istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

create a new release branch for 1.21

This commit is contained in:
Eric Van Norman 2024-03-13 19:28:01 +00:00
parent 0e55459091
commit bff3692375
12 changed files with 243 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.devcontainer/devcontainer.json
View File

@ -1,6 +1,6 @@
{
"name": "istio build-tools",
"image": "gcr.io/istio-testing/build-tools:master-1ee4cbbec23a26932c8795961dcf4e604ef6dc50",
"image": "gcr.io/istio-testing/build-tools:release-1.21-d97f698eab10ae85d63c5c3fcf36110c52e7d30c",
"privileged": true,
"remoteEnv": {
"USE_GKE_GCLOUD_AUTH_PLUGIN": "True",

1
.gitattributes vendored
View File

@ -8,7 +8,6 @@
*.gen.yaml linguist-generated=true
*.gen.json linguist-generated=true
*_pb2.py linguist-generated=true
manifests/charts/**/profile*.yaml linguist-generated=true
go.sum merge=union
vendor/** linguist-vendored
common/** linguist-vendored

4
SUPPORT.md
View File

@ -3,5 +3,5 @@
Here are some resources to help you understand and use Istio:
- For in-depth information about how to use Istio, visit [istio.io](https://istio.io)
- To ask questions and get assistance from our community, visit [GitHub Discussions](https://github.com/istio/istio/discussions)
- To learn how to participate in our overall community, visit [our community page](https://istio.io/latest/get-involved/)
- To ask questions and get assistance from our community, visit [discuss.istio.io](https://discuss.istio.io)
- To learn how to participate in our overall community, visit [our community page](https://istio.io/about/community)

2
common/.commonfiles.sha vendored
View File

@ -1 +1 @@
4c5c935e5705cc608573f35d6ae84f4c2406329a
5fa820545234f3d803f7a0b299e28dc7b1e51274

8
common/Makefile.common.mk vendored
View File

@ -92,7 +92,7 @@ mirror-licenses: mod-download-go
@license-lint --mirror
TMP := $(shell mktemp -d -u)
UPDATE_BRANCH ?= "master"
UPDATE_BRANCH ?= "release-1.21"
BUILD_TOOLS_ORG ?= "istio"
@ -101,16 +101,10 @@ update-common:
@git clone -q --depth 1 --single-branch --branch $(UPDATE_BRANCH) https://github.com/$(BUILD_TOOLS_ORG)/common-files $(TMP)/common-files
@cd $(TMP)/common-files ; git rev-parse HEAD >files/common/.commonfiles.sha
@rm -fr common
# istio/community has its own CONTRIBUTING.md file.
@CONTRIB_OVERRIDE=$(shell grep -l "istio/community/blob/master/CONTRIBUTING.md" CONTRIBUTING.md)
@if [ "$(CONTRIB_OVERRIDE)" != "CONTRIBUTING.md" ]; then\
rm $(TMP)/common-files/files/CONTRIBUTING.md;\
fi
# istio/istio.io uses the Creative Commons Attribution 4.0 license. Don't update LICENSE with the common Apache license.
@LICENSE_OVERRIDE=$(shell grep -l "Creative Commons Attribution 4.0 International Public License" LICENSE)
@if [ "$(LICENSE_OVERRIDE)" != "LICENSE" ]; then\
rm $(TMP)/common-files/files/LICENSE;\
fi
@cp -a $(TMP)/common-files/files/* $(TMP)/common-files/files/.devcontainer $(TMP)/common-files/files/.gitattributes $(shell pwd)
@rm -fr $(TMP)/common-files
@$(or $(COMMONFILES_POSTPROCESS), true)

2
common/config/.golangci-format.yml vendored
View File

@ -7,7 +7,7 @@
service:
# When updating this, also update the version stored in docker/build-tools/Dockerfile in the istio/tools repo.
golangci-lint-version: 1.56.x # use the fixed version to not introduce new linters unexpectedly
golangci-lint-version: 1.55.x # use the fixed version to not introduce new linters unexpectedly
run:
# timeout for analysis, e.g. 30s, 5m, default is 1m
deadline: 20m

2
common/config/.golangci.yml vendored
View File

@ -7,7 +7,7 @@
service:
# When updating this, also update the version stored in docker/build-tools/Dockerfile in the istio/tools repo.
golangci-lint-version: 1.56.x # use the fixed version to not introduce new linters unexpectedly
golangci-lint-version: 1.55.x # use the fixed version to not introduce new linters unexpectedly
run:
# timeout for analysis, e.g. 30s, 5m, default is 1m
deadline: 20m

1
common/config/.hadolint.yml vendored
View File

@ -13,4 +13,3 @@ trustedRegistries:
- gcr.io
- docker.io
- quay.io
- "*.pkg.dev"

42
common/scripts/kind_provisioner.sh vendored
View File

@ -182,41 +182,14 @@ EOF
fi
fi
KIND_WAIT_FLAG="--wait=180s"
KIND_DISABLE_CNI="false"
if [[ -n "${KUBERNETES_CNI:-}" ]]; then
unset KIND_WAIT_FLAG
KIND_DISABLE_CNI="true"
fi
# Create KinD cluster
if ! (yq eval "${CONFIG}" --expression ".networking.disableDefaultCNI = ${KIND_DISABLE_CNI}" | \
kind create cluster --name="${NAME}" -v4 --retain --image "${IMAGE}" ${KIND_WAIT_FLAG:+"$KIND_WAIT_FLAG"} --config -); then
if ! (kind create cluster --name="${NAME}" --config "${CONFIG}" -v4 --retain --image "${IMAGE}" --wait=180s); then
echo "Could not setup KinD environment. Something wrong with KinD setup. Exporting logs."
return 9
fi
# Workaround kind issue causing taints to not be removed in 1.24
kubectl taint nodes "${NAME}"-control-plane node-role.kubernetes.io/control-plane- || true
# Determine what CNI to install
case "${KUBERNETES_CNI:-}" in
"calico")
echo "Installing Calico CNI"
install_calico "" "$(dirname "$CONFIG")"
;;
"")
# perfectly fine, we accepted the default KinD CNI
;;
*)
# we don't know what to do but we've got no CNI, return non-zero
echo "${KUBERNETES_CNI} is not recognized. Supported options are \"calico\" or do not set the variable to use default."
return 1
;;
esac
# If metrics server configuration directory is specified then deploy in
# the cluster just created
if [[ -n ${METRICS_SERVER_CONFIG_DIR:-} ]]; then
@ -389,21 +362,10 @@ function connect_kind_clusters() {
fi
}
function install_calico {
local KUBECONFIG="${1}"
local CONFIG_DIR="${2}"
echo "Setting up ambient cluster, Calico CNI will be used."
kubectl --kubeconfig="$KUBECONFIG" apply -f "${CONFIG_DIR}"/calico.yaml
kubectl --kubeconfig="$KUBECONFIG" wait --for condition=ready -n kube-system pod -l k8s-app=calico-node --timeout 90s
kubectl --kubeconfig="$KUBECONFIG" wait --for condition=ready -n kube-system pod -l k8s-app=calico-kube-controllers --timeout 90s
}
function install_metallb() {
KUBECONFIG="${1}"
kubectl --kubeconfig="$KUBECONFIG" apply -f "${COMMON_SCRIPTS}/metallb-native.yaml"
kubectl --kubeconfig="$KUBECONFIG" wait -n metallb-system pod --timeout=120s -l app=metallb --for=condition=Ready
kubectl --kubeconfig="$KUBECONFIG" wait -n metallb-system pod -l app=metallb --for=condition=Ready
if [ -z "${METALLB_IPS4+x}" ]; then
# Take IPs from the end of the docker kind network subnet to use for MetalLB IPs

254
common/scripts/metallb-native.yaml vendored
View File

@ -1,6 +1,5 @@
# Downloaded from https://github.com/metallb/metallb/raw/v0.13.12/config/manifests/metallb-native.yaml
# With quay.io hub replaced with gcr.io/istio-testing
# And probes tuned to startup faster
apiVersion: v1
kind: Namespace
metadata:
@ -12,6 +11,213 @@ metadata:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: addresspools.metallb.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
service:
name: webhook-service
namespace: metallb-system
path: /convert
conversionReviewVersions:
- v1alpha1
- v1beta1
group: metallb.io
names:
kind: AddressPool
listKind: AddressPoolList
plural: addresspools
singular: addresspool
scope: Namespaced
versions:
- deprecated: true
deprecationWarning: metallb.io v1alpha1 AddressPool is deprecated
name: v1alpha1
schema:
openAPIV3Schema:
description: AddressPool is the Schema for the addresspools API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AddressPoolSpec defines the desired state of AddressPool.
properties:
addresses:
description: A list of IP address ranges over which MetalLB has authority.
You can list multiple ranges in a single pool, they will all share
the same settings. Each range can be either a CIDR prefix, or an
explicit start-end range of IPs.
items:
type: string
type: array
autoAssign:
default: true
description: AutoAssign flag used to prevent MetallB from automatic
allocation for a pool.
type: boolean
bgpAdvertisements:
description: When an IP is allocated from this pool, how should it
be translated into BGP announcements?
items:
properties:
aggregationLength:
default: 32
description: The aggregation-length advertisement option lets
you “roll up” the /32s into a larger prefix.
format: int32
minimum: 1
type: integer
aggregationLengthV6:
default: 128
description: Optional, defaults to 128 (i.e. no aggregation)
if not specified.
format: int32
type: integer
communities:
description: BGP communities
items:
type: string
type: array
localPref:
description: BGP LOCAL_PREF attribute which is used by BGP best
path algorithm, Path with higher localpref is preferred over
one with lower localpref.
format: int32
type: integer
type: object
type: array
protocol:
description: Protocol can be used to select how the announcement is
done.
enum:
- layer2
- bgp
type: string
required:
- addresses
- protocol
type: object
status:
description: AddressPoolStatus defines the observed state of AddressPool.
type: object
required:
- spec
type: object
served: true
storage: false
subresources:
status: {}
- deprecated: true
deprecationWarning: metallb.io v1beta1 AddressPool is deprecated, consider using
IPAddressPool
name: v1beta1
schema:
openAPIV3Schema:
description: AddressPool represents a pool of IP addresses that can be allocated
to LoadBalancer services. AddressPool is deprecated and being replaced by
IPAddressPool.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AddressPoolSpec defines the desired state of AddressPool.
properties:
addresses:
description: A list of IP address ranges over which MetalLB has authority.
You can list multiple ranges in a single pool, they will all share
the same settings. Each range can be either a CIDR prefix, or an
explicit start-end range of IPs.
items:
type: string
type: array
autoAssign:
default: true
description: AutoAssign flag used to prevent MetallB from automatic
allocation for a pool.
type: boolean
bgpAdvertisements:
description: Drives how an IP allocated from this pool should translated
into BGP announcements.
items:
properties:
aggregationLength:
default: 32
description: The aggregation-length advertisement option lets
you “roll up” the /32s into a larger prefix.
format: int32
minimum: 1
type: integer
aggregationLengthV6:
default: 128
description: Optional, defaults to 128 (i.e. no aggregation)
if not specified.
format: int32
type: integer
communities:
description: BGP communities to be associated with the given
advertisement.
items:
type: string
type: array
localPref:
description: BGP LOCAL_PREF attribute which is used by BGP best
path algorithm, Path with higher localpref is preferred over
one with lower localpref.
format: int32
type: integer
type: object
type: array
protocol:
description: Protocol can be used to select how the announcement is
done.
enum:
- layer2
- bgp
type: string
required:
- addresses
- protocol
type: object
status:
description: AddressPoolStatus defines the observed state of AddressPool.
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
@ -1527,13 +1733,12 @@ spec:
- args:
- --port=7472
- --log-level=info
- --tls-min-version=VersionTLS12
env:
- name: METALLB_ML_SECRET_NAME
value: memberlist
- name: METALLB_DEPLOYMENT
value: controller
image: gcr.io/istio-testing/metallb/controller:v0.14.3
image: gcr.io/istio-testing/metallb/controller:v0.13.12
livenessProbe:
failureThreshold: 3
httpGet:
@ -1555,18 +1760,10 @@ spec:
httpGet:
path: /metrics
port: monitoring
initialDelaySeconds: 0
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
startupProbe:
httpGet:
path: /metrics
port: monitoring
initialDelaySeconds: 1
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1634,7 +1831,7 @@ spec:
value: app=metallb,component=speaker
- name: METALLB_ML_SECRET_KEY_PATH
value: /etc/ml_secret_key
image: gcr.io/istio-testing/metallb/speaker:v0.14.3
image: gcr.io/istio-testing/metallb/speaker:v0.13.12
livenessProbe:
failureThreshold: 3
httpGet:
@ -1658,19 +1855,10 @@ spec:
httpGet:
path: /metrics
port: monitoring
initialDelaySeconds: 0
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
startupProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: monitoring
initialDelaySeconds: 1
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1734,6 +1922,26 @@ webhooks:
resources:
- bgppeers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: metallb-system
path: /validate-metallb-io-v1beta1-addresspool
failurePolicy: Fail
name: addresspoolvalidationwebhook.metallb.io
rules:
- apiGroups:
- metallb.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- addresspools
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:

2
common/scripts/setup_env.sh vendored
View File

@ -75,7 +75,7 @@ fi
TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io}
PROJECT_ID=${PROJECT_ID:-istio-testing}
if [[ "${IMAGE_VERSION:-}" == "" ]]; then
IMAGE_VERSION=master-1ee4cbbec23a26932c8795961dcf4e604ef6dc50
IMAGE_VERSION=release-1.21-d97f698eab10ae85d63c5c3fcf36110c52e7d30c
fi
if [[ "${IMAGE_NAME:-}" == "" ]]; then
IMAGE_NAME=build-tools

4
data/args.yml
View File

@ -16,7 +16,7 @@ copyright_year: 2024
# When preliminary=true, we're building for preliminary.istio.io
# when archive=true, we're building for archive.istio.io
# when archive_landing=true, we're building the landing page for archive.istio.io
preliminary: true
preliminary: false
archive: false
archive_landing: false
@ -26,7 +26,7 @@ archive_search_refinement: "V1.1"
# GitHub branch names used when the docs have links to GitHub
source_branch_name: release-1.21
doc_branch_name: master
doc_branch_name: release-1.21
####### Static values