[pull] master from istio:master #2181
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
On OpenShift, the istio-cni-node pods either need to be privileged or have `seLinuxOptions.type` set to `spc_t` in order to be able to access `/var/run/istio` on the host's filesystem. We already set the type to `spc_t` in `profile-platform-openshift.yaml` for ztunnel, so we might as well re-use the same value for cni.
* ambient: introduce a new "ingress mode" The intent here is to better facilitate running an ingress workload in the mesh. The ideal flow is `internet client --> ingress pod --> ztunnel --> <mesh destination>`. Today, we have `client --> ztunnel --> ingress --> ztunnel`; this should work, but its not really necessary. This is done by utilizing an existing annotation, `traffic.sidecar.istio.io/excludeInboundPorts: "*"`. This is the ONLY value supported here; we do not (and IMO should not) support more customization. I used the same annotation, rather than a new one, since its a fairly common config to have on ingress today, so this may make adoption easier. * move name * fix iptables * lint
* cleanup: remove istio_authn generator Change-Id: Ibd951922e020110cc5f7cd25bfa10202c7b9bbbc Signed-off-by: Kuat Yessenov <kuat@google.com> * dead code Change-Id: I0fc3f88fba60bc911957d8ea82e6a72a14e0fefc Signed-off-by: Kuat Yessenov <kuat@google.com> * remove BUILD Change-Id: I0f5c973eeed57c5b5ac0ca19c690738d5aac5a54 Signed-off-by: Kuat Yessenov <kuat@google.com> --------- Signed-off-by: Kuat Yessenov <kuat@google.com>
* Add initial ztunnel cross-version test * Include disable/re-enable in test * remove legacy comments * fix merge error * move apply to test infra * fix lint * remove legacy debug code
* validation: future proof unknown versions * fmt
* Fix mirroring from waypoints Fixes #52713 * rename functions * add rel note
* Fix remote profile - Fix inconsistent usages of global.externalIstiod (this setting should only be used in the primary cluster and should not affect remote clusters at all) - Modify the charts so that the `istiod` service is always called `istiod`, even in remote clusters. This simplifies things and prevents bugs, such as referring to the wrong service name in webhooks. - Modify the charts so that `.Values.istiodRemote.enabled` determines whether `istio-reader-clusterrole` gives access to configmaps and webhooks. * Move constant declaration out of loop
* manifests: fix gateway injection and waypoint templates on OpenShift Signed-off-by: Yuanlin Xu <yuanlin.xu@redhat.com> * coalesce .Values.platform and .Values.global.platform Signed-off-by: Yuanlin Xu <yuanlin.xu@redhat.com> * Revert "coalesce .Values.platform and .Values.global.platform" This reverts commit 5bd0bd0. * directly reference Values.global.platform Signed-off-by: Yuanlin Xu <yuanlin.xu@redhat.com> --------- Signed-off-by: Yuanlin Xu <yuanlin.xu@redhat.com>
* Add seLinuxOptions to istio-cni/values.yaml * Add release note
* feat(destinationRule): 🚀 Adding warmup configuration Signed-off-by: Frédéric Gaudet <frederic.gaudet@blablacar.com> * feat(): Update client-go Signed-off-by: Frédéric Gaudet <frederic.gaudet@blablacar.com> * feat(): Adding release note Signed-off-by: Frédéric Gaudet <frederic.gaudet@blablacar.com> * feat(): lint Signed-off-by: Frédéric Gaudet <frederic.gaudet@blablacar.com> * feat(/pkg/config/validation): Adding validation Signed-off-by: Frédéric Gaudet <frederic.gaudet@blablacar.com> * feat(/pkg/config/validation): Adding validation Signed-off-by: Frédéric Gaudet <frederic.gaudet@blablacar.com> --------- Signed-off-by: Frédéric Gaudet <frederic.gaudet@blablacar.com>
Signed-off-by: Keith Mattix II <keithmattix@microsoft.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )