Merged
Conversation
Signed-off-by: Yangmin Zhu <ymzhu@google.com>
* Use kube.CreateClientset Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com> * Fix lint error Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>
Overview of the changes: - Changed runtime.Source.Start take an EventHandler function, rather than creating a channel. This affords composition of sources. - Merged the dynamic source and listener code into just source. This simplifies the code quite a bit. A dynamic source now operates on a single spec, rather than an entire schema. - Added new built-in sources that use build-in k8s informers to avoid intermediate parsing of k8s Node, Pod, Endpoints, and Services. - Added an aggregate source that will use built-in sources for supported types. Otherwise, falls back to using a dynamic source. - Refactored the file-based source to use code from both dynamic and built-in packages. This allows the file-based source to properly parse all types. Partially addresses #10589 and #10497
* Wait for traffic to complete in test script * Add retries to kubectl apply manifest, remove duplicated code * Allow to run upgrade test locally * Fix shellcheck, add command examples * Remove redundant environment variable * Add error check for create namespace * Cleanup
* support locality weighted loadbalancer * validate LocalityWeightSettings * set proxy locality * fix ci * address comments * EDS part * fix test * reduce locality string split * perf optimize * add ut * fix lint * mark TODO * fix nil pointer * optimize ApplyLocalityWeightSetting * per locality edsClusters cache * update validation ut * update Locality field * set locality Lb priority * fix build * fix build * fix panic * fix minor * add ut * address comments * use cloned endpoints * fix subset locality lb * shallow copy cluster to prevent r/w data race * fix frankbu comments * update Validate * update locality lb set * fix ut * bump istio api * update * fix nil pointer * fix build * add comments * perf improve * add more comments * move validate localityLbsetting to validation.go * fix lint
* Fix DestinationRule selection issue Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * clean ups Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * comments Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * test fix Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * format Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * namespace fix Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
* refer to gateway using ns/name syntax in virtual service Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * validation Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * undo Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * snafu Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nits Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
* prom init container. * init container fail when secret is not ready. * make prom init container conditional based on security.enabled * add init container into value * add new line * add security.enable into prom subchart * indent
* update value for one namespace. * add comments for oneNamespace parameter.
* remove cached secret immediately after stream close * lint * cleanup * clean up
make the path comparison of Makefile more robust Signed-off-by: YaoZengzeng <yaozengzeng@zju.edu.cn>
…g. (#11156) * injector changes for health check, pilot agent take over app readiness check. (#9266) * WIP injector change to modify istio-proxy. * move out to app_probe.go * Iterating sidecartmpl to find the statusPort. * use the same name for ready path. * Get rewrite work, almost. * Some clean up on test and check one container criteria. * fix the injected test file. * Add inject test for readiness probe itself. * Add missing added test file. * fix helm test. * fix lint. * update header based finding the port. * return to previous injected file status. * fixing TestIntoResource test. * sed fixing all remaining injecting files. * handling named port. * fixing merginge failure. * remove the debug print. * lint fixing. * Apply the suggestions for finding statusPort arg. * Address comments, regex support more port value format. * add app_probe_test.go * add more test. * merge fix the test. * changing new server to unmarshal prober info. * add valid json for test case. * more checks on json format. * finish the status server and the test. * WIP on the istioctl kubeinject. * WIP on the istioctl kubeinject. * small code refactoring app_probe.go * fixing some test cases. * make sure status server also work with empty path. * some cleanup on status/server.go * fix the lint. * rename to be consistent. * fix the comments, matching the pattern string. * fix the lint.
* Update statsd host address * Update values.yaml * Update statsd host example value
Signed-off-by: Kuat Yessenov <kuat@google.com>
…tch (#10910) * Change new metrics config to match Task config and update tests to match * Correct productpage workload name makes everything better * Add retry logic * Address review comments
#11159) * disable replicas when auto scaling is enabled * add simple way to test other cloud * add steps to install crds from istio-init * clarify comment * remove accidentally pushed files * resolve merge conflict * address Martin's comment * comment out RUNNING in yaml file * add missing helm dep update
* Galley: Refactor runtime to support multiple processing paths This PR is just transferring a few things from processor into state, in anticipation of supporting multiple processing paths. The next step will be to have a second state specifically for generating synthetic ServieEntry resources. Supporting work for #10589 and #10497 * addressing comments.
* refactor mcp server to reduce number of goroutines * fix queue_test.go * address review comments * fix mixer and galley reporting prefixes * fixer galley and mcp dashboards * address more review comments * fix unit test names * add comments, logs, and queue-closed check to Enqueue() * fix deadlock in logging path * increase code coverage * remove unused mutex
* Additional fixes for interception * Use the constant * Skip init container for none * Fix 2 crashes for pods without services * Any priv port causes envoy to reject all listeners * Matching target port, partial solution by name * Similar fix for listeners, common method * Format * Add TODO * Use target port from endpoint * Revert target port - can use the one from instance * Update the test file and golden for none, make it executable in real cluster * Fix test (ports now need to match) * v2 is tested via e2e * No clue why make format and lint don't agree * Add a metadata to control port remapping for bind=true and non-root * Remove remapping of port. User can either run as root or not use <1024 * Format * Temporary revert remapping, since istio-system can't be imported selectively, will be removed after needed fixes are merged * Move port mapping to new code path * Move the search by port name after search by port number * Replace remap with validate * Add mixer imports to template * Use custom fortio image * Fix the test after adding mixer inports
* Add output for failure cases * Increase pod wait timeout to 10 mins
* Update Envoy go-control-plane, Proxy and CNI This updates envoyproxy/go-control-plane to v0.6.7. This also updates the Proxy SHA to 7738fa3d5 and CNI SHA to de2ae6dc. There are several locations where endpoint.Endpoint is either wrapped in a with a endpoint.LbEndpoint_Endpoint or is being accessed via LbEndpoint.GetEndpoint() without explicit checks on the HostIdentifier type as this codebase doesn't use other types of the HostIdentifier as yet. Signed-off-by: Venil Noronha <veniln@vmware.com> * Format codebase This updates the codebase after running the formatter. Signed-off-by: Venil Noronha <veniln@vmware.com>
…le to operate without actions (#11165) * allow requestHeaderOperations and responseHeaderOperations to in a rule to operate without actions * fix lint * fix lint * fix lint * ensure default response if RouteDirective is only action * lint * lint
Set VALID_TOKEN to true to address a SDS disconnection problem, in which SDS server disconnects a stream to Envoy and causes certificate rotation failures.
* add enhanced mcp stack * remove unused var * adjust codecov * adjust codecov numbers * fix vendor * use unique queue in mcp source implementation * remove extra redirection * increase test coverage * fix linter errors * linter doesn't like underscores
* Guard weighted TCP routed with proxy version check This updates the TCP weighted routing setup by placing a guard i.e. to specifically enable it when the proxy version is greater than or equal to 1.1. Signed-off-by: Venil Noronha <veniln@vmware.com> * Fix linter error This moves conditional logic to fix a linter error. Signed-off-by: Venil Noronha <veniln@vmware.com>
* Fix sidecars not retrieving updated mesh networks configuration * Review comments addressed * Also verify not nil in initMesh * Review comments addressed
* Update envoyproxy/go-control-plane SHA to eb553e72 This updates the envoyproxy/go-control-plane package to revision eb553e72ac8724721a99ed85fcb116467c7a2bac. Signed-off-by: Venil Noronha <veniln@vmware.com> * Remove mysql_proxy references from Gopkg.lock This removes references to the mysql_proxy from Gopkg.lock. Signed-off-by: Venil Noronha <veniln@vmware.com>
* Add integration with Envoy's MySQL Proxy filter This adds support for redirecting traffic through Envoy's MySQL Proxy filter. Signed-off-by: Venil Noronha <veniln@vmware.com> * Guard filter configuration by a proxy version test This adds a guard that ensures that the correct proxy version is available (in this case v1.1) prior to configuring Redis and MySQL Envoy filters to ensure backward compatibility. Signed-off-by: Venil Noronha <veniln@vmware.com> * Fix number of ServiceInstances Signed-off-by: Venil Noronha <veniln@vmware.com>
* implement direct response Signed-off-by: Kuat Yessenov <kuat@google.com> * fix a bug Signed-off-by: Kuat Yessenov <kuat@google.com> * review Signed-off-by: Kuat Yessenov <kuat@google.com> * remove dependency Signed-off-by: Kuat Yessenov <kuat@google.com> * add test Signed-off-by: Kuat Yessenov <kuat@google.com>
…11214) * Configure envoy_bootstrap_v2.json to use the configured admin port * Also set the prometheus_stats cluster's port * Fix bootstrap tests that override admin port
…1258) * allow multiple hosts in same namespace in sidecar egress host Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * merge Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * undo Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nit Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
The ServiceEntry transformation requires the Pod status, which is not included in the PodSpec. We need to pass through the entire Pod proto, so that it's available for the conversion.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sync up to 1.1 HEAD