Automator: merge upstream changes to openshift-service-mesh/istio@master #502
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* [feat] Implement v1beta1.JWTRule jwtRule.SpaceDelimitedClaims Adding the possibility to set jwtRule.SpaceDelimitedClaims to set custom claims in the RequestAuthentication Signed-off-by: Francisco Herrera <[email protected]> * integration tests: add test for space-delimited `scope` claim We were only testing it for `permission` claims previously. * Adding integration test for spaceDelimitedClaims custom claims Signed-off-by: Francisco Herrera <[email protected]> * Adding Release notes Signed-off-by: Francisco Herrera <[email protected]> Fix function buildSpaceDelimitedClaims description Signed-off-by: Francisco Herrera <[email protected]> Fix lint Signed-off-by: Francisco Herrera <[email protected]> * Applye changes from review Signed-off-by: Francisco Herrera <[email protected]> --------- Signed-off-by: Francisco Herrera <[email protected]> Co-authored-by: Daniel Grimm <[email protected]>
…idecar non-IPTables listeners as well (#57717) * max-socket-events-at-sidecar Signed-off-by: William Zhang <[email protected]> * apply on inbound as well Signed-off-by: William Zhang <[email protected]> * clarify which listeners were changed in the release notes Signed-off-by: William Zhang <[email protected]> * further clarify which listeners were changed in the release notes Signed-off-by: William Zhang <[email protected]> --------- Signed-off-by: William Zhang <[email protected]>
…te and values.yaml (#57795) * feat: add clusterIP configuration to the gateway chart service template and values.yaml * Apply suggestion from @sridhargaddam Co-authored-by: Sridhar Gaddam <[email protected]> * feat: add release notes for service.clusterIP configuration in Gateway chart * Update releasenotes/notes/clusterIP-gateway-chart.yaml Co-authored-by: Sridhar Gaddam <[email protected]> --------- Co-authored-by: Sridhar Gaddam <[email protected]>
|
/retest |
4 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/retest |
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
e5c11d5 to
3c1e500
Compare
|
/retest |
This avoids possible bugs where we join names and run into duplicates. For example `a-b` + `c` == `a-b-c`, and `a` + `b-c` also == `a-b-c`. By using `~`, its impossible since a user cannot have a `~` in their name.
Make the "network" value flatten and configurable by both approaches: `helm template manifests/charts/ztunnel --set network=net1` `helm template manifests/charts/ztunnel --set global.network=net1` Signed-off-by: Maxim Babushkin <[email protected]>
* wip: update to gateway-api v1.4.0 * Regen with no creationTimestamp * Misc cleanup * Much better, broken LB, no conflicted yet * Tests passing * Use real commit * fix tests * more fixes * fixup * fixup * bump * license * fixup * Rebase * add note * gen * rebase
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
3c1e500 to
8cf9cfc
Compare
|
/test unit |
1 similar comment
|
/test unit |
* Verify identity for gw secrets * bootstrap fix * Debug logs for identity mismatch * releasenotes * lint * lint * use annotation * lint * Fixup tests * gen * Check for unmanaged gateways * make gen * Use IsManaged
|
/test gencheck |
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
e72ae35 to
a2adbf5
Compare
The comments describing the iptables selection logic don’t match the actual implementation. This PR fixes that. Signed-off-by: Sridhar Gaddam <[email protected]>
* add stat prefix for wasm default http rbac filters Signed-off-by: Rama Chavali <[email protected]> * fix ut Signed-off-by: Rama Chavali <[email protected]> --------- Signed-off-by: Rama Chavali <[email protected]>
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
a2adbf5 to
cfe85ce
Compare
* Handle istio-cni on node cleanup Currently on cleanup if safe upgrades are enable we check if the cni daemonset has a deletion time stamp. If it didn't have a stamp then we are in the process of upgrade or rebooting the node. Otherwise we should cleanup. This didn't handle failures on the get request for the DS (other than not found) which could indicate the node is in an unhealthy state / restarting. Previously an err would mean we would cleanup. Now we will retry the get, and assume we shouldn't cleanup by default. Signed-off-by: Jackie Elliott <[email protected]> * fix lint Signed-off-by: Jackie Elliott <[email protected]> * Add release note Signed-off-by: Jackie Elliott <[email protected]> * Cleanup root Signed-off-by: Jackie Elliott <[email protected]> * Refactor StopCleanup to only default to true when using istio owned cni config. Also, check for cni pod in plugin prior to getting k8s client. Signed-off-by: Jackie Elliott <[email protected]> * Handle unauthorized get error on cleanup Signed-off-by: Jackie Elliott <[email protected]> * Fix releasenotes and string format Signed-off-by: Jackie Elliott <[email protected]> * Fix nits Signed-off-by: Jackie Elliott <[email protected]> --------- Signed-off-by: Jackie Elliott <[email protected]>
|
/retest |
* move stat prefix to constants Signed-off-by: Rama Chavali <[email protected]> * use constants in tests Signed-off-by: Rama Chavali <[email protected]> --------- Signed-off-by: Rama Chavali <[email protected]>
Signed-off-by: xin.li <[email protected]>
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
cfe85ce to
b8a311f
Compare
|
/test istio-integration-security |
|
/retest |
* add meshconfig reconciliation to gateway controllers Signed-off-by: Lucas Copi <[email protected]> * refactor test helper for lint Signed-off-by: Lucas Copi <[email protected]> --------- Signed-off-by: Lucas Copi <[email protected]>
In a real world environment with many WasmPlugins, we saw about 10% of CPU usage on the lookup MatchListener. 1/3 of these is spent on HTTP lookups, while 2/3 on TCP lookups. However, the cluster only has HTTP wasm plugins. By flipping the condition to filter by the fast check (MatchType) we can avoid the expensive MatchListener calls.
* upstream/master: (52 commits) Automator: update ztunnel@master in istio/istio@master (#57906) Automator: update proxy@master in istio/istio@master (#57903) wasm: optimize lookup in control plane (#57901) add meshconfig reconciliation to gateway controllers (#57893) Automator: update ztunnel@master in istio/istio@master (#57885) addons: Bump addons version (#57887) Gateway: bump to v1.4.0 (#57873) Automator: update proxy@master in istio/istio@master (#57882) move stat prefix to constants (#57879) Handle istio-cni cleanup on node restart (#57456) add stat prefix for WASM default RBAC filters (#57824) Automator: update proxy@master in istio/istio@master (#57875) Update the comments to match the iptables selection logic (#57876) Automator: update proxy@master in istio/istio@master (#57872) Automator: update proxy@master in istio/istio@master (#57870) Automator: update ztunnel@master in istio/istio@master (#57857) Security/check sa for gw secrets (#57716) Automator: update proxy@master in istio/istio@master (#57865) Automator: update proxy@master in istio/istio@master (#57856) Automator: update ztunnel@master in istio/istio@master (#57845) ...
openshift-service-mesh-bot
force-pushed
the
none-master-merge_upstream_istio_master-6253864e
branch
from
b8a311f to
4085b27
Compare
|
@openshift-service-mesh-bot: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
18 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated by Automator - 2025-10-09T05:06:45+00:00