Per-port Destination rules and fault injection #5055
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 7 commits
April 18, 2018 15:58
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
ZackButcher
approved these changes
Apr 20, 2018
| FixedDelay: &delayDuration, | ||
| } | ||
| default: | ||
| log.Warnf("Ignoring exponential fault in route") |
There was a problem hiding this comment.
Exponential faults are not yet supported in routes
or similar; when we say "ignoring" it's not clear if its the user's fault (e.g. bad config) or that it's not supported.
| HttpStatus: uint32(a.HttpStatus), | ||
| } | ||
| default: | ||
| log.Warnf("Ignoring non http status type faults") |
There was a problem hiding this comment.
same as above:
Currently only "status" type HTTP faults are supported in routes
or similar.
added 2 commits
April 20, 2018 18:28
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
|
New changes are detected. LGTM label has been removed. |
Codecov Report
@@ Coverage Diff @@
## release-0.8 #5055 +/- ##
=============================================
Coverage ? 74%
=============================================
Files ? 323
Lines ? 27329
Branches ? 0
=============================================
Hits ? 20000
Misses ? 6538
Partials ? 791
Continue to review full report at Codecov.
|
added 2 commits
April 20, 2018 22:36
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
added 2 commits
May 2, 2018 18:44
|
/test e2e-simple |
to generate_yaml-envoyv2_transition_loadbalancer_ingressgateway Makefile target
|
/test e2e-bookInfo |
This reverts commit a39da0e. To debug it and to handle it in a separate PR.
…nto per-route-fault
|
@rshriram: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
costinm
reviewed
May 3, 2018
| @@ -172,7 +172,7 @@ test/local/cloudfoundry/e2e_pilotv2: | |||
| test/local/noauth/e2e_bookinfo_envoyv2: generate_yaml-envoyv2_transition_loadbalancer_ingressgateway | |||
| @mkdir -p ${OUT_DIR}/logs | |||
| set -o pipefail; ISTIO_PROXY_IMAGE=proxyv2 go test -v -timeout 20m ./tests/e2e/tests/bookinfo \ | |||
| --skip_cleanup --auth_enable=false --v1alpha3=true --egress=false --ingress=false --rbac_enable=false \ | |||
| --skip_cleanup --auth_enable=true --v1alpha3=true --egress=false --ingress=false --rbac_enable=false \ | |||
There was a problem hiding this comment.
We have now a separate test - properly called /auth/ :-)
|
merging as CLA bot is stuck.. All tests pass. |
incfly
pushed a commit
to incfly/istio
that referenced
this pull request
May 4, 2018
Also remove the accidetally included port level DR policy istio#5055.
baodongli
pushed a commit
to baodongli/istio
that referenced
this pull request
May 9, 2018
* update Go control plane Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * enabling fault injection Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * per port destination rules Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * clearer log message Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * update proxy sha Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * update proxy sha again * dep ensure * fix tests * fix nil map * format * dep ensure * update proxy SHA Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nit Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix buildprotostruct Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * more struct conversion errors Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint * fix up service entries * enable auth for test/local/noauth/e2e_bookinfo_envoyv2 * enable egress tests for test/local/noauth/e2e_bookinfo_envoyv2 * dep lint fix * fix validation Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix * update istioctl tool for new ServiceEntry.Addresses field * add generation of istio-auth.yaml to generate_yaml-envoyv2_transition_loadbalancer_ingressgateway Makefile target * Revert "enable egress tests for test/local/noauth/e2e_bookinfo_envoyv2" This reverts commit a39da0e. To debug it and to handle it in a separate PR.
incfly
pushed a commit
to incfly/istio
that referenced
this pull request
May 9, 2018
Also remove the accidetally included port level DR policy istio#5055.
rshriram
pushed a commit
that referenced
this pull request
May 25, 2018
* Add handling of ISTIO_MUTUAL when generating cluster config. * Remove the inferences from authn policy. Also remove the accidetally included port level DR policy #5055. * respect the global configmap by changing how to build defaultTrafficPolicy * Fill in TLSSettings in advance to avoid plumbing service account. * remove dead code. * Skip override for external and support port level settings. * update dependency * restore port level settings. * remove redudant call plugins loop. * Check fields to avoid null pointer reference. * fix the lint. * Move down the H2 header since ISTIO_MUTUAL to avoid NPR. * Change cluster.go to remove TLS when it's DISABLE mode. * Add the DestinationRule to make the test passing. * Add DestinationRule to pass TestAuthnJWT test. * Remove obsolete todo * Only add DestinationRule when auth is enabled for TestAuthNJwt. * Move configmap check into the branch when no DR is available. * Remove the NIR code in cluster.go. * Add H2 back and change disable-egress-mtls.yaml for gateway. * Fix ingress e23 tests * Correct template * Apply DR template for TestRoutes. * Fix TestRouteFaultInjection * Add tls ISTIO_MUTUAL for mixer destination rules. * fix the lint in cluster.go. * Rename the fillTemplate and clarify the comments. * Change the ISTIO_MUTUAL for grpc-mixer-mtls port, instead of everything. * Wrap around adding DR before checking v1alpha3. * fix the lint and change istio-telemetry port tls. * Add ISTIO_MUTUAL in route-rule-all-v1. * Branching the route-rule-all-v1-mtls when auth_enable=true for prow test. * copy the kube/route-rule-all-v1-mtls.
quanjielin
pushed a commit
to quanjielin/istio
that referenced
this pull request
May 30, 2018
…o#5525) * Add handling of ISTIO_MUTUAL when generating cluster config. * Remove the inferences from authn policy. Also remove the accidetally included port level DR policy istio#5055. * respect the global configmap by changing how to build defaultTrafficPolicy * Fill in TLSSettings in advance to avoid plumbing service account. * remove dead code. * Skip override for external and support port level settings. * update dependency * restore port level settings. * remove redudant call plugins loop. * Check fields to avoid null pointer reference. * fix the lint. * Move down the H2 header since ISTIO_MUTUAL to avoid NPR. * Change cluster.go to remove TLS when it's DISABLE mode. * Add the DestinationRule to make the test passing. * Add DestinationRule to pass TestAuthnJWT test. * Remove obsolete todo * Only add DestinationRule when auth is enabled for TestAuthNJwt. * Move configmap check into the branch when no DR is available. * Remove the NIR code in cluster.go. * Add H2 back and change disable-egress-mtls.yaml for gateway. * Fix ingress e23 tests * Correct template * Apply DR template for TestRoutes. * Fix TestRouteFaultInjection * Add tls ISTIO_MUTUAL for mixer destination rules. * fix the lint in cluster.go. * Rename the fillTemplate and clarify the comments. * Change the ISTIO_MUTUAL for grpc-mixer-mtls port, instead of everything. * Wrap around adding DR before checking v1alpha3. * fix the lint and change istio-telemetry port tls. * Add ISTIO_MUTUAL in route-rule-all-v1. * Branching the route-rule-all-v1-mtls when auth_enable=true for prow test. * copy the kube/route-rule-all-v1-mtls.
ozevren
added a commit
that referenced
this pull request
Jun 4, 2018
…9a02d10064d169 (#6019) * Generate inboundPorts for the init container (#5070) * Adde list of container ports to the injected inbound ports * Add support for helm * [test pr] check if 503s and other known bugs are fixed removing the t.Skip() Should fail in CI until we have a fix * prune old version resources that no longer exist (#5107) Automatic merge from submit-queue. prune old version resources that no longer exist * [vendor-change] CloudWatch Mixer adapter (#4617) Automatic merge from submit-queue. [vendor-change] CloudWatch Mixer adapter Adding an adapter to send metrics to cloudwatch * Enable Ingress/Egress gateways in Helm for bookinfo demos (#5120) Automatic merge from submit-queue. Enable Ingress/Egress gateways in Helm for bookinfo demos * Consume labeled multicluster secrets on startup (#5117) Automatic merge from submit-queue. Consume labeled multicluster secrets on startup This patch when run against istio.yaml or istio-auth.yaml runs in the new config mode using only labels rather than configmaps. The configmap functionality can be removed in 0.9. * Add a linter check to make sure types.go are generated. (#5110) Automatic merge from submit-queue. Add a linter check to make sure types.go are generated. addresses https://github.com/istio/istio/issues/4418 * Remove outdated manifests from install/kubernetes (#4882) * Remove orig_ manifests * Remove istio-mixer-validator and istio-mixer-with-health-check manifests * Remove unwanted manifests before archiving * Remove istio-sidecar-injector.yaml from install/README.md * Remove *one-namespace*.yaml from install/README.md * Make helm-generated manifests overwrite updateVersion_orig.sh manifests * Add support for per-metric namespace configuration to prom config (#5112) * Adding CI workflow for checking vendor diff (#5051) Automatic merge from submit-queue. Adding CI workflow for checking vendor diff This aims to help ensure that a PR contains the correct vendor change, by running `dep ensure` and seeing if git detects any changes. * Introduce galley/pkg/server (#4974) Automatic merge from submit-queue. Introduce galley/pkg/server galley/pkg/server implements logic performs both CRD synchronization, along with resource synchronization operations. The resource synchronizers are started/stopped as CRDs (of interest) are added/deleted. * [vendor change] Add metrics command to istioctl experimental cli (#4945) Automatic merge from submit-queue. [vendor change] Add metrics command to istioctl experimental cli This PR adds a new command for retrieving service-level metrics for services within an Istio service mesh. In combination with the `watch` command, this tool may be used to display a rudimentary service dashboard from the commandline. This command requires the deployment of a prometheus instance for monitoring the mesh. It discovers a prometheus pod, establishes a port-forward to that pod, and executes a series of queries to extract the metrics for display. Currently, this command pulls all metrics from the current time, calculating rates and latencies over a time window of 1 minute. In the future, it will be possible to add support for flexible time windows. Example usage (bookinfo example): ``` $ istioctl experimental metrics productpage reviews ratings details productpage: Total RPS: 7.872870 Error RPS: 0.000000 P50 Latency: 40ms P90 Latency: 80ms P99 Latency: 98ms reviews: Total RPS: 7.909235 Error RPS: 0.000000 P50 Latency: 4ms P90 Latency: 9ms P99 Latency: 21ms ratings: Total RPS: 5.309187 Error RPS: 0.000000 P50 Latency: 2ms P90 Latency: 4ms P99 Latency: 4ms details: Total RPS: 7.872870 Error RPS: 0.000000 P50 Latency: 3ms P90 Latency: 38ms P99 Latency: 48ms ``` This tool is intended primarily to aid with debugging, as discovering what is happening with a mesh and/or a particular service can be somewhat cumbersome. Reviewers: please let me know if there is a more appropriate place for such a tool and if there is more/different information that you think is relevant to display for a service. Vendor PR: https://github.com/istio/vendor-istio/pull/58 * unset IFS, minor fix for perf setup (#5124) Automatic merge from submit-queue. unset IFS, minor fix for perf setup * perf setup update: add grafana, misc fixes (#5028) * need git pull --tags to get latest_release movement, use DUR variable for duration * Add grafana ingress Doesn’t work because of mixer/telemetry split yet but almost Also had to disable mtls for grafana - this should be the default * Add annotation for no mtls in helm template * From 0.8 prometheus is already in the yaml See #5111 * Assert requried circle CI envs in ci2gubernator (#5137) Automatic merge from submit-queue. Assert requried circle CI envs in ci2gubernator There has been cases where tests on circle failed when calling ci2gubernator because `CIRCLE_PR_NUMBER` unbound. This PR asserts the existence of the circle ci envs required by ci2gubernator and resort to no op if any of those is not defined. * Add Mixer perf tests that includes the RPC path. (#5013) Automatic merge from submit-queue. Add Mixer perf tests that includes the RPC path. The perf tests included two sets of tests (proper v.s. with _R2 suffix). The tests with _R2 suffix was for testing runtime2 implementation. Now that there is only one runtime, repurposing some of the tests to include the gRpc layer as well. * verify 200 status code in addition to header value (#5163) * Add/Update Mixer e2e tests to cover more attributes sent from Envoy. (#5152) * Add/Update Mixer e2e tests to cover more attributes sent from Envoy. * Fix indent. * Assorted bug fixes for 0.8 (#5133) * assorted bug fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Updated zipkin to 2.7 for istio. (#5155) Automatic merge from submit-queue. Updated zipkin to 2.7 for istio. This is a follow up PR for https://github.com/istio/istio/pull/4726 /cc @ldemailly * fix path for go 1.10 on perf vm (#5168) * Move mixer filter to per_filter_config (#5073) Automatic merge from submit-queue. Move mixer filter to per_filter_config Move the per route mixer filter config from the metadata field to per_filter_config and turn it into a ServiceConfig proto. * Enable test * [vendor change] Add B3 codec to Jaeger tracer to enable mixer trace to be included in… (#5116) Automatic merge from submit-queue. [vendor change] Add B3 codec to Jaeger tracer to enable mixer trace to be included in… … the application trace - and extended zipkin test to check for the mixer span Installs the B3 codec into the Jaeger tracer to enable B3 headers to be understood and therefore associate any spans with the existing application trace. The PR also updates the zipkin e2e test to check that the mixer spans are included in the application trace instance. Once an initial review of the PR has been approved I'll commit the vendor change - using "dep ensure"? Locally this has resulted in a number of dependencies being deleted under `vendor/k8s.io/client-go/`. Signed-off-by: Gary Brown <gary@brownuk.com> * remove prometheus from release archives (#5150) Automatic merge from submit-queue. remove prometheus from release archives * Add Galley command-line flags "server" and "purge" (#4977) Automatic merge from submit-queue. Add Galley command-line flags "server" and "purge" Add command-line flags for server and purge commands. * Simplify the auth test Thanks Andra for pointing out that version should fail/work the same as using pod IP directly as the destination container never sees the original cluster IP * adds guard for kube client (#5140) * adds guard for kube client - there may not always be one, especially in the case of CF. - made CF case more explicit * ci2gubernator: stop checking for unset variables * Fix single endpoint pilot ads look up (#5165) * Add an experiment subcommand rbac to istioctl. (#5093) Automatic merge from submit-queue. Add an experiment subcommand rbac to istioctl. The subcommand is used to interact with Istio RBAC policies, this PR adds the basic interface and the actual logic will be added in a later PR. See #4856. * Fixing race test failure in TestAdsEds (#5161) Automatic merge from submit-queue. Fixing race test failure in TestAdsEds introduced by https://github.com/istio/istio/pull/4694 addresses #4235 * v1alpha1 to v1alpha3 rule conversion tool bug fixes and subset merging (#5178) * v1 to v3 conversion enhancements and tests * Handle DestinationPolicy w/o labels * Remove AddJwtAuth (#5194) Automatic merge from submit-queue. Remove AddJwtAuth There is a compile error. # istio.io/istio/mixer/test/client/env ../../../../../mixer/test/client/env/mixer_filter_config.go:167:47: undefined: client.JWT ../../../../../mixer/test/client/env/mixer_filter_config.go:168:21: mfConf.PerRouteConf.EndUserAuthnSpec undefined (type *client.ServiceConfig has no field or method EndUserAuthnSpec) ../../../../../mixer/test/client/env/mixer_filter_config.go:168:42: undefined: client.EndUserAuthenticationPolicySpec ../../../../../mixer/test/client/env/mixer_filter_config.go:169:21: mfConf.PerRouteConf.EndUserAuthnSpec undefined (type *client.ServiceConfig has no field or method EndUserAuthnSpec) Remove AddJwtAuth function. cc @diemtvu * Skip bad routes instead of erroring (#5183) * Skip bad routes instead of erroring Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nits Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * final nits Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix rules * BlackHole with a capital H * validate clusters false Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Fetch/cache/refresh JWT public key, construct localJwks in sidecar filter config (#5061) Automatic merge from submit-queue. Fetch/cache/refresh JWT public key, construct localJwks in sidecar filter config https://github.com/istio/istio/issues/4917 This PR includes 1. fetch JWT public key, and cache the key. 2. key rotation - a refresher job refresh key periodically. 3. use the key to construct localJwks in sidecar filter config. * Introduce dynamic proto3 encoder (#5122) * WIP commit * Remove dead code * Rearrange code * split code into encoderUtil * Everything except ENUM * use protoc 3.5.1 to ensure json names are generated * expose internal funcs * WIP3. all dynamic and static elementry types. No repeated or packed * support packed static primitive types * use switch in place of if * primitives with eval and packed repeated * all primitives with expressions * add test with enum constants and expressions * add expressions in repeated fields * Refactor 2 * linter checks * fix linter2 * split encoder and builder * rename eval to primitive * add all dynamic tests * Add dependency for messagediff * add full dynamic test * update comment * fix linter error * Update vendor. Add messagediff.v1 for test verification * add all positive tests * improve test coverage * remove updated to lang.compiled * fix linter error * handle float64 inputs for integers * Builder.Build() takes msgName and data * WIP2 * review comments * review comments * rename messagediff to diff * add more tests * Update deps * improve test coverage * add log message while skipping fields * increase test coverage * update dep status * Add more files to gitignore (#5198) * Fix Mixer dashboard CPU reporting (#5145) Automatic merge from submit-queue. Fix Mixer dashboard CPU reporting A previous PR seems to have accidentally removed the "rate" component of the CPU calculations for the Mixer Dashboard. This results in an ever-increasing CPU graph. This PR restores a proper rate-based display for CPU calculation. It also renames the jobs in the Prometheus config to better align with the split from Mixer to Istio-Telemetry and Istio-Mixer (providing easier to understand tracking between cAdvisor metrics and the self-reported metrics. This PR should be cherry-picked onto the 0.8 branch. * fix nil reference error when mock server fails to start (#5216) * [WIP] refactor bookinfo to use different gateway definitions for envoy v1/routing v1alpha1 and envoy v2/routing v1alpha3 (#5113) * restrict the tests to either v1alpha1 or v1alpha3 * move applying defaultRules into setUpDefaultRouting * extract Ingress (Gateway) definition from bookinfo.yaml it is different for v1alpha1 and v1alpha3 * make the gateway rule first in defaultRules, so it will be applied first * fixed wrong variable names in mixer tests * fixed the location of bookinfo gateway yaml * fixed wrong variable in mixer test * add missing spec and name to destination-policy-reviews * remove comment line in samples/bookinfo/routing/bookinfo-gateway.yaml * add port 9080 to the new bookinfo gateway * remove using a special destination rule for reviews * refactor GetIngress to make it reusable for GetIngressGateway extract functions for getting Kubernetes Ingress and NodePort * remove a shadowing variable * refactor GetIngressPod, add GetIngressGateway * add IngressGateway() to framework Kube * added using IngressGateway() of framework Kube in bookinfo e2e tests * use load balancer ingress IP to get the IP of the nodeport * use ingress IP for nodeport * remove commented out line * fixed getting the ingress as the IP for a NodePort * Revert "fixed getting the ingress as the IP for a NodePort" This reverts commit 594e58d9ae9d7eb4374979b21795f0a945abdc3d. * Revert "use ingress IP for nodeport" This reverts commit 333b80f92e12aef938b8ef8d576074c8a3a2ab57. * Revert "use load balancer ingress IP to get the IP of the nodeport" This reverts commit 3c138e4819bc5cc41f3e74b9f4fd6371c103bbe8. * add generate_yaml-envoyv2_transition_loadbalancer_ingressgateway to generate istio configurations without ingress and with ingressgateway as a LoadBalancer service * use generate_yaml-envoyv2_transition_loadbalancer_ingressgateway in test/local/noauth/e2e_bookinfo_envoyv2 * added LoadBalancerServiceType and NodePortServiceType constants * rewrote the ingress related logic use LoadBalancer type for non-local and NodePort for local tests * lint fixes * fix lint errors * *sync.Locker -> sync.Locker, use interface instead of a pointer to interface * refactor: extract getServicePort() from getServiceNodePort() * add isKubernetesIngress flag to tests/util.GetIngress() * fix the destination port in the virtual service of the gateway * Revert "add isKubernetesIngress flag to tests/util.GetIngress()" This reverts commit 8dbe13cc4b0d69c0790a96c1d82c749a2c91dcae. * set different retry values for LoadBalancer and NodePort according to the original implementation * fix logging message * fix a typo * Introduce pkg/ctrlz, Istio's introspection package. (#5123) * Introduce pkg/ctrlz, Istio's introspection package. Processes that integrate with ControlZ open up a port that enables operators to connect with a web browser and interact with the process. Through the browser, the operator can adjust logging scope levels, see the process' command-line arguments and envirinment variables, see statistics about heap use, and more. Integration with ControlZ is nominally two line deal for processes. Optionally, processes can extend the base ControlZ UI and integrate their own screens into the main UI. In addition to the browser interface, there is a REST API enabling access to all the same things that the UI shows. Mixer is integrated with ControlZ but doesn't currently have custom UI. We should integrate ControlZ with our other server components in due time. * Add myself to owners. (#5039) * pod Ip is actually required Service vip doesn’t exist for non existent port and we need a non existent port to get the bad routing behavior * Expose image of each istio component for istio chart. (#5222) Automatic merge from submit-queue. Expose image of each istio component for istio chart. Make `image` for each Istio component be configurable. This is useful in case that users build or retag Istio image. /cc @gyliu513 @linsun @sdake * Undoing accidental merge to master * Adding zone/region node labeling if missing (#5164) * Fixing missing INSTANCE_IP * Fix yaml error * Rename v1alpha3.ExternalSerivce to v1alpha3.ServiceEntry (#5195) * first pass renaming v1alpha3.ExternalSerivce to v1alpha3.ServiceEntry * rename ServiceEntry.Discovery to ServiceEntry.Resolution * update vendor to latest istio/api * fix cloudfoundry copilot e2e test (#5188) * initial changes to fix both pilot endpoints * they now should be curl'ing the right things properly booting an envoy with dynamic template now new port name for building listeners Include port for Cloud Foundry services * Building listeners now requires named ports. * always run cloudfoundry tests * moves cloudfoundry circleci test to own run * adds cloudfoundry test to all * want to just use default env vars * need GOPATH/bin on path for envoy * switch to defaults which uses da container * disable zipkin test in pilot * add missing clusters to ads mesh response (#5221) * e2e test for JWT authn policy (#5144) Automatic merge from submit-queue. e2e test for JWT authn policy https://github.com/istio/istio/issues/5078 1. JWT token used here expires in year 2132 (borrowed from https://github.com/istio/proxy/blob/master/src/envoy/http/jwt_auth/sample/correct_jwt). 2. will add another e2e test for fetching JWT public key scenario after https://github.com/istio/istio/pull/5061 is in. * Set listeners h2 max streams to override nghttp2 client default of 100 (#5232) Automatic merge from submit-queue. Set listeners h2 max streams to override nghttp2 client default of 100 Reference issue: https://github.com/envoyproxy/envoy/issues/3076 Signed-off-by: Kuat Yessenov <kuat@google.com> * Enable ControlZ to fetch the current process' known logging scopes. (#5245) Automatic merge from submit-queue. Enable ControlZ to fetch the current process' known logging scopes. * Add more parameters to sidecar injector helm template (#5044) Automatic merge from submit-queue. Add enableCoreDump and policy parameters to sidecar injector helm template * Fixing fallout of renames in earlier commit + restore auth for e2e-simple on circle (#5241) * Fixing fallout of renames in earlier commit * Re fixing lost fix that e2e-simple should run with auth Technically it should run with both auth and no auth like on prow but if it runs only 1 mode it should be with auth * follow output log pattern for cloudfoundry e2e test (#5234) - and tee to a new file so it doesn't overwrite * bootstrapv2: Stop using deprecated cluster_names (#5225) Using cluster_names in GRPC resource config is deprecated: https://github.com/envoyproxy/envoy/commit/ad02e4ac036be359c435d33c987501477c648020 Signed-off-by: Romain Lenglet <romain@covalent.io> * Address a few causes of Gateway/Filterchain failures (#5185) * Sort HTTP route virtual hosts before sending listeners to Envoy. Listeners with multiple filter chains containing HTTP filters require that the HTTP filters have consistent ordering due to how Envoy computes updates. * don't respond with empty listeners * address review comments * fix linter * linters, once more * use configurable paths for envoy and envoy config locations (#5248) * re-add istioctl unit tests to Makefile (#5205) * re-add istioctl unit tests to Makefile https://github.com/istio/istio/pull/3820 moved istioctl out of pilot subdirectory but forgot to re-add istioctl unit tests to top-level Makefile. Fix that problem and also the currently broken tests. * add missing test data * return an error when Envoy fails to start (#5251) mixer and backend should also do this, but that involves slightly more work. * change bookinfo test to use helm install (#5114) * add helm testing * adding a few supporting methods for helm * test: modify to invoke helm install * Revert "test: modify to invoke helm install" This reverts commit 0083f3c361acba49700a8a20e03b6cffab9c27f1. * adding a few function to install tiller * add pod name in log * customize values for helm install * try enable helm installer * change to the right time * fix build issue * fix build issue * set correct helm path and params * fix e-2-e error in helm dry run * use the correct install dir * use the correct namespace for the testing * Pilot crash in pushEDS function (#5266) * Crash fix * Adjusting the fix * check in https://github.com/istio/istio/pull/5238 to 0.8 branch (#5261) Automatic merge from submit-queue. check in https://github.com/istio/istio/pull/5238 to 0.8 branch check in https://github.com/istio/istio/pull/5238 to 0.8 branch, which is required for jwt authn policy to work in v2. * fix bookinfo v1alpha3 version migration test (#5224) * added printing unexpected version in version migration tests * print the diffs with the compared versions in case migration test fails * apply default rules after every bookinfo test in v1alpha3 there is no rule precendence, a new rule just deletes the old one there is no possibility to have two rules on the same host * apply all the default rules instead of only allRule after each test * Merge circleci fix from master (#5313) * hostname assign error (#5285) * Crash fix * Adjusting the fix * fixing Hostname assignement * Fix collateral from the change * Adding inbound to if * Enable mTLS for pilot e2e tests (#5268) * Enable mTLS for pilot e2e tests * Change generate_yaml-envoyv2_transition to output to istio-auth.yaml as test is in auth enabled mode * Add grpc ports to containerPort list as inboundPorts are limitted by these since https://github.com/istio/istio/pull/5070 * Disable rbac e2e test as it crash when authn enabled. * Disable egressgateway when mTLS enable. * Use consul node address as a backup when filtering service instances (#4195) * Fix error when running minikube (#4502) There will be error like this if this field is missing: Object 'Kind' is missing in ... * Delete custom resources before uninstalling chart. (#5279) * Improve the script to generate jwt (#5297) * Fix doc * Revert code change to pass test * Make metrics command ready for web scale. (#5289) This change makes the output denser and easier to read. Example usage (bookinfo example): $ istioctl experimental metrics productpage reviews ratings details SERVICE TOTAL RPS ERROR RPS P50 LATENCY P90 LATENCY P99 LATENCY productpage 7.873 0.000 40ms 80ms 98ms reviews 7.909 0.000 4ms 9ms 21ms ratings 5.309 0.000 2ms 4ms 4ms details 7.873 0.000 3ms 38ms 48ms Signed-off-by: Piotr Sikora <piotrsikora@google.com> * prevent mixing istio-ingressgateway and istio-ingress in proxy config (#5326) * use env.Mesh.IngressService instead of hardcoded string * add definition of IngressService to the mock mesh in the proxy config test * add dot to prefix comparison of Ingress Service * Update proxy sha to latest in release-0.8 (#5314) * Update proxy sha to latest. * update to newer proxy sha * Include bookinfo gateway definition into upgrade e2e test. (#5316) * Add all circle ci tests to testgrid (#5184) * use client-go's default client config loading rules (#5336) * Fix egressgateway e2e test when mTLS enable. (#5333) * Change service entry for egressgateway to b, which is in the mesh, so that test works when authn is enabled. * Disable mTLS for service t so it can be used as fake external service. * Add missing policy yaml. * Add comment to explain the purpose of authn policy for egressgateway test. * Revert accidental revert. * Correct fix: disable mTLS for egressgateway instead. * Correct authn policy yaml file. * Correct policy target name. * bugfix: tracing operations for mixer sidecar (#5362) * Update envoy_telemetry.yaml.tmpl * Update envoy_policy.yaml.tmpl * disable flakey controller cache tests (#5337) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Fix v1alpha3 abort rule not working in task (#5366) * Disable rbac e2e test. (#5374) RBAC consistently failed for days - the other tests were broken in post-submit as well * eds: Hold lock for iterating on EDS clusters for logging (#5373) Fixes: https://github.com/istio/istio/issues/4903 Signed-off-by: Romain Lenglet <romain@covalent.io> * Fix mesh expansion, add the v2 ports (#5312) * re-add flags for consul and eureka until these fields can be set by config/file (#5339) * Revert 'enable auth on the noauth test' (#5378) * Test and more bug fixes. (#5127) * Test and more bug fixes. Adding more coverage to the local tests showed that mixer can break listeners in some cases - this is a P0, we shouldn't cut release until this is in. * Remove select used for debug, too verbose message * Fix lint, format. Add few metrics on rejected configs * More debug/monitoring help * More testing and debuggability. Refactored the cluster method to allow more info in the message and simplify * Update timeout * More varz, fix lint/race * Move controller test out, seems to be interfering with the other tests * Use default timeout, add the moved controller_test * If AuthPolicy is MTLS, use the MTLS port * remove api section from istio.deps (#5375) No code change, needed to fix the branch. * Attempt to capture periodic/flaky/etc in testgrid (#5386) Branch fixing, no code change. * Per-port Destination rules and fault injection (#5055) * update Go control plane Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * enabling fault injection Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * per port destination rules Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * clearer log message Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * update proxy sha Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * update proxy sha again * dep ensure * fix tests * fix nil map * format * dep ensure * update proxy SHA Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nit Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix buildprotostruct Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * more struct conversion errors Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint * fix up service entries * enable auth for test/local/noauth/e2e_bookinfo_envoyv2 * enable egress tests for test/local/noauth/e2e_bookinfo_envoyv2 * dep lint fix * fix validation Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix * update istioctl tool for new ServiceEntry.Addresses field * add generation of istio-auth.yaml to generate_yaml-envoyv2_transition_loadbalancer_ingressgateway Makefile target * Revert "enable egress tests for test/local/noauth/e2e_bookinfo_envoyv2" This reverts commit a39da0e34446c4107e21957231c3bda6a9398492. To debug it and to handle it in a separate PR. * Wildcard hostnames (#5363) * Add Hostname type to describe hostnames, and use it in Pilot's model. This will be used to provide structure for logic for hostname matching. * Implement Matches for hostnames, with support for wildcards. Update string->model.Hostname in a few places I missed. * fix a bunch of tests I missed on the first pass * Add host matching of the hosts exposed by a server on the hosts exposed by a virtual service. We skip the VirtualService if its hosts aren't matches of the server's hosts. Downgrade some noisy logging. * roll back stuff touching v1alpha1 * make the linter happy * implement sorting of hostnames, use it to determine best matches when getting destination rules for a hostname * fix linter errors * fix build failure due to bad merge * make sure *.foo.com does not match foo.com * doh, fix my own tests * add some test cases for 'odd' wildcards, e.g. *foo.com * rebase and fix conflicts * another set of merge conflicts * revert bad merge * one more bit I missed * Correct authn flags for pilot v2 e2e test. (#5394) Test infrastructure problem, no code change. * We shouldn't swallow errors without a trace (#5207) * Change number is expected to be an int (#5396) Fixing test infra, no code change. * allow 'istioctl get gateway' etc (#5395) * This PR broke mixer as its CRs were getting deleted after getting published to kubernetes config server. (#5397) Revert "Delete custom resources before uninstalling chart. (#5279)" This reverts commit d266a5ce4bb16d25867b3e145399a7f61e58739c. * Enable e2e test for mTLS enable via authn policy for both Istio install mode (enable/disable mTLS by default). (#5385) * fix incorrect upstream tls context generation (#5387) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Update istio.io/api dependency. (#5388) * add root CA bundle and use it for making https request in pilot (#5368) * add root CA bundle and use it for making https request in pilot * address comment - rename to secureHttpClient * let test pass if mock server fails to start (#5317) add logging/increase retry times when mock server fails to start * Add mixer tests for the Istio authn filter (#5267) Add the following Mixer tests for Istio authn filter - Test when requiring JWT for peer and binding to peer, the authn attributes in the actual check and report calls match those in the expected check call - Test when requiring JWT for peer and binding to origin, but no method specified in origin policy, the request will be rejected by Istio authn filter. - Test when when requiring JWT for origin and binding to origin, the authn attributes in the actual check and report calls match those in the expected check call. - Test when requiring JWT for origin and no binding to origin, the authn attributes in the actual check and report calls match those in the expected check call. - Test when the HTTP request is rejected by the Istio authn filter for peer JWT authentication, the response code and the response message is as expected. - Test when the HTTP request is rejected by the Istio authn filter for origin JWT authentication, the response code and the response message is as expected. - Test when the Istio authn filter requires mTLS for peer connection, the non mTLS connection is rejected and the response code and the response message are as expected. - Test when the Istio authn filter requires TLS for peer connection, the non TLS connection is rejected and the response code and the response message are as expected. * re-enable the rbac e2e test in e2e_pilot and e2e_pilotv2 (no auth). (#5402) * Enable rbac e2e tests. It's fixed in #5397. * Also enable rbac e2e for test/local/noauth/e2e_pilotv2. * Specify --rbac_enable=true explicitlly. * Use v2 in ingressgateway, pilot, mixer. Cleanup. (#5401) * Use v2 in ingressgateway, pilot, mixer. Cleanup. * Add v2 to egress, consistent pull policy * Revert pull policy default * Missed a go, found by the test * Cleanup circle zombies (#5399) * Cleanup circleci jobs: remove zombies * Move cloudfoundry test around, better capture output in dashboard Move cloudfoundry to tests * conversion to junit in makefile * istioctl convert-networking-config Ingress to Gateway (#5411) * istioctl convert-networking-config Ingress to Gateway * Remove whitespace for lint * Don't shadow err var * Don't try to improve MergedGateways output * Use the new ingressgateway selector * Revert "Add mixer tests for the Istio authn filter (#5267)" (#5426) This reverts commit 2099c15597780ae99d511274c091a746b0464feb. * Change Istio CA to Citadel in README. (#5318) * Update proxy sha (#5463) * Change GKE version from 1.9.6-gke.0 to 1.9.6-gke.1 (#5460) 1.9.6-gke.0 is not available in GCP anymore, 1.9.6-gke.1 should be used instead. Currently, GCP DM deployment fails with following error: istio-cluster: {"ResourceType":"container.v1.cluster","ResourceErrorCode":"400","ResourceErrorMessage":{"code":400,"message":"Version "1.9.6-gke.0" is invalid.","status":"INVALID_ARGUMENT","statusMessage":"Bad Request","requestPath":"https://container.googleapis.com/v1/projects/aburnos-kube-playground/zones/us-central1-a/clusters","httpMethod":"POST"}} * Add dns lookup family to the clusters (#5447) * add setting dns_lookup_family to v4_only required due to https://github.com/envoyproxy/envoy/issues/3306 in v2, the default value of dns_lookup_family changed from v4_only to auto * enable bookinfo egress tests for v1alpha3 * Revert "enable bookinfo egress tests for v1alpha3" This reverts commit 1c9d5422177d8f271c230c0fff8b9ab4b2559cb3. * Fix fault rule versions (#5471) Force merging because test failure unrelated to this change. * Revert incorrect change to fault rules (#5476) Undoing previous incorrect fix * enable mtls for ingressgateway loadbalancer istio-auth.yaml (#5405) * Remove expected error message check from test, as the message could be different depends on platform. (#5461) * Cloud Foundry service registry now supports internal routes (#5427) * can now use two envoys in same test - made proxy ports and additional http service are optional (we don't always need them) - simplifies the bootstrap template from for the CF test but can be used in other cases and is easier to read for first timers who just need dynamic discovery to happen * Bump cloudfoundry/copilot * Cloud Foundry registry supports internal routes - requires a iptables DNAT rule in our container to redirect a VIP to the physical envoy port * Fix log processing (#5485) We are missing logs in test-grid, no code change. * Fix duplicate key on helm ingress/deployment.yaml template (#5468) No code change. * Fix IPv6 iptables. (#5341) * refactor secret controller (#5445) * refactor secret controller * Removing secret bootstrap code * Race tests and more metrics around events from k8s (#5389) * More metrics, periodic push on by default * Fix the race - merged from a separate PR, to get the test passing * Finally reproduced and fixed the close race condition * Use a different ip for each test client. Fix lint * Improving the test, trying with larger numbers * Tests show another potential block, when a (broken) client is not reading. Add code to handle * Proper timeout on write * Bring the ads/eds tests to match old eds tests, refine the corner case checks * Improve hermeticity * Even more hermeticity, tests should not use same address so they can be run in parallel * Add metrics for push * Another pair of tests interfering with each other * Finally found the test flakiness problem, failing to close connections in previous tests * Fix the mixer test problem and add back the reverted authn mixer tests (#5458) * Fix the mixer test problem and add back the reverted authn mixer tests - Existing mixer tests have a problem that if multiple mixer tests run in parallel, they may cause the Envoy to crash and the failure of istio unit tests. This PR fixes such mixer test failures. - With the above mixer test problem fixed, this PR adds back the reverted authn mixer tests, which are reverted due to the aforementioned mixer test problem. * Change the code of removing the parallel running * Explicitely prohibit parallel running of the tests * Add one more flag * Add one more flag * Check the go version * Move mixer tests ahead to observe the result sooner * Enter/exit mixer directory * Place the mixer tests to its original place in Makefile * Add disable-hot-restart option for Envoy and disable hot-restart for new Mixer tests * Revert the changes to Makefile * Update proxy sha with stripped binary (#5482) * envoy_bootstrap_fix (#5450) * Create correct log dir for CloudFoundry pilot test (#5520) build change, not affecting the failed tests. * CKI-3 Use template variable for access log (#5501) * remove TLSClientConfig setting for httpclient (#5522) * Create CA certs and make citadel run with designated certs in multi-cluster (#5512) * Add bin/dump_kubernetes.sh which outputs logs and resource config YAML to a directory (#5422) * Dump resources into one large yaml * Also dumps previous logs * Add secrets and configmaps to resource dump * Do not create empty files * Move to bin/ * Rename dump.sh -> dump_kubernetes.sh * Check resource count for previous rather than ignoring errors * /bin/sh -> /bin/bash * Limit line length to 80 characters * Use `readonly` with global constants * Use local variables - declaration and assignment must be split in command substitutions * Add usage and parse_args function * Add quiet option * Use error for check_prerequisites * Add main function * Add dump_time * Pluralize ingress -> ingresses * Add events to dump_resources * make dumpsys calls bin/dump_kubernetes.sh * Add archive flag to make .tar.gz * `make dumpsys` OUT_DIR/{logs -> dump} * `make dumpsys` revert removal of tests directory * Update mixer service port names to use http/2 (#5530) * mixer: bind gRPC API locally to 9092 and use proxy on 9091 (#5370) * ignore and remove git history file (#5506) * Fix a DestinationRule for the bookinfo egress test (#5467) * enable bookinfo egress tests for v1alpha3 * name -> host in DestinationRule * helm lint check (#5406) * Use the global image pull policy in the configmap (#5465) * Make Kube Pod cache log line more helpful (#5256) * helloworld example does not include '-n istio-system' in commands for finding host:port (#4213) * enable rbac test for auth/e2e_pilotv2 (#5544) * CKI-3 Don't call DumpResponse when res is nil (#5494) Unrelated test failure. * Correct contaienr port of netcat server. (#5548) * Make DNS names case-insensitive (#5528) * Launch pilot locally failed for my kube config (#5558) * use namespace as chart name so it is unique * Revert "use namespace as chart name so it is unique" This reverts commit c144eeb9634461e7a6130031a3e8379e2556e155. * fix for #5507 launch pilot discovery failed https://github.com/istio/istio/issues/5507 * use namespace as chart name so it is unique (#5349) * Turn off logging for AZ as it is not in scope for 0.8 (#5562) * Create client using mechanism of PR 5300 (#5563) * Update api sha to release0.8 latest. (#5464) * Update api sha to release0.8 latest. * Change branch * Update Gopkg.toml too * Updated some files * update digest * Use port number instead of port name in CDS, EDS (for v2 only) (#5543) * Use port number instead of port name in CDS, EDS (for v2 only) Also fixes issues such as inability to route from one service to another, inability to rewrite destination port (80->443). Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint fix * fixes for consul unit test * bug fixes for external service registry and unit tests * lint fix * update destinations to use port number instead of name * bug fix for eds_test * bug fix for xds test * ads fixes * use service port for default clustername if service only has one port defined * gateway use common cluster name building function * lint fix * defaultPort->listenerPort review comment * cloudfoundry patch * revert to remove cf debug lines * lint fix * lint fix again * lint fix grumble grumble * set max_concurrent_streams to 1073741824 (#5570) * Buid, packaging, script fixes. (#5533) - update deb to v2 (no point in shipping a v1 deb, users can stick with 0.7 while upgrading) - fix iptabes - it was not cleaning up properly - fix istio-start - cp policy not matching the env - added test programs to the deb-test docker Also fix the base image for pilot to match that of the v2 sidecar, debugging is more useful at this point and we are not saving any disk. We can make a different option for 1.0 if nobody needs debugging, but we're not there. Also cleaned up a bit the build for the deb/docker. * V1 - set h2 max_concurrent_streams to 1073741824 (#5572) * use http_settings{MaxConcurrentStream: 1073741824} instead of feature=http2 * update golden images * Fix setting empty CA certificates field in gateway (#5560) * fix setting empty CA certificates field in gateway Similar to the handling in https://github.com/istio/istio/blob/release-0.8/pilot/pkg/networking/core/v1alpha3/cluster.go, applyUpstreamTLSSettings(). Empty CA certificates field causes Envoy to crash in validation - Envoy requires non-empty CA certificates string. Also Envoy requires non-empty TrustedCa struct * remove unneeded local variable * add a check that trustedCA is not nil * Update proxy to have raw JWT claims. (#5561) * Update proxy. * Fix mixer client test * attemp to fix 5564 - consistent way to create k8s client (#5566) * use namespace as chart name so it is unique * Revert "use namespace as chart name so it is unique" This reverts commit c144eeb9634461e7a6130031a3e8379e2556e155. * fix for #5507 launch pilot discovery failed https://github.com/istio/istio/issues/5507 * pilot/cmd/pilot-agent/main.go * clean up create interface * adding create Interface * fix lint error * fix unit test error * use clientcmd.BuildConfigFromFlags instead * simplify to use clientcmd.BuildConfigFromFlags * more switch to use clientcmd.BuildConfigFromFlags * address nit * correct lint err * Fix proxy config command for ingress, egressgateway and ingressgateway (#5575) * Define request.auth.claims (#5550) * add request.auth.claims attribute, regenerated attribute list * make request.auth.claims a STRING_MAP * Update_Dependencies (#5583) * Fixes for mesh expansion (#5573) * Mesh expansion doesn't handle internal ServiceEntries * More testing, finish up fixing ServiceEntry * Fix the test, add a test for the real use of the method * IMPORTANT: fix a bug in k8s selection by port. ByName is selecting the port using the name key - in the new function we still need to use the name of the service port to find the associated endpoint port (which may be different) To make the code more clear and avoid simiar issues - make the method take a single int param, there is no use in current code for multiple ports. Also add a way to specify the AZ for raw VMs, which was broken. * Fix build * Add regression test, fix remaining tests * Remove redundant config, deal with eventual consistency * Remove unused method * Change default to 60 sec push (#5593) Race test not related. Prow tests seem to pass but the job failed somehow. * Change envoy to default to log level warn #5559 (#5597) * use namespace as chart name so it is unique * Change envoy to default to log level warn #5559 * fix the bookinfo v1alpha3 test Makefile target name (#5448) * Add starting watchers for dynamically added remote clusters (#5541) * Initial fix of dynamic remote cluster configuration * Fixing Linting errors * Addressing comments part 1 * Adding Run of the dynamically created controller * Adding AppendServiceHandler AppendInstanceHandler * Add ClearCache callback when new controller starts * Additional cleanup * Rebasing to updated release-0.8 * Revert lock * Restoring Lock * Addressing comments * Fixing lock * Addressing comments * Reverting locks * Fix envoy binary used for tests on Mac (#5556) Download darwin binary when running on darwin. Since #5450 only linux binaries were downloaded (as GOOS defaults to `LOCAL_OS`). Co-authored-by: Jan von Loewenstein <jan.von.loewenstein@sap.com> * Adding files after running dep ensure. * Add more info to accesslog.logentry instance for telemetry (#5252) * Add more metrics to collect data in stackdriver logentry * Update severity in config.yaml to Info as otherwise with Default it shows up as null in bigquery tables. Updated labels in testdata/config/stackdriver.yaml too * Added HttpMapping to be filled in accesslogentry. Also added sentBytes and receivedBytes metrics in accesslogentry * Fix formatting in log.go * Fix lint error in log.go * Fix tee error resolving in false negative for some test jobs (#5601) * Fix indentation in makefile * Fix tee issue by creating test dir * Move to phony target * Fix typo * Disable upgrade test since it is flaky and noisy. (#5627) * Disable upgrade test since it is flaky and noise. * Fix linter * allow users to use node port for istio ingress without producing another service for lb (#5610) * use namespace as chart name so it is unique * allow user to configure istio ingress service type * allow user to specify lb ip for gateway * use the new format * fix pre-allocating slice capacity (#5585) * add support for secretVolumes in the deployment of ingressgateway (#5607) * remove generate_yaml-envoyv2_transition_auth, use generate_yaml-envoyv2_transition (#5602) * Provide default requested resources for cpu/mem for sidecar (#5584) * Added resources limits and requests to both automatic sidecar injector and the manual injector (istioctl) configuration * Removed the requested resources limits which probably cause tests to fail due to lack of resources * Removed unused global securityEnabled flag and corrected MTLS set (#5636) * error when filters cannot be marshalled (#5596) skip listener when filters cannot be marshalled * Examples should use current rule types (#5640) * Add ctrlz to Pilot (#5625) * Add Ctrlz support to Pilot (discovery & agent). This is a straight-up integration of CtrlZ to Pilot. * Fix linter issues. * Attach ctrlzOptions to serverArgs right after attaching cobra flags. * Revert agent changes. * Protect against nil CtrlzOptions in args. Test code will call server without setting this. * Dump pilot configuration from dump_kubernetes.sh (#5630) * Add pilot debug info in the dump * Add to release archive * review comments and linter issues * Istio fails to upgrade from 0.7.1 to 0.8 (#5635) Fixes: #5633 * Update to latest istio/api. (#5645) * Test fix for changes in Duration struct * Generate junit reports for all e2e jobs in Prow presubmit (#5567) * Fix e2e egress httpbin.org tests (#5637) * Fix pilot e2e tests to match httpbin.org's new format * Make lint happy * Match case-insensitive * Turn down k8senv adapter logging (#5649) * Add binding address support to ctrlz. (#5613) * More pre-release fixes cleanup (#5616) * Use the logging package, and add ctrlz to control logging * Fix TLS mode for mesh expansion, use common logging config * Revert accidental mixer change * format * type * Update makefile default from 05, add comments * Revert ctrlz, Oz submitted separate PR * Linter seems to dislike log, renamed the field to avoid confusion * Update reference docs. (#5623) - Update to latest version of protoc-gen-docs - Add sorting of debug scopes in pkg/log so that generated docs are consistent. - Update pkg/collateral to generate description: front-matter instead of overview: as per the latest changes in istio.github.io - Update protos to use $description instead of $overview: - Move template examples from appearing on the template message to appearing on the package. This ends up giving a better flow in the generated docs. - Move the location of adapter & template docs into a subdirectory on istio.io for better organization. - Document which template each adapter supports. * ALPN upgrade to http/2.0 (#5618) * Set h2 protol options * fix lint error * Only upgrade traffic within mesh. Announce ALPN if cluster is h2 * update comment * Use jaeger for zipkin service (#5656) * Switch from openzipkin to jaeger for zipkin service * Expose ui port on port 80 for zipkin service * Add e2e_mixer tests for v1alpha3 (#5417) * Add e2e_mixer tests for v1alpha3 * Review comment fixes * Remove check for external service, not required * Fix merge damage * Fix merge damage * Fix bug with listener type logic * Fix another instance of bad listener type logic * Disable TestIngressGateway503DuringRuleChange test * Add a default secure ingress volume (#5634) * add a default secure volume * change ingress to ingressgateway in ingressgateway's secret volume values * As discussed, generate an easy-to use for demo config (#5653) * Cleanup for generated configs * File still used by test. * More unmaiantained old files. * mixer: add dispatcher scope (#5621) * Add dispatcher scope Signed-off-by: Kuat Yessenov <kuat@google.com> * silly linter Signed-off-by: Kuat Yessenov <kuat@google.com> * Release-0.8: update api sha (#5655) * Limit logging response body to 512 bytes (#5505) * CKI-3 Suppress logging response body, if ... it is 10k long or longer. * Use fhttp.DebugSummary instead of conditional Co-authored-by: Jan von Loewenstein <jan.von.loewenstein@sap.com> * Fix formatting Co-authored-by: Jan von Loewenstein <jan.von.loewenstein@sap.com> * Use access log configuration in template and (#5496) Use access log configuration in template and write ... access log to a fixed file in /tmp to avoid permission problem on MacOS with /dev/stdout. Also make envoy access log configurable in TestSetup. Co-authored-by: Jan von Loewenstein <jan.von.loewenstein@sap.com> * Fix missing kubeconfig issue in daily release (#5688) * R0.8 (#5697) * Disable TCPMixerFilter tests. * Disable one more test. * Fix lint errors. * Fix lint errors. * Quick fix for istio gen-deploy. (#5674) * Quick fix for istio gen-deploy. The helm feature never really worked, we'll edit the values.yaml instead. Feature selection doesn't work and probably never really worked. What remains is a minimal helm template renderer, with one optional values.yaml * linter fix * Release-0.8: Update proxy sha (#5658) * Finish Span when dispatch completes. (#5693) * Don't bypass mixer report to mixer e2e. (#5695) * Updated README.md to match changes in istio-proxy container template. Fixes #5662 (#5663) * Make istioctl get/delete case insensitive by converting arg to lowercase (#5702) (#5708) * fix version for debian in dailies (#5698) * fix version for debian in dailies * check for alphabets at start of line * Update istio.mk * Update istio.mk * Update istio.mk * Update istio.mk * Temporarily disable mixer filter in gateway (#5718) Flaky v1 tests * ServiceEntry supports unix domain sockets (#5545) * ServiceEntry supports unix domain sockets Signed-off-by: Spike Curtis <spike@tigera.io> * Fix debug MemServiceDiscovery.Instances() to accept port names Instances() is an interface and we should not modify its meaning, even in debug/test code. This fix reverts some of #5543 which broke looking up ServiceInstances by port name on the MemServiceDiscovery adapter. It returns the existing tests to using the correct v1 style naming for clusters. Signed-off-by: Spike Curtis <spike@tigera.io> * Include helm chart option for installing jaeger specific services (#5670) * Add option for enabling jaeger specific services Signed-off-by: Gary Brown <gary@brownuk.com> * Renamed chart from zipkin to tracing * Move UI service outside jaeger specific services * Fix istioctl output format issue. (#5707) * Make istio-citadel toggable in helm like all other components (#5675) * add raw_claims to attribute manifest (#5738) * Automatically clean up old CA resources (#5736) * Clean up old CA resources. * Small fix. * Revert "ALPN upgrade to http/2.0 (#5618)" (#5684) This reverts commit 885ed99276df7a34bcb8e15cc3547b0aa18b4b6d. * Add prefixed based routing to Cloud Foundry (#5717) * Update copilot API Co-authored-by: Utako Ueda <uueda@pivotal.io> * Add prefix-based routing for CF Co-authored-by: Utako Ueda <uueda@pivotal.io> * Copilot: cache destination rules Co-authored-by: Utako Ueda <uueda@pivotal.io> * Extract bootstrapping from copilot snapshot test Co-authored-by: Utako Ueda <uueda@pivotal.io> * linting fix Co-authored-by: Utako Ueda <uueda@pivotal.io> * removes invalid map type Co-authored-by: Utako Ueda <uueda@pivotal.io> * Update CF service discovery to use hashed labels Co-authored-by: Utako Ueda <uueda@pivotal.io> * Fix xDS failures calculation in pilot dashboard (#5690) * Remove unnecessary webhook script (#5493) Version 0.8 migrated to a helm based installation of the automatic sidecar injection, thus making this script irrelevant * Make injector-config-map top level - always installed (#5722) * error out for emitTemplate * Move sidecar-inject-config map to top level * rename sidecar-injector dir to sidecarInjectorWebhook * update hook to before creation, hook-succeeded does not work * restore inject.go * fix test path * move injector params inside global.proxy * set default resource limits * add imagename to sidecarInjectorWebhook * Added missing CRDs so that they can be managed by Helm (#5750) * Fix tracing addon missing issue in release package. (#5748) * Enhance debug logging for Mixer grpc methods (#5743) * Fix major issue with List (#5737) * Fix major issue with List - any invalid object invalidates the entire list * Fix key name, remove verbose log * Format * Dump CRDs explicitly (#5719) * Call `set_download_command` unconditionally (#5665) Co-authored-by: Jan von Loewenstein <jan.von.loewenstein@sap.com> * SNI header based forwarding for HTTPS ports (#5715) * sni forwarding for https ports Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nit * exclude empty IP 0.0.0.0 when populating routes, otherwise there are duplicate domains * fix wildcard comparison Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * format Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * skip passthrough for TLS termination Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * tests Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * cleanups and mtls on gateway Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * add extra check to verify requests go thru egress gateway * fmt nits * fix typo * remove redundant sentences about the default values (#5754) for include IP ranges/outbound ports in istioctl kube-inject, the defaults to the flag descriptions are added automatically without this PR, the messages of the flags look as follows: ... All outbound traffic can be redirected with the wildcard character '*'. Defaults to "*". (default "*") * Fix proxy-config bug with multiple Pilots (#5762) * Fix proxy-config bug with multiple Pilots Resolves #5733 * Add some tests * Adds new postsubmits for k8s 1.10 (#5756) e2e-pilot is flaky. Network working group should be looking at it. * Upload circle presubmits to different GCS path so testgrid shows results in multiple panels (#5552) * [WIP] Upload circle presubmits to different GCS path for testgrid to multiplex * revert using ci2gubernator binary from gcs and use go get * fix bootstrap destination attributes (#5766) Signed-off-by: Kuat Yessenov <kuat@google.com> * Add mixer cluster configuration to mixer CR jobs (#5669) * Add mixer cluster configuration to mixer CR jobs * fix config map * Add new service account and binding for cr job * Fix destination rule * Use ALPN to indicate HTTP/2 and/or in-mesh traffic. (#5776) For #5769. Signed-off-by: Piotr Sikora <piotrsikora@google.com> * Add the missing file back after a bad merge. * Fix linter error * Multicluster Fixing locks for add/delete/read (#5622) * Fixing locks for add/delete/read * Adding Unit tests * Addressing comments * Addressing comments * Change locking model * Change locking model * Bookinfo Cleanup.sh should remove virtualservices, gateways and destinationrules (#5709) * Also remove virtualservices, gateways and destinationrules (#5703) * Updated following review comments * do not set full wildcard SNI domains (#5785) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * additional context path work for cloud foundry (#5790) * context paths corrected * configs need to stay sorted * Remove comment and fix {live,readi}ness path to '/graph' on servicegraph … (#5490) This is workaround because servicegraph haven't the health check path. But the ingress-gce needs the readinessProbe path that returns 200 status, so we should get 'generic JSON serialization' body and 200(httpOK) status. * CKI-3 Fix tear down of envoy on exit (#5495) Defered funcs won't be called when os.Exit() is invoked in the same method. * Revert switch to jaeger (#5795) * Revert "Include helm chart option for installing jaeger specific services (#5670)" This reverts commit 6dbbacac0b478017179480778637c9d8d781ac25. * Revert "Use jaeger for zipkin service (#5656)" This reverts commit 7efb91dc24666803ea8dfeceaafc61088ae8b68a. * Multicluster Adding Delete logic for dynamically created controllers (#5672) * Initial Code load * Addressing unit test failure * Fixing initial controller * Addressing comments * Fixing unit tests * Fixing lint * Addressing comments * Proxy image default to v2 (#5741) * use namespace as chart name so it is unique * use proxyv2 as default * updating few values yaml in hope to get test passing * add a missing proxyv2 config * getting back needed proxyv2 to get test passing * getting back needed proxyv2 to get test passing * use proxy for old ingress * change zipkin error to log message for flaky tests (#5819) * Istioctl kube-inject requires injectConfigFile or injectConfigMapName (#5800) * force users to use injectConfigMapName or injectConfigFile * set ISTIOCTL_USE_BUILTIN_DEFAULTS in Makefile, so tests continue to work * set defaults for injectconfigmap * ensure that tag and hub are specified when using builins * Remove errant extra comma in ads response (#5832) * Replace join implementation (#5836) * Replace join implementation * Update dump_kubernetes.sh * Fix pilot_cli debug tool to work with EDS (#5531) * Fix pilot_cli debug tool to work with EDS * Clean up unused code. * Renamed the sidecar injection toggle key to match the new name (#5808) * Switch back to jaeger - revert (#5795) (#5840) This reverts commit 0e633b33928dde75ef4afd036daf80733bd016fd. * SNI, Listeners, and VHost bug fixes (#5807) * disable full wildcard for mesh Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * updates * more bug fixes and proxy sha update Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * undo some changes in gateway Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * patching Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * no sni hosts for plain text listeners in gateway Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Do not set SNI for internal services Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * tcp fix Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Do not infer Client TLSSettings based on Authentication Policy. (#5525) * Add handling of ISTIO_MUTUAL when generating cluster config. * Remove the inferences from authn policy. Also remove the accidetally included port level DR policy #5055. * respect the global configmap by changing how to build defaultTrafficPolicy * Fill in TLSSettings in advance to avoid plumbing service account. * remove dead code. * Skip override for external and support port level settings. * update dependency * restore port level settings. * remove redudant call plugins loop. * Check fields to avoid null pointer reference. * fix the lint. * Move down the H2 header since ISTIO_MUTUAL to avoid NPR. * Change cluster.go to remove TLS when it's DISABLE mode. * Add the DestinationRule to make the test passing. * Add DestinationRule to pass TestAuthnJWT test. * Remove obsolete todo * Only add DestinationRule when auth is enabled for TestAuthNJwt. * Move configmap check into the branch when no DR is available. * Remove the NIR code in cluster.go. * Add H2 back and change disable-egress-mtls.yaml for gateway. * Fix ingress e23 tests * Correct template * Apply DR template for TestRoutes. * Fix TestRouteFaultInjection * Add tls ISTIO_MUTUAL for mixer destination rules. * fix the lint in cluster.go. * Rename the fillTemplate and clarify the comments. * Change the ISTIO_MUTUAL for grpc-mixer-mtls port, instead of everything. * Wrap around adding DR before checking v1alpha3. * fix the lint and change istio-telemetry port tls. * Add ISTIO_MUTUAL in route-rule-all-v1. * Branching the route-rule-all-v1-mtls when auth_enable=true for prow test. * copy the kube/route-rule-all-v1-mtls. * Remove chgrp in tproxy that suppressed core dumps (#5846) * Fixing new linter errors. * export RESOURCE_TYPE (#5850) * missing ability to filter instances by label (#5851) Co-authored-by: Nancy Hsieh <nhsieh@pivotal.io> * Fix values-istio-demo.yaml, empty global replace global dict with empty (#5859) * rename istio-mixer-create-cr to istio-mixer-post-install (#5857) * Bug fixes in SNI forwarding for external services (#5845) * Bug fixes in SNI forwarding for external services Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix istioctl Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nil pointer fix Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Add mixer config info into per route (#5853) * Add mixer config info into per route * Skip gateway 503 test * Updating fortio to latest (0.11.0) (#5765) Ran ``` dep ensure --update istio.io/fortio ``` * Fixes some minor bugs in multicluster e2e tests (#5329) A few bugs with respect to error handling have been noted in the multicluster e2e tests, This change fixes these bugs. * fix cleanup.sh (#5660) * Rename Service's field: Addresses -> ClusterVIPs (#5664) * Rename Service's field: Addresses -> MulticlusterAddresses * Rename MulticlusterAddresses -> ClusterVIPs * Metrics now refresh automatically and look better. (#5615) * Reference new types from policy/v1beta1 (#5587) * Add NOTES.txt for chart. (#5906) * Cleanup some superfluous abstractions (#5740) - Delete the unused Result and CacheabilityInfo types - Delete the SetStatus/GetStatus functions, replaced with Go-idiomatic field writes - Delete the unused CheckResult.Combine method - Inline the CheckResult.CombineCheckResult method since it is used only once and its semantics were misleading (as it didn't combine the embedded status field) * Ran `dep ensure -update github.com/envoyproxy/go-control-plane` (#5889) * Adding instructions and scripts to facilitate running E2E tests locally (#5838) * Add documents and scripts for k8s+vagrant env. * update macOS setup * Update and rename setup_linux_prereqs.sh to linux_prereqs.sh * Update localregistry.yaml * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * U…
istio-testing
pushed a commit
that referenced
this pull request
Jun 15, 2018
* fix bootstrap destination attributes (#5766) Signed-off-by: Kuat Yessenov <kuat@google.com> * Add mixer cluster configuration to mixer CR jobs (#5669) * Add mixer cluster configuration to mixer CR jobs * fix config map * Add new service account and binding for cr job * Fix destination rule * Use ALPN to indicate HTTP/2 and/or in-mesh traffic. (#5776) For #5769. Signed-off-by: Piotr Sikora <piotrsikora@google.com> * Multicluster Fixing locks for add/delete/read (#5622) * Fixing locks for add/delete/read * Adding Unit tests * Addressing comments * Addressing comments * Change locking model * Change locking model * Bookinfo Cleanup.sh should remove virtualservices, gateways and destinationrules (#5709) * Also remove virtualservices, gateways and destinationrules (#5703) * Updated following review comments * do not set full wildcard SNI domains (#5785) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * additional context path work for cloud foundry (#5790) * context paths corrected * configs need to stay sorted * Remove comment and fix {live,readi}ness path to '/graph' on servicegraph … (#5490) This is workaround because servicegraph haven't the health check path. But the ingress-gce needs the readinessProbe path that returns 200 status, so we should get 'generic JSON serialization' body and 200(httpOK) status. * CKI-3 Fix tear down of envoy on exit (#5495) Defered funcs won't be called when os.Exit() is invoked in the same method. * Revert switch to jaeger (#5795) * Revert "Include helm chart option for installing jaeger specific services (#5670)" This reverts commit 6dbbaca. * Revert "Use jaeger for zipkin service (#5656)" This reverts commit 7efb91d. * Multicluster Adding Delete logic for dynamically created controllers (#5672) * Initial Code load * Addressing unit test failure * Fixing initial controller * Addressing comments * Fixing unit tests * Fixing lint * Addressing comments * Proxy image default to v2 (#5741) * use namespace as chart name so it is unique * use proxyv2 as default * updating few values yaml in hope to get test passing * add a missing proxyv2 config * getting back needed proxyv2 to get test passing * getting back needed proxyv2 to get test passing * use proxy for old ingress * change zipkin error to log message for flaky tests (#5819) * Istioctl kube-inject requires injectConfigFile or injectConfigMapName (#5800) * force users to use injectConfigMapName or injectConfigFile * set ISTIOCTL_USE_BUILTIN_DEFAULTS in Makefile, so tests continue to work * set defaults for injectconfigmap * ensure that tag and hub are specified when using builins * Remove errant extra comma in ads response (#5832) * Replace join implementation (#5836) * Replace join implementation * Update dump_kubernetes.sh * Fix pilot_cli debug tool to work with EDS (#5531) * Fix pilot_cli debug tool to work with EDS * Clean up unused code. * Renamed the sidecar injection toggle key to match the new name (#5808) * Switch back to jaeger - revert (#5795) (#5840) This reverts commit 0e633b3. * SNI, Listeners, and VHost bug fixes (#5807) * disable full wildcard for mesh Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * updates * more bug fixes and proxy sha update Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * undo some changes in gateway Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * patching Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * no sni hosts for plain text listeners in gateway Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Do not set SNI for internal services Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * tcp fix Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Do not infer Client TLSSettings based on Authentication Policy. (#5525) * Add handling of ISTIO_MUTUAL when generating cluster config. * Remove the inferences from authn policy. Also remove the accidetally included port level DR policy #5055. * respect the global configmap by changing how to build defaultTrafficPolicy * Fill in TLSSettings in advance to avoid plumbing service account. * remove dead code. * Skip override for external and support port level settings. * update dependency * restore port level settings. * remove redudant call plugins loop. * Check fields to avoid null pointer reference. * fix the lint. * Move down the H2 header since ISTIO_MUTUAL to avoid NPR. * Change cluster.go to remove TLS when it's DISABLE mode. * Add the DestinationRule to make the test passing. * Add DestinationRule to pass TestAuthnJWT test. * Remove obsolete todo * Only add DestinationRule when auth is enabled for TestAuthNJwt. * Move configmap check into the branch when no DR is available. * Remove the NIR code in cluster.go. * Add H2 back and change disable-egress-mtls.yaml for gateway. * Fix ingress e23 tests * Correct template * Apply DR template for TestRoutes. * Fix TestRouteFaultInjection * Add tls ISTIO_MUTUAL for mixer destination rules. * fix the lint in cluster.go. * Rename the fillTemplate and clarify the comments. * Change the ISTIO_MUTUAL for grpc-mixer-mtls port, instead of everything. * Wrap around adding DR before checking v1alpha3. * fix the lint and change istio-telemetry port tls. * Add ISTIO_MUTUAL in route-rule-all-v1. * Branching the route-rule-all-v1-mtls when auth_enable=true for prow test. * copy the kube/route-rule-all-v1-mtls. * Remove chgrp in tproxy that suppressed core dumps (#5846) * Fixing new linter errors. * export RESOURCE_TYPE (#5850) * missing ability to filter instances by label (#5851) Co-authored-by: Nancy Hsieh <nhsieh@pivotal.io> * Fix values-istio-demo.yaml, empty global replace global dict with empty (#5859) * rename istio-mixer-create-cr to istio-mixer-post-install (#5857) * Bug fixes in SNI forwarding for external services (#5845) * Bug fixes in SNI forwarding for external services Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix istioctl Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nil pointer fix Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Add mixer config info into per route (#5853) * Add mixer config info into per route * Skip gateway 503 test * Updating fortio to latest (0.11.0) (#5765) Ran ``` dep ensure --update istio.io/fortio ``` * Fixes some minor bugs in multicluster e2e tests (#5329) A few bugs with respect to error handling have been noted in the multicluster e2e tests, This change fixes these bugs. * fix cleanup.sh (#5660) * Rename Service's field: Addresses -> ClusterVIPs (#5664) * Rename Service's field: Addresses -> MulticlusterAddresses * Rename MulticlusterAddresses -> ClusterVIPs * Metrics now refresh automatically and look better. (#5615) * Reference new types from policy/v1beta1 (#5587) * Add NOTES.txt for chart. (#5906) * Cleanup some superfluous abstractions (#5740) - Delete the unused Result and CacheabilityInfo types - Delete the SetStatus/GetStatus functions, replaced with Go-idiomatic field writes - Delete the unused CheckResult.Combine method - Inline the CheckResult.CombineCheckResult method since it is used only once and its semantics were misleading (as it didn't combine the embedded status field) * Ran `dep ensure -update github.com/envoyproxy/go-control-plane` (#5889) * Adding instructions and scripts to facilitate running E2E tests locally (#5838) * Add documents and scripts for k8s+vagrant env. * update macOS setup * Update and rename setup_linux_prereqs.sh to linux_prereqs.sh * Update localregistry.yaml * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update startup.sh * Update README.md * update filename and readme * update readme * update image * Create prereqs.sh * Update README.md * update README * update readme for cleanup * add insecure registry setting onto vm * Add dlv debugging installation to vm setup * Change vm sync folder * Update setup_kubectl_host.sh * Update vm_setup.sh * Create OWNERS (#5130) * Update vm_setup.sh (#5135) * Update Vagrantfile (#5134) * Update README.md (#5138) * Update README.md (#5141) * Update README.md (#5142) * Update README.md (#5154) * Update README.md * Update README.md * Update README.md * Update README.md * Add localregistry.yaml specific for vagrant (#5181) * Create localregistry.yaml * Revert back changes in localregistry.yaml * Updated VagrantFile Updated VagrantFile as per new location of localregistry.yaml * Make test available on macOS (#5177) * update test setup for macos * add local test flag * modify init.sh * update docker check * update env setting * update USE_DOCKER * export GOOS=linux to docker and push targets * Move files out of RunTestOnHost and remove RunTestOnHost and RunTestOnVm. (#5206) * Move files. * Revise per review comments. * Revise per comment. * Polish and simplify README.md (#5211) * Polish and simplify README.md * Update README.md * Update README.md * Rename scripts and cleanup unused scripts. (#5215) * Move files. * Rename scripts and remove unused scripts. * Update README.md * Remove unnecessary env setting (#5217) * remove space at the end of export * modify env changes * Update prerequisites and setup scripts (#5220) * remove space at the end of export * modify env changes * modify setups * update prereqs scripts for macos * Update README.md * Cleanup test_setup.sh and setup_kubelet_config_host.sh (#5230) * Protect Copy to ~/.kube/config_old * Update setup_test.sh * Update setup_dockerdaemon_linux.sh * Push data from help commands to > /dev/null Push data from help commands to > /dev/null as otherwise it fills up screen with too much info and we won't come to know about failures easily * Update setup_test.sh * Update README.md * Update setup_dockerdaemon_linux.sh * Update setup_kubelet_config_host.sh * Create Troubleshooting.md (#5235) * Clean up and update scripts (#5233) * remove space at the end of export * modify env changes * modify setups * update prereqs scripts for macos * modify and cleanup the scripts * rename files * cleanup * update scripts * changes update * update * update Vagrantfile * update local registry setting * add comment back * Update Vagrantfile (#5239) * Update Troubleshooting.md (#5237) * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Small changes to scripts from feedback (#5449) * remove space at the end of export * modify env changes * modify setups * update prereqs scripts for macos * modify and cleanup the scripts * rename files * cleanup * update scripts * changes update * update * update Vagrantfile * update local registry setting * add comment back * Add changes to setup scripts * update kubectl setup script * Separate debian linux distribution (#5515) * Separate debian linux distribution * add default case * Fix download path for kubectl on mac (#5553) * Update Troubleshooting.md (#5240) * Update Troubleshooting.md * Update Troubleshooting.md * Fix minor issues with scripts (#5555) * Update install_prereqs_macos.sh * Update install_prereqs_debian.sh * Update install_prereqs_debian.sh * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Update README.md * Update Troubleshooting.md * Update Troubleshooting.md * Update Troubleshooting.md * Adding version of virtualbox installed * Setup local testing using minikube * Update install_prereqs_debian.sh * Format script * Update cleanup_host.sh * Update cleanup_host.sh * Update setup_host.sh * Revise per comment. * Update go installation. * Revise per comment. * use UDS for mixer (#5930) Signed-off-by: Kuat Yessenov <kuat@google.com> * Remove alpha1 tests from master, starting to add 1.0 tooling (#5794) * Remove alpha1 tests from master, starting to add 1.0 tooling * Switch image to v2 by default and force off the v1 endpoints, to evaluate which remaining components are still stuck * Switch ingress to v2 - will loose v1 route rule * Remove the v1 discovery tests. Keep the v1 enabled, additional PRs needed * Revert more changes, mixer v2 not ready yet * Add required tiller version for chart. (#5908) * Added Kiali chart. (#5869) * Added Kiali chart. * Updated replicas. * Updated service account name. * Fix lint. * Address costinm and linsun's comments. * Snapshot contract between the config builder and the runtime. (#5917) * Contract between the config builder and the runtime. Add new configuration data to the snapshot. Ephemeral.go builds the snapshot. Snapshot is used by the runtime dispatch table. * address Oz's comments. * Renames old style config as legacy. * Make ci2gubernator unblocking (#5961) * Tests for istioctl get/delete/etc (#5949) * Tests for istioctl get/delete/etc * Use subtests for test cases * add require tiller version for kiali addon. (#5966) * add README file to chart. (#5967) * add README file to chart. * update installation steps for README. * Preserve Ingress namespace in generated Gateway and VS (#5973) * Handle GOPATH with multiple paths (#5179) Similar to #2460. We should not rely on GOPATH being a single value. Also, while on that, replace $TOP with $GO_TOP in testEnvLocalK8S.sh, to make it consistent to Makefile. * Fix broken mixer develop document link. (#5758) Mixer developer doc has moved to github wiki page, update the link url for README file. * Allow downstream to change the location of the root ca bundle file (#5798) By making publicRootCABundlePath a var instead of a const. By using the -X ldflag option, the user bulding istio can override the default location for this file. * Remove mTLS enablement via service annotation. (#5890) * Remove mTLS enablement via service annotation. See #5826. * Remove AuthenticationPolicy from Port struct (model/service.go) * Address comments. * Fix e2e tests. * Try to fix the e2e test again. * Fish imagePullPolicy to istioctl in e2e test framework (#5925) We already have an imagePullPolicy flag in the e2e test framework, but we're not currently passing it to istioctl. In local testing, this has resulted in stale istio-init images, which do not respect the new iptables flags. * put matches first when building routes (#5972) otherwise, pilot will not enumerate the routes past the base route * switch stable download to 0.8.0 (from 0.2.12) (#5979) to match https://istio.io/about/notes/ * Merging release-0.8 to master (final round) (#5975) * use Gateway and VirtualService to expose helloworld service (#5791) * use Gateway and VirtualService to expose helloworld service * readme fix * Make istio work without rbac. (#5877) Fixed istio/old_issues_repo#255 * Update Jaeger version and add limit on the number of traces held in m… (#5873) * Update Jaeger version and add limit on the number of traces held in memory * Use tag 1 to pick up latest stable versions * Use tag 1.5 * enable mixer alpha3_v2 tests (#5844) * enable mixer alpha3_v2 tests * fix capture logs for new target * make rate limit test more resilient * linter errors * fix fmt * update tests * update api sha to head of release-0.8 (#5939) * loose the validation on istioctl to allow users to pass config (#5955) * remove the unecessary check * add proxyType for pilot_cli tool (#5948) * Update the 'long running cluster' tests (#5895) * Update the helm cluster to v2 * More files for the test env * Make script customizable * Implement a spy IBP backend (#4373) * Implement a spy IBP backend. This will help in easy testing of our OOP adapter implementation. Now, this backend only implements static IBP interface. After my template specific IBP Handle service PR goes in, I will enhance this spy backend to have two flavors, session plan and no-session plan. * fix lint * Restore pulling from master before testing, was lost by merge from 0.8 (#5957) * Doc updates (#5914) - Patch up URLs and front-matter to make the new Hugo-based doc setup happy. * Add buffering in front of REPORT adapters. (#5432) * Add buffering in front of REPORT adapters. The proxy calls Mixer with large batches of reports (on the order of 1000 items). Instead of calling adapters for each of these reports, Mixer buffers the generated instances and calls into the adapters a single time. This eliminates a fairly large amount of computation in Mixer proper. But more importantly, adapters can leverage these large incoming batches to use batches when talking to their back end, potentially reducing RPC overhead considerably. Also, remove the request_count and request_duration metrics. They weren't actually measuring the right thing and they're redundant with gRPC metrics we already have. * copy license file to chart. (#5912) * copy license file to chart. * Update date in LICENSE files. * rollback the change for origin license. * Align istioctl get with kubectl and add --all-namespaces flag (#5960) * Revert "Fix #4325 - istioctl get list of resources by default must scan all namespaces (#4326)" This reverts commit f94f090. * add --all-namespaces flag to `istioctl get` * fix refactoring typo * istioctl: fix kubeconfig override with default namespace handling * fix tests * fix * fix resources in each deployment issues. (#6006) * fix sidecar webhook default values missing for chart. (#6003) * Add new attributes to manifests (#5540) * mixer: implement reporter attributes (#5959) * implement reporter attributes Signed-off-by: Kuat Yessenov <kuat@google.com> * format Signed-off-by: Kuat Yessenov <kuat@google.com> * Add Collections support to Ctrlz (#5682) * Add a bypass adapter to Mixer for using gRPC backends via inline model. (#5786) * Add a bypass adapter to Mixer for using gRPC backends via inline model. * 'istioctl get all' implementation (#5970) * 'istioctl get all' implementation * Lint * 'istioctl get all' implementation * Lint * Unneeded recalc after merge * Better error message if Istio resource corrupt * Process 'any' outside of protoSchema() * Reuse getByName calculation * add galley e2e test (#5757) * This currently tests the configuration validation service. Additional test cases will be added overtime to cover other aspects of Galley. * remove istio-{auth-,}galley.yaml from install/updateVersion.sh * add missing files * s/ExternalService/ServiceEntry * update test data * Update E2E Tests Doc (#6015) * Update E2E test README.md to make the local testing option more clear and obvous. * Some more updates * Retry to connect to cluster 10 times (#5849) * Retry to connect to cluster 10 times * Rename test_cluster to check_cluster * Fixed istioctl to be able to deal with multiple paths in KUBECONFIG (#5881) * Fixed istioctl to be able to deal with multiple paths in KUBECONFIG * Fixed using wrong variable name * Testcase added * Refactored and fixed other istioctl command when config has multiple paths * Lint fixes * Added a test for default system config * istioctl no longer set value in kubeconfig flag if it is not provided * Tests updated * Lint fix * Lint fix * t.Error -> t.Fatal and Gopkg.lock update * Gopkg.lock update for master * Let DefaultClientConfig handle in-cluster config and change precedences order * Updated the test * Fixed a recent change after rebase * Revert "Updated the test" This reverts commit bbf27ea. * Removed a test case which depends on the environment where it runs for the desired test result * Run pilot e2e test in a multiple cluster environment (#5503) * Run pilot e2e test in a multiple cluster environment Added telemetry and ingress to the remote istio deployment. Made changes in Kubeinfo to facilitate cluster-related handling. Modified tests to allow requests to be initiated from the remote cluster. * a couple of changes to fix the template file and lint error * Add a helm flag selfSigned to indicate citadel ca options. Some other minor changes. * Update E2E test doc to address the comments in #6015 (#6021) * Remove redundant type conversion (#5907) * pull proxy tip (#5962) Signed-off-by: Kuat Yessenov <kuat@google.com> * Use snapshot builder (ephemeral.go) for validation. (#6020) * Add errors to snapshot building test validator f f f f f h f f f g f g f make linter happy f f f move validator to config f d f f f f f f f f d cleanup remove extra code. pass1 f g f f * move handler validation out of snapshot into validation only code. * make linter happy. * Add namedBuilders for special input encoding of types (#6044) * add istio Value message to test message * Update go:generate command line * Add namedTypes and builders * remove e2e mixer from master tests * Bug fixes: Gateway TCP routing and timeout (#6042) * update Go control plane Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Fix Gateway TCP routing and timeout Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * lint Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * spell check Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Handle cases when deleted object is cache.DeletionFinalStateUnknown (#6007) * [Pilot] Adding support for config-backed service registry (#6038) Adding a new "Config" service registry that is backed by the provided config store. The service registry will be updated via events for ServiceEntry CRDs. This will allow the testing framework to eliminate the dependency on k8s entirely and use the file-based config store as the backend for the service registry. * Remove unuse subset from authn policy. (#5954) * Fix issue that replicaCount is not defined, but used in deployment. (#6008) * remote duplicated replica count since auto scaler is used. * add default of replica count. * Do not expose tracing as lb service. (#6002) * Enabled fixed ip for tracing loadbalancer. * Do not expose tracing as lb service. * Refactor Istio Dashboards to support larger meshes (#5952) * Refactor Istio Dashboards * Remove vestiges of variable templating * Fix test code to be thread safe and enable racetest in ads_test.go (#5586) * Fix test code to be thread safe enable race test in ads_test.go remove the code to copy service in aggregate controller * Correct a typo in controller_test.go * Make iptables excludeIPRanges take precedence over includeIPRanges (#6051) Fixes #6027 * Implement the rbac effect query command in istioctl (#5319) * Implement RBAC policy query in istioctl. * Refactored the mixer rbac adapter to expose CheckPermission() * Added calling to CheckPermission() from istioctl * Refactor some code into rbac adapter. * Fix typo. * Fix lint. * Address comment. * CMD tool to create adapter and template custom resource configs (#5320) * CMD tool to create adapter and template configs. * fix typo * make linter happy. * fix after rebase. * validate if the fds contains transitive closure. * make linter happy * rename * Change encoder input to be json's map[string]interface{} (#5277) * Change encoder input to be json's map[string]interface{} instead of yaml's map[interface{}]interface{} * Undo some test deletion that I had done earlier before making the fix to support number as map key. * Generate descriptor for the generate service proto. (#6058) * f * add docgen suppression option * Remove confusing double ingress, redo picture from saved source (#6063) * Remove confusing double ingress, redo picture from saved source fixes #6059 Source https://docs.google.com/drawings/d/1mhwDtcDXYxj0O8DuSce_d0tBuyH1PZqnaMtP RTC-CyM/edit * A bit more detail about the diagram * Bolder lines for main boxes * A bit more readable still * Update Pilot to provide new destination.service.* attributes (#6014) * Add initial support for new service attributes to Pilot * Add wrapper for v1 code to allow changes * Small refactor * Add per-route * Move v1 service config and use role.Domain * Revert v1 mixer.go rename * Remove namespace from domain to get only domain suffix * Add some params checks * Add nolint directive * Update OWNERS (#5920) * use ISTIO_CP_AUTH variable in cluster.env to enable/disable mTLS for cp in mesh ex (#5950) * Dispatcher improvements (#6034) - Fix bug around handling of quotas. Mixer wasn't observing the requested quota name and getting quota from all defines instances. It now limits itself to the requested instances and produces an error if the proxy requests quota from an unknown instance, instead of failing open. - Pass CheckResult, QuotaResult, and QuotaMethodArgs by value. This is cleaner, avoids transient allocations, and eliminates some code paths. * Stackdriver tracespan support (#5938) * Stackdriver tracespan support Adds tracespan template support to the Stackdriver adapter sending spans to Stackdriver Trace using OpenCensus. * Prevent races on gRPC logging configuration from test code * Don't print usage text when galley, injector, and pilot commands exit on runtime error (#6062) * Correct error handling cases in Mixer. (#6076) - When an instance can't be built, we now fail the gRPC call instesd of silenty ignoring the failure. - When a request is made to allocate a bogus quota, we now also fail the gRPC call instead of returning success, but with a 0 quota amount. * [pilot] Support manually specifying config controller (#6075) This is needed to support local testing using an in-memory controller that is modified directly by the test code. * Enable websocket for all v1alpha3 routes (#6073) * Remove populating mtlsExcludeServices in mesh config. (#6056) * Add more kinds to the config vocabulary. (#6080) * Refactor k8senv adapter to generate workload info. (#5932) * Refactor k8senv adapter to generate workload info. * Update helm config artifact * Update mixer ClusterRoleBindings and kubernetesenv config * cleanup of bad rebase in config.proto * Add alias for messagediff * Add missing quote in test config * Update interface to appease linter * address daemon lint issue in cache.go * fix import * lint issue * Try updating inputs-digest to trick linters * Fix snapshot and rename Legacy to static and new adapters to dynamic (#6087) * [helm] Don't set prom-bridge address in proxy config if mixer disabled (#6091) * don't set prom-bridge address in proxy config if mixer disabled * omit value if not needed * vendor: update api (#6086) * update vendor Signed-off-by: Kuat Yessenov <kuat@google.com> * update vendor Signed-off-by: Kuat Yessenov <kuat@google.com> * urgh silly linters Signed-off-by: Kuat Yessenov <kuat@google.com> * rollback proxy Signed-off-by: Kuat Yessenov <kuat@google.com> * istio*.yaml -> istio-demo*.yaml (#6103) * Golinter (#6039) * Add golinter. * Only check test function in e2e/integ tests. * Remove unused function. * Adjust comments. * Fix lint error. * Remove comment. * Revise per feedback. * refactor * Refactor * Add golinter. * Only check test function in e2e/integ tests. * Remove unused function. * Adjust comments. * Fix lint error. * Remove comment. * Revise per feedback. * refactor * Refactor * Refactor * Refactor * Refactor * Refactor * Refactor * Fix lint errors * revise per comment. * Revise per comment. * fix lint errors. * Revise per comment. * Update README * Add test and revise per comment. * fix linter errors. * Update README * Revise per comment. * A new istioctl flag to choose the context from the kuebconfig (#6101) * Custom columns for v1alpha3 types (#6113) * Custom columns for v1alpha3 types * Use interface to appease lint * Update OWNERS file for galley and sidecar related code (#6118) * quick fix to align broker kubeconfig handling with pilot (#5894) * Several enhancement of pilot debug cli tool (#5956) * Fix flag typo in README (#6052) * Fix flag typo in README - Underscores instead of dashes * Fix another typo for 'local' * Remove populating mtlsExcludeServices. (#6088) This is a follow up PR for #6056 * Fixes #6108 Updated version checking statements in Ansible scripts (#6111) Using version-comparison feature of Ansible to compare the versions. * Make pilot port configuration consistent (#6115) This change attempts to resolve a few things: - Make it clear (via documentation) that if ports are unspecified, ports will be dynamically assigned. - Make the configuration of the HTTP and monitoring ports consistent with the new GRPC addresses. - Expose all listening addresses to the user. This is especially useful if ports were dynamically assigned. - Lock down the pilot server. Many variables were public that shouldn't be. * Change span name to be virtual service/host : port + uri match string. (#5931) * enable server-side validation by default (#6035) * enable server-side validation by default * disable k8s apa validation * remove mixer external validator (ref integrity checks) * remove unused mixer store code * don't validate ingressrules * don't invoke mixer validation on DELETE * Fix upgrade TestMain since it is breaking post submit tests (#6096) * Fix upgrade TestMain since it is breaking tests. Also add helm installer to SimpleTests. * Fix errors * Fill project metadata automatically in stackdriver log adapter. (#5721) * Add e2e_simple for v2 and enable in circle (#6017) * Add e2e_simple for v2 and enable in circle * Remove e2e_simple v1 * Further cleanup * Add scripts for setting Minikube for Mac and improve Linux scripts (#6074) * Add scripts for setting Minikube for Mac and improve Linux scripts * Update README.md * Update README.md * Added a check to ask user to delete docker images * Make script more descriptive * Added zipkin endpoint to istio remote chart. (#6127) * Remove security enablement flag (#6142) * Remove this enable flag from security as it is required * Removed the requirements condition as well * Fixes bug #6105 - Updated version check regex (#6110) Updated the version checking regex to match double digit version numbers. * Proposing Gaung Ya Liu to OWNERS file of install (#6143) * fix one namespace issue for chart. (#6138) * fix one namespace issue for chart. * add oneNamespace paramater to global for chart. * Istioctl fixes to satisfy gometalinter (#6104) * Fixes to satisfy gometalinter * Combined lines per review suggestion * pilot: make sure disabling access logging actually work with proxyv2 (#6129) Without this change setting AccessLogFile="" makes envoy very unhappy and istio-ingressgateway reports back with: envoy.api.v2.Listener rejected: Error adding/updating listener 0.0.0.0_80: Provided name for static registration lookup was empty It also makes much more sense to specify 0 access logging filters, when disabled. * E2e Local Minikube Fixes (#6130) * Wrong version corrected * Avoid busy waiting * quota and api-spec references should inherit the namespace of the parent object if not specified (#5918) * Removed redundant if condition (#6093) * Enable websocket for all v1alpha3 routes * Removing redundant if condition (already covered by the type assertion) * Remove people that left the project (#6098) * Update owners * Update OWNERS * Update OWNERS * mixerfilter: client telemetry settings (#6122) * tcp client settings Signed-off-by: Kuat Yessenov <kuat@google.com> * start http client-side telemetry Signed-off-by: Kuat Yessenov <kuat@google.com> * clean-up the code Signed-off-by: Kuat Yessenov <kuat@google.com> * this is bad code Signed-off-by: Kuat Yessenov <kuat@google.com> * remove last v1 dependency Signed-off-by: Kuat Yessenov <kuat@google.com> * Implement a fake backend for Mixer. (#6126) * Implement a fake backend for Mixer. This is a basic fake backend implementation for Mixer. It can be used for testing Mixer via gRPC adapter model. It can get deployed in-cluster for testing purposes as well. * Fix the copyright notice. * Update the dependency input digest. * Restructure golinter for better reusability and extensibility (#6128) * Fix upgrade TestMain since it is breaking tests. Also add helm installer to SimpleTests. * Fix errors * Restructure and refactor golinter to make it more reusable (outside of linter) and extensible. * Restructure and refactor golinter to make it more reusable (outside of linter) and extensible. * Simplify path matching logic. * Pushing whitelisting logic to the Checker to better reusability. * Adding README.md for both Checker and Linter packages. * Updated README.md, and improved report interface. * Updated README.md, and improved report interface. * Fix more linter errors. * Rename golinter to testlinter, to avoid confusion with "golint" * refactor image pull secrets for private docker registry. (#5902) * refactor image pull secrets for private docker registry. * update image pull secrets for kiali addon. * add comments for imagePullSecrets. * Split cr to cr and crb for prometheus. (#5999) * Fixes to allow disabling RBAC (#6139) * Fixes to allow disabling RBAC * New line added per review comment * Create CRs for dynamic templates (#6150) * Create CR for templates create template CRs * make linter happy * fix `-template` suffix. * make linter happy * make linter happy * remove unused paramaters for istio remote chart. (#6172) * [Ansible Installer] Add Kiali as addon (#5921) * Add Kiali as addon on Ansible Installer * Kiali version set to 0.3.0.Alpha * Add a rbac plugin in pilot to distribute rbac policies to proxy (#5484) * Initial implementation of rbac filter plugin in pilot. * Enable the rbac filter plugin. * Add CRD support of RbacConfig and check before generation. * format fix. * Use the real policy proto from the go-control-plane repo. * Refacor common code to util.go, address comments. * Update the config generation for the latest RBAC api. * Resolve conflicts. * Add more comments and tests. * Address comments. * Address comments. * Address comments. * Address comments. * Skip role if found no binding for it. * move Namespace() back to plugin. * support single ip address. * refactor * Fix lint. * Fix lint. * Add more comments. * Fix make depend.diff * Migrate istioctl proxy-config to the envoy config_dump admin endpoint (#6120) * Migrate istioctl proxy-config to the envoy config_dump admin endpoint * formatting fixes * Add protobuf issue link to comments * rename to something more suitable * Add v2alpha admin api to deps * reduce testfile sizes * fix dep conflicts * pr review * fix conflicts * Introduce dynamic handler (#6163) * make spybackend usable from outside * add Remote methods * add dynamic handler * use per template svc * renames * fix linter errors for spybackend * replace user path with $GOPATH. (#6183) * replace user path with $GOPATH. * generate CR for spy adapters. * fix session based command. * make linter happy. * Create snapshot for dynamic config artifacts (#6132) * Create snapshot for dynamic (referencing to non compiled in adapters and templates) config artifacts of Mixer configuration. * Address Mandar's comments. * check if the param is a proper map[string]interface{} * update api SHA (#6168) * Updste reference docs. (#6193) * Add e2e-pilot-noauth-v1alpha3-v2 to the presubmit test. (#6197) * Bash completions for get and delete (#6208) * Update e2e minikube install scripts (#6201) * Update e2e minikube install scripts * Add additional packages to be installed for KVM2 * Make startup of minikube more robust * Make startup of minikube more robust * Change accesslog entry to have global resource type (#6211) Fix a bug with logging error for creation/update of sink * Fix mixgen to add extra space in template name ref (#6212) * fix CR spaces. * fix spacing in the template reference generation of CR. * Publish the tracespan docs, since the stackdriver docs reference it. (#6200) * Add tool to check for TLS conflict between authentication policy and destination rule (#6089) * Add pilot debug/authenticationz and istioclt command to check if there is TLS conflict between authn policy and destination rule * Refactor to reuse traffic policy selection for port. * Clean up comment * Reuse AuthenticationDebug struct * Use - for no config * Lint * Another clean up * Add option to check status for a single service * Fix test * address Mandar's comments. (#6195) * Use jwt_auth config from istio/api (#6215) * Use jwt_auth config from istio/api * Update Gopkg.lock * [Ansible Installer] Kiali Addon 0.3.1 (#6192) and fixing the curl commands to specific version of Kiali * Fix a bug in rbac adapter to evaluate the properties correctly. (#6156) * Deprecation warning for deprecated types (#6188) * Deprecation warning for deprecated types * Refer to golden file so test order is not important * Verbiage change per @ajy * Verbiage change for test * EgressRule has been deprecated * remove unused parameters for istio remote chart. (#6226) * remove unused parameters for istio remote chart. * update security subchart to use global imagePullPolicy. * Upgrade kiali to 0.3.1.Alpha. (#6222) * Self nominating Baodong (Robert) Li to OWNERS file of tests (#6147) * Ed Snible becomes approver for istioctl (#6239) * Fix a couple doc issues in the tracespace proto. (#6243) * Fix weighted routing with 0 weights (#6220) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Use unique port names in Gateway servers (#6221) * Use unique port names in Gateway servers Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fix goldens * more yaml fixes * Wire mixer.runtime to dynamic.Handler (#6217) * wire runtime to dynamic.Handler * add basic test case for validating no-session report and check calls. * renames and more cases. * make format * fix test and format * fix unit tests * WIP commit e2e still not working * basic test passes * fix handler_test * fix linter errors * Removed flag multicluster.enabled from values.yaml. (#6228) * Remove duplicated resources declaration for proxy (#6185) * Remove resources duplicated declaration for proxy * Changing from 500m to 100m * Toggle proxy's --statsdUdpAddress arg by a global helm flag (#6133) * Proxy statsdUdpAddress arg is now controlled by a global helm flag * Incorrect value path * Updated based on comment from costin * +namespace * Revert "+namespace" This reverts commit 176c186. * Review comments targeted * Added missing kubeconfig setting in Pilot tests (#6106) * Added missing kubeconfig setting * Formatting fixed * Fix xds_test on MacOS by configuring ... (#5779) mesh in test setup so that listeners write access log to /tmp/envoy-access.log instead of default /dev/stdout. With this change `make test` shows the same failures on MacOS as on linux. (Given a matching envoy executable version.) Co-authored-by: Holger Oehm <holger.oehm@sap.com> * Revert "Fix xds_test on MacOS by configuring ... (#5779)" (#6256) This reverts commit 2dd8f38. * detect error with quota and fix nosession_integration (#6251) * Update dash tests to use ingressgateway (#6194) * Update dash tests to use ingressgateway * Fix network config, alter error codes * Remove unneeded file. (#6248) * Fix a couple bugs. (#6252) - When no adapter is configured for a particular call to Check, Mixer now returns a ValidUseCount of 10000 and a ValidDuration of 1 minute. This allows the proxy to cache in this case. - We were losing error during instance creation. They were being overwritten in some situations by later error codes. They are now plumbed through the whole way. * owners files for pilot packages (#6260) Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * log unexpected resp for debug (#6250) * update envoyproxy SHA (#6263) * Update dump_kubernetes.sh (#5984) * mkdir -p ${LOG_DIR} before use * Rename pods-system.txt istio-system-pods * Add 's' * Limit to 80 characters * Dump misc to OUT_DIR not LOG_DIR * Only dump crds if found * Only dump pilot info if found * Extract functions for dump_resources * Create tap_containers which runs function on all containers * Don't print "No resources found" * Copy core dumps of all istio-proxy containers * Update usage() * Add --error-if-nasty-logs * Add --error-if-nasty-logs to `make dumpsys` * Search in /etc and /var for istio/proxy/core.* * Also retrieve jobs in dump_kubernetes_resources() * Adapter mixer e2e tests for grpc adapters (#6264) * updated tests from @guptasu * fix missed updates in spy backend * allow parallel calls * Remove pre-commit hooks (#6270) * telemetry: tuning mixerfilter (#6262) * tuning Signed-off-by: Kuat Yessenov <kuat@google.com> * undo gateway telemetry Signed-off-by: Kuat Yessenov <kuat@google.com> * put it back since it is just flaky Signed-off-by: Kuat Yessenov <kuat@google.com> * update proxy Signed-off-by: Kuat Yessenov <kuat@google.com> * Patch MixerReportToMixer test to reflect source.service removal (#6253) * Fix TestMetricsAndRateLimitAndRulesAndBookinfo (#6271) * Remove default --skip_cleanup in test makefile. (#6273) * Update issue templates * Delete legacy issue template * Remove auth-exclude e2e test (#6272) * not pass adapter config when there is none. (#6284) * not pass adapter config when there is none. * make linter happy. * Test cases for kube-inject to stdout via CLI (#6249) * Test cases for kube-inject to stdout via CLI * Named fields for test cases * Simplify inject-config * Lint * Use downstream protocol by default (#6158) * Use downstream protocol by default * Set downstream protocol only for HTTP, also set http2ProtocolOptions for HTTP2 * Fixes CF servicediscovery test These tests were failing when the optional protocol was removed * Check upstream protocol based on model.Protocol * Turns out protocol field is not quite optional :b * adds case for GRPC * Mock service registry refactored (#6277) * Refactored the mock service registry to be a common memory service registry * Lint fixes * More refactoring - moving test data to the test file. Keeping unused code in comment for future reference. * Revert "More refactoring - moving test data to the test file. Keeping unused code in comment for future reference." This reverts commit adc5e59. * Revert "Lint fixes" This reverts commit 93f05bc. * More refactoring - moved mock code to its own file * Another refactored file * File rename * Use RDS for sidecars and gateways (#6081) * update Go control plane Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Enable RDS for gateways and sidecars Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixing gateway Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * more test fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * bug fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixing major gaffe in routing weights Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * more fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * cleanups and renaming for clarity Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * more comments Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * nits * format * fix * Fix weighted routing with 0 weights Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * Use unique port names in Gateway servers Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * undo weighting bug fix * undo port name fix * undo file remove * fix goldens * more yaml fixes * reduce diffs Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * enable gateway rds Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * fixes Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * turn on debugging * snafu Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * undo log level changes * another log level fix * missing i * missing route name Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * renaming, comments, cleanup in old RDS code Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com> * remove old rdsv2 flag * disable pilot TestAuthNJwt/a->d[200] for now (#6289) * Update README.md (#6268) * update mixer_codegen.sh to generate proto_descriptors (#6294) * policy: enable policy on gateways and fix the test rules (#6274) * fix ingress rules Signed-off-by: Kuat Yessenov <kuat@google.com> * add source workload Signed-off-by: Kuat Yessenov <kuat@google.com> * remove fqdn from workload name Signed-off-by: Kuat Yessenov <kuat@google.com> * deprecated http outlier detection (#6302) * deprecated http outlier detection * remove invalid test and deprecated error
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Depends on envoyproxy/envoy#3128 and
envoyproxy/envoy#3084
Until then fault injection tests will fail.
Signed-off-by: Shriram Rajagopalan shriramr@vmware.com