* Rbac ingress (#320)

* Add ingresses/status to rbac

* fix bash'ism (#325)

* fix bash'ism

we tell people to `curl -L https://git.io/getIstio | sh -` so we can't use bash extentions
I was getting [[ unknown command on line 12, fixing this

* also updating comment

* updateVersion.sh to not modify templates (#229)

* istio install templates

* fix copy

* fix temp var

* []byte values

* fix linter errors

* comment out unused ca vars

* gofmt kubernetes.go

* fix macros

* fix kubeTest.sh

* move istio-auth-with-cluster-ca.yaml out of templates dir (#334)

* fix broken link (#335)

* fixing #321 (#336)

fixing broken links

* Getting master ready for beta (#322)

0.1.x -> 0.2.x

* Add v1/stable version (#351)

* Add v1/stable version

* Start of a local development directory (#337)

* initial skeleton notes for local dev

* tweaks

* adding the rules.yaml for local dev and updating the scripts

* Fixing English typo

* Also start to address dev getting started

Issue #348

* incorporated most of my noogler notes

* Adding the sample quota

* adding note about -v=5

for debug/verbose output

* Code review comments

* typo fix


will follow up with moving most of mixer/dev/development.md into this

* Moving most of mixer/doc/dev/development.md here (#352)

* Moving most of mixer/doc/dev/development.md here

https://github.com/istio/mixer/blob/master/doc/dev/development.md to
here with updates to make it a bit more generic than just mixer

* Also move conventions.md and performance.md here

* Review comments

And linking the conventions and perf docs

* minor update

* Manager -> pilot rename (#359)

* Manager -> Pilot

 git ls-files | grep -v tests/e2e|grep -v bookinfo| xargs -n 1 sed -i
.bak -e 's/Manager/Pilot/g'

As tests/e2e and bookinfo have other Manager unrelated to pilot

* manager -> pilot

 git ls-files | grep -v tests/e2e|grep -v bookinfo| xargs -n 1 sed -i
.bak -e 's/manager/pilot/g'

* Manual changes in e2e

* MANAGER to PILOT

git ls-files | xargs -n 1 sed -i .bak -e 's/MANAGER/PILOT/g'

and manually excluding some

* Rename yaml file too

* Last few selective renames

Last piece, only remaining ‘manager’ are:
```
ldemailly-macbookpro:istio ldemailly$ git grep -i manager
samples/apps/bookinfo/src/reviews/reviews-wlpcfg/servers/LibertyProjectS
erver/server.xml:    <featureManager>
samples/apps/bookinfo/src/reviews/reviews-wlpcfg/servers/LibertyProjectS
erver/server.xml:    </featureManager>
tests/e2e/README.md:### appManager.go
tests/e2e/README.md:`appManager` gather apps required for test into a
array and deploy them while setup()
tests/e2e/framework/BUILD:        "appManager.go",
tests/e2e/framework/appManager.go:// AppManager organize and deploy apps
tests/e2e/framework/appManager.go:type AppManager struct {
tests/e2e/framework/appManager.go:// NewAppManager create a new
AppManager
tests/e2e/framework/appManager.go:func NewAppManager(tmpDir, namespace
string, istioctl *Istioctl) *AppManager {
tests/e2e/framework/appManager.go:      return &AppManager{
tests/e2e/framework/appManager.go:func (am *AppManager)
generateAppYaml(a *App) error {
tests/e2e/framework/appManager.go:func (am *AppManager) deploy(a *App)
error {
tests/e2e/framework/appManager.go:func (am *AppManager) Setup() error {
tests/e2e/framework/appManager.go:func (am *AppManager) Teardown()
error {
tests/e2e/framework/appManager.go:func (am *AppManager) AddApp(a *App) {
tests/e2e/framework/framework.go:
c.Cleanup.RegisterCleanable(c.Kube.AppManager)
tests/e2e/framework/kubernetes.go:      pilotHub =
flag.String("pilot_hub", os.Getenv(pilotHubEnvVar), "Manager hub")
tests/e2e/framework/kubernetes.go:      pilotTag =
flag.String("pilot_tag", os.Getenv(pilotTagEnvVar), "Manager tag")
tests/e2e/framework/kubernetes.go:              "manager",
tests/e2e/framework/kubernetes.go:      // App Manager
tests/e2e/framework/kubernetes.go:      AppManager *AppManager
tests/e2e/framework/kubernetes.go:      a := NewAppManager(tmpDir,
*namespace, i)
tests/e2e/framework/kubernetes.go:              AppManager:       a,
tests/e2e/framework/kubernetes.go:      case "manager":
tests/e2e/tests/bookinfo/demo_test.go:
tc.Kube.AppManager.AddApp(demoApp)
tests/e2e/tests/mixer/mixer_test.go:
tc.Kube.AppManager.AddApp(demoApp)
```

* Review comment

changed flag from m to p

* make linter happy bin/fmt.sh + review updates

* show in logs url being used (#360)

A bit more info in logs for when download fails

* Update images for Pilot & Unary (#361)

* Update image for Unary

* Fix forgotten renames

* Disabling failing test until #365 is fixed (#366)

* Skip TestDenials

* Update format and linter to skip git files

* Using git ls-files instead of find

* Remove extra buildifier call

* missed manager->pilot rename and use lowercase -c for ca image (#363)

* Make shell utility functions variadic (#377)

This simplifies usage a bit by not requiring user to call fmt.Sprintf
themselves.

* Re-enable TestDenials

* Revert "Update images for Pilot & Unary (#361)"

This reverts commit 2b210ac.

* Revert "Getting master ready for beta (#322)"

This reverts commit 910a025.

* Update to latest version of manager

* zipkin-tracing task and bookinfo sample cleanup

* resolve merge conflicts

* istio install templates

* fix copy

* fix temp var

* []byte values

* fix linter errors

* comment out unused ca vars

* gofmt kubernetes.go

* fix macros

* fix kubeTest.sh


Former-commit-id: 957e535

* Rbac ingress (#320)

* Add ingresses/status to rbac

* fix bash'ism (#325)

* fix bash'ism

we tell people to `curl -L https://git.io/getIstio | sh -` so we can't use bash extentions
I was getting [[ unknown command on line 12, fixing this

* also updating comment

* updateVersion.sh to not modify templates (#229)

* istio install templates

* fix copy

* fix temp var

* []byte values

* fix linter errors

* comment out unused ca vars

* gofmt kubernetes.go

* fix macros

* fix kubeTest.sh

* move istio-auth-with-cluster-ca.yaml out of templates dir (#334)

* fix broken link (#335)

* fixing #321 (#336)

fixing broken links

* Getting master ready for beta (#322)

0.1.x -> 0.2.x

* Add v1/stable version (#351)

* Add v1/stable version

* Start of a local development directory (#337)

* initial skeleton notes for local dev

* tweaks

* adding the rules.yaml for local dev and updating the scripts

* Fixing English typo

* Also start to address dev getting started

Issue #348

* incorporated most of my noogler notes

* Adding the sample quota

* adding note about -v=5

for debug/verbose output

* Code review comments

* typo fix


will follow up with moving most of mixer/dev/development.md into this

* Moving most of mixer/doc/dev/development.md here (#352)

* Moving most of mixer/doc/dev/development.md here

https://github.com/istio/mixer/blob/master/doc/dev/development.md to
here with updates to make it a bit more generic than just mixer

* Also move conventions.md and performance.md here

* Review comments

And linking the conventions and perf docs

* minor update

* Manager -> pilot rename (#359)

* Manager -> Pilot

 git ls-files | grep -v tests/e2e|grep -v bookinfo| xargs -n 1 sed -i
.bak -e 's/Manager/Pilot/g'

As tests/e2e and bookinfo have other Manager unrelated to pilot

* manager -> pilot

 git ls-files | grep -v tests/e2e|grep -v bookinfo| xargs -n 1 sed -i
.bak -e 's/manager/pilot/g'

* Manual changes in e2e

* MANAGER to PILOT

git ls-files | xargs -n 1 sed -i .bak -e 's/MANAGER/PILOT/g'

and manually excluding some

* Rename yaml file too

* Last few selective renames

Last piece, only remaining ‘manager’ are:
```
ldemailly-macbookpro:istio ldemailly$ git grep -i manager
samples/apps/bookinfo/src/reviews/reviews-wlpcfg/servers/LibertyProjectS
erver/server.xml:    <featureManager>
samples/apps/bookinfo/src/reviews/reviews-wlpcfg/servers/LibertyProjectS
erver/server.xml:    </featureManager>
tests/e2e/README.md:### appManager.go
tests/e2e/README.md:`appManager` gather apps required for test into a
array and deploy them while setup()
tests/e2e/framework/BUILD:        "appManager.go",
tests/e2e/framework/appManager.go:// AppManager organize and deploy apps
tests/e2e/framework/appManager.go:type AppManager struct {
tests/e2e/framework/appManager.go:// NewAppManager create a new
AppManager
tests/e2e/framework/appManager.go:func NewAppManager(tmpDir, namespace
string, istioctl *Istioctl) *AppManager {
tests/e2e/framework/appManager.go:      return &AppManager{
tests/e2e/framework/appManager.go:func (am *AppManager)
generateAppYaml(a *App) error {
tests/e2e/framework/appManager.go:func (am *AppManager) deploy(a *App)
error {
tests/e2e/framework/appManager.go:func (am *AppManager) Setup() error {
tests/e2e/framework/appManager.go:func (am *AppManager) Teardown()
error {
tests/e2e/framework/appManager.go:func (am *AppManager) AddApp(a *App) {
tests/e2e/framework/framework.go:
c.Cleanup.RegisterCleanable(c.Kube.AppManager)
tests/e2e/framework/kubernetes.go:      pilotHub =
flag.String("pilot_hub", os.Getenv(pilotHubEnvVar), "Manager hub")
tests/e2e/framework/kubernetes.go:      pilotTag =
flag.String("pilot_tag", os.Getenv(pilotTagEnvVar), "Manager tag")
tests/e2e/framework/kubernetes.go:              "manager",
tests/e2e/framework/kubernetes.go:      // App Manager
tests/e2e/framework/kubernetes.go:      AppManager *AppManager
tests/e2e/framework/kubernetes.go:      a := NewAppManager(tmpDir,
*namespace, i)
tests/e2e/framework/kubernetes.go:              AppManager:       a,
tests/e2e/framework/kubernetes.go:      case "manager":
tests/e2e/tests/bookinfo/demo_test.go:
tc.Kube.AppManager.AddApp(demoApp)
tests/e2e/tests/mixer/mixer_test.go:
tc.Kube.AppManager.AddApp(demoApp)
```

* Review comment

changed flag from m to p

* make linter happy bin/fmt.sh + review updates

* show in logs url being used (#360)

A bit more info in logs for when download fails

* Update images for Pilot & Unary (#361)

* Update image for Unary

* Fix forgotten renames

* Disabling failing test until #365 is fixed (#366)

* Skip TestDenials

* Update format and linter to skip git files

* Using git ls-files instead of find

* Remove extra buildifier call

* missed manager->pilot rename and use lowercase -c for ca image (#363)

* Make shell utility functions variadic (#377)

This simplifies usage a bit by not requiring user to call fmt.Sprintf
themselves.

* Re-enable TestDenials

* Revert "Update images for Pilot & Unary (#361)"

This reverts commit 6362d37 [formerly 2b210ac].

* Revert "Getting master ready for beta (#322)"

This reverts commit 52e8937 [formerly 910a025].

* Update to latest version of manager

Former-commit-id: 6a65da1

Automatic merge from submit-queue

Add a method to extract identities from SAN extension

This will be used by the grpc server for client certificate based
authN/authZ.

Also grouping all SAN-related operations into package `pkg/pki/san.go`

**Release note**:

```
NONE
```

* istio install templates

* fix copy

* fix temp var

* []byte values

* fix linter errors

* comment out unused ca vars

* gofmt kubernetes.go

* fix macros

* fix kubeTest.sh


Former-commit-id: 957e535

Automatic merge from submit-queue

Add a method to extract identities from SAN extension

This will be used by the grpc server for client certificate based
authN/authZ.

Also grouping all SAN-related operations into package `pkg/pki/san.go`

**Release note**:

```
NONE
```

* Add blacklisted services and namespaces to mesh config.

* Remove blacklisted namespace, user needs to list all services for blacklisting.

* Update field name and comment.

Automatic merge from submit-queue.

[DO NOT MERGE] Auto PR to update dependencies of mixerclient

This PR will be merged automatically once checks are successful.
```release-note
none
```

* MAISTRA-2051: Update xns-informers

* MAISTRA-2051: Add xns-informer for Service APIs

Squashed commit, incorporates changes from:

  * MAISTRA-551 Run sidecar with a dynamically-determined runAsUser ID

  * MAISTRA-611 Partial injection of just the annotation and runAsUser id

  * MAISTRA-668 Fix expected output of webhook injection

  The sidecar injector now sets the securityContext.runAsUser field
  regardless if it is specified in the sidecar template or not. This is
  to allow the sidecar template to not include the field, which is
  required to ensure that istioctl kube-inject outputs manifests that
  pass the SCC admission controller (if the runAsUser is specified, the
  SCC controller will reject the pod, as the uid won't be in the proper
  range). The sidecar injector then injects the correct runAsUser id even
  if it isn't specified in the template.

MAISTRA-2051: Add xns-informer for Service APIs (istio#229)

* MAISTRA-2051: Update xns-informers

* MAISTRA-2051: Add xns-informer for Service APIs

Update to run make gen on istioctl as well so that that picks up the Proxy UID changes as well

MAISTRA-2051: Add xns-informer for Kubernetes types (istio#223)

* vendor: Add github.com/maistra/xns-informer

* Update mirrored licenses to fix gen-check

* MAISTRA-2051: Add xns-informer for Kubernetes types

This integrates the xns-informer library for multi-namespace support,
but only for core Kubernetes types.  The informers are hard-coded to
watch all namespaces here.  The integration with MemberRoll will come
in a follow-up.

MAISTRA-2051 Add xns-informer for Istio types (istio#221)

MAISTRA-2051: Add MemberRollController (istio#227)

* MAISTRA-2051: Add MemberRollController

Includes the following:

* 75742b0 - Add Makefile for Maistra client generation

This adds a Makefile with tasks for generating the Maistra specific
clients. It is adapted from the one in the Istio client-go repository.

* 5f8562c - Add MemberRollController

Squashed commit, consisting of:

  * MAISTRA-417: Add MemberRollController

  * MAISTRA-450: Switch across to ConfiguredMembers and check existing
    config for changes

  * MAISTRA-1005 Do not expect namespaces to have a stable ordering

The clients have also been regenerated.

* 1b7a89d - Add missing licenses

* fe2f8cd - Fix Copyright holder

* 06ea2db - MAISTRA-1666: Add `go mod vendor` as part of `make gen`

This is to make sure all PR's will have an updated
vendor directory. The `gencheck` prow job will ensure that.

* MAISTRA-2051: Update MemberRollController for xns-informers

* MAISTRA-2051: Add AddMemberRoll to kube client

* MAISTRA-2051: Configure MemberRoll controller in istiod

MAISTRA-2051: Add xns-informer for Service APIs (istio#229)

* MAISTRA-2051: Update xns-informers

* MAISTRA-2051: Add xns-informer for Service APIs

MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)

This moves galley to the shared Kubernetes client, which will let it
use xns-informers for multi-namespace support like everything else.

MAISTRA-2051: Update xns-informers to latest (istio#252)

* MAISTRA-2051: Reset Kubernetes client to release-1.8 state

* MAISTRA-2051: Use xns-informers in Kubernetes client

* MAISTRA-2051: Un-skip tests with xns-informers issues

These tests were skipped because of issues with xns-informers, which
have now been solved.  They should no longer be skipped.

* MAISTRA-2051: Update xns-informers to latest

* MAISTRA-2051: Skip problematic integration test: TestDashboard

MAISTRA-2051: Use MultiNamespaceInformer in galley (istio#254)

* Revert "MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)"

This reverts commit 0b1567a.

* MAISTRA-2051: Use MultiNamespaceInformer in galley

This is a rework of the previous change that used the central
Kubernetes client in Galley.  The watchers in Galley manage stopping
and starting individual informers, which doesn't work well with the
factory returning cached informers.  This creates multi-namespace
informers individually instead of using the central factory.  It's
also a much smaller change overall and doesn't affect the tests.

* MAISTRA-2051: Add GetMemberRoll method to Kubernetes client

* MAISTRA-2051: Integrate MemberRoll with Galley

This configures the mulit-namespace aware infomers in Galley to
respond to changes in the set of namespaces via the MemberRoll.

This includes parts of the following:

  - 4b70b8d MAISTRA-1895 Add option to enable/disable CRD scan
  - 6e8019e MAISTRA-1968 allow analyzer to work with multi list watcher

MAISTRA-1724: Don't watch namespaces if MemberRoll is used (istio#257)

Rewrite of the following for Maistra 2.1 / Istio 1.8 rebase:

a161a53 - MAISTRA-1724 Don't watch namespaces if MRC is used (istio#161)

MAISTRA-1755: invoke UpdateNamespaces() as part of MemberRollController.Register()

Cherry-pick of f0eed15 for Maistra 2.1 / Istio 1.8 rebase.

MAISTRA-1724: Better hanlde deletion in NamespaceController

MAISTRA-2153: Disable namespace informer if MemberRoll is used (istio#283)

This causes istiod to skip creating the namespace informer in the
Kubernetes service registry controller if a MemberRoll is specified,
because Maistra cannot read namespace objects.  This will affect the
behavior of multi-network deployments that do not use mesh networks
for configuration, i.e. a namespace cannot be labeled with a default
network now.

MAISTRA-2197: Push first update when cache is warm (istio#294)

Change SMMR Controller behavior to only send the first update to
listeners when it has a list of members ready. In other words, when
cache is synced.

Before this, the first update was sent with only one hardcoded member:
The control plane namespace. Now it is sent with the full list of SMMR
members.

While on that, switch to our own log scope, to facilitate debugging.

Manual cherry pick of maistra/istio#291

MAISTRA-2233: Start xns-informers with empty namespace set (istio#303)

The multi-namespace informers created by xns-informers default to
watching all namespaces to match upstream behaviour.  This causes
permissions issues in Maistra because they will do this until the
first update from the MemberRoll controller sets the correct set of
namespaces on each informer.  We should instead explicitly configure
them with an empty set of namespaces at startup.

MAISTRA-2234: Seed MemberRoll listeners with system namespace (istio#302)

The MemberRoll controller was changed in MAISTRA-2197 to not send the
initial update with just the system namespace to all listeners.  This
can be a problem when the user hasn't created an SMMR resource yet,
because any listeners registered before the caches sync may never get
an update informing them to watch the system namespace.

This attempts to work around the issue by having all listeners
individually wait on the caches to sync, then seed just the system
namespace if no SMMR resource is found.

MAISTRA-2271: Update xns-informers to fix delete events issue (istio#315)

This updates xns-informers to include a fix for sending delete events
for all objects when a namespace is no longer watched.

See: maistra/xns-informer#12

MAISTRA-2051: Add xns-informer for Kubernetes types (istio#223)

* vendor: Add github.com/maistra/xns-informer

* Update mirrored licenses to fix gen-check

* MAISTRA-2051: Add xns-informer for Kubernetes types

This integrates the xns-informer library for multi-namespace support,
but only for core Kubernetes types.  The informers are hard-coded to
watch all namespaces here.  The integration with MemberRoll will come
in a follow-up.

MAISTRA-2051 Add xns-informer for Istio types (istio#221)

MAISTRA-2051: Add MemberRollController (istio#227)

* MAISTRA-2051: Add MemberRollController

Includes the following:

* 75742b0 - Add Makefile for Maistra client generation

This adds a Makefile with tasks for generating the Maistra specific
clients. It is adapted from the one in the Istio client-go repository.

* 5f8562c - Add MemberRollController

Squashed commit, consisting of:

  * MAISTRA-417: Add MemberRollController

  * MAISTRA-450: Switch across to ConfiguredMembers and check existing
    config for changes

  * MAISTRA-1005 Do not expect namespaces to have a stable ordering

The clients have also been regenerated.

* 1b7a89d - Add missing licenses

* fe2f8cd - Fix Copyright holder

* 06ea2db - MAISTRA-1666: Add `go mod vendor` as part of `make gen`

This is to make sure all PR's will have an updated
vendor directory. The `gencheck` prow job will ensure that.

* MAISTRA-2051: Update MemberRollController for xns-informers

* MAISTRA-2051: Add AddMemberRoll to kube client

* MAISTRA-2051: Configure MemberRoll controller in istiod

MAISTRA-2051: Add xns-informer for Service APIs (istio#229)

* MAISTRA-2051: Update xns-informers

* MAISTRA-2051: Add xns-informer for Service APIs

MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)

This moves galley to the shared Kubernetes client, which will let it
use xns-informers for multi-namespace support like everything else.

MAISTRA-2051: Update xns-informers to latest (istio#252)

* MAISTRA-2051: Reset Kubernetes client to release-1.8 state

* MAISTRA-2051: Use xns-informers in Kubernetes client

* MAISTRA-2051: Un-skip tests with xns-informers issues

These tests were skipped because of issues with xns-informers, which
have now been solved.  They should no longer be skipped.

* MAISTRA-2051: Update xns-informers to latest

* MAISTRA-2051: Skip problematic integration test: TestDashboard

MAISTRA-2051: Use MultiNamespaceInformer in galley (istio#254)

* Revert "MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)"

This reverts commit 0b1567a.

* MAISTRA-2051: Use MultiNamespaceInformer in galley

This is a rework of the previous change that used the central
Kubernetes client in Galley.  The watchers in Galley manage stopping
and starting individual informers, which doesn't work well with the
factory returning cached informers.  This creates multi-namespace
informers individually instead of using the central factory.  It's
also a much smaller change overall and doesn't affect the tests.

* MAISTRA-2051: Add GetMemberRoll method to Kubernetes client

* MAISTRA-2051: Integrate MemberRoll with Galley

This configures the mulit-namespace aware infomers in Galley to
respond to changes in the set of namespaces via the MemberRoll.

This includes parts of the following:

  - 4b70b8d MAISTRA-1895 Add option to enable/disable CRD scan
  - 6e8019e MAISTRA-1968 allow analyzer to work with multi list watcher

MAISTRA-1724: Don't watch namespaces if MemberRoll is used (istio#257)

Rewrite of the following for Maistra 2.1 / Istio 1.8 rebase:

a161a53 - MAISTRA-1724 Don't watch namespaces if MRC is used (istio#161)

MAISTRA-1755: invoke UpdateNamespaces() as part of MemberRollController.Register()

Cherry-pick of f0eed15 for Maistra 2.1 / Istio 1.8 rebase.

MAISTRA-1724: Better hanlde deletion in NamespaceController

MAISTRA-2153: Disable namespace informer if MemberRoll is used (istio#283)

This causes istiod to skip creating the namespace informer in the
Kubernetes service registry controller if a MemberRoll is specified,
because Maistra cannot read namespace objects.  This will affect the
behavior of multi-network deployments that do not use mesh networks
for configuration, i.e. a namespace cannot be labeled with a default
network now.

MAISTRA-2197: Push first update when cache is warm (istio#294)

Change SMMR Controller behavior to only send the first update to
listeners when it has a list of members ready. In other words, when
cache is synced.

Before this, the first update was sent with only one hardcoded member:
The control plane namespace. Now it is sent with the full list of SMMR
members.

While on that, switch to our own log scope, to facilitate debugging.

Manual cherry pick of maistra/istio#291

MAISTRA-2233: Start xns-informers with empty namespace set (istio#303)

The multi-namespace informers created by xns-informers default to
watching all namespaces to match upstream behaviour.  This causes
permissions issues in Maistra because they will do this until the
first update from the MemberRoll controller sets the correct set of
namespaces on each informer.  We should instead explicitly configure
them with an empty set of namespaces at startup.

MAISTRA-2234: Seed MemberRoll listeners with system namespace (istio#302)

The MemberRoll controller was changed in MAISTRA-2197 to not send the
initial update with just the system namespace to all listeners.  This
can be a problem when the user hasn't created an SMMR resource yet,
because any listeners registered before the caches sync may never get
an update informing them to watch the system namespace.

This attempts to work around the issue by having all listeners
individually wait on the caches to sync, then seed just the system
namespace if no SMMR resource is found.

MAISTRA-2271: Update xns-informers to fix delete events issue (istio#315)

This updates xns-informers to include a fix for sending delete events
for all objects when a namespace is no longer watched.

See: maistra/xns-informer#12

This PR reflects the fixes on access-logger related crashes: https://github.com/tetratelabs/envoy-setec/pull/2
This sha is on `tcc` branch on [tetrateio/proxy](https://github.com/tetrateio/proxy/tree/tcc) and the difference is here: https://github.com/tetrateio/proxy/compare/8facd8a939616245706ade3398d365f90a73fa3c...d5e6be205d5ad2fde7b8802aca2baa59085f4778.

Notably the change includes the change in `tcc` branch on tetratelabs/envoy-setec on access loggers: https://github.com/tetratelabs/envoy-setec/compare/8ea9a086b6844dcb7d14146951214f2fcb155f16...413c2cd959da7cbe32babb87cc900ab884ddc79c?expand=1.

Please note that I realized that the previously used binary in `tcc` branch here `8facd8a939616245706ade3398d365f90a73fa3c` was somehow deleted and looks like the one is manually uploaded. So I've setup the built pipeline on `tcc` branch in `teterateio/proxy` so we can rebuild or whatever in the future.

MAISTRA-2051: Add xns-informer for Kubernetes types (istio#223)

* vendor: Add github.com/maistra/xns-informer

* Update mirrored licenses to fix gen-check

* MAISTRA-2051: Add xns-informer for Kubernetes types

This integrates the xns-informer library for multi-namespace support,
but only for core Kubernetes types.  The informers are hard-coded to
watch all namespaces here.  The integration with MemberRoll will come
in a follow-up.

MAISTRA-2051 Add xns-informer for Istio types (istio#221)

MAISTRA-2051: Add MemberRollController (istio#227)

* MAISTRA-2051: Add MemberRollController

Includes the following:

* 75742b0 - Add Makefile for Maistra client generation

This adds a Makefile with tasks for generating the Maistra specific
clients. It is adapted from the one in the Istio client-go repository.

* 5f8562c - Add MemberRollController

Squashed commit, consisting of:

  * MAISTRA-417: Add MemberRollController

  * MAISTRA-450: Switch across to ConfiguredMembers and check existing
    config for changes

  * MAISTRA-1005 Do not expect namespaces to have a stable ordering

The clients have also been regenerated.

* 1b7a89d - Add missing licenses

* fe2f8cd - Fix Copyright holder

* 06ea2db - MAISTRA-1666: Add `go mod vendor` as part of `make gen`

This is to make sure all PR's will have an updated
vendor directory. The `gencheck` prow job will ensure that.

* MAISTRA-2051: Update MemberRollController for xns-informers

* MAISTRA-2051: Add AddMemberRoll to kube client

* MAISTRA-2051: Configure MemberRoll controller in istiod

MAISTRA-2051: Add xns-informer for Service APIs (istio#229)

* MAISTRA-2051: Update xns-informers

* MAISTRA-2051: Add xns-informer for Service APIs

MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)

This moves galley to the shared Kubernetes client, which will let it
use xns-informers for multi-namespace support like everything else.

MAISTRA-2051: Update xns-informers to latest (istio#252)

* MAISTRA-2051: Reset Kubernetes client to release-1.8 state

* MAISTRA-2051: Use xns-informers in Kubernetes client

* MAISTRA-2051: Un-skip tests with xns-informers issues

These tests were skipped because of issues with xns-informers, which
have now been solved.  They should no longer be skipped.

* MAISTRA-2051: Update xns-informers to latest

* MAISTRA-2051: Skip problematic integration test: TestDashboard

MAISTRA-2051: Use MultiNamespaceInformer in galley (istio#254)

* Revert "MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)"

This reverts commit 0b1567a.

* MAISTRA-2051: Use MultiNamespaceInformer in galley

This is a rework of the previous change that used the central
Kubernetes client in Galley.  The watchers in Galley manage stopping
and starting individual informers, which doesn't work well with the
factory returning cached informers.  This creates multi-namespace
informers individually instead of using the central factory.  It's
also a much smaller change overall and doesn't affect the tests.

* MAISTRA-2051: Add GetMemberRoll method to Kubernetes client

* MAISTRA-2051: Integrate MemberRoll with Galley

This configures the mulit-namespace aware infomers in Galley to
respond to changes in the set of namespaces via the MemberRoll.

This includes parts of the following:

  - 4b70b8d MAISTRA-1895 Add option to enable/disable CRD scan
  - 6e8019e MAISTRA-1968 allow analyzer to work with multi list watcher

MAISTRA-1724: Don't watch namespaces if MemberRoll is used (istio#257)

Rewrite of the following for Maistra 2.1 / Istio 1.8 rebase:

a161a53 - MAISTRA-1724 Don't watch namespaces if MRC is used (istio#161)

MAISTRA-1755: invoke UpdateNamespaces() as part of MemberRollController.Register()

Cherry-pick of f0eed15 for Maistra 2.1 / Istio 1.8 rebase.

MAISTRA-1724: Better hanlde deletion in NamespaceController

MAISTRA-2153: Disable namespace informer if MemberRoll is used (istio#283)

This causes istiod to skip creating the namespace informer in the
Kubernetes service registry controller if a MemberRoll is specified,
because Maistra cannot read namespace objects.  This will affect the
behavior of multi-network deployments that do not use mesh networks
for configuration, i.e. a namespace cannot be labeled with a default
network now.

MAISTRA-2197: Push first update when cache is warm (istio#294)

Change SMMR Controller behavior to only send the first update to
listeners when it has a list of members ready. In other words, when
cache is synced.

Before this, the first update was sent with only one hardcoded member:
The control plane namespace. Now it is sent with the full list of SMMR
members.

While on that, switch to our own log scope, to facilitate debugging.

Manual cherry pick of maistra/istio#291

MAISTRA-2233: Start xns-informers with empty namespace set (istio#303)

The multi-namespace informers created by xns-informers default to
watching all namespaces to match upstream behaviour.  This causes
permissions issues in Maistra because they will do this until the
first update from the MemberRoll controller sets the correct set of
namespaces on each informer.  We should instead explicitly configure
them with an empty set of namespaces at startup.

MAISTRA-2234: Seed MemberRoll listeners with system namespace (istio#302)

The MemberRoll controller was changed in MAISTRA-2197 to not send the
initial update with just the system namespace to all listeners.  This
can be a problem when the user hasn't created an SMMR resource yet,
because any listeners registered before the caches sync may never get
an update informing them to watch the system namespace.

This attempts to work around the issue by having all listeners
individually wait on the caches to sync, then seed just the system
namespace if no SMMR resource is found.

MAISTRA-2271: Update xns-informers to fix delete events issue (istio#315)

This updates xns-informers to include a fix for sending delete events
for all objects when a namespace is no longer watched.

See: maistra/xns-informer#12

MAISTRA-2051: Add xns-informer for Kubernetes types (istio#223)

* vendor: Add github.com/maistra/xns-informer

* Update mirrored licenses to fix gen-check

* MAISTRA-2051: Add xns-informer for Kubernetes types

This integrates the xns-informer library for multi-namespace support,
but only for core Kubernetes types.  The informers are hard-coded to
watch all namespaces here.  The integration with MemberRoll will come
in a follow-up.

MAISTRA-2051 Add xns-informer for Istio types (istio#221)

MAISTRA-2051: Add MemberRollController (istio#227)

* MAISTRA-2051: Add MemberRollController

Includes the following:

* 75742b0 - Add Makefile for Maistra client generation

This adds a Makefile with tasks for generating the Maistra specific
clients. It is adapted from the one in the Istio client-go repository.

* 5f8562c - Add MemberRollController

Squashed commit, consisting of:

  * MAISTRA-417: Add MemberRollController

  * MAISTRA-450: Switch across to ConfiguredMembers and check existing
    config for changes

  * MAISTRA-1005 Do not expect namespaces to have a stable ordering

The clients have also been regenerated.

* 1b7a89d - Add missing licenses

* fe2f8cd - Fix Copyright holder

* 06ea2db - MAISTRA-1666: Add `go mod vendor` as part of `make gen`

This is to make sure all PR's will have an updated
vendor directory. The `gencheck` prow job will ensure that.

* MAISTRA-2051: Update MemberRollController for xns-informers

* MAISTRA-2051: Add AddMemberRoll to kube client

* MAISTRA-2051: Configure MemberRoll controller in istiod

MAISTRA-2051: Add xns-informer for Service APIs (istio#229)

* MAISTRA-2051: Update xns-informers

* MAISTRA-2051: Add xns-informer for Service APIs

MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)

This moves galley to the shared Kubernetes client, which will let it
use xns-informers for multi-namespace support like everything else.

MAISTRA-2051: Update xns-informers to latest (istio#252)

* MAISTRA-2051: Reset Kubernetes client to release-1.8 state

* MAISTRA-2051: Use xns-informers in Kubernetes client

* MAISTRA-2051: Un-skip tests with xns-informers issues

These tests were skipped because of issues with xns-informers, which
have now been solved.  They should no longer be skipped.

* MAISTRA-2051: Update xns-informers to latest

* MAISTRA-2051: Skip problematic integration test: TestDashboard

MAISTRA-2051: Use MultiNamespaceInformer in galley (istio#254)

* Revert "MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)"

This reverts commit 0b1567a.

* MAISTRA-2051: Use MultiNamespaceInformer in galley

This is a rework of the previous change that used the central
Kubernetes client in Galley.  The watchers in Galley manage stopping
and starting individual informers, which doesn't work well with the
factory returning cached informers.  This creates multi-namespace
informers individually instead of using the central factory.  It's
also a much smaller change overall and doesn't affect the tests.

* MAISTRA-2051: Add GetMemberRoll method to Kubernetes client

* MAISTRA-2051: Integrate MemberRoll with Galley

This configures the mulit-namespace aware infomers in Galley to
respond to changes in the set of namespaces via the MemberRoll.

This includes parts of the following:

  - 4b70b8d MAISTRA-1895 Add option to enable/disable CRD scan
  - 6e8019e MAISTRA-1968 allow analyzer to work with multi list watcher

MAISTRA-1724: Don't watch namespaces if MemberRoll is used (istio#257)

Rewrite of the following for Maistra 2.1 / Istio 1.8 rebase:

a161a53 - MAISTRA-1724 Don't watch namespaces if MRC is used (istio#161)

MAISTRA-1755: invoke UpdateNamespaces() as part of MemberRollController.Register()

Cherry-pick of f0eed15 for Maistra 2.1 / Istio 1.8 rebase.

MAISTRA-1724: Better hanlde deletion in NamespaceController

MAISTRA-2153: Disable namespace informer if MemberRoll is used (istio#283)

This causes istiod to skip creating the namespace informer in the
Kubernetes service registry controller if a MemberRoll is specified,
because Maistra cannot read namespace objects.  This will affect the
behavior of multi-network deployments that do not use mesh networks
for configuration, i.e. a namespace cannot be labeled with a default
network now.

MAISTRA-2197: Push first update when cache is warm (istio#294)

Change SMMR Controller behavior to only send the first update to
listeners when it has a list of members ready. In other words, when
cache is synced.

Before this, the first update was sent with only one hardcoded member:
The control plane namespace. Now it is sent with the full list of SMMR
members.

While on that, switch to our own log scope, to facilitate debugging.

Manual cherry pick of maistra/istio#291

MAISTRA-2233: Start xns-informers with empty namespace set (istio#303)

The multi-namespace informers created by xns-informers default to
watching all namespaces to match upstream behaviour.  This causes
permissions issues in Maistra because they will do this until the
first update from the MemberRoll controller sets the correct set of
namespaces on each informer.  We should instead explicitly configure
them with an empty set of namespaces at startup.

MAISTRA-2234: Seed MemberRoll listeners with system namespace (istio#302)

The MemberRoll controller was changed in MAISTRA-2197 to not send the
initial update with just the system namespace to all listeners.  This
can be a problem when the user hasn't created an SMMR resource yet,
because any listeners registered before the caches sync may never get
an update informing them to watch the system namespace.

This attempts to work around the issue by having all listeners
individually wait on the caches to sync, then seed just the system
namespace if no SMMR resource is found.

MAISTRA-2271: Update xns-informers to fix delete events issue (istio#315)

This updates xns-informers to include a fix for sending delete events
for all objects when a namespace is no longer watched.

See: maistra/xns-informer#12

Co-authored-by: Brad Ison <brad.ison@redhat.com>

MAISTRA-2051: Add xns-informer for Kubernetes types (istio#223)

* Update mirrored licenses to fix gen-check

* MAISTRA-2051: Add xns-informer for Kubernetes types

This integrates the xns-informer library for multi-namespace support,
but only for core Kubernetes types.  The informers are hard-coded to
watch all namespaces here.  The integration with MemberRoll will come
in a follow-up.

MAISTRA-2051 Add xns-informer for Istio types (istio#221)

MAISTRA-2051: Add MemberRollController (istio#227)

* MAISTRA-2051: Add MemberRollController

Includes the following:

* 75742b0 - Add Makefile for Maistra client generation

This adds a Makefile with tasks for generating the Maistra specific
clients. It is adapted from the one in the Istio client-go repository.

* 5f8562c - Add MemberRollController

Squashed commit, consisting of:

  * MAISTRA-417: Add MemberRollController

  * MAISTRA-450: Switch across to ConfiguredMembers and check existing
    config for changes

  * MAISTRA-1005 Do not expect namespaces to have a stable ordering

The clients have also been regenerated.

* 1b7a89d - Add missing licenses

* fe2f8cd - Fix Copyright holder

This is to make sure all PR's will have an updated
vendor directory. The `gencheck` prow job will ensure that.

* MAISTRA-2051: Update MemberRollController for xns-informers

* MAISTRA-2051: Add AddMemberRoll to kube client

* MAISTRA-2051: Configure MemberRoll controller in istiod

MAISTRA-2051: Add xns-informer for Service APIs (istio#229)

* MAISTRA-2051: Update xns-informers

* MAISTRA-2051: Add xns-informer for Service APIs

MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)

This moves galley to the shared Kubernetes client, which will let it
use xns-informers for multi-namespace support like everything else.

MAISTRA-2051: Update xns-informers to latest (istio#252)

* MAISTRA-2051: Reset Kubernetes client to release-1.8 state

* MAISTRA-2051: Use xns-informers in Kubernetes client

* MAISTRA-2051: Un-skip tests with xns-informers issues

These tests were skipped because of issues with xns-informers, which
have now been solved.  They should no longer be skipped.

* MAISTRA-2051: Update xns-informers to latest

* MAISTRA-2051: Skip problematic integration test: TestDashboard

MAISTRA-2051: Use MultiNamespaceInformer in galley (istio#254)

* Revert "MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)"

This reverts commit 0b1567a.

* MAISTRA-2051: Use MultiNamespaceInformer in galley

This is a rework of the previous change that used the central
Kubernetes client in Galley.  The watchers in Galley manage stopping
and starting individual informers, which doesn't work well with the
factory returning cached informers.  This creates multi-namespace
informers individually instead of using the central factory.  It's
also a much smaller change overall and doesn't affect the tests.

* MAISTRA-2051: Add GetMemberRoll method to Kubernetes client

* MAISTRA-2051: Integrate MemberRoll with Galley

This configures the mulit-namespace aware infomers in Galley to
respond to changes in the set of namespaces via the MemberRoll.

This includes parts of the following:

  - 4b70b8d MAISTRA-1895 Add option to enable/disable CRD scan
  - 6e8019e MAISTRA-1968 allow analyzer to work with multi list watcher

MAISTRA-1724: Don't watch namespaces if MemberRoll is used (istio#257)

Rewrite of the following for Maistra 2.1 / Istio 1.8 rebase:

a161a53 - MAISTRA-1724 Don't watch namespaces if MRC is used (istio#161)

MAISTRA-1755: invoke UpdateNamespaces() as part of MemberRollController.Register()

Cherry-pick of f0eed15 for Maistra 2.1 / Istio 1.8 rebase.

MAISTRA-1724: Better hanlde deletion in NamespaceController

MAISTRA-2153: Disable namespace informer if MemberRoll is used (istio#283)

This causes istiod to skip creating the namespace informer in the
Kubernetes service registry controller if a MemberRoll is specified,
because Maistra cannot read namespace objects.  This will affect the
behavior of multi-network deployments that do not use mesh networks
for configuration, i.e. a namespace cannot be labeled with a default
network now.

MAISTRA-2197: Push first update when cache is warm (istio#294)

Change SMMR Controller behavior to only send the first update to
listeners when it has a list of members ready. In other words, when
cache is synced.

Before this, the first update was sent with only one hardcoded member:
The control plane namespace. Now it is sent with the full list of SMMR
members.

While on that, switch to our own log scope, to facilitate debugging.

Manual cherry pick of maistra/istio#291

MAISTRA-2233: Start xns-informers with empty namespace set (istio#303)

The multi-namespace informers created by xns-informers default to
watching all namespaces to match upstream behaviour.  This causes
permissions issues in Maistra because they will do this until the
first update from the MemberRoll controller sets the correct set of
namespaces on each informer.  We should instead explicitly configure
them with an empty set of namespaces at startup.

MAISTRA-2234: Seed MemberRoll listeners with system namespace (istio#302)

The MemberRoll controller was changed in MAISTRA-2197 to not send the
initial update with just the system namespace to all listeners.  This
can be a problem when the user hasn't created an SMMR resource yet,
because any listeners registered before the caches sync may never get
an update informing them to watch the system namespace.

This attempts to work around the issue by having all listeners
individually wait on the caches to sync, then seed just the system
namespace if no SMMR resource is found.

MAISTRA-2271: Update xns-informers to fix delete events issue (istio#315)

This updates xns-informers to include a fix for sending delete events
for all objects when a namespace is no longer watched.

See: maistra/xns-informer#12

Co-authored-by: Brad Ison <brad.ison@redhat.com>

OSSM-2006 Fix multiNamespaceInformer.HasSynced()

fix(xns-informer): only sync nsInformer when not nil (istio#684)

Fix shutting down namespace controller

Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>

OSSM-2233: uses maistra.io/api instead of copying

    Before we were generating and copying Maistra API types, now we use it
    as a dependency.

    Additionally following changes are introduced:

     - vendoring has been removed, as we now use embedded manifests from maistra/api in tests
     - cleans up Makefiles
     - removes unnecessary files (generated API)

OSSM-2375 Log the list of member namespaces on every change (istio#716)

Co-authored-by: Marko Lukša <marko.luksa@gmail.com>

OSSM-3703: Fix AUTO_RELOAD_PLUGIN_CERTS in multi-tenant mode (istio#778)

* OSSM-3703: Fix AUTO_RELOAD_PLUGIN_CERTS in multi-tenant mode

Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>

* Revert unnecessary variable declaration

Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>

---------

Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>

MAISTRA-2051: Add xns-informer for Kubernetes types (istio#223)

* Update mirrored licenses to fix gen-check

* MAISTRA-2051: Add xns-informer for Kubernetes types

This integrates the xns-informer library for multi-namespace support,
but only for core Kubernetes types.  The informers are hard-coded to
watch all namespaces here.  The integration with MemberRoll will come
in a follow-up.

MAISTRA-2051 Add xns-informer for Istio types (istio#221)

MAISTRA-2051: Add MemberRollController (istio#227)

* MAISTRA-2051: Add MemberRollController

Includes the following:

* 75742b0 - Add Makefile for Maistra client generation

This adds a Makefile with tasks for generating the Maistra specific
clients. It is adapted from the one in the Istio client-go repository.

* 5f8562c - Add MemberRollController

Squashed commit, consisting of:

  * MAISTRA-417: Add MemberRollController

  * MAISTRA-450: Switch across to ConfiguredMembers and check existing
    config for changes

  * MAISTRA-1005 Do not expect namespaces to have a stable ordering

The clients have also been regenerated.

* 1b7a89d - Add missing licenses

* fe2f8cd - Fix Copyright holder

This is to make sure all PR's will have an updated
vendor directory. The `gencheck` prow job will ensure that.

* MAISTRA-2051: Update MemberRollController for xns-informers

* MAISTRA-2051: Add AddMemberRoll to kube client

* MAISTRA-2051: Configure MemberRoll controller in istiod

MAISTRA-2051: Add xns-informer for Service APIs (istio#229)

* MAISTRA-2051: Update xns-informers

* MAISTRA-2051: Add xns-informer for Service APIs

MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)

This moves galley to the shared Kubernetes client, which will let it
use xns-informers for multi-namespace support like everything else.

MAISTRA-2051: Update xns-informers to latest (istio#252)

* MAISTRA-2051: Reset Kubernetes client to release-1.8 state

* MAISTRA-2051: Use xns-informers in Kubernetes client

* MAISTRA-2051: Un-skip tests with xns-informers issues

These tests were skipped because of issues with xns-informers, which
have now been solved.  They should no longer be skipped.

* MAISTRA-2051: Update xns-informers to latest

* MAISTRA-2051: Skip problematic integration test: TestDashboard

MAISTRA-2051: Use MultiNamespaceInformer in galley (istio#254)

* Revert "MAISTRA-2051: Use shared Kubernetes client in galley (istio#241)"

This reverts commit 0b1567a.

* MAISTRA-2051: Use MultiNamespaceInformer in galley

This is a rework of the previous change that used the central
Kubernetes client in Galley.  The watchers in Galley manage stopping
and starting individual informers, which doesn't work well with the
factory returning cached informers.  This creates multi-namespace
informers individually instead of using the central factory.  It's
also a much smaller change overall and doesn't affect the tests.

* MAISTRA-2051: Add GetMemberRoll method to Kubernetes client

* MAISTRA-2051: Integrate MemberRoll with Galley

This configures the mulit-namespace aware infomers in Galley to
respond to changes in the set of namespaces via the MemberRoll.

This includes parts of the following:

  - 4b70b8d MAISTRA-1895 Add option to enable/disable CRD scan
  - 6e8019e MAISTRA-1968 allow analyzer to work with multi list watcher

MAISTRA-1724: Don't watch namespaces if MemberRoll is used (istio#257)

Rewrite of the following for Maistra 2.1 / Istio 1.8 rebase:

a161a53 - MAISTRA-1724 Don't watch namespaces if MRC is used (istio#161)

MAISTRA-1755: invoke UpdateNamespaces() as part of MemberRollController.Register()

Cherry-pick of f0eed15 for Maistra 2.1 / Istio 1.8 rebase.

MAISTRA-1724: Better hanlde deletion in NamespaceController

MAISTRA-2153: Disable namespace informer if MemberRoll is used (istio#283)

This causes istiod to skip creating the namespace informer in the
Kubernetes service registry controller if a MemberRoll is specified,
because Maistra cannot read namespace objects.  This will affect the
behavior of multi-network deployments that do not use mesh networks
for configuration, i.e. a namespace cannot be labeled with a default
network now.

MAISTRA-2197: Push first update when cache is warm (istio#294)

Change SMMR Controller behavior to only send the first update to
listeners when it has a list of members ready. In other words, when
cache is synced.

Before this, the first update was sent with only one hardcoded member:
The control plane namespace. Now it is sent with the full list of SMMR
members.

While on that, switch to our own log scope, to facilitate debugging.

Manual cherry pick of maistra/istio#291

MAISTRA-2233: Start xns-informers with empty namespace set (istio#303)

The multi-namespace informers created by xns-informers default to
watching all namespaces to match upstream behaviour.  This causes
permissions issues in Maistra because they will do this until the
first update from the MemberRoll controller sets the correct set of
namespaces on each informer.  We should instead explicitly configure
them with an empty set of namespaces at startup.

MAISTRA-2234: Seed MemberRoll listeners with system namespace (istio#302)

The MemberRoll controller was changed in MAISTRA-2197 to not send the
initial update with just the system namespace to all listeners.  This
can be a problem when the user hasn't created an SMMR resource yet,
because any listeners registered before the caches sync may never get
an update informing them to watch the system namespace.

This attempts to work around the issue by having all listeners
individually wait on the caches to sync, then seed just the system
namespace if no SMMR resource is found.

MAISTRA-2271: Update xns-informers to fix delete events issue (istio#315)

This updates xns-informers to include a fix for sending delete events
for all objects when a namespace is no longer watched.

See: maistra/xns-informer#12

Co-authored-by: Brad Ison <brad.ison@redhat.com>

OSSM-2006 Fix multiNamespaceInformer.HasSynced()

fix(xns-informer): only sync nsInformer when not nil (istio#684)

Fix shutting down namespace controller

Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>

OSSM-2233: uses maistra.io/api instead of copying

    Before we were generating and copying Maistra API types, now we use it
    as a dependency.

    Additionally following changes are introduced:

     - vendoring has been removed, as we now use embedded manifests from maistra/api in tests
     - cleans up Makefiles
     - removes unnecessary files (generated API)

OSSM-2375 Log the list of member namespaces on every change (istio#716)

Co-authored-by: Marko Lukša <marko.luksa@gmail.com>

OSSM-3703: Fix AUTO_RELOAD_PLUGIN_CERTS in multi-tenant mode (istio#778)

* OSSM-3703: Fix AUTO_RELOAD_PLUGIN_CERTS in multi-tenant mode

Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>

* Revert unnecessary variable declaration

Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>

---------

Co-authored-by: Marko Lukša <marko.luksa@gmail.com>
Co-authored-by: Jacek Ewertowski <jewertow@redhat.com>
Co-authored-by: Daniel Grimm <dgrimm@redhat.com>
Co-authored-by: Brad Ison <brad.ison@redhat.com>
Signed-off-by: Yann Liu <yannliu@redhat.com>

…ter-merge_upstream_istio_master-6253864e

Automator: merge upstream changes to openshift-service-mesh/istio@master