Automator: merge upstream changes to openshift-service-mesh/istio@master #537
+5,343
−2,000
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* add release-note for warmup aggression change * Update releasenotes/notes/align-warmup-aggression.yaml Co-authored-by: Faseela K <[email protected]> --------- Co-authored-by: Faseela K <[email protected]>
…8292) * prevent httproute status conflict with multi-revisions Signed-off-by: Lucas Copi <[email protected]> * add tagwatcher for status to all route types Signed-off-by: Lucas Copi <[email protected]> * add integration test and release note Signed-off-by: Lucas Copi <[email protected]> * lint Signed-off-by: Lucas Copi <[email protected]> * create new revision checker Signed-off-by: Lucas Copi <[email protected]> * check match revision in register status, not in the status collection handler Signed-off-by: Lucas Copi <[email protected]> * lint Signed-off-by: Lucas Copi <[email protected]> * fix goroutine leak Signed-off-by: Lucas Copi <[email protected]> --------- Signed-off-by: Lucas Copi <[email protected]>
…ntry (#58242) * tests: add integration tests for BackendTLSPolicy applied to ServiceEntry Signed-off-by: Jacek Ewertowski <[email protected]> * Add a test case for BackendTLSPolicy with HTTPRoute Signed-off-by: Jacek Ewertowski <[email protected]> --------- Signed-off-by: Jacek Ewertowski <[email protected]>
https://storage.googleapis.com/istio-prow/logs/integ-assertion_istio_postsubmit/1991626385549955072/artifacts/ambient-1000a77ac823425cb81d309/_suite_context/istio-state-882031679/primary-0/istiod-66599dbf4b-knz5h_discovery.previous.log I believe this is because waypoint has different config from gateways ``` if (cb.sidecarProxy() || cb.proxyType == model.Waypoint) && isAutoProtocol { // Use downstream protocol. If the incoming traffic use HTTP 1.1, the // upstream cluster will use HTTP 1.1, if incoming traffic use HTTP2, // the upstream cluster will use HTTP2. cb.setUseDownstreamProtocol(cluster) } ``` so we need to take this into account
* bump go-control-plane * bump
Signed-off-by: xin.li <[email protected]>
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
47dd415 to
4227de3
Compare
* Add timeout and headers support to Zipkin tracing provider This change adds two new optional fields to the ZipkinTracingProvider in MeshConfig: - `timeout`: Configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability and preventing indefinite waits. - `headers`: Allows including custom HTTP headers in requests to the Zipkin collector for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. Implementation details: - When timeout or headers are configured, Istio uses Envoy's modern HttpService configuration with full URI support - When neither is configured, Istio uses legacy Envoy fields for backward compatibility - Added comprehensive test coverage for all configuration modes - Updated API documentation with usage examples * Add timeout and headers support to Zipkin tracing provider This change adds two new optional fields to the ZipkinTracingProvider in MeshConfig: - `timeout`: Configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability and preventing indefinite waits. - `headers`: Allows including custom HTTP headers in requests to the Zipkin collector for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. Implementation details: - When timeout or headers are configured, Istio uses Envoy's modern HttpService configuration with full URI support - When neither is configured, Istio uses legacy Envoy fields for backward compatibility - Added comprehensive test coverage for all configuration modes - Updated API documentation with usage examples * This change adds two new optional fields to the ZipkinTracingProvider in MeshConfig: - `timeout`: Configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability and preventing indefinite waits. - `headers`: Allows including custom HTTP headers in requests to the Zipkin collector for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. Implementation details: - When timeout or headers are configured, Istio uses Envoy's modern HttpService configuration with full URI support - When neither is configured, Istio uses legacy Envoy fields for backward compatibility - Added comprehensive test coverage for all configuration modes - Updated API documentation with usage examples * This change adds two new optional fields to the ZipkinTracingProvider in MeshConfig: - `timeout`: Configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability and preventing indefinite waits. - `headers`: Allows including custom HTTP headers in requests to the Zipkin collector for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. Implementation details: - When timeout or headers are configured, Istio uses Envoy's modern HttpService configuration with full URI support - When neither is configured, Istio uses legacy Envoy fields for backward compatibility - Added comprehensive test coverage for all configuration modes - Updated API documentation with usage examples * This change adds two new optional fields to the ZipkinTracingProvider in MeshConfig: - `timeout`: Configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability and preventing indefinite waits. - `headers`: Allows including custom HTTP headers in requests to the Zipkin collector for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. Implementation details: - When timeout or headers are configured, Istio uses Envoy's modern HttpService configuration with full URI support - When neither is configured, Istio uses legacy Envoy fields for backward compatibility - Added comprehensive test coverage for all configuration modes - Updated API documentation with usage examples * This change adds two new optional fields to the ZipkinTracingProvider in MeshConfig: - `timeout`: Configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability and preventing indefinite waits. - `headers`: Allows including custom HTTP headers in requests to the Zipkin collector for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. Implementation details: - When timeout or headers are configured, Istio uses Envoy's modern HttpService configuration with full URI support - When neither is configured, Istio uses legacy Envoy fields for backward compatibility - Added comprehensive test coverage for all configuration modes - Updated API documentation with usage examples * This change adds two new optional fields to the ZipkinTracingProvider in MeshConfig: - `timeout`: Configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability and preventing indefinite waits. - `headers`: Allows including custom HTTP headers in requests to the Zipkin collector for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. Implementation details: - When timeout or headers are configured, Istio uses Envoy's modern HttpService configuration with full URI support - When neither is configured, Istio uses legacy Envoy fields for backward compatibility - Added comprehensive test coverage for all configuration modes - Updated API documentation with usage examples * This change adds two new optional fields to the ZipkinTracingProvider in MeshConfig: - `timeout`: Configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability and preventing indefinite waits. - `headers`: Allows including custom HTTP headers in requests to the Zipkin collector for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. Implementation details: - When timeout or headers are configured, Istio uses Envoy's modern HttpService configuration with full URI support - When neither is configured, Istio uses legacy Envoy fields for backward compatibility - Added comprehensive test coverage for all configuration modes - Updated API documentation with usage examples * This change adds two new optional fields to the ZipkinTracingProvider in MeshConfig: - `timeout`: Configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability and preventing indefinite waits. - `headers`: Allows including custom HTTP headers in requests to the Zipkin collector for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. Implementation details: - When timeout or headers are configured, Istio uses Envoy's modern HttpService configuration with full URI support - When neither is configured, Istio uses legacy Envoy fields for backward compatibility - Added comprehensive test coverage for all configuration modes - Updated API documentation with usage examples * This change adds two new optional fields to the ZipkinTracingProvider in MeshConfig: - `timeout`: Configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability and preventing indefinite waits. - `headers`: Allows including custom HTTP headers in requests to the Zipkin collector for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. Implementation details: - When timeout or headers are configured, Istio uses Envoy's modern HttpService configuration with full URI support - When neither is configured, Istio uses legacy Envoy fields for backward compatibility - Added comprehensive test coverage for all configuration modes - Updated API documentation with usage examples * Fixing the linitng issues * Making the http service available to all proxies from 1.29
* Fix kubelet detection on MicroK8s with nftables backend When Ambient mode is used with the nftables backend, this PR fixes kubelet UID detection so that it works in MicroK8s, where kubelet runs inside the unified “kubelite” daemon rather than as a standalone process. Fixes: istio/istio#58185 Signed-off-by: Sridhar Gaddam <[email protected]> * Add release notes Signed-off-by: Sridhar Gaddam <[email protected]> --------- Signed-off-by: Sridhar Gaddam <[email protected]>
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
4227de3 to
67a0c0e
Compare
* Update GIE CRDs to include support for >1 targetPorts I planned on updating to v1.1.0 but ran into dependency issues. Now pointing to the commit that loosened restrictions on number of targetPorts. * Add support for multiple targetPorts in InferencePool This adds support for multiple targetPorts in an InferencePool by adding all targetPorts to the shadow service, and then making sure that only a single cluster is created for the dummy port (54321), allowing the EPP to loadbalance across all endpoints. * Add release note * Add integration test and EPP mock Co-Authored-By: Claude <[email protected]> --------- Co-authored-by: Claude <[email protected]>
…395) Followup to #58238
* Fix racy test Signed-off-by: Keith Mattix II <[email protected]> * Address comments Signed-off-by: Keith Mattix II <[email protected]> --------- Signed-off-by: Keith Mattix II <[email protected]>
Signed-off-by: vicerace <[email protected]>
This breaks things like a PEM cert in a configmap
* impl formatter custom tag * e2e and release notes * update * encode query param * update query * update test
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
ee8517d to
b98e155
Compare
Signed-off-by: Rama Chavali <[email protected]>
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
b98e155 to
b0ec51f
Compare
* optimize config meta building Signed-off-by: Rama Chavali <[email protected]> * add benchmark Signed-off-by: Rama Chavali <[email protected]> * remove string builder Signed-off-by: Rama Chavali <[email protected]> --------- Signed-off-by: Rama Chavali <[email protected]>
* charts/gateway: allow "enabled" field in the schema * add release notes
* Fix multicluster goroutine leaks Signed-off-by: Petr McAllister <[email protected]> * revert unneeded changes Signed-off-by: Petr McAllister <[email protected]> --------- Signed-off-by: Petr McAllister <[email protected]>
* samples: add a demo for SPIRE and trust domain federation Signed-off-by: Jacek Ewertowski <[email protected]> * Fix linter errors Signed-off-by: Jacek Ewertowski <[email protected]> * Remove DestinationRule with all trust domains Signed-off-by: Jacek Ewertowski <[email protected]> --------- Signed-off-by: Jacek Ewertowski <[email protected]>
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
b0ec51f to
3e56cea
Compare
Contributor
|
/test istio-integration-sail-ambient |
Contributor
|
/test istio-integration-ambient |
Contributor
|
/test istio-integration-sail-security |
Contributor
|
/test istio-integration-sail-telemetry |
Contributor
|
/retest |
Signed-off-by: Rama Chavali <[email protected]>
…525) * waypoint interop: specify Equals when waypointed services change * relnote * switch back to Equals
* upstream/master: (64 commits) Automator: update istio/client-go@master dependency in istio/istio@master (#58496) waypoint interop: specify Equals when waypointed services change (#58525) codegen kebab case conversion (#58529) samples: add a demo for SPIRE and trust domain federation (#58462) fix goroutine leaks in ambient index DelayedInformers. (#58479) multi-network: HBONE matching prefers hostname over VIP (#58512) charts/gateway: allow "enabled" field in the schema (#58278) optimize configmeta generation (#58521) cache default retry policy (#58515) chore: make gofumpt didn't change fiter_types.gen (#58513) update min k8s version (#58485) Automator: update ztunnel@master in istio/istio@master (#58480) pilot: watch meshConfig in remote clusters (#58455) Fix ambient multi-cluster integration tests (#58466) Automator: update common-files@master in istio/istio@master (#58495) improve the istioctl waypoint status describe and example (#58482) fix proxy version check for built-in formatters (#58469) Support safe migration from iptables to nftables in Ambient (#58354) krt: aggregate Join events for conflicting keys (#58324) Automator: update proxy@master in istio/istio@master (#58458) ...
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
3e56cea to
55d960d
Compare
Contributor
|
/retest |
Contributor
|
/test gencheck |
Contributor
|
/test istio-integration-pilot |
Contributor
|
/test istio-integration-sail-ambient |
Contributor
|
/retest |
Contributor
|
/test istio-integration-sail-ambient |
Contributor
|
/retest |
Contributor
|
/test istio-integration-telemetry |
|
@openshift-service-mesh-bot: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Contributor
|
/retest |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated by Automator - 2025-12-10T05:05:08+00:00