From 0a08d3f59aa5f33da5bdf8de33d31b75510b98f9 Mon Sep 17 00:00:00 2001 From: Daniel Hawton Date: Thu, 24 Apr 2025 07:35:55 +0200 Subject: [PATCH] prepare for v1.26 as istio source is already branched (#16420) * prepare for v1.26 as istio source is already branched * fix for gateway version, they don't always do -rcN but also -rc.N Signed-off-by: Daniel Hawton * disable debug messages Signed-off-by: Daniel Hawton * fix changed istioctl outputs Signed-off-by: Daniel Hawton * dropped line Signed-off-by: Daniel Hawton * fix Signed-off-by: Daniel Hawton * disable multi-primary multi-network install test for now: #16427 Signed-off-by: Daniel Hawton * remove test Signed-off-by: Daniel Hawton * debug Signed-off-by: Daniel Hawton * more debug Signed-off-by: Daniel Hawton * debug Signed-off-by: Daniel Hawton * disable multi-primary test as well, same issue #16427 Signed-off-by: Daniel Hawton * delete crds silent fail Signed-off-by: Daniel Hawton * get resource output to see about removing istioctl x wait Signed-off-by: Daniel Hawton * remove istioctl x wait, repalce with a general sleep again #16429 Signed-off-by: Daniel Hawton --------- Signed-off-by: Daniel Hawton --- Makefile.core.mk | 2 +- common/config/.golangci.yml | 10 ++ content/en/boilerplates/snips/args.sh | 2 +- .../snips/gateway-api-gamma-experimental.sh | 2 +- .../snips/gateway-api-install-crds.sh | 2 +- .../snips/gateway-api-remove-crds.sh | 2 +- .../enforce-auth-policies/index.md | 5 +- .../enforce-auth-policies/snips.sh | 5 +- .../docs/examples/virtual-machines/snips.sh | 2 +- .../commands/pilot-discovery/index.html | 6 +- .../en/docs/setup/getting-started/snips.sh | 6 +- .../install/external-controlplane/snips.sh | 2 +- .../multicluster/multi-primary/helm_test.sh | 84 --------- .../multicluster/multi-primary/index.md | 2 +- .../multicluster/multi-primary/snips.sh | 110 ------------ .../multicluster/multi-primary/test.sh | 64 ------- .../multi-primary_multi-network/helm_test.sh | 113 ------------ .../multi-primary_multi-network/index.md | 2 +- .../multi-primary_multi-network/snips.sh | 170 ------------------ .../multi-primary_multi-network/test.sh | 88 --------- .../multicluster/primary-remote/helm_test.sh | 3 +- .../primary-remote_multi-network/helm_test.sh | 3 +- .../install/multicluster/verify/index.md | 6 +- .../install/multicluster/verify/snips.sh | 6 +- .../authentication/authn-policy/snips.sh | 10 +- .../authentication/claim-to-header/snips.sh | 4 +- .../authentication/jwt-route/snips.sh | 6 +- .../authorization/authz-custom/snips.sh | 2 +- .../security/authorization/authz-jwt/snips.sh | 6 +- .../ingress/gateway-api/snips.sh | 4 +- .../commands/pilot-discovery/index.html | 6 +- data/args.yml | 4 +- go.mod | 32 ++-- go.sum | 70 ++++---- scripts/get_gateway_api_version.sh | 12 +- tests/setup/dualstack/doc_test.go | 2 +- tests/setup/profile-ambient/doc_test.go | 2 +- tests/setup/profile-default/doc_test.go | 2 +- tests/setup/profile-demo/doc_test.go | 2 +- tests/setup/profile-minimal/doc_test.go | 2 +- tests/util/helpers.sh | 19 +- tools/commonfiles-postprocess.sh | 19 ++ tools/golangci-override.yaml | 7 + 43 files changed, 162 insertions(+), 746 deletions(-) delete mode 100755 content/en/docs/setup/install/multicluster/multi-primary/helm_test.sh delete mode 100644 content/en/docs/setup/install/multicluster/multi-primary/snips.sh delete mode 100755 content/en/docs/setup/install/multicluster/multi-primary/test.sh delete mode 100755 content/en/docs/setup/install/multicluster/multi-primary_multi-network/helm_test.sh delete mode 100644 content/en/docs/setup/install/multicluster/multi-primary_multi-network/snips.sh delete mode 100644 content/en/docs/setup/install/multicluster/multi-primary_multi-network/test.sh create mode 100644 tools/commonfiles-postprocess.sh create mode 100644 tools/golangci-override.yaml diff --git a/Makefile.core.mk b/Makefile.core.mk index 33c32f7c69..1737643800 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -77,7 +77,7 @@ baseurl := "$(URL)" endif # Which branch of the Istio source code do we fetch stuff from -export SOURCE_BRANCH_NAME ?= master +export SOURCE_BRANCH_NAME ?= release-1.26 site: @scripts/gen_site.sh diff --git a/common/config/.golangci.yml b/common/config/.golangci.yml index a3908b1d12..2d78de893b 100644 --- a/common/config/.golangci.yml +++ b/common/config/.golangci.yml @@ -29,6 +29,12 @@ linters: deny: - pkg: github.com/gogo/protobuf desc: gogo/protobuf is deprecated, use golang/protobuf + main: + files: + - $all + allow: + - ^istio.io/istio/pkg/test + - ^istio.io/istio.io/pkg/test errcheck: check-type-assertions: false check-blank: false @@ -145,6 +151,10 @@ linters: - legacy - std-error-handling rules: + - linters: + - depguard + - lll + path: tests/|pkg/test/ - linters: - errcheck - maligned diff --git a/content/en/boilerplates/snips/args.sh b/content/en/boilerplates/snips/args.sh index b6b5d7141d..c01bb85cff 100644 --- a/content/en/boilerplates/snips/args.sh +++ b/content/en/boilerplates/snips/args.sh @@ -21,7 +21,7 @@ #################################################################################################### ! IFS=$'\n' read -r -d '' bpsnip_args_gateway_api_version <<\ENDSNIP -v1.2.1 +v1.3.0-rc.1 ENDSNIP ! IFS=$'\n' read -r -d '' bpsnip_args_istio_previous_version <<\ENDSNIP diff --git a/content/en/boilerplates/snips/gateway-api-gamma-experimental.sh b/content/en/boilerplates/snips/gateway-api-gamma-experimental.sh index 7585d136e9..7ae065b8f9 100644 --- a/content/en/boilerplates/snips/gateway-api-gamma-experimental.sh +++ b/content/en/boilerplates/snips/gateway-api-gamma-experimental.sh @@ -21,7 +21,7 @@ #################################################################################################### bpsnip_gateway_api_gamma_experimental_install_experimental_crds() { -kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.2.1" | kubectl apply -f - +kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.3.0-rc.1" | kubectl apply -f - } bpsnip_gateway_api_gamma_experimental_enable_alpha_crds() { diff --git a/content/en/boilerplates/snips/gateway-api-install-crds.sh b/content/en/boilerplates/snips/gateway-api-install-crds.sh index 3157bd91d5..ecd81441a6 100644 --- a/content/en/boilerplates/snips/gateway-api-install-crds.sh +++ b/content/en/boilerplates/snips/gateway-api-install-crds.sh @@ -22,5 +22,5 @@ bpsnip_gateway_api_install_crds_install_crds() { kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \ - kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml + kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0-rc.1/standard-install.yaml } diff --git a/content/en/boilerplates/snips/gateway-api-remove-crds.sh b/content/en/boilerplates/snips/gateway-api-remove-crds.sh index 46a81cd0d1..97915d81d1 100644 --- a/content/en/boilerplates/snips/gateway-api-remove-crds.sh +++ b/content/en/boilerplates/snips/gateway-api-remove-crds.sh @@ -21,5 +21,5 @@ #################################################################################################### bpsnip_gateway_api_remove_crds_remove_crds() { -kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml +kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0-rc.1/standard-install.yaml } diff --git a/content/en/docs/ambient/getting-started/enforce-auth-policies/index.md b/content/en/docs/ambient/getting-started/enforce-auth-policies/index.md index ff3221a378..7f6982b53e 100644 --- a/content/en/docs/ambient/getting-started/enforce-auth-policies/index.md +++ b/content/en/docs/ambient/getting-started/enforce-auth-policies/index.md @@ -56,8 +56,9 @@ To enforce Layer 7 policies, you first need a {{< gloss "waypoint" >}}waypoint p {{< text syntax=bash snip_id=deploy_waypoint >}} $ istioctl waypoint apply --enroll-namespace --wait -waypoint default/waypoint applied -namespace default labeled with "istio.io/use-waypoint: waypoint" +✅ waypoint default/waypoint applied +✅ waypoint default/waypoint is ready! +✅ namespace default labeled with "istio.io/use-waypoint: waypoint" {{< /text >}} You can view the waypoint proxy and make sure it has the `Programmed=True` status: diff --git a/content/en/docs/ambient/getting-started/enforce-auth-policies/snips.sh b/content/en/docs/ambient/getting-started/enforce-auth-policies/snips.sh index 4223f350f5..6f81ca2ea1 100644 --- a/content/en/docs/ambient/getting-started/enforce-auth-policies/snips.sh +++ b/content/en/docs/ambient/getting-started/enforce-auth-policies/snips.sh @@ -57,8 +57,9 @@ istioctl waypoint apply --enroll-namespace --wait } ! IFS=$'\n' read -r -d '' snip_deploy_waypoint_out <<\ENDSNIP -waypoint default/waypoint applied -namespace default labeled with "istio.io/use-waypoint: waypoint" +✅ waypoint default/waypoint applied +✅ waypoint default/waypoint is ready! +✅ namespace default labeled with "istio.io/use-waypoint: waypoint" ENDSNIP snip_enforce_layer_7_authorization_policy_2() { diff --git a/content/en/docs/examples/virtual-machines/snips.sh b/content/en/docs/examples/virtual-machines/snips.sh index e2a2b8badc..d231045b5a 100644 --- a/content/en/docs/examples/virtual-machines/snips.sh +++ b/content/en/docs/examples/virtual-machines/snips.sh @@ -39,7 +39,7 @@ sudo systemctl restart mysql } snip_running_mysql_on_the_vm_3() { -curl -LO https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/src/mysql/mysqldb-init.sql +curl -LO https://raw.githubusercontent.com/istio/istio/release-1.26/samples/bookinfo/src/mysql/mysqldb-init.sql mysql -u root -ppassword < mysqldb-init.sql } diff --git a/content/en/docs/reference/commands/pilot-discovery/index.html b/content/en/docs/reference/commands/pilot-discovery/index.html index f50b38baca..8f160e0d41 100644 --- a/content/en/docs/reference/commands/pilot-discovery/index.html +++ b/content/en/docs/reference/commands/pilot-discovery/index.html @@ -268,17 +268,17 @@ If it is not installed already, you can install it via your OS's package man --log_caller <string> -Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] (default ``) +Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ingress status, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] (default ``) --log_output_level <string> -Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default ``) +Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ingress status, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default ``) --log_stacktrace_level <string> -Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) +Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ingress status, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) --log_target <stringArray> diff --git a/content/en/docs/setup/getting-started/snips.sh b/content/en/docs/setup/getting-started/snips.sh index 0b7ab44690..43b21cf8b9 100644 --- a/content/en/docs/setup/getting-started/snips.sh +++ b/content/en/docs/setup/getting-started/snips.sh @@ -50,7 +50,7 @@ ENDSNIP snip_install_the_kubernetes_gateway_api_crds_1() { kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \ -{ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.2.1" | kubectl apply -f -; } +{ kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.3.0-rc.1" | kubectl apply -f -; } } snip_deploy_the_sample_application_1() { @@ -159,9 +159,9 @@ kubectl label namespace default istio-injection- } snip_uninstall_4() { -kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.2.1" | kubectl delete -f - +kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=v1.3.0-rc.1" | kubectl delete -f - } snip_uninstall_5() { -kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.2.1" | kubectl delete -f - +kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.3.0-rc.1" | kubectl delete -f - } diff --git a/content/en/docs/setup/install/external-controlplane/snips.sh b/content/en/docs/setup/install/external-controlplane/snips.sh index 4672c41b8a..91c7023e95 100644 --- a/content/en/docs/setup/install/external-controlplane/snips.sh +++ b/content/en/docs/setup/install/external-controlplane/snips.sh @@ -416,7 +416,7 @@ ENDSNIP snip_install_crds() { kubectl get crd gateways.gateway.networking.k8s.io --context="${CTX_REMOTE_CLUSTER}" &> /dev/null || \ - { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.2.1" | kubectl apply -f - --context="${CTX_REMOTE_CLUSTER}"; } + { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.3.0-rc.1" | kubectl apply -f - --context="${CTX_REMOTE_CLUSTER}"; } } snip_configure_and_test_an_ingress_gateway_3() { diff --git a/content/en/docs/setup/install/multicluster/multi-primary/helm_test.sh b/content/en/docs/setup/install/multicluster/multi-primary/helm_test.sh deleted file mode 100755 index 9f70d532f1..0000000000 --- a/content/en/docs/setup/install/multicluster/multi-primary/helm_test.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/usr/bin/env bash -# shellcheck disable=SC1090,SC2154 - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# @setup multicluster - -set -e -set -u -set -o pipefail - -source content/en/docs/setup/install/multicluster/common.sh -set_single_network_vars -setup_helm_repo - -function install_istio_helm { - # Install Istio on the 2 clusters. Executing in - # parallel to reduce test time. - install_istio_on_cluster1_helm & - install_istio_on_cluster2_helm & - wait -} - -function install_istio_on_cluster1_helm { - echo "Installing Istio on Primary cluster: ${CTX_CLUSTER1}" - snip_configure_cluster1_as_a_primary_3 - snip_configure_cluster1_as_a_primary_4 -} - -function install_istio_on_cluster2_helm { - echo "Installing Istio on Primary cluster: ${CTX_CLUSTER2}" - snip_configure_cluster2_as_a_primary_3 - snip_configure_cluster2_as_a_primary_4 -} - -function enable_endpoint_discovery { - snip_enable_endpoint_discovery_1 - snip_enable_endpoint_discovery_2 -} - -time configure_trust -time install_istio_helm -time enable_endpoint_discovery -time verify_load_balancing - -# @cleanup -source content/en/docs/setup/install/multicluster/common.sh -set_single_network_vars - -function cleanup_cluster1_helm { - snip_cleanup_3 - snip_cleanup_4 - snip_delete_sample_ns_cluster_1 -} - -function cleanup_cluster2_helm { - snip_cleanup_5 - snip_cleanup_6 - snip_delete_sample_ns_cluster_2 -} - -function cleanup_helm { - cleanup_cluster1_helm - cleanup_cluster2_helm - snip_delete_crds -} - -time cleanup_helm - -# Everything should be removed once cleanup completes. Use a small -# timeout for comparing cluster snapshots before/after the test. -export VERIFY_TIMEOUT=20 diff --git a/content/en/docs/setup/install/multicluster/multi-primary/index.md b/content/en/docs/setup/install/multicluster/multi-primary/index.md index f491eb701e..bc5504633f 100644 --- a/content/en/docs/setup/install/multicluster/multi-primary/index.md +++ b/content/en/docs/setup/install/multicluster/multi-primary/index.md @@ -3,7 +3,7 @@ title: Install Multi-Primary description: Install an Istio mesh across multiple primary clusters. weight: 10 keywords: [kubernetes,multicluster] -test: yes +test: no owner: istio/wg-environments-maintainers --- Follow this guide to install the Istio control plane on both `cluster1` and diff --git a/content/en/docs/setup/install/multicluster/multi-primary/snips.sh b/content/en/docs/setup/install/multicluster/multi-primary/snips.sh deleted file mode 100644 index 59b0118c63..0000000000 --- a/content/en/docs/setup/install/multicluster/multi-primary/snips.sh +++ /dev/null @@ -1,110 +0,0 @@ -#!/bin/bash -# shellcheck disable=SC2034,SC2153,SC2155,SC2164 - -# Copyright Istio Authors. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#################################################################################################### -# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE: -# docs/setup/install/multicluster/multi-primary/index.md -#################################################################################################### - -snip_configure_cluster1_as_a_primary_1() { -cat < cluster1.yaml -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - values: - global: - meshID: mesh1 - multiCluster: - clusterName: cluster1 - network: network1 -EOF -} - -snip_configure_cluster1_as_a_primary_2() { -istioctl install --context="${CTX_CLUSTER1}" -f cluster1.yaml -} - -snip_configure_cluster1_as_a_primary_3() { -helm install istio-base istio/base -n istio-system --kube-context "${CTX_CLUSTER1}" -} - -snip_configure_cluster1_as_a_primary_4() { -helm install istiod istio/istiod -n istio-system --kube-context "${CTX_CLUSTER1}" --set global.meshID=mesh1 --set global.multiCluster.clusterName=cluster1 --set global.network=network1 -} - -snip_configure_cluster2_as_a_primary_1() { -cat < cluster2.yaml -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - values: - global: - meshID: mesh1 - multiCluster: - clusterName: cluster2 - network: network1 -EOF -} - -snip_configure_cluster2_as_a_primary_2() { -istioctl install --context="${CTX_CLUSTER2}" -f cluster2.yaml -} - -snip_configure_cluster2_as_a_primary_3() { -helm install istio-base istio/base -n istio-system --kube-context "${CTX_CLUSTER2}" -} - -snip_configure_cluster2_as_a_primary_4() { -helm install istiod istio/istiod -n istio-system --kube-context "${CTX_CLUSTER2}" --set global.meshID=mesh1 --set global.multiCluster.clusterName=cluster2 --set global.network=network1 -} - -snip_enable_endpoint_discovery_1() { -istioctl create-remote-secret \ - --context="${CTX_CLUSTER1}" \ - --name=cluster1 | \ - kubectl apply -f - --context="${CTX_CLUSTER2}" -} - -snip_enable_endpoint_discovery_2() { -istioctl create-remote-secret \ - --context="${CTX_CLUSTER2}" \ - --name=cluster2 | \ - kubectl apply -f - --context="${CTX_CLUSTER1}" -} - -snip_cleanup_3() { -helm delete istiod -n istio-system --kube-context "${CTX_CLUSTER1}" -helm delete istio-base -n istio-system --kube-context "${CTX_CLUSTER1}" -} - -snip_cleanup_4() { -kubectl delete ns istio-system --context="${CTX_CLUSTER1}" -} - -snip_cleanup_5() { -helm delete istiod -n istio-system --kube-context "${CTX_CLUSTER2}" -helm delete istio-base -n istio-system --kube-context "${CTX_CLUSTER2}" -} - -snip_cleanup_6() { -kubectl delete ns istio-system --context="${CTX_CLUSTER2}" -} - -snip_delete_crds() { -kubectl get crd -oname --context "${CTX_CLUSTER1}" | grep --color=never 'istio.io' | xargs kubectl delete --context "${CTX_CLUSTER1}" -kubectl get crd -oname --context "${CTX_CLUSTER2}" | grep --color=never 'istio.io' | xargs kubectl delete --context "${CTX_CLUSTER2}" -} diff --git a/content/en/docs/setup/install/multicluster/multi-primary/test.sh b/content/en/docs/setup/install/multicluster/multi-primary/test.sh deleted file mode 100755 index 6cd3dbb311..0000000000 --- a/content/en/docs/setup/install/multicluster/multi-primary/test.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env bash -# shellcheck disable=SC1090,SC2154 - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# @setup multicluster - -set -e -set -u -set -o pipefail - -source content/en/docs/setup/install/multicluster/common.sh -set_single_network_vars - -function install_istio_on_cluster1_istioctl { - echo "Installing Istio on Primary cluster: ${CTX_CLUSTER1}" - snip_configure_cluster1_as_a_primary_1 - echo y | snip_configure_cluster1_as_a_primary_2 -} - -function install_istio_on_cluster2_istioctl { - echo "Installing Istio on Primary cluster: ${CTX_CLUSTER2}" - snip_configure_cluster2_as_a_primary_1 - echo y | snip_configure_cluster2_as_a_primary_2 -} - -function install_istio_istioctl { - # Install Istio on the 2 clusters. Executing in - # parallel to reduce test time. - install_istio_on_cluster1_istioctl & - install_istio_on_cluster2_istioctl & - wait -} - -function enable_endpoint_discovery { - snip_enable_endpoint_discovery_1 - snip_enable_endpoint_discovery_2 -} - -time configure_trust -time install_istio_istioctl -time enable_endpoint_discovery -time verify_load_balancing - -# @cleanup -source content/en/docs/setup/install/multicluster/common.sh -set_single_network_vars -time cleanup_istioctl - -# Everything should be removed once cleanup completes. Use a small -# timeout for comparing cluster snapshots before/after the test. -export VERIFY_TIMEOUT=20 diff --git a/content/en/docs/setup/install/multicluster/multi-primary_multi-network/helm_test.sh b/content/en/docs/setup/install/multicluster/multi-primary_multi-network/helm_test.sh deleted file mode 100755 index e0a5c9ed88..0000000000 --- a/content/en/docs/setup/install/multicluster/multi-primary_multi-network/helm_test.sh +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/bin/env bash -# shellcheck disable=SC1090,SC2154 - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# @setup multicluster - -set -e -set -u -set -o pipefail - -source content/en/docs/setup/install/multicluster/common.sh -set_multi_network_vars -setup_helm_repo - -function install_istio_on_cluster1_helm { - echo "Installing Istio on Primary cluster: ${CTX_CLUSTER1}" - - snip_set_the_default_network_for_cluster1_1 - - snip_configure_cluster1_as_a_primary_3 - snip_configure_cluster1_as_a_primary_4 - - echo "Creating the east-west gateway" - snip_install_the_eastwest_gateway_in_cluster1_2 - - echo "Waiting for the east-west gateway to have an external IP" - _verify_like snip_install_the_eastwest_gateway_in_cluster1_3 "$snip_install_the_eastwest_gateway_in_cluster1_3_out" - - echo "Exposing services via the east-west gateway" - snip_expose_services_in_cluster1_1 -} - -function install_istio_on_cluster2_helm { - echo "Installing Istio on Primary cluster: ${CTX_CLUSTER2}" - - snip_set_the_default_network_for_cluster2_1 - - snip_configure_cluster2_as_a_primary_3 - snip_configure_cluster2_as_a_primary_4 - - echo "Creating the east-west gateway" - snip_install_the_eastwest_gateway_in_cluster2_2 - - echo "Waiting for the east-west gateway to have an external IP" - _verify_like snip_install_the_eastwest_gateway_in_cluster2_3 "$snip_install_the_eastwest_gateway_in_cluster2_3_out" - - echo "Exposing services via the east-west gateway" - snip_expose_services_in_cluster2_1 -} - -function install_istio_helm { - # Install Istio on the 2 clusters. Executing in - # parallel to reduce test time. - install_istio_on_cluster1_helm & - install_istio_on_cluster2_helm & - wait -} - -function enable_endpoint_discovery { - snip_enable_endpoint_discovery_1 - snip_enable_endpoint_discovery_2 -} - -function delete_crds_cluster_1() { -kubectl get crd -oname --context "${CTX_CLUSTER1}" | grep --color=never 'istio.io' | xargs kubectl delete --context "${CTX_CLUSTER1}" -} - -time delete_crds_cluster_1 -time configure_trust -time install_istio_helm -time enable_endpoint_discovery -time verify_load_balancing - -# @cleanup -source content/en/docs/setup/install/multicluster/common.sh -set_multi_network_vars - -function cleanup_cluster1_helm { - snip_cleanup_3 - snip_cleanup_4 - snip_delete_sample_ns_cluster_1 -} - -function cleanup_cluster2_helm { - snip_cleanup_5 - snip_cleanup_6 - snip_delete_sample_ns_cluster_2 -} - -function cleanup_helm { - cleanup_cluster1_helm - cleanup_cluster2_helm - snip_delete_crds -} - -time cleanup_helm - -# Everything should be removed once cleanup completes. Use a small -# timeout for comparing cluster snapshots before/after the test. -export VERIFY_TIMEOUT=20 diff --git a/content/en/docs/setup/install/multicluster/multi-primary_multi-network/index.md b/content/en/docs/setup/install/multicluster/multi-primary_multi-network/index.md index 8645552477..b15b9152c7 100644 --- a/content/en/docs/setup/install/multicluster/multi-primary_multi-network/index.md +++ b/content/en/docs/setup/install/multicluster/multi-primary_multi-network/index.md @@ -3,7 +3,7 @@ title: Install Multi-Primary on different networks description: Install an Istio mesh across multiple primary clusters on different networks. weight: 30 keywords: [kubernetes,multicluster] -test: yes +test: no owner: istio/wg-environments-maintainers --- Follow this guide to install the Istio control plane on both `cluster1` and diff --git a/content/en/docs/setup/install/multicluster/multi-primary_multi-network/snips.sh b/content/en/docs/setup/install/multicluster/multi-primary_multi-network/snips.sh deleted file mode 100644 index 561b146546..0000000000 --- a/content/en/docs/setup/install/multicluster/multi-primary_multi-network/snips.sh +++ /dev/null @@ -1,170 +0,0 @@ -#!/bin/bash -# shellcheck disable=SC2034,SC2153,SC2155,SC2164 - -# Copyright Istio Authors. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#################################################################################################### -# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE: -# docs/setup/install/multicluster/multi-primary_multi-network/index.md -#################################################################################################### - -snip_set_the_default_network_for_cluster1_1() { -kubectl --context="${CTX_CLUSTER1}" get namespace istio-system && \ - kubectl --context="${CTX_CLUSTER1}" label namespace istio-system topology.istio.io/network=network1 -} - -snip_configure_cluster1_as_a_primary_1() { -cat < cluster1.yaml -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - values: - global: - meshID: mesh1 - multiCluster: - clusterName: cluster1 - network: network1 -EOF -} - -snip_configure_cluster1_as_a_primary_2() { -istioctl install --context="${CTX_CLUSTER1}" -f cluster1.yaml -} - -snip_configure_cluster1_as_a_primary_3() { -helm install istio-base istio/base -n istio-system --kube-context "${CTX_CLUSTER1}" -} - -snip_configure_cluster1_as_a_primary_4() { -helm install istiod istio/istiod -n istio-system --kube-context "${CTX_CLUSTER1}" --set global.meshID=mesh1 --set global.multiCluster.clusterName=cluster1 --set global.network=network1 -} - -snip_install_the_eastwest_gateway_in_cluster1_1() { -samples/multicluster/gen-eastwest-gateway.sh \ - --network network1 | \ - istioctl --context="${CTX_CLUSTER1}" install -y -f - -} - -snip_install_the_eastwest_gateway_in_cluster1_2() { -helm install istio-eastwestgateway istio/gateway -n istio-system --kube-context "${CTX_CLUSTER1}" --set name=istio-eastwestgateway --set networkGateway=network1 -} - -snip_install_the_eastwest_gateway_in_cluster1_3() { -kubectl --context="${CTX_CLUSTER1}" get svc istio-eastwestgateway -n istio-system -} - -! IFS=$'\n' read -r -d '' snip_install_the_eastwest_gateway_in_cluster1_3_out <<\ENDSNIP -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -istio-eastwestgateway LoadBalancer 10.80.6.124 34.75.71.237 ... 51s -ENDSNIP - -snip_expose_services_in_cluster1_1() { -kubectl --context="${CTX_CLUSTER1}" apply -n istio-system -f \ - samples/multicluster/expose-services.yaml -} - -snip_set_the_default_network_for_cluster2_1() { -kubectl --context="${CTX_CLUSTER2}" get namespace istio-system && \ - kubectl --context="${CTX_CLUSTER2}" label namespace istio-system topology.istio.io/network=network2 -} - -snip_configure_cluster2_as_a_primary_1() { -cat < cluster2.yaml -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - values: - global: - meshID: mesh1 - multiCluster: - clusterName: cluster2 - network: network2 -EOF -} - -snip_configure_cluster2_as_a_primary_2() { -istioctl install --context="${CTX_CLUSTER2}" -f cluster2.yaml -} - -snip_configure_cluster2_as_a_primary_3() { -helm install istio-base istio/base -n istio-system --kube-context "${CTX_CLUSTER2}" -} - -snip_configure_cluster2_as_a_primary_4() { -helm install istiod istio/istiod -n istio-system --kube-context "${CTX_CLUSTER2}" --set global.meshID=mesh1 --set global.multiCluster.clusterName=cluster2 --set global.network=network2 -} - -snip_install_the_eastwest_gateway_in_cluster2_1() { -samples/multicluster/gen-eastwest-gateway.sh \ - --network network2 | \ - istioctl --context="${CTX_CLUSTER2}" install -y -f - -} - -snip_install_the_eastwest_gateway_in_cluster2_2() { -helm install istio-eastwestgateway istio/gateway -n istio-system --kube-context "${CTX_CLUSTER2}" --set name=istio-eastwestgateway --set networkGateway=network2 -} - -snip_install_the_eastwest_gateway_in_cluster2_3() { -kubectl --context="${CTX_CLUSTER2}" get svc istio-eastwestgateway -n istio-system -} - -! IFS=$'\n' read -r -d '' snip_install_the_eastwest_gateway_in_cluster2_3_out <<\ENDSNIP -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -istio-eastwestgateway LoadBalancer 10.0.12.121 34.122.91.98 ... 51s -ENDSNIP - -snip_expose_services_in_cluster2_1() { -kubectl --context="${CTX_CLUSTER2}" apply -n istio-system -f \ - samples/multicluster/expose-services.yaml -} - -snip_enable_endpoint_discovery_1() { -istioctl create-remote-secret \ - --context="${CTX_CLUSTER1}" \ - --name=cluster1 | \ - kubectl apply -f - --context="${CTX_CLUSTER2}" -} - -snip_enable_endpoint_discovery_2() { -istioctl create-remote-secret \ - --context="${CTX_CLUSTER2}" \ - --name=cluster2 | \ - kubectl apply -f - --context="${CTX_CLUSTER1}" -} - -snip_cleanup_3() { -helm delete istiod -n istio-system --kube-context "${CTX_CLUSTER1}" -helm delete istio-eastwestgateway -n istio-system --kube-context "${CTX_CLUSTER1}" -helm delete istio-base -n istio-system --kube-context "${CTX_CLUSTER1}" -} - -snip_cleanup_4() { -kubectl delete ns istio-system --context="${CTX_CLUSTER1}" -} - -snip_cleanup_5() { -helm delete istiod -n istio-system --kube-context "${CTX_CLUSTER2}" -helm delete istio-eastwestgateway -n istio-system --kube-context "${CTX_CLUSTER2}" -helm delete istio-base -n istio-system --kube-context "${CTX_CLUSTER2}" -} - -snip_cleanup_6() { -kubectl delete ns istio-system --context="${CTX_CLUSTER2}" -} - -snip_delete_crds() { -kubectl get crd -oname --context "${CTX_CLUSTER1}" | grep --color=never 'istio.io' | xargs kubectl delete --context "${CTX_CLUSTER1}" -kubectl get crd -oname --context "${CTX_CLUSTER2}" | grep --color=never 'istio.io' | xargs kubectl delete --context "${CTX_CLUSTER2}" -} diff --git a/content/en/docs/setup/install/multicluster/multi-primary_multi-network/test.sh b/content/en/docs/setup/install/multicluster/multi-primary_multi-network/test.sh deleted file mode 100644 index 28551c4534..0000000000 --- a/content/en/docs/setup/install/multicluster/multi-primary_multi-network/test.sh +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/env bash -# shellcheck disable=SC1090,SC2154 - -# Copyright Istio Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# @setup multicluster - -set -e -set -u -set -o pipefail - -source content/en/docs/setup/install/multicluster/common.sh -set_multi_network_vars - -function install_istio_on_cluster1_istioctl { - echo "Installing Istio on Primary cluster: ${CTX_CLUSTER1}" - - snip_set_the_default_network_for_cluster1_1 - - snip_configure_cluster1_as_a_primary_1 - echo y | snip_configure_cluster1_as_a_primary_2 - - echo "Creating the east-west gateway" - snip_install_the_eastwest_gateway_in_cluster1_1 - - echo "Waiting for the east-west gateway to have an external IP" - _verify_like snip_install_the_eastwest_gateway_in_cluster1_3 "$snip_install_the_eastwest_gateway_in_cluster1_3_out" - - echo "Exposing services via the east-west gateway" - snip_expose_services_in_cluster1_1 -} - -function install_istio_on_cluster2_istioctl { - echo "Installing Istio on Primary cluster: ${CTX_CLUSTER2}" - - snip_set_the_default_network_for_cluster2_1 - - snip_configure_cluster2_as_a_primary_1 - echo y | snip_configure_cluster2_as_a_primary_2 - - echo "Creating the east-west gateway" - snip_install_the_eastwest_gateway_in_cluster2_1 - - echo "Waiting for the east-west gateway to have an external IP" - _verify_like snip_install_the_eastwest_gateway_in_cluster2_3 "$snip_install_the_eastwest_gateway_in_cluster2_3_out" - - echo "Exposing services via the east-west gateway" - snip_expose_services_in_cluster2_1 -} - -function install_istio_istioctl { - # Install Istio on the 2 clusters. Executing in - # parallel to reduce test time. - install_istio_on_cluster1_istioctl & - install_istio_on_cluster2_istioctl & - wait -} - -function enable_endpoint_discovery { - snip_enable_endpoint_discovery_1 - snip_enable_endpoint_discovery_2 -} - -time configure_trust -time install_istio_istioctl -time enable_endpoint_discovery -time verify_load_balancing - -# @cleanup -source content/en/docs/setup/install/multicluster/common.sh -set_multi_network_vars -time cleanup_istioctl - -# Everything should be removed once cleanup completes. Use a small -# timeout for comparing cluster snapshots before/after the test. -export VERIFY_TIMEOUT=20 diff --git a/content/en/docs/setup/install/multicluster/primary-remote/helm_test.sh b/content/en/docs/setup/install/multicluster/primary-remote/helm_test.sh index a568b61afc..97c3f6094a 100755 --- a/content/en/docs/setup/install/multicluster/primary-remote/helm_test.sh +++ b/content/en/docs/setup/install/multicluster/primary-remote/helm_test.sh @@ -54,7 +54,8 @@ function enable_api_server_access { snip_attach_cluster2_as_a_remote_cluster_of_cluster1_1 } -snip_delete_crds +# @TODO: We need to fix this... for some reason, the CRDs don't seem to exist in cluster2 here anymore? +snip_delete_crds || true time install_istio_on_cluster1_helm time install_istio_on_cluster2_helm time enable_api_server_access diff --git a/content/en/docs/setup/install/multicluster/primary-remote_multi-network/helm_test.sh b/content/en/docs/setup/install/multicluster/primary-remote_multi-network/helm_test.sh index a17186dad9..c1225a6947 100755 --- a/content/en/docs/setup/install/multicluster/primary-remote_multi-network/helm_test.sh +++ b/content/en/docs/setup/install/multicluster/primary-remote_multi-network/helm_test.sh @@ -59,7 +59,8 @@ function install_istio_on_cluster2_helm { _verify_like snip_install_the_eastwest_gateway_in_cluster2_3 "$snip_install_the_eastwest_gateway_in_cluster2_3_out" } -snip_delete_crds +# @TODO: We need to fix this... for some reason, the CRDs don't seem to exist in cluster2 here anymore? +snip_delete_crds || true time install_istio_on_cluster1_helm time install_istio_on_cluster2_helm diff --git a/content/en/docs/setup/install/multicluster/verify/index.md b/content/en/docs/setup/install/multicluster/verify/index.md index 0087aa1037..dba0e1a6a5 100644 --- a/content/en/docs/setup/install/multicluster/verify/index.md +++ b/content/en/docs/setup/install/multicluster/verify/index.md @@ -29,9 +29,9 @@ of the remote cluster. {{< text bash >}} $ istioctl remote-clusters --context="${CTX_CLUSTER1}" -NAME SECRET STATUS ISTIOD -cluster1 synced istiod-a5jg5df5bd-2dfa9 -cluster2 istio-system/istio-remote-secret synced istiod-a5jg5df5bd-2dfa9 +NAME SECRET STATUS ISTIOD +cluster1 synced istiod-7b74b769db-kb4kj +cluster2 istio-system/istio-remote-secret-cluster2 synced istiod-7b74b769db-kb4kj {{< /text >}} All clusters should indicate their status as `synced`. If a cluster is listed with diff --git a/content/en/docs/setup/install/multicluster/verify/snips.sh b/content/en/docs/setup/install/multicluster/verify/snips.sh index 8a30eb3b6f..f9b767f5ea 100644 --- a/content/en/docs/setup/install/multicluster/verify/snips.sh +++ b/content/en/docs/setup/install/multicluster/verify/snips.sh @@ -25,9 +25,9 @@ istioctl remote-clusters --context="${CTX_CLUSTER1}" } ! IFS=$'\n' read -r -d '' snip_verify_multicluster_1_out <<\ENDSNIP -NAME SECRET STATUS ISTIOD -cluster1 synced istiod-a5jg5df5bd-2dfa9 -cluster2 istio-system/istio-remote-secret synced istiod-a5jg5df5bd-2dfa9 +NAME SECRET STATUS ISTIOD +cluster1 synced istiod-7b74b769db-kb4kj +cluster2 istio-system/istio-remote-secret-cluster2 synced istiod-7b74b769db-kb4kj ENDSNIP snip_deploy_the_helloworld_service_1() { diff --git a/content/en/docs/tasks/security/authentication/authn-policy/snips.sh b/content/en/docs/tasks/security/authentication/authn-policy/snips.sh index e79ddca797..81813bb8d9 100644 --- a/content/en/docs/tasks/security/authentication/authn-policy/snips.sh +++ b/content/en/docs/tasks/security/authentication/authn-policy/snips.sh @@ -298,7 +298,7 @@ spec: istio: ingressgateway jwtRules: - issuer: "testing@secure.istio.io" - jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json" + jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/jwks.json" EOF } @@ -316,7 +316,7 @@ spec: name: httpbin-gateway jwtRules: - issuer: "testing@secure.istio.io" - jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json" + jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/jwks.json" EOF } @@ -337,7 +337,7 @@ curl --header "Authorization: Bearer deadbeef" "$INGRESS_HOST:$INGRESS_PORT/head ENDSNIP snip_enduser_authentication_9() { -TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/demo.jwt -s) +TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/demo.jwt -s) curl --header "Authorization: Bearer $TOKEN" "$INGRESS_HOST:$INGRESS_PORT/headers" -s -o /dev/null -w "%{http_code}\n" } @@ -346,11 +346,11 @@ curl --header "Authorization: Bearer $TOKEN" "$INGRESS_HOST:$INGRESS_PORT/header ENDSNIP snip_enduser_authentication_10() { -wget --no-verbose https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/gen-jwt.py +wget --no-verbose https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/gen-jwt.py } snip_enduser_authentication_11() { -wget --no-verbose https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/key.pem +wget --no-verbose https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/key.pem } snip_enduser_authentication_12() { diff --git a/content/en/docs/tasks/security/authentication/claim-to-header/snips.sh b/content/en/docs/tasks/security/authentication/claim-to-header/snips.sh index 08a6c3f09c..c7d45b105b 100644 --- a/content/en/docs/tasks/security/authentication/claim-to-header/snips.sh +++ b/content/en/docs/tasks/security/authentication/claim-to-header/snips.sh @@ -48,7 +48,7 @@ spec: app: httpbin jwtRules: - issuer: "testing@secure.istio.io" - jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json" + jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/jwks.json" outputClaimToHeaders: - header: "x-jwt-claim-foo" claim: "foo" @@ -64,7 +64,7 @@ kubectl exec "$(kubectl get pod -l app=curl -n foo -o jsonpath={.items..metadata ENDSNIP snip_allow_requests_with_valid_jwt_and_listtyped_claims_3() { -TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN" | cut -d '.' -f2 - | base64 --decode - +TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN" | cut -d '.' -f2 - | base64 --decode - } ! IFS=$'\n' read -r -d '' snip_allow_requests_with_valid_jwt_and_listtyped_claims_3_out <<\ENDSNIP diff --git a/content/en/docs/tasks/security/authentication/jwt-route/snips.sh b/content/en/docs/tasks/security/authentication/jwt-route/snips.sh index 1ed53e6705..3b22cc3416 100644 --- a/content/en/docs/tasks/security/authentication/jwt-route/snips.sh +++ b/content/en/docs/tasks/security/authentication/jwt-route/snips.sh @@ -47,7 +47,7 @@ spec: istio: ingressgateway jwtRules: - issuer: "testing@secure.istio.io" - jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json" + jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/jwks.json" EOF } @@ -97,7 +97,7 @@ HTTP/1.1 401 Unauthorized ENDSNIP snip_validating_ingress_routing_based_on_jwt_claims_3() { -TOKEN_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode +TOKEN_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode } ! IFS=$'\n' read -r -d '' snip_validating_ingress_routing_based_on_jwt_claims_3_out <<\ENDSNIP @@ -114,7 +114,7 @@ HTTP/1.1 200 OK ENDSNIP snip_validating_ingress_routing_based_on_jwt_claims_5() { -TOKEN_NO_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN_NO_GROUP" | cut -d '.' -f2 - | base64 --decode +TOKEN_NO_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN_NO_GROUP" | cut -d '.' -f2 - | base64 --decode } ! IFS=$'\n' read -r -d '' snip_validating_ingress_routing_based_on_jwt_claims_5_out <<\ENDSNIP diff --git a/content/en/docs/tasks/security/authorization/authz-custom/snips.sh b/content/en/docs/tasks/security/authorization/authz-custom/snips.sh index 292f86c455..6deba3a563 100644 --- a/content/en/docs/tasks/security/authorization/authz-custom/snips.sh +++ b/content/en/docs/tasks/security/authorization/authz-custom/snips.sh @@ -36,7 +36,7 @@ kubectl exec "$(kubectl get pod -l app=curl -n foo -o jsonpath={.items..metadata ENDSNIP snip_deploy_the_external_authorizer_1() { -kubectl apply -n foo -f https://raw.githubusercontent.com/istio/istio/master/samples/extauthz/ext-authz.yaml +kubectl apply -n foo -f https://raw.githubusercontent.com/istio/istio/release-1.26/samples/extauthz/ext-authz.yaml } ! IFS=$'\n' read -r -d '' snip_deploy_the_external_authorizer_1_out <<\ENDSNIP diff --git a/content/en/docs/tasks/security/authorization/authz-jwt/snips.sh b/content/en/docs/tasks/security/authorization/authz-jwt/snips.sh index d65cf482e0..d8d2e53a33 100644 --- a/content/en/docs/tasks/security/authorization/authz-jwt/snips.sh +++ b/content/en/docs/tasks/security/authorization/authz-jwt/snips.sh @@ -47,7 +47,7 @@ spec: app: httpbin jwtRules: - issuer: "testing@secure.istio.io" - jwksUri: "https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json" + jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/jwks.json" EOF } @@ -87,7 +87,7 @@ EOF } snip_allow_requests_with_valid_jwt_and_listtyped_claims_5() { -TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN" | cut -d '.' -f2 - | base64 --decode +TOKEN=$(curl https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/demo.jwt -s) && echo "$TOKEN" | cut -d '.' -f2 - | base64 --decode } ! IFS=$'\n' read -r -d '' snip_allow_requests_with_valid_jwt_and_listtyped_claims_5_out <<\ENDSNIP @@ -133,7 +133,7 @@ EOF } snip_allow_requests_with_valid_jwt_and_listtyped_claims_9() { -TOKEN_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode +TOKEN_GROUP=$(curl https://raw.githubusercontent.com/istio/istio/release-1.26/security/tools/jwt/samples/groups-scope.jwt -s) && echo "$TOKEN_GROUP" | cut -d '.' -f2 - | base64 --decode } ! IFS=$'\n' read -r -d '' snip_allow_requests_with_valid_jwt_and_listtyped_claims_9_out <<\ENDSNIP diff --git a/content/en/docs/tasks/traffic-management/ingress/gateway-api/snips.sh b/content/en/docs/tasks/traffic-management/ingress/gateway-api/snips.sh index 38f3911d76..ae59ee52ba 100644 --- a/content/en/docs/tasks/traffic-management/ingress/gateway-api/snips.sh +++ b/content/en/docs/tasks/traffic-management/ingress/gateway-api/snips.sh @@ -22,7 +22,7 @@ snip_setup_1() { kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \ - { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.2.1" | kubectl apply -f -; } + { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.3.0-rc.1" | kubectl apply -f -; } } snip_setup_2() { @@ -298,5 +298,5 @@ kubectl delete ns istio-system } snip_cleanup_3() { -kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.2.1" | kubectl delete -f - +kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.3.0-rc.1" | kubectl delete -f - } diff --git a/content/zh/docs/reference/commands/pilot-discovery/index.html b/content/zh/docs/reference/commands/pilot-discovery/index.html index f50b38baca..8f160e0d41 100644 --- a/content/zh/docs/reference/commands/pilot-discovery/index.html +++ b/content/zh/docs/reference/commands/pilot-discovery/index.html @@ -268,17 +268,17 @@ If it is not installed already, you can install it via your OS's package man --log_caller <string> -Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] (default ``) +Comma-separated list of scopes for which to include caller information, scopes can be any of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ingress status, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] (default ``) --log_output_level <string> -Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default ``) +Comma-separated minimum per-scope logging level of messages to output, in the form of <scope>:<level>,<scope>:<level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ingress status, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default ``) --log_stacktrace_level <string> -Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) +Comma-separated minimum per-scope logging level at which stack traces are captured, in the form of <scope>:<level>,<scope:level>,... where scope can be one of [ads, adsc, all, analysis, authn, authorization, ca, controllers, default, delta, deltaadsc, file, fullpush, gateway, grpc, grpcgen, ingress status, ip-autoallocate, klog, krt, kube, model, monitor, monitoring, pkica, pkira, probes, processing, retry, rootcertrotator, secretcontroller, security, serverca, serviceentry, spiffe, status, trustBundle, untaint, validation, validationController, validationServer, wasm, wle] and level can be one of [debug, info, warn, error, fatal, none] (default `default:none`) --log_target <stringArray> diff --git a/data/args.yml b/data/args.yml index 22537237a5..26bfe065c3 100644 --- a/data/args.yml +++ b/data/args.yml @@ -25,7 +25,7 @@ archive_date: YYYY-MM-DD archive_search_refinement: "V1.1" # GitHub branch names used when the docs have links to GitHub -source_branch_name: master +source_branch_name: release-1.26 doc_branch_name: master ####### Static values @@ -51,4 +51,4 @@ supported_languages: code: "uk" # Kubernetes Gateway API -k8s_gateway_api_version: "v1.2.1" +k8s_gateway_api_version: "v1.3.0-rc.1" diff --git a/go.mod b/go.mod index 9be33e9069..730aa9cb5d 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.5 require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 golang.org/x/sync v0.12.0 - istio.io/istio v0.0.0-20250322155944-71067915c08e + istio.io/istio v0.0.0-20250418133125-7177584a8a12 k8s.io/apimachinery v0.32.3 k8s.io/client-go v0.32.3 ) @@ -44,8 +44,8 @@ require ( github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.2 // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect - github.com/envoyproxy/go-control-plane/contrib v1.32.5-0.20250308005450-523a3f773484 // indirect - github.com/envoyproxy/go-control-plane/envoy v1.32.5-0.20250308005450-523a3f773484 // indirect + github.com/envoyproxy/go-control-plane/contrib v1.32.5-0.20250411033633-fceb350c06ca // indirect + github.com/envoyproxy/go-control-plane/envoy v1.32.5-0.20250411033633-fceb350c06ca // indirect github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect @@ -101,7 +101,7 @@ require ( github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect - github.com/miekg/dns v1.1.63 // indirect + github.com/miekg/dns v1.1.64 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect @@ -169,19 +169,19 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.36.0 // indirect golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect - golang.org/x/mod v0.22.0 // indirect - golang.org/x/net v0.37.0 // indirect + golang.org/x/mod v0.23.0 // indirect + golang.org/x/net v0.38.0 // indirect golang.org/x/oauth2 v0.28.0 // indirect golang.org/x/sys v0.31.0 // indirect golang.org/x/term v0.30.0 // indirect golang.org/x/text v0.23.0 // indirect golang.org/x/time v0.11.0 // indirect - golang.org/x/tools v0.29.0 // indirect + golang.org/x/tools v0.30.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250311190419-81fb87f6b8bf // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250311190419-81fb87f6b8bf // indirect - google.golang.org/grpc v1.71.0 // indirect - google.golang.org/protobuf v1.36.5 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect + google.golang.org/grpc v1.71.1 // indirect + google.golang.org/protobuf v1.36.6 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect @@ -189,8 +189,8 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect helm.sh/helm/v3 v3.17.3 // indirect - istio.io/api v1.25.0-alpha.0.0.20250317161920-141038b5c1a3 // indirect - istio.io/client-go v1.25.0-alpha.0.0.20250317162716-a00da0a87646 // indirect + istio.io/api v1.26.0-alpha.0.0.20250418093427-399a2989a851 // indirect + istio.io/client-go v1.26.0-alpha.0.0.20250418094024-8e9539052994 // indirect k8s.io/api v0.32.3 // indirect k8s.io/apiextensions-apiserver v0.32.3 // indirect k8s.io/apiserver v0.32.3 // indirect @@ -200,12 +200,12 @@ require ( k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect k8s.io/kubectl v0.32.3 // indirect k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect - sigs.k8s.io/controller-runtime v0.20.3 // indirect - sigs.k8s.io/gateway-api v1.2.1 // indirect + sigs.k8s.io/controller-runtime v0.20.4 // indirect + sigs.k8s.io/gateway-api v1.3.0-rc.1.0.20250404104637-92efbedcc2b4 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/kustomize/api v0.18.0 // indirect sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect sigs.k8s.io/mcs-api v0.1.1-0.20240624222831-d7001fe1d21c // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 7d4649b795..35c112b530 100644 --- a/go.sum +++ b/go.sum @@ -80,12 +80,12 @@ github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRr github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.13.5-0.20250123154839-2a6715911fec h1:JSSbRTQjlgxvbu742IwK/v3mrNWRz2U1GjY66DqogNo= -github.com/envoyproxy/go-control-plane v0.13.5-0.20250123154839-2a6715911fec/go.mod h1:yz4MTDY0h9ObVlfP15ykR737j5tP/z64qu0OzSRoobk= -github.com/envoyproxy/go-control-plane/contrib v1.32.5-0.20250308005450-523a3f773484 h1:dUPqvutE0qe9NxvhpG5Tmew7NKp8nrygt0VxC7bUekE= -github.com/envoyproxy/go-control-plane/contrib v1.32.5-0.20250308005450-523a3f773484/go.mod h1:dnsjEXShSTkYKebBHJng2tMCYQJhJhlP0CDtMpLRQqQ= -github.com/envoyproxy/go-control-plane/envoy v1.32.5-0.20250308005450-523a3f773484 h1:3UmoZMhiFG3Raall3Ywx8QQstrxNlB3DsfbjIFdxd/c= -github.com/envoyproxy/go-control-plane/envoy v1.32.5-0.20250308005450-523a3f773484/go.mod h1:vggMdJSZaAGnQ5sf1pBl1OV7w3IFqt8qo3id+asttJw= +github.com/envoyproxy/go-control-plane v0.13.5-0.20250415164843-6e146b543742 h1:cgrdbhUg/raiR95a8TyfdwIV2oMg8kUe42+8cQsRD80= +github.com/envoyproxy/go-control-plane v0.13.5-0.20250415164843-6e146b543742/go.mod h1:Kf4hNGzgvzKhoKdlSXD+IZtG55h9r2SOpO1kRKLI03o= +github.com/envoyproxy/go-control-plane/contrib v1.32.5-0.20250411033633-fceb350c06ca h1:mwv6byj7anReeKt/N229AppQ5QLxez+Cp8hJfWg7Nwo= +github.com/envoyproxy/go-control-plane/contrib v1.32.5-0.20250411033633-fceb350c06ca/go.mod h1:zD9QKAwQBnb9DWvRrkMa7cOuuMOt+ITrm4ZLoZ0aa30= +github.com/envoyproxy/go-control-plane/envoy v1.32.5-0.20250411033633-fceb350c06ca h1:W3dwBr7nRhgYadWcB1153flIHd9yvaVoJ3CymRIgVT8= +github.com/envoyproxy/go-control-plane/envoy v1.32.5-0.20250411033633-fceb350c06ca/go.mod h1:pY0vLp032ToSdejxKtzWZs/TzoAtdK0+50ELjTkXiYA= github.com/envoyproxy/go-control-plane/ratelimit v0.1.0 h1:/G9QYbddjL25KvtKTv3an9lx6VBE2cnb8wp1vEGNYGI= github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= @@ -239,8 +239,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY= -github.com/miekg/dns v1.1.63/go.mod h1:6NGHfjhpmr5lt3XPLuyfDJi5AXbNIPM9PY6H6sF1Nfs= +github.com/miekg/dns v1.1.64 h1:wuZgD9wwCE6XMT05UU/mlSko71eRSXEAm2EbjQXLKnQ= +github.com/miekg/dns v1.1.64/go.mod h1:Dzw9769uoKVaLuODMDZz9M6ynFU6Em65csPuoi8G0ck= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= @@ -429,8 +429,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= -golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM= +golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -439,8 +439,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c= -golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc= golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= @@ -479,8 +479,8 @@ golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= -golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= +golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY= +golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -492,19 +492,19 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto/googleapis/api v0.0.0-20250311190419-81fb87f6b8bf h1:BdIVRm+fyDUn8lrZLPSlBCfM/YKDwUBYgDoLv9+DYo0= -google.golang.org/genproto/googleapis/api v0.0.0-20250311190419-81fb87f6b8bf/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250311190419-81fb87f6b8bf h1:dHDlF3CWxQkefK9IJx+O8ldY0gLygvrlYRBNbPqDWuY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250311190419-81fb87f6b8bf/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I= +google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 h1:hE3bRWtU6uceqlh4fhrSnUyjKHMKB9KrTLLG+bc0ddM= +google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463/go.mod h1:U90ffi8eUL9MwPcrJylN5+Mk2v3vuPDptd5yyNUiRR8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 h1:e0AIkUUhxyBKh6ssZNrAMeqhA7RKUj42346d1y02i2g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg= -google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= -google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= -google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/grpc v1.71.1 h1:ffsFWr7ygTUscGPI0KKK6TLrGz0476KUvvsbqWK0rPI= +google.golang.org/grpc v1.71.1/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= +google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= +google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -531,12 +531,12 @@ helm.sh/helm/v3 v3.17.3 h1:3n5rW3D0ArjFl0p4/oWO8IbY/HKaNNwJtOQFdH2AZHg= helm.sh/helm/v3 v3.17.3/go.mod h1:+uJKMH/UiMzZQOALR3XUf3BLIoczI2RKKD6bMhPh4G8= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -istio.io/api v1.25.0-alpha.0.0.20250317161920-141038b5c1a3 h1:NLKH0emZLybx1W77TQgv9JLVmVgco2bpmBx/rN0H7aM= -istio.io/api v1.25.0-alpha.0.0.20250317161920-141038b5c1a3/go.mod h1:QFzEXv/IT582T0FHZVp1QoolvE4ws0zz/vVO55blmlE= -istio.io/client-go v1.25.0-alpha.0.0.20250317162716-a00da0a87646 h1:5xt1uIxvPW2Tq4a67yufCW2uXw91m1J+Jyp0z2nzPHM= -istio.io/client-go v1.25.0-alpha.0.0.20250317162716-a00da0a87646/go.mod h1:HsUGI0nSO7UAeSUM78TpTvx/YfLse42hIJ5+86R8QLo= -istio.io/istio v0.0.0-20250322155944-71067915c08e h1:Cx2NUPtE9cAx53ggZfT9qd06YcueSdRyrRbGHYiE6tA= -istio.io/istio v0.0.0-20250322155944-71067915c08e/go.mod h1:6s/6wX19ZM0ltExIxTCkUVc3vaecY2nEZZqrS2ULrHU= +istio.io/api v1.26.0-alpha.0.0.20250418093427-399a2989a851 h1:dkPyjj4KgzhWeIpiaBZKYAweYNknSkm5GPd4kEd26Sk= +istio.io/api v1.26.0-alpha.0.0.20250418093427-399a2989a851/go.mod h1:DTVGH6CLXj5W8FF9JUD3Tis78iRgT1WeuAnxfTz21Wg= +istio.io/client-go v1.26.0-alpha.0.0.20250418094024-8e9539052994 h1:oq79orVNuTrci1u15Gxi2wMRE/YOeWOPj8Zmi5uT9LU= +istio.io/client-go v1.26.0-alpha.0.0.20250418094024-8e9539052994/go.mod h1:1nRkn8XmI8AZVKElaLsC79jrVqS+PPIu1EczNvmGst8= +istio.io/istio v0.0.0-20250418133125-7177584a8a12 h1:0PgSD72Rh6qr9CJyBQe5ZGo7fMGusC9AuAUM13lIkjw= +istio.io/istio v0.0.0-20250418133125-7177584a8a12/go.mod h1:/XkOXJQYhuNBNG1F9MjVwtdIKPUW/eluopLuY8MhVH0= k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls= k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k= k8s.io/apiextensions-apiserver v0.32.3 h1:4D8vy+9GWerlErCwVIbcQjsWunF9SUGNu7O7hiQTyPY= @@ -561,10 +561,10 @@ k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJ k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.1 h1:uOuSLOMBWkJH0TWa9X6l+mj5nZdm6Ay6Bli8HL8rNfk= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.1/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/controller-runtime v0.20.3 h1:I6Ln8JfQjHH7JbtCD2HCYHoIzajoRxPNuvhvcDbZgkI= -sigs.k8s.io/controller-runtime v0.20.3/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= -sigs.k8s.io/gateway-api v1.2.1 h1:fZZ/+RyRb+Y5tGkwxFKuYuSRQHu9dZtbjenblleOLHM= -sigs.k8s.io/gateway-api v1.2.1/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0= +sigs.k8s.io/controller-runtime v0.20.4 h1:X3c+Odnxz+iPTRobG4tp092+CvBU9UK0t/bRf+n0DGU= +sigs.k8s.io/controller-runtime v0.20.4/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= +sigs.k8s.io/gateway-api v1.3.0-rc.1.0.20250404104637-92efbedcc2b4 h1:B5WxrbbwAJQpC5UatORrm0MArdaQgj2NhAlMRQwAqho= +sigs.k8s.io/gateway-api v1.3.0-rc.1.0.20250404104637-92efbedcc2b4/go.mod h1:uM5idPTEQZVyd0bRSu00mbtF4VEgraPyU1OFNbY6lqk= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo= @@ -573,7 +573,9 @@ sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo= sigs.k8s.io/mcs-api v0.1.1-0.20240624222831-d7001fe1d21c h1:F7hIEutAxtXDOQX9NXFdvhWmWETu2zmUPHuPPcAez7g= sigs.k8s.io/mcs-api v0.1.1-0.20240624222831-d7001fe1d21c/go.mod h1:DPFniRsBzCeLB4ANjlPEvQQt9QGIX489d1faK+GPvI4= -sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk= -sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016 h1:kXv6kKdoEtedwuqMmkqhbkgvYKeycVbC8+iPCP9j5kQ= +sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/scripts/get_gateway_api_version.sh b/scripts/get_gateway_api_version.sh index 2149cd8b39..c96932e579 100755 --- a/scripts/get_gateway_api_version.sh +++ b/scripts/get_gateway_api_version.sh @@ -17,16 +17,16 @@ set -e GATEWAY_VERSION=$(grep gateway-api go.mod | awk '{ print $2 }') -# echo "GATEWAY_VERSION=${GATEWAY_VERSION}" +#echo "GATEWAY_VERSION=${GATEWAY_VERSION}" if [[ $GATEWAY_VERSION == *"-"* ]]; then - # echo "Found -, GATEWAY_VERSION=${GATEWAY_VERSION}" - if ! [[ $GATEWAY_VERSION =~ -rc[0-9] ]]; then - # echo "Not -rcN, unpublished GATEWAY_VERSION=${GATEWAY_VERSION}" + #echo "Found -, GATEWAY_VERSION=${GATEWAY_VERSION}" + if ! [[ $GATEWAY_VERSION =~ -rc ]]; then + #echo "Not -rcN, unpublished GATEWAY_VERSION=${GATEWAY_VERSION}" SHORT_SHA=$(echo "$GATEWAY_VERSION" | awk -F '-' '{ print $NF }') GATEWAY_VERSION=$(curl -s -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/kubernetes-sigs/gateway-api/commits/"${SHORT_SHA}" | jq -r .sha) else - GATEWAY_VERSION=$(echo "$GATEWAY_VERSION" | awk '{ match($0, /-rc[0-9]+/); print substr($0, 1, RSTART+RLENGTH-1) }') - # echo "Published -rcN, GATEWAY_VERSION=${GATEWAY_VERSION}" + GATEWAY_VERSION=$(echo "$GATEWAY_VERSION" | awk '{ match($0, /-rc[.]?[0-9]+/); print substr($0, 1, RSTART+RLENGTH-1) }') + #echo "Published -rcN, GATEWAY_VERSION=${GATEWAY_VERSION}" fi fi diff --git a/tests/setup/dualstack/doc_test.go b/tests/setup/dualstack/doc_test.go index d44c95a214..d1f45ea897 100755 --- a/tests/setup/dualstack/doc_test.go +++ b/tests/setup/dualstack/doc_test.go @@ -36,7 +36,7 @@ func TestDocs(t *testing.T) { Run(istioio.NewTestDocsFunc("dualstack")) } -func setupConfig(ctx resource.Context, cfg *istio.Config) { +func setupConfig(_ resource.Context, cfg *istio.Config) { cfg.ControlPlaneValues = ` meshConfig: defaultConfig: diff --git a/tests/setup/profile-ambient/doc_test.go b/tests/setup/profile-ambient/doc_test.go index c55ea0ac60..cda27f329e 100644 --- a/tests/setup/profile-ambient/doc_test.go +++ b/tests/setup/profile-ambient/doc_test.go @@ -36,7 +36,7 @@ func TestDocs(t *testing.T) { Run(istioio.NewTestDocsFunc("profile=ambient")) } -func setupConfig(ctx resource.Context, cfg *istio.Config) { +func setupConfig(_ resource.Context, cfg *istio.Config) { cfg.ControlPlaneValues = ` profile: ambient values: diff --git a/tests/setup/profile-default/doc_test.go b/tests/setup/profile-default/doc_test.go index 8d74734b03..4a2cd8915b 100644 --- a/tests/setup/profile-default/doc_test.go +++ b/tests/setup/profile-default/doc_test.go @@ -36,7 +36,7 @@ func TestDocs(t *testing.T) { Run(istioio.NewTestDocsFunc("profile=default")) } -func setupConfig(ctx resource.Context, cfg *istio.Config) { +func setupConfig(_ resource.Context, cfg *istio.Config) { cfg.ControlPlaneValues = ` values: pilot: diff --git a/tests/setup/profile-demo/doc_test.go b/tests/setup/profile-demo/doc_test.go index ec0f8a24ca..60b47fa1ef 100644 --- a/tests/setup/profile-demo/doc_test.go +++ b/tests/setup/profile-demo/doc_test.go @@ -36,7 +36,7 @@ func TestDocs(t *testing.T) { Run(istioio.NewTestDocsFunc("profile=demo")) } -func setupConfig(ctx resource.Context, cfg *istio.Config) { +func setupConfig(_ resource.Context, cfg *istio.Config) { cfg.ControlPlaneValues = ` profile: demo values: diff --git a/tests/setup/profile-minimal/doc_test.go b/tests/setup/profile-minimal/doc_test.go index 29631650dd..5221bbb6ea 100644 --- a/tests/setup/profile-minimal/doc_test.go +++ b/tests/setup/profile-minimal/doc_test.go @@ -36,7 +36,7 @@ func TestDocs(t *testing.T) { Run(istioio.NewTestDocsFunc("profile=minimal")) } -func setupConfig(ctx resource.Context, cfg *istio.Config) { +func setupConfig(_ resource.Context, cfg *istio.Config) { // FIXME: test framework does not honor profile=minimal config at present, // hence we have to explicitly disable the gateways. cfg.ControlPlaneValues = ` diff --git a/tests/util/helpers.sh b/tests/util/helpers.sh index 816632bb4a..46d91949c5 100644 --- a/tests/util/helpers.sh +++ b/tests/util/helpers.sh @@ -108,15 +108,18 @@ _wait_for_statefulset() { # Wait for Istio config to propagate # usage: _wait_for_istio _wait_for_istio() { - local kind="$1" - local namespace="$2" - local name="$3" + #local kind="$1" + #local namespace="$2" + #local name="$3" local start=$(date +%s) - if ! istioctl experimental wait --for=distribution --timeout=10s "$kind" "$name.$namespace"; then - echo "Failed distribution of $kind $name in namespace $namespace" - istioctl ps - echo "TEST: wait for failed, but continuing." - fi + sleep 1s + # @TODO: Rewrite this to *NOT* use istioctl experimental wait, since it was removed + # https://github.com/istio/istio.io/issues/16429 + #if ! istioctl experimental wait --for=distribution --timeout=10s "$kind" "$name.$namespace"; then + #echo "Failed distribution of $kind $name in namespace $namespace" + #istioctl ps + #echo "TEST: wait for failed, but continuing." + #fi echo "Duration: $(($(date +%s)-start)) seconds" } diff --git a/tools/commonfiles-postprocess.sh b/tools/commonfiles-postprocess.sh new file mode 100644 index 0000000000..3038006bb1 --- /dev/null +++ b/tools/commonfiles-postprocess.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# shellcheck disable=SC2016 +yq ea '. as $item ireduce ({}; . *d $item )' ./common/config/.golangci.yml ./tools/golangci-override.yaml > ./common/config/.golangci.yml.tmp +mv ./common/config/.golangci.yml.tmp ./common/config/.golangci.yml diff --git a/tools/golangci-override.yaml b/tools/golangci-override.yaml new file mode 100644 index 0000000000..cf07e455e3 --- /dev/null +++ b/tools/golangci-override.yaml @@ -0,0 +1,7 @@ +linters: + exclusions: + rules: + - linters: + - depguard + - lll + path: tests/|pkg/test/