#15382)

* Align httpstatus fault validation with envoy

* Update test case

* Add support for running integration tests in kind (#15415)

* jwt: switch to use Envoy JWT filter (#14938)

* jwt: add support for Envoy JWT filter

* fix format

* fix

* support RCToken

* update vendor

* Fix native racetests (#15388)

* Fix docker.newInstance race

* Fix conformance MCP race failure

* Fix reachabiltiy test race condition

* Protect with mutex and revert docker changes

* Remove dead test code (#15403)

This test code is not used anywhere and keeping it around just causes
confusion. These tests have migrated to istio/tools which has expanded
far beyond this and kept up to date.

* Stackdriver tracer: part I, generate bootstrap given meshconfig (#15345)

* Add Stackdriver tracer thru OC

* update go.mod for tests

* Add basic default Grafana dashboard for Citadel [Issue 15228] (#15297)

* Add basic Citadel dashboard with performance metrics, secret-controller metrics, general Citadel metrics, and error metrics

* Add axis labels, remove duplicated CPU metric query

* Fix dashboard row sizing stretch fit

* Add back test target to circleci nightly (#15384)

We previously added back some targets to run on circleci nightly so we
can compare to prow, but the test target was deleted so the tests are
failing. This just adds the same test target back.

* Fix misleading error message in pilot-agent (#15409)

Previously this would log `error: <nil>` every time an exit was
triggered which was confusing. This makes it so it is only logged when
an error actually occurs.

* Use envoy with symbol and add gdb, strace, pstack to docker image (#14483)

* Fix junit on integration kind tests (#15436)

* Revert "Use envoy with symbol and add gdb, strace, pstack to docker image (#14483)" (#15441)

This reverts commit 5f0726987db5c383ccea77543ae0832ca4e8d6e7.

* Remove GCP Deployment Manager support in installer (#15438)

* Makes the release grab the actual latest version (#15449)

* Remove Ansible as it is unmaintained (#15443)

In the future if individuals wish to maintain Ansible installation,
that would be fine. The environments WG sees the role of Ansible to
handle mesh expansion automation.

* Make invalid test configs valid k8s configs (#15447)

Right now these configs were rejected by kubernetes before even reaching
Galley validation on Kubernetes 1.15+. This change makes them valid from
a kubernetes perspective, but still invalid from Galley perspective.

* Update pilot service registry aggregate controller to use rlock (#14953)

* Add myself to pilot e2e (#15289)

* Adapt e2e-suite.sh to allow execution with existing cluster (#15402)

Add dummy comment to retrigger test.

Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Fix RPM building (#15446)

- Use newer git
- Use newer go
- Use clang instead of gcc

Closes #15423.

* Fix invalid kubernetes yaml in tests (#15463)

* fix(dash): specify job in cadvisor queries (#15481)

* Remove unused circleci tests (#15466)

The cloudfoundry test has been migrated to circleci

e2e-simple test does not exist, throwing errors. We agreed to have
build+test+one e2e test so I think its ok to remove.

* Optimize kind tests suite setup (#15464)

* Load kind images in parallel
* Add time command so we can measure if this is better or not
* Remove build step -- it is not needed

* Allow auth strategy configuration in Kiali Helm chart (#15016)

* Add OpenCensus metrics for citadel agent for outgoing requests + add monitoring package from istio/pkg (#15413)

* Add OpenCensus metrics for citadel agent for outgoing requests

* Switch to use the monitoring common package

* allow users to add listeners using envoyfilter patch (#14398)

EnvoyFilter: remove Filters validation
  The Filters field is now deprecated. Users should be using
  the ConfigPatches field instead. In the case where a user
  includes Filters as part of the EnvoyFilter configuration,
  the deprecation warning is logged.

use frozen istio config store in cluster test

allow users to add listeners using envoy filter patch

allow users to add clusters using envoy filter patch

* remove verification of nondeterministic stats (#15495)

* envoy filter: merging struct into any util (#15491)

* envoy filter: merging struct into any util

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* Only delete each staled connection key once (#15506)

* Only delete each staled connection key once

* Avoid race condition

* Add nodeagent debug endpoints (#15418)

* Remove warn log message of ignored Consul service tag (#15452)

Fix issue: Too many warn of ignored Consul service tag #15426

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* feat(proxy metadata): introduce istio.io/metadata in proxy node metadata (#15143)

* feat(proxy metadata): introduce istio.io/metadata in proxy node metadata

* feat(canonical service): add initial support for canonical service label

* fix(labels): restore direct inclusion of labels in metadata

* fix(test cases): add env vars to golden file test case

* fix(test): address stackdriver golden test failure

* fix(tests): move locality into pod labels

* cleanup code

* Fix checkDeploymentsReady. (#15462)

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Add pkg/bootstrap owners (#15483)

* Add comments to exported sdsservice functions (#15474)

* fix a typo (#15486)

* Fix concurrency docs on values.yaml (#15383)

* Fixes #14842. Make BookInfo reviews service handle timeouts of rating service (#15489)

* Update base image version for bookinfo-reviews sample app (#15480)

Update the base image version from websphere-liberty version 19.0.0.4-javaee8 to
19.0.0.5-javaee8.

Fixes: #15477

* Skip/reject k8s jwt authentication if SDS is disabled (#15445)

* Skip/reject k8s jwt authentication if SDS is disabled

* Update security/pkg/server/ca/server.go

Co-Authored-By: Bot from GolangCI <42910462+golangcibot@users.noreply.github.com>

* Fix linter issues

* Only add k8s jwt to authenticator list if sds is enabled

* Allow setting EnableNamespacesByDefault from command line (#15284)

* Allow setting EnableNamespacesByDefault from command line

Signed-off-by: clyang82 <clyang@cn.ibm.com>

correct the condition

* Address comment to use useCustomSidecarInjector

Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>

* use customSidecarInjectorNamespace instead

* Use imagePullSecrets in istio-init serviceaccount (#15472)

* Use imagePullSecrets in istio-init serviceaccount

* Remove unnecessary $ from serviceaccount.yaml

* Extend ListenerBuilder to include Gateway listeners (#15502)

* use builder for both code paths

* extend builder to include gateway listeners

* Fix istioctl integration test (#15532)

* Add log on connection close done by Citadel Agent (#15539)

* add log on connection close

* update

* Reject null header matches (#15549)

* Split the server/client secret fetching into two k8s secrets (#15496)

* support watching CA cert from separate k8s secret

* update

* lint

* check total active listeners stats

* lint

* lint

* revise

* revise

* goimports

* revise

* lint

* Send  output to files instead of stdout (#15339)

* Clean up legacy pilot flags (#15548)

* Clean up legacy pilot flags

These features flags were intended to introduce risky code in the 1.1
release. As there have been no cases of needing this in 1.1 or 1.2, it
should be safe to clean these up for the 1.3 release.

Fixes https://github.com/istio/istio/issues/15442

* format

* remote clusters mesh networks reload (#15553)

* remote clusters mesh networks reload

* fix lint

* Fix typo in 'expected' (#15557)

* Publishes istioctl binaries for GCS for separate (#15422)

download.

Addresses #11527.

Signed-off-by: Jason Clark <jason.clark@ibm.com>

* feat(node metadata): add GCP env metadata to node metadata (#15555)

* feat(node metadata): add GCP env metadata to node metadata

* goimports + strip platform-specific metadata

* attempt at a better regex for removal

* forget stripping the data, use wrapper method for testing

* goimports on boostrap_config_test.go

* Replace ServicePortByHostname by ServiceByHostname (#15566)

The Service already has the port, so maintaining a separate data struce
to hold the port just adds complications.

* EnvoyFilter: patch/add/remove clusters and virtual hosts (#15515)

* first cut

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* simplify

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* refactor

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* adding vhost support

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* tests

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* update api

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* update api

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* remove unneeded service instance guard for gateway (#15473)

- This guard breaks Cloud Foundry, because CF does not need a
  service instance attached to the gateway.
- This guard should not be needed by Galley; Galley should only be
  sending config when it is updated.
- Tests have been doctored to address removal of guard.
- The mock copilot has been removed, since it is unused.

* Add msyelf to OWNERS file in tools dir (#15455)

* Add containSubstring to structpath/instance (#15560)

* fix(test flake): send more requests for trace tests to ensure cross flush boundaries in envoy (#15564)

* Helm tests fail on distroless. (#15424)

* Helm tests fail on distroless. Relates #15414.

* Use ubuntu instead of proxy_init for enable_core_dump.

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Make coreDumpImage configurable.

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Fix injection-test.

Co-authored-by: Jakob Schmid <jakob.schmid@sap.com>

* Add unit test for increase test coverage (#15599)

* Changes from running `go mod tidy` and `go mod vendor` (#15589)

* Make --sinkMeta take effect for incoming connections too (#15501)

* Override fixed nodePort values for testing (#15596)

* update log scope (#15592)

* Add SDS connection information into CSR logs (#15602)

* update CSR log and refactor method interface

* revise

* revise

* lint

* revise

* Ignore unknown types when parsing Envoy configuration (#15601)

* Consolidate all Istio annotations into a common place (#15520)

* EnvoyFilter: Validation & Pre-processing (#15561)

* first cut

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* simplify

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* refactor

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* adding vhost support

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* tests

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* EnvoyFilter: validation logic for new api fields

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* update api

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* update api

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* api update and fixes

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* fix tests

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* nit

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* nit

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* major update

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* Revert "major update"

This reverts commit 3dd6d37d3762e21ab2b22c001ded94b706cc8bcb.

* Revert "Revert "major update""

This reverts commit 25625272a98655cb2d8ab2596dbead56916cb01f.

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* nuke dead code

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* Make all proxies, even gateways, have SidecarScope (#15569)

By giving gateways a `ergess: */*` we can simplify the code and use the
assumption that sidecarscope is never nil. This is a stepping stone to
removing the old EDS legacy code entirely

* Fix FQDN for docker using test framework (#15590)

* Fix FQDN for docker using test framework

In an attempt to get the trafficshifting test running natively, I found
there was an issue with the FQDN construction. The kube component has
the domain set to "svc.cluster.local", which is not really true, the
domain is just "cluster.local" but it works fine because pilot-agent is
actually using "cluster.local" for the domain. For docker this works
differently, and we are creating configs for "foo.ns.cluster.local"
which is not the correct service.

This change makes the domain "cluster.local" everywhere, and adds the
.svc. part everywhere it is needed. Additionally, it enables the
trafficshifting test using docker, which works with this change.

* Fix unit tests, disable native trafficshift

* Don't produce duplicate wildcard host matches (#15628)

Currently, if there are two https services, both will attempt to create
this wildcard listener. Later, one of them will be rejected and logged
as an outbound conflict. With this change we check to make sure that not
only does the filter chain we are building not already have a wildcard,
but the existing listener also does not have a wildcard.

* cluster: fix original dst cluster type (#15613)

* fix original dst cluster type

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* minor doc

* gaurd with enable redis flag

Signed-off-by: Rama Chavali <rama.rao@salesforce.com>

* rbac: refactor with better modular and unit tests (#15508)

* refactor authz plugin to security package

* address comments

* move v1/v2 code to separate directory

* fix lint

* Don't report send error for expected errors (#15636)

Right now a metric is incremeneted for every send error. The vast
majority of the time this error is just due to standard operations with
the connection closing while sending. This masks real errors. Once
https://github.com/istio/istio/pull/15476 is merged and we have these
errors displayed more prominently, we will not want to display these
false positives.

* fix stackdriver adapter getting shutdown (#15612)

* Update license checker to use modules instead of packages (#15595)

* Update license checker to use modules instead of packages

* Add those modules with no license file to missing license output

* Update to license path based on mod cache from URL and add
  knownUnknownLicenses

* Additional logging to help determine failure point

* Update to latest istio/api version (#15657)

Annotations have been updated to clearly indicate
alpha-level annotations. Also added annotations for
synthetic service entries.

* Add log dumping to kind to help debug integration test failures (#15637)

* Retry and increase log level on kind creation

We are seeing lots of flakes due to kind failing to create the cluster.
This adds retries to cluster creation, and increase the log level so we
can help root cause the issue.

* Fix retry and shellcheck

* Remove retries, dump logs

* retain cluster

* Build only images needed for tests (#15642)

* Add sample traffic conformance tests (#15172)

* Add minimal traffic conformance tests

* Fix vendor

* move 3rd party images to values (#14815)

* refactor the rbac integ tests to reduce test time (#15643)

* refactor the rbac integ tests to reduce test time

1) Puts all tests in the same package (main_test.go) to reuse the same
Istio cluster and avoid creating/deleting the Istio cluster multiple
times. Each test case will deploy the RBAC policy in their own namespace.

2) Do not wait for 60 seconds in each test case. The RunRBACTest()
function will just retry for 10 times. So if there is any delay in
policy propagation, it should be covered by the retry already, so it
doesn't make too much sense to wait for another 60 seconds.

* tweak the retry delay from 1.0 to 0.5 seconds and timeout from 10 seconds to 15 seconds

* Reduce Galley unit test flakes (#15667)

These tests fail sometimes due to trying to use a port that is already
in use (9876).

* enable multiple Set-Cookie headers (#15581)

* enable multiple Set-Cookie headers

- split DirectHttpResponse handling to its own function (ease testing)
- split Set-Cookie header to multiple APPEND directives

* add test for duplicate set-cookie header in directive

* Add version suffix for crd jobs (#15677)

* add version suffix for crds creation jobs.

* update crds job names.

* Refactor pilot dashboard to improve key metric visibility (#15665)

* fix(pilot dash): refactor pilot dash to improve ux

* Additional improvements

* Table for the no known endpoints
* More envoy stats, like connection failures and XDS size

* exclude values from dashboard test

* Fix quotes

* fix wrong italic format (#15655)

* fix wrong italic format

* fix wrong italic format

* fix wrong italic format

* fix wrong italic format

* fix wrong italic format

* fix wrong italic format

* Update config URL (#15153)

Old link 404s

* Add support for specify redirectCode in HTTPRoute (#15650)

* Mark redis policy tests as flaky (#15687)

* Fix kiali upgrade issue (#15690)

Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>

* Update versions field in crds definition. (#15615)

* multi-cluster panic fix (#15700)

* Refactor pilot pushing logic (#15405)

* connection queue

* Add tests

* Improve comments, fix tests

* Use sync.cond to fix race condition

* Fix race

* Clean up lint

* Fix race, add license

* Add proxy queue time metric

* Fix test

* Set push start time explicitly

* Cleanup hacky virtual inbound listener code (#15585)

* Cleanup the hacky virtual inbound listener code

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* fmt

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* split

* test fix

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* test fix

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* Add node image, skip options to kind tests (#15684)

Specifying the node image will be needed to test against multiple
versions of Kubernetes. Skipping setup or image building is useful for
running locally.

* Add a Dockerfile linter to our tests (#15484)

* Hadolint first pass

Decided to ignore a lot of message by default.
We should fix those in several passes.

* Apply suggestions from code review

Remove useless comment

* Address shellcheck issue

Also fix a ignore

* Address @howardjohn 's comment

* Address @howardjohn 's comment on vendor directory

* Address @johnma14 's comments

* Address @ericvn 's comments

* Move check_dockerfiles to common files

* Verification of shell substitution

Aparently was not caught by shellcheck and doesn't pass tests as
intended.
If CI/lint pass on this, we need to submit the check_dockerfile.sh to
istio/common_files

* Use bash

* Fix shellcheck

* Fix commonfile linter

* Address @rlenglet 's comments

* Forgot to remove ignore in previous commit

* Refactor pilot test organization (#15608)

* Refactor pilot test organization

Prior to this change we had a package per test, making an unneccesary
number of istio install/teardowns. Any test without a special set up can
just be in the top level pilot package. This required some changes to
the existing test in the top level (for some reason it was blocking the
Close() method when it wasn't using the "new style" of tests) and some
improved error reporting for trafficshifting.

* Add license

* Optimize contextgraph batch send algorithm (#15689)

* Optimize contextgraph batch send algorithm

This function attempts to split the request size to be the largest
possible request that is smaller than the request size limit. It did
this by linearly checking size(list[:n]), size(list[:n-1])... This ends
up being extremely slow, because proto.size is not a very cheap
operation for such large objects. In the case of racetests, this test
was taking over 5 minutes sometimes.

This modifies the algorithm to do a binary search for the optimal
request; behavior should be the same.

With this change:
BenchmarkSendBatch/Size2-8                500000              3042 ns/op
BenchmarkSendBatch/Size200-8               10000            135250 ns/op
BenchmarkSendBatch/Size20000-8                30          52180768 ns/op

Without this change
BenchmarkSendBatch/Size2-8                500000              3082 ns/op
BenchmarkSendBatch/Size200-8               10000            140837 ns/op
BenchmarkSendBatch/Size20000-8                 1        7999998085 ns/op

This represents a 150x improvement on large request sizes and a
negligible change for small requests

Alternatively, if we don't care about the performance of this function,
we can disable it in the racetests and leave this code as is.

* Linear search by looking at individual size

New benchmark:
BenchmarkSendBatch/Size2-8                500000              3199 ns/op
BenchmarkSendBatch/Size200-8               10000            138123 ns/op
BenchmarkSendBatch/Size20000-8               100          24098886 ns/op

This represents a 2x improvement over the previous commit and 300x
improvement over the original

* Look at size of message only once

* Don't undershoot by one

* Enable XDS marshalling to Any by default (#15632)

This feature improves pilot performance substantially, but was disabled
by default due to some proxy CPU regressions we were seeing. Since some
Envoy changes we have been unable to reproduce since then. This will
still be able to be turn off if issues do arise, but for now it seems
safe to enable this by default.

* Fix race condition in adsc client (#15771)

CloseSend and Send cannot be called concurrently, which is possible and
does happen in our tests, failing racetests. CloseSend is NOT required
and also doesn't actually close the stream (but we do that in the next
line anyways). See https://github.com/grpc/grpc-go/issues/2927 for
details.

* Fix: Consul high CPU usage (#15509) (#15510)

* Fix: Consul high CPU usage (#15509)

Add cache to avoid repeated remote calls to Consul catalog REST APIs

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* fix race test

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* move private methods down

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>

* Generates sha256 for each istioctl archive published to GCS. (#15629)

Signed-off-by: Jason Clark <jason.clark@ibm.com>

* iptables: for listener using filter chain (#15710)

* iptables: for listener using filter chain

* fix test

* iptables inbound capture port: cli flag and always enable (#15681)

* add cli switch for specifing iptables inbound capture port

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* always use separate capture port for inbound traffic

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* update goldens

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* separate variable

* update goldens

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* shell check

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* Disable Envoy's panic mode as default (#15609)

* [Fix] retain CommonLbConfig for HealthyPanicThreshold (#13682)

* retain the HealthyPanicThreshold field even if it's set to 0 for disabling Envoy's panic mode (#13682)

* fix a comment and add a test for disabling panic threshold as default

* run go fmt

* run gofmt -s

* reword a comment

* remove link

* Add mandarjog and nmittler to tools OWNERS (#15780)

* Move Citadel workloadsecret.go metrics from prometheus to opencensus (#15223)

* pilot agent change to support sds at bootstrap time (#15420)

* pa

* lint

* test coverage

* test cover

* format

* simplify code

* cleanup

* address comment

* cleanup

* cleanup

* wait sdsudsfile only in controlplane when authn enabled

* test cover

* test cover

* rebase

* test

* unit test

* rebase

* lint

* address comment

* token meta

* Disable frozen config store (#15671)

The frozen config store was meant to detect when we were modifying the
configs returned from the config store. However, this caused issues,
because we actually do want to modify - in particular, we sort the
configs. Freezing + sorting can lead to obscure segmentation faults due
to the freeze library using unsafe pointers, which was causing test
failures.

* Fix TestWorkloadAgentRefreshSecret racetest failure (#15794)

* Split out common config items from Pilot (#15634)

* Added TCP telemetry for BlackHole/Passthrough cluster (#15512)

* Added telemetry for BlackHole/Passthrough cluster

Fixes: #14664

Implements partial fix for #7669

* Updated pluging interface with OnVirtualListener method

* Updated HTTP routes plugins for default clusters

* Fix and update integration test

* Change function name to onVirtualOutboundListener

* Add destination service name for BlackHole/Passthrough

* Created const for Passthrough/BlackHole route names

* Change pkg/model to pkg/config

* Fix TestServerSource race condition (#15799)

If we set the desired error after we start the stream, the stream could
have a real error before we get to setting the error.

* Disable Test_KubeSecretController in racetest (#15769)

* Make PushQueue test less flaky (#15786)

The previous test depended on ordering of goroutines which is not
reliable. It would consistently fail when running repeatedly. This
change refactors the test to provide more coverage while not relying on
any undefined ordering.

* Fix metrics proxy port (#15807)

* Cleanup makefile and prow scripts (#15685)

* Remove junit for lint, set pipefail once

* Remove ARTIFACTS_DIR and special junit outputs

* Fix racetest junit

* refactor listener.go (#15828)

* enable locality weighted lb by default (#15014)

* enable locality weighted lb by default

* fix lint

* fix ut

* update mesh config helm template

* revert

* fixes for markdown style and typos (#15816)

* Fix consul monitoring test flakes (#15821)

Previously, the tests would wait for some period of time and check if it
got any updates. This timing sensitive test fails often when CPU is
throttled or slow, especially in -race or coverage mode. Additionally,
one of the tests depended on the order of a map which is undefined.

This change sorts the map output to be deterministic and changes the
test to poll for success rather than wait and check.

* rbac: remove the deprecated RBAC mixer adapter (#15675)

* fixed typo: you-project => your-project (#15812)

* Fix port collision on the Ctrlz component tests. (#15836)

* Revert "multi-cluster panic fix (#15700)" (#15830)

This reverts commit 0c93b9d75536b3134888b89edbcf04d35ec82054.

* Fix testing flags showing up in release binaries (#15797)

* Move test helper to test package

* add test

* Skip tests in codecov

* Revert "Move test helper to test package"

This reverts commit 1ed6cec3fe888e7851f5e050bc480e86035bdddb.

* Replace testing with interface

* Cleanup and properly document pilot env vars (#15801)

* Cleanup and properly document pilot env vars

Currently most of our environment variables are undocumented, and some
also use the wrong types. This makes it very confusing because you can
set FOO=false and it actually turns on FOO. This change cleans up these
cases, and adds documentation to most of the variables used in pilot.

* Fix errors

* Upgrade kiali (#15372)

* upgrade kiali

Signed-off-by: clyang82 <clyang@cn.ibm.com>

* upgrade kiali to 1.1

* Avoid inject panic with corner case (#15840)

Signed-off-by: clyang82 <clyang@cn.ibm.com>

* Make ServiceEntry follow Sidecar isolation (#13631)

* Change hostname resolution to follow Sidecar

See the design doc for more details
https://docs.google.com/document/d/15-PU9O22Pb0qTzCfwK2hjwNTcb-CqFuw8JnIgwK3EIM/

This PR changes the behavior of Pilot when the same hostname is found in
multiple namespaces (due to ServiceEntries). Previously, the behavior
was undefined -- in some cases we selected an arbitrary service while in
others we selected all services. The new behavior will always select a
single namespace for a given hostname. If a hostname exists in multiple
namespaces, one will be determined by the Sidecar scope. If the sidecar
imports multiple namespaces with the same hostname, an arbitrary one
will be chosen, favoring the proxies namespace if possible.

* Get rid of dummy sidecar

* Make InstancesByPort take a Service instead of host

This is primarily meant to enable
https://github.com/istio/istio/pull/13631, which will require the full
Service

* Make instances by port use proper namespace selection

* Clean up dead code

* Fix rebase errors

* Various improvements to pilot tests to make them more hermetic (#15847)

* Make listener_test use open port

* Make appprobe test poll until ready

* Make pilot-agent role tests not depend on global state

* Enable skipped test with resolved issue

* Integration tests for webhook in galley scaling scenarios (#15841)

* Integ test for webhook behavior when scaling galley

* integ test to verify webhook config deletion when galley uninstalled

* PR review fixups

* Move galley webhook tests into their own suite

* Use subtests

* Increase delay to wait for webhook reconciliation to act

* Try fetch secret directly in case a secret is requested but cache doe… (#15672)

* Try fetch secret directly in case a secret is requested but cache doesn't have it somehow

* Don't put secret directly fetched from API call to cache

* Mixer: add tests for direct HTTP response (#15781)

* add test for direct HTTP response

- status code
- body setting
- header manipulation

* gofmt changes

* Initial infinite request loop fix (#15833)

* Add POD_IP match to prevent infinite traffic loops

* fix lint

* Disable for cloudfoundry test

* Precompute filter

* Add integration test

* Also report number of virtual services known to pilot. (#14946)

* Also report number of virtual services known to pilot.

Only count virtual services for ISTIO_MESH_GATEWAY.

Fixes #14932

* Move gauge for total virtual service count to initVirtualServices

* add comment (#15015)

* simplify the Envoy JWT filter config (#15854)

* Fix duplicate close PortForwarder (#15813)

* add configurable rolling update strategy. (#15586)

* EnvoyFilter: match filter chains, http/network filters (#15639)

* Match http/network filters

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* insert before or after

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* split into smaller files

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* tests and lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* test

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lots of tests

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint1

* test fixes

* lint

* disable until resolution

* lint

* update gogo

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* unskip tests

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* integration test

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* config fixes

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* bug fix

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* lint

Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>

* Detect ARM arch with variant when building (#15668)

* detect arm architecture

* remove hardcoded value

* only normalize arm with variant

* Support kube-uninject for istioctl command (#15573)

* Support kube-uninject for istioctl command

Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>

* Address review comments

* avoid duplicated method

Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>

* add more cases: handle enable-core-dump container/dnsConfig/annotations

* add sidecar.istio.io/inject:false always

* avoid panics

Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>

* correct the comment for exported method

* Update the chart version (#15893)

Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>

* Fix goroutine leak on send timeout (#15897)

Previously the done channel was unbuffered. This means that if a timeout
occured, there would be nothing trying to read from `done`, which would
cause it to block indefinitely. Because of this, every timeout resulted
in a goroutine to be leaked. Now it is buffered so the send can occur
even after the timer completes.
@sudomann
Copy link

sudomann commented Aug 5, 2019

@rshriram Hi, will this become available in the 1.3 release or when?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/networking ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

httpsRedirect option for 308
6 participants