├── VERSION ├── cni ├── pkg │ ├── install │ │ └── testdata │ │ │ ├── token-bar │ │ │ ├── token-foo │ │ │ ├── invalid-arr.conflist │ │ │ └── invalid-map.conflist │ ├── nodeagent │ │ └── testdata │ │ │ └── cgroupns │ │ │ └── 1 │ │ │ └── ns │ │ │ └── net │ └── iptables │ │ └── testdata │ │ └── hostprobe.golden └── test │ └── testdata │ ├── bindir │ ├── istio-cni │ └── istio-iptables │ ├── k8s_svcacct │ └── namespace │ └── pre │ └── non_json.conf ├── pkg ├── istio-agent │ └── testdata │ │ └── token ├── ctrlz │ └── assets │ │ └── static │ │ ├── js │ │ └── misc.js │ │ └── favicons │ │ ├── favicon.ico │ │ ├── pwa-192x192.png │ │ ├── pwa-512x512.png │ │ ├── tile150x150.png │ │ ├── tile310x150.png │ │ ├── tile310x310.png │ │ ├── tile70x70.png │ │ ├── android-36x36.png │ │ ├── android-48x48.png │ │ ├── android-72x72.png │ │ ├── favicon-16x16.png │ │ ├── favicon-32x32.png │ │ ├── android-144x144.png │ │ ├── android-192x192.png │ │ ├── android-96x196.png │ │ └── apple-touch-icon-180x180.png ├── envoy │ └── testdata │ │ ├── bootstrap.json │ │ └── bootstrap.yaml ├── test │ ├── fakes │ │ ├── imageregistry │ │ │ ├── .gitignore │ │ │ └── Dockerfile │ │ └── gce_metadata_server │ │ │ └── Dockerfile │ ├── framework │ │ ├── components │ │ │ └── echo │ │ │ │ ├── cmd │ │ │ │ └── echogen │ │ │ │ │ └── testdata │ │ │ │ │ └── config.yaml │ │ │ │ └── kube │ │ │ │ └── testdata │ │ │ │ └── secret.yaml │ │ ├── README.md │ │ └── analyzer-allowlist.yaml │ ├── echo │ │ └── docker │ │ │ └── sudoers │ └── datasets │ │ └── validation │ │ └── dataset │ │ ├── networking-v1-WorkloadEntry.yaml │ │ ├── networking-v1beta1-ProxyConfig.yaml │ │ ├── networking-v1beta1-WorkloadEntry.yaml │ │ ├── telemetry-v1-Telemetry.yaml │ │ ├── networking-v1-Sidecar.yaml │ │ ├── networking-v1alpha3-WorkloadEntry.yaml │ │ ├── telemetry-v1alpha1-Telemetry.yaml │ │ ├── networking-v1alpha3-Sidecar.yaml │ │ ├── networking-v1beta1-Sidecar.yaml │ │ └── networking-v1alpha3-EnvoyFilter.yaml ├── config │ └── analysis │ │ └── analyzers │ │ └── testdata │ │ ├── mesh-with-automtls.yaml │ │ ├── common │ │ └── meshconfig.yaml │ │ ├── peerauthentication-crd.yaml │ │ ├── serviceentry-missing-addresses-protocol-mesh-cfg.yaml │ │ ├── telemetry-lightstep-meshconfig.yaml │ │ └── gateway-no-workload.yaml └── kube │ └── inject │ └── testdata │ └── inputs │ └── default.mesh.gen.yaml ├── tools ├── .gitignore └── proto │ └── buf.golang.yaml ├── bin └── .spelling_failures ├── security ├── pkg │ ├── pki │ │ ├── testdata │ │ │ └── key-verify-fail.pem │ │ └── ca │ │ │ └── root-certs-for-testing.pem │ └── nodeagent │ │ ├── cache │ │ └── testdata │ │ │ └── file-to-watch.txt │ │ └── caclient │ │ └── providers │ │ └── citadel │ │ └── testdata │ │ └── token ├── tools │ ├── jwt │ │ ├── requirements.txt │ │ └── samples │ │ │ └── requirements.txt │ └── deb │ │ └── description └── README.md ├── tests ├── fuzz │ └── testdata │ │ ├── FuzzJwtUtil │ │ └── 5085913745588224 │ │ ├── FuzzAggregateController │ │ └── 5196264820572160 │ │ ├── FuzzTranslateFromValueToSpec │ │ └── 5041840540745728 │ │ ├── FuzzFindRootCertFromCertificateChainBytes │ │ └── 6118602084843520 │ │ ├── FuzzBNMUnmarshalJSON │ │ └── 4811475191988224 │ │ ├── FuzzHelmReconciler │ │ └── 5691906075000832 │ │ ├── FuzzResolveK8sConflict │ │ └── 5719923521880064 │ │ ├── FuzzAnalyzer │ │ ├── 6087702507290624 │ │ └── 6169070276837376 │ │ ├── FuzzCRDRoundtrip │ │ ├── 4664081669292032 │ │ └── 6428395234263040 │ │ ├── FuzzConfigValidation2 │ │ ├── 4534596883578880 │ │ └── seed1 │ │ └── FuzzValidateClusters │ │ ├── 5567080949219328 │ │ └── 6380814220263424 ├── integration │ ├── pilot │ │ └── testdata │ │ │ ├── invalid.md │ │ │ ├── invalid.yaml │ │ │ ├── upgrade │ │ │ └── 1.11.0-beta.1-cni-install.yaml.tar │ │ │ ├── some-dir │ │ │ └── nested-dir │ │ │ │ └── bad-annotation-service.yaml │ │ │ └── destinationrule.yaml │ ├── security │ │ ├── fuzz │ │ │ └── overview.jpg │ │ └── testdata │ │ │ └── reachability │ │ │ └── global-peer-authn.yaml.tmpl │ └── telemetry │ │ └── api │ │ └── testdata │ │ └── registry-secret.yaml ├── testdata │ └── config │ │ └── authn.yaml └── util │ └── kubeconfig ├── istioctl └── pkg │ ├── workload │ └── testdata │ │ ├── vmconfig │ │ ├── ipv4 │ │ │ ├── istio-token.golden │ │ │ ├── root-cert.pem.golden │ │ │ └── hosts.golden │ │ └── ipv6 │ │ │ ├── istio-token.golden │ │ │ ├── root-cert.pem.golden │ │ │ └── hosts.golden │ │ └── vmconfig-nil-proxy-metadata │ │ ├── hosts.golden │ │ ├── istio-token.golden │ │ └── root-cert.pem.golden │ ├── waypoint │ └── testdata │ │ └── waypoint │ │ ├── no-gateway │ │ ├── default-gateway │ │ └── all-gateway │ ├── kubeinject │ └── testdata │ │ └── inject-values.yaml │ └── writer │ └── envoy │ └── configdump │ └── testdata │ └── versionsummary.txt ├── licenses ├── github.com │ ├── go-errors │ │ └── errors │ │ │ └── NONE │ └── xeipuuv │ │ ├── gojsonpointer │ │ └── NONE │ │ ├── gojsonschema │ │ └── NONE │ │ └── gojsonreference │ │ └── NONE └── helm.sh │ └── helm │ └── v3 │ └── pkg │ ├── chart │ └── loader │ │ └── testdata │ │ ├── LICENSE │ │ ├── frobnitz │ │ └── LICENSE │ │ ├── frobnitz.v1 │ │ └── LICENSE │ │ ├── frobnitz.v2.reqs │ │ └── LICENSE │ │ ├── frobnitz_backslash │ │ └── LICENSE │ │ ├── frobnitz_with_bom │ │ └── LICENSE │ │ └── frobnitz_with_dev_null │ │ └── LICENSE │ └── chartutil │ └── testdata │ ├── frobnitz │ └── LICENSE │ ├── dependent-chart-alias │ └── LICENSE │ ├── dependent-chart-no-requirements-yaml │ └── LICENSE │ ├── dependent-chart-with-all-in-requirements-yaml │ └── LICENSE │ └── dependent-chart-with-mixed-requirements-yaml │ └── LICENSE ├── pilot └── pkg │ ├── config │ └── kube │ │ └── gateway │ │ └── testdata │ │ ├── mismatch.yaml.golden │ │ ├── waypoint.yaml.golden │ │ └── eastwest-remote.yaml.golden │ ├── serviceregistry │ └── kube │ │ └── controller │ │ └── ambient │ │ └── testdata │ │ ├── peer-authn-disable.yaml │ │ ├── peer-authn-strict.yaml │ │ ├── peer-authn-permissive.yaml │ │ ├── peer-authn-strict-workload.yaml │ │ ├── peer-authn-strict-and-strict-port-mtls.yaml │ │ ├── peer-authn-strict-in.yaml │ │ ├── peer-authn-disable-in.yaml │ │ └── peer-authn-permissive-in.yaml │ └── security │ └── authz │ └── builder │ └── testdata │ └── http │ └── audit-full-rule-in.yaml ├── samples ├── bookinfo │ ├── src │ │ ├── reviews │ │ │ ├── reviews-wlpcfg │ │ │ │ └── shared │ │ │ │ │ └── .gitkeep │ │ │ ├── .gitignore │ │ │ ├── settings.gradle │ │ │ └── build.gradle │ │ ├── mongodb │ │ │ └── ratings_data.json │ │ ├── productpage │ │ │ ├── test-requirements.txt │ │ │ └── static │ │ │ │ └── bootstrap │ │ │ │ └── fonts │ │ │ │ ├── glyphicons-halflings-regular.eot │ │ │ │ ├── glyphicons-halflings-regular.ttf │ │ │ │ ├── glyphicons-halflings-regular.woff │ │ │ │ └── glyphicons-halflings-regular.woff2 │ │ └── details │ │ │ └── Gemfile │ └── platform │ │ └── kube │ │ └── README.md ├── wasm_modules │ ├── header_injector │ │ ├── .gitignore │ │ └── Dockerfile │ └── README.md ├── ambient-argo │ ├── application │ │ └── namespace.yaml │ └── documentation │ │ └── Ambient Upgrade - Strategies.png ├── README.md ├── helloworld │ └── src │ │ └── requirements.txt └── open-telemetry │ ├── loki │ └── telemetry.yaml │ └── tracing │ └── telemetry.yaml ├── common └── .commonfiles.sha ├── operator ├── cmd │ └── mesh │ │ └── testdata │ │ ├── manifest-generate │ │ ├── output │ │ │ ├── all_off.golden.yaml │ │ │ ├── gateways.golden.yaml │ │ │ └── flag_force.golden.yaml │ │ ├── input │ │ │ ├── bare_spec.yaml │ │ │ ├── all_off.yaml │ │ │ ├── empty.yaml │ │ │ ├── default.yaml │ │ │ ├── minimal.yaml │ │ │ ├── minimal-revisioned.yaml │ │ │ ├── bare_values.yaml │ │ │ ├── flag_output.yaml │ │ │ ├── helm_values_enablement.yaml │ │ │ └── multiple_iops.yaml │ │ ├── data-snapshot.tar.gz │ │ └── input-extra-resources │ │ │ └── gateways.yaml │ │ └── profile-dump │ │ ├── output │ │ ├── list_path.txt │ │ └── list_path.yaml │ │ └── input │ │ ├── all_off.yaml │ │ └── config_path.yaml ├── pkg │ ├── object │ │ └── testdata │ │ │ ├── empty.yaml │ │ │ ├── invalid.yaml │ │ │ ├── well-formed-with-space.out.yaml │ │ │ └── well-formed-with-space.yaml │ ├── helm │ │ └── testdata │ │ │ ├── istio-1.3.0-linux.tar.gz │ │ │ ├── addons │ │ │ ├── a │ │ │ │ └── Chart.yaml │ │ │ └── invalid │ │ │ │ ├── a │ │ │ │ └── Chart.yaml │ │ │ │ └── b │ │ │ │ └── Chart.yaml │ │ │ └── render │ │ │ ├── Chart.yaml │ │ │ └── templates │ │ │ └── fs_template.yaml │ └── helmreconciler │ │ └── testdata │ │ └── configmap.yaml └── samples │ ├── cni-on.yaml │ ├── values-pilot.yaml │ ├── default-install.yaml │ └── values-global.yaml ├── manifests ├── charts │ ├── base │ │ └── templates │ │ │ ├── crds.yaml │ │ │ └── NOTES.txt │ ├── istio-operator │ │ └── templates │ │ │ └── crds.yaml │ └── ztunnel │ │ └── templates │ │ └── NOTES.txt ├── profiles │ ├── stable.yaml │ ├── demo.yaml │ └── openshift.yaml └── helm-profiles │ ├── stable.yaml │ └── warning-edit.txt ├── releasenotes └── notes │ ├── 45331.yaml │ ├── 34982.yaml │ ├── 36817.yaml │ ├── 38273.yaml │ ├── 42576.yaml │ ├── 38192.yaml │ ├── 48031.yaml │ ├── grpc-probe.yaml │ ├── 31853.yaml │ ├── 36533.yaml │ ├── 38021.yaml │ ├── 45275.yaml │ ├── 48557.yaml │ ├── 48593.yaml │ ├── 48786.yaml │ ├── 35483.yaml │ ├── 35712.yaml │ ├── 39146.yaml │ ├── 39525.yaml │ ├── 44931.yaml │ ├── 45894.yaml │ ├── 49435.yaml │ ├── kiali-update.yaml │ ├── psfile.yaml │ ├── webhook-analyzer.yaml │ ├── 36290.yaml │ ├── 36570.yaml │ ├── 41483.yaml │ ├── 43709.yaml │ ├── 46514.yaml │ ├── 47063.yaml │ ├── drop-tcp-probe.yaml │ ├── jwt-route.yaml │ ├── kiali-update-v1.59.1.yaml │ ├── kiali-update-v1.60.yaml │ ├── kiali-update-v1.63.yaml │ ├── kiali-update-v1.67.yaml │ ├── kiali-update-v1.72.yaml │ ├── kiali-update-v1.76.yaml │ ├── kiali-update-v1.79.yaml │ ├── wasmplugin.yaml │ ├── 27726.yaml │ ├── 43876.yaml │ ├── 48526.yaml │ ├── drop-taint.yaml │ ├── ecc-p384.yaml │ ├── kiali-update-v1.34.yaml │ ├── kiali-update-v1.55.yaml │ ├── uninject-not-work.yaml │ ├── update-jaeger-v1.22.yaml │ ├── update-pdb-version.yaml │ ├── updateMinK8sto1.13.yaml │ ├── xds-authz.yaml │ ├── 34065.yaml │ ├── 37581.yaml │ ├── 37903.yaml │ ├── 41911.yaml │ ├── 43710.yaml │ ├── 48021.yaml │ ├── add-istiod-uptime-metric.yaml │ ├── ambient-service-entry.yaml │ ├── json-log-sort.yaml │ ├── jwt-from-cookies.yaml │ ├── kiali-update-v1.55.1.yaml │ ├── validate-appprotocol.yaml │ ├── 32513.yaml │ ├── 34811.yaml │ ├── 35648.yaml │ ├── 40093.yaml │ ├── 41996.yaml │ ├── 42104.yaml │ ├── 42414.yaml │ ├── 43173.yaml │ ├── 46339.yaml │ ├── 48019.yaml │ ├── 48595.yaml │ ├── 49443.yaml │ ├── drop-legacy-ingress-flag.yaml │ ├── drop-legacy-istio-trace-tags.yaml │ ├── drop-legacy-lb-flag.yaml │ ├── drop-legacy-partial-full-push.yaml │ ├── drop-legacy-spiffe-bundle-endpoints.yaml │ ├── drop-reload-plugin-certs.yaml │ ├── remove-operator-httpfetch.yaml │ ├── sidecar-vs-delegate.yaml │ ├── 26851.yaml │ ├── 29034.yaml │ ├── 30683.yaml │ ├── 31186.yaml │ ├── 32201.yaml │ ├── 36044.yaml │ ├── 36809.yaml │ ├── 40142.yaml │ ├── 40778.yaml │ ├── 41330.yaml │ ├── 41785.yaml │ ├── 42203.yaml │ ├── 42377.yaml │ ├── 43318.yaml │ ├── 43434.yaml │ ├── 46277.yaml │ ├── 46592.yaml │ ├── 47099.yaml │ ├── 48203.yaml │ ├── 48471.yaml │ ├── cni-dns-capture.yaml │ ├── deprecate-operator-httpfetch.yaml │ ├── drop-legacy-auto-mtls-check.yaml │ ├── openshift-ambient-profile.yaml │ ├── wasm-pull-policy.yaml │ ├── 28915.yaml │ ├── 29942.yaml │ ├── 31910.yaml │ ├── 34325.yaml │ ├── 38158.yaml │ ├── 39765.yaml │ ├── 40184.yaml │ ├── 40220.yaml │ ├── 44105.yaml │ ├── 44303.yaml │ ├── 44468.yaml │ ├── 44929.yaml │ ├── 45407.yaml │ ├── 45640.yaml │ ├── 45644.yaml │ ├── 46087.yaml │ ├── 46257.yaml │ ├── 46312.yaml │ ├── 46483.yaml │ ├── 46963.yaml │ ├── 48958.yaml │ ├── 50572.yaml │ ├── drop-headless.yaml │ ├── ecc-csr.yaml │ ├── make-httpbin-work-ocp.yaml │ ├── update-se-instances.yaml │ ├── 27509.yaml │ ├── 29681.yaml │ ├── 29855.yaml │ ├── 30200.yaml │ ├── 32749.yaml │ ├── 34847.yaml │ ├── 36110.yaml │ ├── 36452.yaml │ ├── 40339.yaml │ ├── 40680.yaml │ ├── 40809.yaml │ ├── 42252.yaml │ ├── 42400.yaml │ ├── 43453.yaml │ ├── 44137.yaml │ ├── 44481.yaml │ ├── 45404.yaml │ ├── 45643.yaml │ ├── 47681.yaml │ ├── 48769.yaml │ ├── 49098.yaml │ ├── 50138.yaml │ ├── abort-with-grpc-status-code.yaml │ ├── drop-legacy-autopassthrough.yaml │ ├── drop-reload-sidecar-ignore-port.yaml │ ├── duplicate-subset-names.yaml │ ├── envoyfilter-app-protocals-match.yaml │ ├── fix-istioctl-x-precheck-missing-revision.yaml │ ├── nonroot-gateway.yaml │ ├── pq-memory-leak.yaml │ ├── remove-convert-ingress.yaml │ ├── wasm-extension-dashboard.yaml │ ├── 27300.yaml │ ├── 28753.yaml │ ├── 30067.yaml │ ├── 31946.yaml │ ├── 34633.yaml │ ├── 35014.yaml │ ├── 36655.yaml │ ├── 38750.yaml │ ├── 40851.yaml │ ├── 41644.yaml │ ├── 46161.yaml │ ├── 46540.yaml │ ├── 46584.yaml │ ├── 46651.yaml │ ├── 47081.yaml │ ├── 47342.yaml │ ├── 47705.yaml │ ├── 48762.yaml │ ├── 49139.yaml │ ├── 49675.yaml │ ├── cni-rolling-max-available.yaml │ ├── drop-legacy-credential.yaml │ ├── drop-reload-prioritized-leader-election.yaml │ ├── experimental-telemetry-api-tracing.yaml │ ├── gateway-dual-stack.yaml │ ├── grpc-stats.yaml │ ├── helm-ambient.yaml │ ├── inbound-patch.yaml │ ├── ingress-named-port.yaml │ ├── istioctl-install-errors.yaml │ ├── istioctl-sort-events-by-creation.yaml │ ├── min-k8-ver-for-1.8.yaml │ ├── min-k8-ver-for-1.9.yaml │ ├── proxy-stats-inclusion.yaml │ ├── send-stat.yaml │ ├── 28942.yaml │ ├── 30208.yaml │ ├── 30991.yaml │ ├── 31075.yaml │ ├── 31573.yaml │ ├── 31779.yaml │ ├── 31797.yaml │ ├── 41858.yaml │ ├── 43120.yaml │ ├── 43179.yaml │ ├── 43508.yaml │ ├── 44820.yaml │ ├── 46104.yaml │ ├── 46421.yaml │ ├── 49511.yaml │ ├── 49851.yaml │ ├── check-disabled-status.yaml │ ├── concurrent-map-write.yaml │ ├── dashboard-reporter-dropdown.yaml │ ├── dr-analyzer.yaml │ ├── env-workload-rsa-keysize.yaml │ ├── httpregexrewrite.yaml │ ├── kiali-update-v1.29.yaml │ ├── rpm-builds.yaml │ ├── use-client-protocol.yaml │ ├── validate-unknown.yaml │ ├── wasm-fail-open.yaml │ ├── 13330.yaml │ ├── 28003.yaml │ ├── 28794.yaml │ ├── 33293.yaml │ ├── 33537.yaml │ ├── 33737.yaml │ ├── 35068.yaml │ ├── 35593.yaml │ ├── 36813.yaml │ ├── 36835.yaml │ ├── 37227.yaml │ ├── 37737.yaml │ ├── 38495.yaml │ ├── 38641.yaml │ ├── 43498.yaml │ ├── 44161.yaml │ ├── 44424.yaml │ ├── 46511.yaml │ ├── 46614.yaml │ ├── 46780.yaml │ ├── 46845.yaml │ ├── 47703.yaml │ ├── 48266.yaml │ ├── 49012.yaml │ ├── 50218.yaml │ ├── add-sni-host.yaml │ ├── agent-startup.yaml │ ├── consul.yaml │ ├── deprecate-istio_cni.yaml │ ├── endpoint-before-pod.yaml │ ├── gateway-v1alpha2.yaml │ ├── gomaxprocs.yaml │ ├── graudate-revision-tag-command.yaml │ ├── ingressgateway-support-daemonset.yaml │ ├── istioctl-uninstall.yaml │ ├── k8s-tls-secret-cacerts.yaml │ ├── nested-json-log.yaml │ ├── vs-overwrite-fix.yaml │ ├── wasm-decompress.yaml │ ├── 24471.yaml │ ├── 25737.yaml │ ├── 26486.yaml │ ├── 27159.yaml │ ├── 27430.yaml │ ├── 27490.yaml │ ├── 30221.yaml │ ├── 31403.yaml │ ├── 34802.yaml │ ├── 35220.yaml │ ├── 37681.yaml │ ├── 38678.yaml │ ├── 43765.yaml │ ├── 43771.yaml │ ├── 43821.yaml │ ├── 44071.yaml │ ├── 44293.yaml │ ├── 44414.yaml │ ├── 45749.yaml │ ├── 46072.yaml │ ├── 46846.yaml │ ├── 47539.yaml │ ├── 47997.yaml │ ├── 48545.yaml │ ├── 48562.yaml │ ├── 48603.yaml │ ├── 49602.yaml │ ├── 49911.yaml │ ├── 49965.yaml │ ├── endpoints-false-negative.yaml │ ├── fix-47270.yaml │ ├── image-auto-analyzer.yaml │ ├── istioctl-pc-all.yaml │ ├── jwt-parsing.yaml │ ├── probe-redirect.yaml │ ├── scope-push-by-sidecar-changes.yaml │ ├── service-instance-same-namespace.yaml │ ├── service-select-workload-entry.yaml │ ├── skip-graceful-termination.yaml │ ├── tls-tcp-conflict.yaml │ ├── verify-install-multi-iops.yaml │ ├── wasm-secret.yaml │ ├── 27990.yaml │ ├── 30181.yaml │ ├── 30885.yaml │ ├── 31336.yaml │ ├── 33536.yaml │ ├── 34211.yaml │ ├── 35723.yaml │ ├── 39190.yaml │ ├── 39201.yaml │ ├── 40561.yaml │ ├── 42212.yaml │ ├── 42381.yaml │ ├── 42518.yaml │ ├── 42778.yaml │ ├── 44345.yaml │ ├── 44506.yaml │ ├── 44777.yaml │ ├── 44986.yaml │ ├── 45866.yaml │ ├── 47302.yaml │ ├── 47818.yaml │ ├── 47961.yaml │ ├── 837475-caBundle.yaml │ ├── add-pod-securitycontext.yaml │ ├── bds-removal.yaml │ ├── cni-promote.yaml │ ├── dns-round-robin.yaml │ ├── https-on-http.yaml │ ├── reliable-wasm-remote-load.yaml │ ├── remove-experimental-multicluster.yaml │ ├── remove-register-deregister-cmd.yaml │ ├── set-tcp-idle-timeout-in-http-clusters.yaml │ ├── 27293.yaml │ ├── 31168.yaml │ ├── 31522.yaml │ ├── 34129.yaml │ ├── 35333.yaml │ ├── 35509.yaml │ ├── 40729.yaml │ ├── 40997.yaml │ ├── 41548.yaml │ ├── 42184.yaml │ ├── 42365.yaml │ ├── 43483.yaml │ ├── 44712.yaml │ ├── 46465.yaml │ ├── 47340.yaml │ ├── 47877.yaml │ ├── 48334.yaml │ ├── 49713.yaml │ ├── access-log-service-crash.yaml │ ├── auto-san-validation.yaml │ ├── delete-archs-helm-templates.yaml │ ├── dr-sds.yaml │ ├── drop-default-request-timeout.yaml │ ├── fake_jwks.yaml │ ├── gateway-quic-support.yaml │ ├── istioctl-proxy-config-stats.yaml │ ├── opencensusagent.yaml │ ├── optimize-most-specific-host-match.yaml │ ├── remove-post-install-webhook.yaml │ ├── secret-watch.yaml │ ├── spiffe-bundle-multiple-certs.yaml │ ├── standard-alpn.yaml │ ├── strict_1xx_204_fix.yaml │ ├── validation-mixer.yaml │ ├── xds-v3.yaml │ ├── ztunnel-chart-termgrace.yaml │ ├── 31517.yaml │ ├── 33387.yaml │ ├── 37091.yaml │ ├── 39430.yaml │ ├── 40032.yaml │ ├── 42818.yaml │ ├── 43436.yaml │ ├── 43858.yaml │ ├── 44355.yaml │ ├── 45216.yaml │ ├── 45549.yaml │ ├── 45800.yaml │ ├── 46625.yaml │ ├── 47148.yaml │ ├── 47444.yaml │ ├── 47617.yaml │ ├── 48253.yaml │ ├── 48544.yaml │ ├── 48684.yaml │ ├── auto-mtls-headless.yaml │ ├── desc-to-admin-log-scope.yaml │ ├── fix-healthcheck-host-override.yaml │ ├── fix-nodeport-meshnetwork.yaml │ ├── gateway-404-nr.yaml │ ├── gateway-status.yaml │ ├── header-present.yaml │ ├── istioctl-analyze-revision.yaml │ ├── istioctl-pc-routes-print-path-separated-prefix.yaml │ ├── lrs.yaml │ ├── prom-cert-permission.yaml │ ├── redirect-dns-iptables.yaml │ ├── service-ordering.yaml │ ├── tls-configuration-api.yaml │ ├── tls-inbound-all-protocols.yaml │ ├── vm-cleanup-iptables.yaml │ ├── xds-push-deadlock.yaml │ ├── 28346.yaml │ ├── 29270.yaml │ ├── 29376.yaml │ ├── 30079.yaml │ ├── 30261.yaml │ ├── 35293.yaml │ ├── 36634.yaml │ ├── 39188.yaml │ ├── 40085.yaml │ ├── 40198.yaml │ ├── 40797.yaml │ ├── 41245.yaml │ ├── 43652.yaml │ ├── 44151.yaml │ ├── 44605.yaml │ ├── 45150.yaml │ ├── 46711.yaml │ ├── 47045.yaml │ ├── 48224.yaml │ ├── 49049.yaml │ ├── 49379.yaml │ ├── 50157.yaml │ ├── cni-refactor.yaml │ ├── dynatrace-sampler.yaml │ ├── external-istiod.yaml │ ├── injection-perf.yaml │ ├── multicluster-leader-election.yaml │ ├── proxyconfig-global-mutate.yaml │ ├── rds-cache-allow-any.yaml │ ├── tls-fc.yaml │ ├── tls-redirect.yaml │ └── zipkin-datadog-host-ip-interpretation.yaml ├── prow └── config │ └── topology │ └── single.json ├── .github └── ISSUE_TEMPLATE │ └── config.yml └── CONTRIBUTING.md /VERSION: -------------------------------------------------------------------------------- 1 | 1.23 2 | -------------------------------------------------------------------------------- /cni/pkg/install/testdata/token-bar: -------------------------------------------------------------------------------- 1 | bar -------------------------------------------------------------------------------- /cni/pkg/install/testdata/token-foo: -------------------------------------------------------------------------------- 1 | foo -------------------------------------------------------------------------------- /cni/test/testdata/bindir/istio-cni: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pkg/istio-agent/testdata/token: -------------------------------------------------------------------------------- 1 | fake -------------------------------------------------------------------------------- /cni/test/testdata/bindir/istio-iptables: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tools/.gitignore: -------------------------------------------------------------------------------- 1 | docker-dev/image-built 2 | -------------------------------------------------------------------------------- /bin/.spelling_failures: -------------------------------------------------------------------------------- 1 | OWNERS 2 | vendor/ 3 | -------------------------------------------------------------------------------- /cni/pkg/nodeagent/testdata/cgroupns/1/ns/net: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /security/pkg/pki/testdata/key-verify-fail.pem: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /security/tools/jwt/requirements.txt: -------------------------------------------------------------------------------- 1 | google-auth -------------------------------------------------------------------------------- /cni/pkg/install/testdata/invalid-arr.conflist: -------------------------------------------------------------------------------- 1 | [] 2 | -------------------------------------------------------------------------------- /cni/pkg/install/testdata/invalid-map.conflist: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /cni/test/testdata/k8s_svcacct/namespace: -------------------------------------------------------------------------------- 1 | kube-system -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/js/misc.js: -------------------------------------------------------------------------------- 1 | "use strict" 2 | -------------------------------------------------------------------------------- /pkg/envoy/testdata/bootstrap.json: -------------------------------------------------------------------------------- 1 | {"key": "value"} -------------------------------------------------------------------------------- /pkg/test/fakes/imageregistry/.gitignore: -------------------------------------------------------------------------------- 1 | main* 2 | -------------------------------------------------------------------------------- /security/tools/jwt/samples/requirements.txt: -------------------------------------------------------------------------------- 1 | jwcrypto -------------------------------------------------------------------------------- /security/pkg/nodeagent/cache/testdata/file-to-watch.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzJwtUtil/5085913745588224: -------------------------------------------------------------------------------- 1 | .bnVsbM. -------------------------------------------------------------------------------- /istioctl/pkg/workload/testdata/vmconfig/ipv4/istio-token.golden: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /istioctl/pkg/workload/testdata/vmconfig/ipv6/istio-token.golden: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /licenses/github.com/go-errors/errors/NONE: -------------------------------------------------------------------------------- 1 | NO LICENSE FOUND 2 | -------------------------------------------------------------------------------- /pilot/pkg/config/kube/gateway/testdata/mismatch.yaml.golden: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pilot/pkg/config/kube/gateway/testdata/waypoint.yaml.golden: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /samples/bookinfo/src/reviews/reviews-wlpcfg/shared/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /common/.commonfiles.sha: -------------------------------------------------------------------------------- 1 | 86668426efce75eb9b2301e8ad1a98f3e1a68546 2 | -------------------------------------------------------------------------------- /licenses/github.com/xeipuuv/gojsonpointer/NONE: -------------------------------------------------------------------------------- 1 | NO LICENSE FOUND 2 | -------------------------------------------------------------------------------- /licenses/github.com/xeipuuv/gojsonschema/NONE: -------------------------------------------------------------------------------- 1 | NO LICENSE FOUND 2 | -------------------------------------------------------------------------------- /pilot/pkg/config/kube/gateway/testdata/eastwest-remote.yaml.golden: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzAggregateController/5196264820572160: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /istioctl/pkg/workload/testdata/vmconfig-nil-proxy-metadata/hosts.golden: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /licenses/github.com/xeipuuv/gojsonreference/NONE: -------------------------------------------------------------------------------- 1 | NO LICENSE FOUND 2 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/output/all_off.golden.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/output/gateways.golden.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /security/pkg/nodeagent/caclient/providers/citadel/testdata/token: -------------------------------------------------------------------------------- 1 | fake 2 | -------------------------------------------------------------------------------- /security/pkg/pki/ca/root-certs-for-testing.pem: -------------------------------------------------------------------------------- 1 | root-cert-2 2 | root-cert-3 -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzTranslateFromValueToSpec/5041840540745728: -------------------------------------------------------------------------------- 1 | /..: J -------------------------------------------------------------------------------- /istioctl/pkg/waypoint/testdata/waypoint/no-gateway: -------------------------------------------------------------------------------- 1 | No waypoints found. 2 | -------------------------------------------------------------------------------- /istioctl/pkg/workload/testdata/vmconfig-nil-proxy-metadata/istio-token.golden: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /istioctl/pkg/workload/testdata/vmconfig/ipv4/root-cert.pem.golden: -------------------------------------------------------------------------------- 1 | fake-CA-cert -------------------------------------------------------------------------------- /istioctl/pkg/workload/testdata/vmconfig/ipv6/root-cert.pem.golden: -------------------------------------------------------------------------------- 1 | fake-CA-cert -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/output/flag_force.golden.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /samples/bookinfo/src/mongodb/ratings_data.json: -------------------------------------------------------------------------------- 1 | {rating: 5} 2 | {rating: 4} 3 | -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzFindRootCertFromCertificateChainBytes/6118602084843520: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/integration/pilot/testdata/invalid.md: -------------------------------------------------------------------------------- 1 | This is a markdown not yaml. 2 | -------------------------------------------------------------------------------- /istioctl/pkg/kubeinject/testdata/inject-values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | suffix: test 3 | -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /operator/pkg/object/testdata/empty.yaml: -------------------------------------------------------------------------------- 1 | # comments 2 | # another comments 3 | -------------------------------------------------------------------------------- /pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-disable.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pkg/config/analysis/analyzers/testdata/mesh-with-automtls.yaml: -------------------------------------------------------------------------------- 1 | enableAutoMtls: true -------------------------------------------------------------------------------- /samples/bookinfo/src/productpage/test-requirements.txt: -------------------------------------------------------------------------------- 1 | requests-mock==1.5.2 2 | -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzBNMUnmarshalJSON/4811475191988224: -------------------------------------------------------------------------------- 1 | {"INSTANCE_IPS":1} 2 | -------------------------------------------------------------------------------- /pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-permissive.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzHelmReconciler/5691906075000832: -------------------------------------------------------------------------------- 1 | apiVersion: v 2 | kind: Service -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzResolveK8sConflict/5719923521880064: -------------------------------------------------------------------------------- 1 | PodDisruptionBudget -------------------------------------------------------------------------------- /tests/integration/pilot/testdata/invalid.yaml: -------------------------------------------------------------------------------- 1 | this causes a parse error, it's not yaml! -------------------------------------------------------------------------------- /istioctl/pkg/workload/testdata/vmconfig-nil-proxy-metadata/root-cert.pem.golden: -------------------------------------------------------------------------------- 1 | fake-CA-cert -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chartutil/testdata/frobnitz/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict-workload.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /samples/wasm_modules/header_injector/.gitignore: -------------------------------------------------------------------------------- 1 | bazel-* 2 | compile_commands.json 3 | *.wasm -------------------------------------------------------------------------------- /istioctl/pkg/workload/testdata/vmconfig/ipv4/hosts.golden: -------------------------------------------------------------------------------- 1 | 10.10.10.11 istiod-rev-1.istio-system.svc -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz.v1/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /pkg/envoy/testdata/bootstrap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Sample custom bootstrap in YAML 3 | key: value 4 | -------------------------------------------------------------------------------- /istioctl/pkg/workload/testdata/vmconfig/ipv6/hosts.golden: -------------------------------------------------------------------------------- 1 | fd00:10:96::2 istiod-rev-1.istio-system.svc -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz.v2.reqs/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz_backslash/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz_with_bom/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chartutil/testdata/dependent-chart-alias/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict-and-strict-port-mtls.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pkg/test/framework/components/echo/cmd/echogen/testdata/config.yaml: -------------------------------------------------------------------------------- 1 | - Service: a 2 | Namespace: echo -------------------------------------------------------------------------------- /cni/test/testdata/pre/non_json.conf: -------------------------------------------------------------------------------- 1 | "This is not json" 2 | 3 | Maybe it magically parses but shouldn't 4 | -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz_with_dev_null/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /samples/bookinfo/src/details/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem "webrick", "~> 1.7" 4 | 5 | -------------------------------------------------------------------------------- /security/tools/deb/description: -------------------------------------------------------------------------------- 1 | Istio security node agent provides cert provision service for workloads. 2 | -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chartutil/testdata/dependent-chart-no-requirements-yaml/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /samples/ambient-argo/application/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ambient -------------------------------------------------------------------------------- /security/README.md: -------------------------------------------------------------------------------- 1 | Please check our [website](https://istio.io/docs/concepts/security/) for 2 | more information. 3 | -------------------------------------------------------------------------------- /pkg/config/analysis/analyzers/testdata/common/meshconfig.yaml: -------------------------------------------------------------------------------- 1 | defaultConfig: 2 | image: 3 | imageType: distroless 4 | -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chartutil/testdata/dependent-chart-with-all-in-requirements-yaml/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /licenses/helm.sh/helm/v3/pkg/chartutil/testdata/dependent-chart-with-mixed-requirements-yaml/LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE placeholder. 2 | -------------------------------------------------------------------------------- /samples/README.md: -------------------------------------------------------------------------------- 1 | # Istio Samples 2 | 3 | This directory contains sample applications highlighting various Istio features. 4 | -------------------------------------------------------------------------------- /istioctl/pkg/waypoint/testdata/waypoint/default-gateway: -------------------------------------------------------------------------------- 1 | NAME REVISION PROGRAMMED 2 | waypoint default True 3 | -------------------------------------------------------------------------------- /pkg/test/framework/components/echo/kube/testdata/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: myregistrykey -------------------------------------------------------------------------------- /samples/wasm_modules/header_injector/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | ARG WASM_BINARY 3 | WORKDIR / 4 | COPY $WASM_BINARY /plugin.wasm 5 | -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/favicon.ico -------------------------------------------------------------------------------- /samples/bookinfo/src/reviews/.gitignore: -------------------------------------------------------------------------------- 1 | .gradle 2 | reviews-application/build/ 3 | reviews-wlpcfg/servers/LibertyProjectServer/apps/ 4 | -------------------------------------------------------------------------------- /tests/integration/security/fuzz/overview.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/tests/integration/security/fuzz/overview.jpg -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input/bare_spec.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/pwa-192x192.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/pwa-192x192.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/pwa-512x512.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/pwa-512x512.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/tile150x150.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/tile150x150.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/tile310x150.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/tile310x150.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/tile310x310.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/tile310x310.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/tile70x70.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/tile70x70.png -------------------------------------------------------------------------------- /manifests/charts/base/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.base.enableCRDTemplates }} 2 | {{ .Files.Get "crds/crd-all.gen.yaml" }} 3 | {{- end }} 4 | -------------------------------------------------------------------------------- /manifests/profiles/stable.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | profile: stable 6 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/profile-dump/output/list_path.txt: -------------------------------------------------------------------------------- 1 | [0].mountPath="/etc/istio/egressgateway-certs" 2 | [0].name="egressgateway-certs" 3 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/profile-dump/output/list_path.yaml: -------------------------------------------------------------------------------- 1 | - mountPath: /etc/istio/egressgateway-certs 2 | name: egressgateway-certs 3 | 4 | -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/android-36x36.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/android-36x36.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/android-48x48.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/android-48x48.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/android-72x72.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/android-72x72.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/favicon-16x16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/favicon-16x16.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/favicon-32x32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/favicon-32x32.png -------------------------------------------------------------------------------- /samples/bookinfo/src/reviews/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'reviews' 2 | 3 | include 'reviews-application' 4 | include 'reviews-wlpcfg' 5 | -------------------------------------------------------------------------------- /samples/helloworld/src/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | flask 3 | flask_json 4 | flask_bootstrap 5 | json2html 6 | simplejson 7 | gevent 8 | gunicorn -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzAnalyzer/6087702507290624: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/tests/fuzz/testdata/FuzzAnalyzer/6087702507290624 -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzAnalyzer/6169070276837376: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/tests/fuzz/testdata/FuzzAnalyzer/6169070276837376 -------------------------------------------------------------------------------- /operator/pkg/helm/testdata/istio-1.3.0-linux.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/operator/pkg/helm/testdata/istio-1.3.0-linux.tar.gz -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/android-144x144.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/android-144x144.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/android-192x192.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/android-192x192.png -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/android-96x196.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/android-96x196.png -------------------------------------------------------------------------------- /pkg/test/fakes/imageregistry/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | ARG TARGETARCH 3 | COPY main-${TARGETARCH:-amd64} /registry 4 | ENTRYPOINT ["/registry"] 5 | -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzCRDRoundtrip/4664081669292032: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/tests/fuzz/testdata/FuzzCRDRoundtrip/4664081669292032 -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzCRDRoundtrip/6428395234263040: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/tests/fuzz/testdata/FuzzCRDRoundtrip/6428395234263040 -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input/all_off.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: empty 5 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input/empty.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: empty 5 | 6 | -------------------------------------------------------------------------------- /operator/samples/cni-on.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | cni: 6 | enabled: true 7 | -------------------------------------------------------------------------------- /pkg/test/echo/docker/sudoers: -------------------------------------------------------------------------------- 1 | root ALL=(ALL) ALL 2 | %wheel ALL=(ALL) ALL 3 | application ALL=NOPASSWD: ALL 4 | istio-proxy ALL=NOPASSWD: ALL 5 | -------------------------------------------------------------------------------- /pkg/test/framework/README.md: -------------------------------------------------------------------------------- 1 | Please see [this wiki page](https://github.com/istio/istio/wiki/Istio-Test-Framework) for info on using 2 | the test framework. 3 | -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzConfigValidation2/4534596883578880: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/tests/fuzz/testdata/FuzzConfigValidation2/4534596883578880 -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzValidateClusters/5567080949219328: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/tests/fuzz/testdata/FuzzValidateClusters/5567080949219328 -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzValidateClusters/6380814220263424: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/tests/fuzz/testdata/FuzzValidateClusters/6380814220263424 -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input/default.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: default 5 | 6 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input/minimal.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: minimal 5 | 6 | -------------------------------------------------------------------------------- /pkg/ctrlz/assets/static/favicons/apple-touch-icon-180x180.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/pkg/ctrlz/assets/static/favicons/apple-touch-icon-180x180.png -------------------------------------------------------------------------------- /releasenotes/notes/45331.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Fixed** use defer to unlock mutex 7 | -------------------------------------------------------------------------------- /samples/bookinfo/src/reviews/build.gradle: -------------------------------------------------------------------------------- 1 | allprojects { 2 | group = 'org.istio' 3 | version = '1.0' 4 | repositories { 5 | mavenCentral() 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /tests/fuzz/testdata/FuzzConfigValidation2/seed1: -------------------------------------------------------------------------------- 1 | {"servers":[{"port":{"number":80,"protocol":"https","name":"https"},"hosts":["bar.com"],"tls":{"httpsRedirect":true}}]} 2 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/data-snapshot.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/operator/cmd/mesh/testdata/manifest-generate/data-snapshot.tar.gz -------------------------------------------------------------------------------- /releasenotes/notes/34982.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** `istioctl admin log` format. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/36817.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Added** Implement OpenTelemetry Access Log. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/38273.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** `istioctl ps` support ECDS. -------------------------------------------------------------------------------- /releasenotes/notes/42576.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: test 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Removed** Remove useless code in grpc.go 7 | -------------------------------------------------------------------------------- /releasenotes/notes/38192.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Added** WorkloadMode selection to Logging. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48031.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** support for delta ADS client. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/grpc-probe.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** support rewriting gRPC probes -------------------------------------------------------------------------------- /samples/ambient-argo/documentation/Ambient Upgrade - Strategies.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/samples/ambient-argo/documentation/Ambient Upgrade - Strategies.png -------------------------------------------------------------------------------- /operator/samples/values-pilot.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | pilot: 6 | traceSampling: 0.1 # override from 1.0 7 | -------------------------------------------------------------------------------- /releasenotes/notes/31853.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | releaseNotes: 6 | - | 7 | **Added** metrics for istiod informer errors. -------------------------------------------------------------------------------- /releasenotes/notes/36533.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** the output format flag to `operator dump`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/38021.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** pod full name to IST0103 analysis message. 7 | -------------------------------------------------------------------------------- /samples/bookinfo/platform/kube/README.md: -------------------------------------------------------------------------------- 1 | See the [Bookinfo guide](https://istio.io/docs/guides/bookinfo.html) in Istio 2 | docs for instructions on how to run this demo application. 3 | -------------------------------------------------------------------------------- /samples/wasm_modules/README.md: -------------------------------------------------------------------------------- 1 | # WASM demo 2 | 3 | `header_injector` is used for istio e2e tests, more tests can be found [here](https://github.com/istio-ecosystem/wasm-extensions). 4 | -------------------------------------------------------------------------------- /pkg/test/fakes/gce_metadata_server/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | ARG TARGETARCH 3 | COPY ./main-${TARGETARCH:-amd64} /gce-metadata-server 4 | EXPOSE 8080 5 | CMD ["/gce-metadata-server"] 6 | -------------------------------------------------------------------------------- /releasenotes/notes/45275.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Updated** minimum supported Kubernetes version to 1.24.x. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48557.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** bootstrap summary to all config dumps' summary. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48593.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Improved** injector list to exclude ambient namespaces. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48786.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** prefix to WasmPlugin resource name. 7 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input/minimal-revisioned.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: minimal 5 | revision: test-rev 6 | -------------------------------------------------------------------------------- /releasenotes/notes/35483.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** precheck now detects usage of Alpha Annotations. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/35712.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** the release tar URL by adding the patch version. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/39146.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** run `istioctl verify-install` fail with `demo` profile. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/39525.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** `x injector list` provides wrong pods information. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/44931.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** support for yaml output to `istioctl admin log`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/45894.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Added** volumes and volumeMounts to the gateways chart. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/49435.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Added** support for configuring waypoint in Service. -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Updated** Kiali addon has been upgraded to v1.26 7 | -------------------------------------------------------------------------------- /releasenotes/notes/psfile.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** Allow proxy-status for non-K8s workloads with --file 7 | -------------------------------------------------------------------------------- /releasenotes/notes/webhook-analyzer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** a new analyzer for invalid webhook configurations. -------------------------------------------------------------------------------- /tests/integration/pilot/testdata/upgrade/1.11.0-beta.1-cni-install.yaml.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/tests/integration/pilot/testdata/upgrade/1.11.0-beta.1-cni-install.yaml.tar -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input/bare_values.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | metadata: 4 | namespace: istio-system 5 | spec: 6 | values: 7 | -------------------------------------------------------------------------------- /releasenotes/notes/36290.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | 5 | releaseNotes: 6 | - | 7 | **Added** `CLUSTER` column in the output of `istioctl ps` command. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/36570.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** `operator init --dry-run` creates unexpected namespaces. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/41483.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** manifest URL path displays `amd64` package for arm users. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/43709.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** resource namespace resolution for `istioctl` commands. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46514.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: [] 5 | 6 | releaseNotes: 7 | - | 8 | **Added** support for network wasm plugins. -------------------------------------------------------------------------------- /releasenotes/notes/47063.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** support for plugged root cert rotation. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-tcp-probe.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `REWRITE_TCP_PROBES` feature flag. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/jwt-route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Added** support for JWT claim based routing on ingress gateways. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.59.1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** Kiali addon to version v1.59.1. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.60.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** Kiali addon to version v1.60.0. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.63.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** Kiali addon to version v1.63.1. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.67.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** Kiali addon to version v1.67.0. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.72.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** Kiali addon to version v1.72.0. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.76.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** Kiali addon to version v1.76.0. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.79.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** Kiali addon to version v1.79.0. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/wasmplugin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: extensibility 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** support for Istio WasmPlugin API 8 | -------------------------------------------------------------------------------- /istioctl/pkg/waypoint/testdata/waypoint/all-gateway: -------------------------------------------------------------------------------- 1 | NAMESPACE NAME REVISION PROGRAMMED 2 | default waypoint default True 3 | fake waypoint default True 4 | -------------------------------------------------------------------------------- /operator/pkg/object/testdata/invalid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | metadata: 3 | name: myconfigmap 4 | namespace: default 5 | data: 6 | mydata: |- 7 | First line of data 8 | Second line of data 9 | -------------------------------------------------------------------------------- /releasenotes/notes/27726.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 27726 6 | releaseNotes: 7 | - | 8 | **Fixed** pilot agent app probe connection leak. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/43876.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 43655 6 | releaseNotes: 7 | - | 8 | **Added** make inbound port configurable. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/48526.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue `proxyconfig ecds` didn't show all `EcdsConfigDump`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-taint.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the experimental "taint controller" for Istio CNI. -------------------------------------------------------------------------------- /releasenotes/notes/ecc-p384.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** support for using P384 curves when using ECDSA 8 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.34.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** Kiali addon to the latest version v1.34. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.55.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** Kiali addon to the latest version v1.55. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/uninject-not-work.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** `x un-inject` provides wrong un-inject template. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/update-jaeger-v1.22.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Updated** Jaeger addon to the latest version v1.22. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/update-pdb-version.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 32005 6 | 7 | releaseNotes: 8 | - | 9 | **Added** support for policy/v1 PDB. -------------------------------------------------------------------------------- /releasenotes/notes/updateMinK8sto1.13.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Updated** minimum supported Kubernetes version to 1.23.x. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/xds-authz.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | releaseNotes: 5 | - | 6 | **Added** authorization of clients when connecting to Istiod over XDS. 7 | -------------------------------------------------------------------------------- /operator/pkg/helmreconciler/testdata/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | creationTimestamp: null 5 | name: config 6 | namespace: istio-system 7 | data: 8 | field: one 9 | -------------------------------------------------------------------------------- /operator/samples/default-install.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | metadata: 4 | namespace: istio-system 5 | name: istio-operator 6 | spec: 7 | profile: default 8 | 9 | -------------------------------------------------------------------------------- /pkg/test/datasets/validation/dataset/networking-v1-WorkloadEntry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1 2 | kind: WorkloadEntry 3 | metadata: 4 | name: valid-workload-entry 5 | spec: 6 | address: 1.2.3.4 7 | -------------------------------------------------------------------------------- /pkg/test/datasets/validation/dataset/networking-v1beta1-ProxyConfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: ProxyConfig 3 | metadata: 4 | name: valid-example-pc 5 | spec: 6 | concurrency: 3 7 | -------------------------------------------------------------------------------- /releasenotes/notes/34065.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 34065 6 | releaseNotes: 7 | - | 8 | **Added** validator for empty regex match. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/37581.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** `istioctl analyze` beta API version support for file resources. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/37903.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where removing a HTTP filter is not working properly. -------------------------------------------------------------------------------- /releasenotes/notes/41911.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** `verify-install` fails to detect daemonsets' component statuses. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/43710.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 43710 6 | releaseNotes: 7 | - | 8 | **Added** prefix matching on query parameter. -------------------------------------------------------------------------------- /releasenotes/notes/48021.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where `istioctl experimental version` has no proxy info shown. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/add-istiod-uptime-metric.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Added** a new metric to `istiod` to report server uptime. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/ambient-service-entry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Added** initial ambient support for ServiceEntry. -------------------------------------------------------------------------------- /releasenotes/notes/json-log-sort.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Improved** JSON access logs to emit keys in a stable ordering. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/jwt-from-cookies.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 47847 6 | releaseNotes: 7 | - | 8 | **Added** support retrieve JWT from cookies. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.55.1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** Kiali addon to the latest version v1.55.1. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/validate-appprotocol.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** validate not detecting service port `appProtocol`. 7 | -------------------------------------------------------------------------------- /tests/testdata/config/authn.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: PeerAuthentication 3 | metadata: 4 | name: default 5 | namespace: default 6 | spec: 7 | mtls: 8 | mode: PERMISSIVE 9 | -------------------------------------------------------------------------------- /tools/proto/buf.golang.yaml: -------------------------------------------------------------------------------- 1 | version: v1beta1 2 | plugins: 3 | - name: go 4 | out: . 5 | opt: 6 | - paths=source_relative 7 | - name: go-grpc 8 | out: . 9 | opt: 10 | - paths=source_relative -------------------------------------------------------------------------------- /istioctl/pkg/writer/envoy/configdump/testdata/versionsummary.txt: -------------------------------------------------------------------------------- 1 | Istio Version: 1.10.0 2 | Istio Proxy Version: 436f365a8007cd8a13a9f1321e7cce94bcc8883e 3 | Envoy Version: 1.18.3/Clean/RELEASE/BoringSSL 4 | -------------------------------------------------------------------------------- /operator/samples/values-global.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | global: 6 | logging: 7 | level: "default:warning" # override from info 8 | -------------------------------------------------------------------------------- /pkg/config/analysis/analyzers/testdata/peerauthentication-crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: peerauthentications.security.istio.io 5 | spec: -------------------------------------------------------------------------------- /pkg/config/analysis/analyzers/testdata/serviceentry-missing-addresses-protocol-mesh-cfg.yaml: -------------------------------------------------------------------------------- 1 | defaultConfig: 2 | proxyMetadata: 3 | ISTIO_META_DNS_CAPTURE: "true" 4 | ISTIO_META_DNS_AUTO_ALLOCATE: "true" 5 | -------------------------------------------------------------------------------- /releasenotes/notes/32513.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 32513 6 | releaseNotes: 7 | - | 8 | **Added** `--dry-run` flag for `istioctl x uninstall`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/34811.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 34811 6 | releaseNotes: 7 | - | 8 | **Fixed** Istioctl does not wait on CNI DaemonSet update 9 | -------------------------------------------------------------------------------- /releasenotes/notes/35648.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Added** Support arm64 api for operator, add nodeAffinity arm64 expression. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/40093.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | 5 | releaseNotes: 6 | - | 7 | **Fixed** an issue where updating a secret caused a `missing pulling secret` 8 | -------------------------------------------------------------------------------- /releasenotes/notes/41996.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | 5 | issue: 6 | - 41763 7 | releaseNotes: 8 | - | 9 | **Added** support for `reporting_interval`. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/42104.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | 5 | issue: 6 | - 42080 7 | releaseNotes: 8 | - | 9 | **Fixed** OpenTelemetry tracer not working. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/42414.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Fixed** locality label missing for a sidecar without service selected. -------------------------------------------------------------------------------- /releasenotes/notes/43173.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Fixed** `appProtocol` field not taking effect in IstioOperator ServicePort. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46339.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: [] 5 | 6 | releaseNotes: 7 | - | 8 | **Added** an flag to disable OTel builtin resource labels. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/48019.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Removed** support for `policy/v1beta1` API version of `PodDisruptionBudget`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48595.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** injector list has duplicated namespace shown for the same injector hook. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/49443.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** `istioctl dashboard istio-debug` to display the Istio debug endpoints dashboard. -------------------------------------------------------------------------------- /releasenotes/notes/drop-legacy-ingress-flag.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `PILOT_LEGACY_INGRESS_BEHAVIOR` feature flag. -------------------------------------------------------------------------------- /releasenotes/notes/drop-legacy-istio-trace-tags.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `PILOT_ENABLE_ISTIO_TAGS` feature flag. -------------------------------------------------------------------------------- /releasenotes/notes/drop-legacy-lb-flag.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `ENABLE_LEGACY_LB_ALGORITHM_DEFAULT` feature flag. -------------------------------------------------------------------------------- /releasenotes/notes/drop-legacy-partial-full-push.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `PILOT_PARTIAL_FULL_PUSHES` feature flag. -------------------------------------------------------------------------------- /releasenotes/notes/drop-legacy-spiffe-bundle-endpoints.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Removed** the `SPIFFE_BUNDLE_ENDPOINTS` feature flag. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-reload-plugin-certs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `AUTO_RELOAD_PLUGIN_CERTS` feature flag. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-operator-httpfetch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Removed** fetching charts from URLs in `istio-operator`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/sidecar-vs-delegate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | releaseNotes: 5 | - | 6 | **Added** support for virtual service delegate for sidecar proxies. -------------------------------------------------------------------------------- /manifests/charts/istio-operator/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enableCRDTemplates -}} 2 | {{- range $path, $bytes := .Files.Glob "crds/*.yaml" -}} 3 | --- 4 | {{ $.Files.Get $path }} 5 | {{- end -}} 6 | {{- end -}} 7 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input-extra-resources/gateways.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: user-ingressgateway-ns 5 | labels: 6 | istio-injection: disabled 7 | 8 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input/flag_output.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: empty 5 | components: 6 | pilot: 7 | enabled: true 8 | -------------------------------------------------------------------------------- /pkg/test/datasets/validation/dataset/networking-v1beta1-WorkloadEntry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: WorkloadEntry 3 | metadata: 4 | name: valid-workload-entry 5 | spec: 6 | address: 1.2.3.4 7 | -------------------------------------------------------------------------------- /pkg/test/datasets/validation/dataset/telemetry-v1-Telemetry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: telemetry.istio.io/v1 2 | kind: Telemetry 3 | metadata: 4 | name: valid 5 | spec: 6 | tracing: 7 | - randomSamplingPercentage: 10.00 8 | -------------------------------------------------------------------------------- /pkg/test/framework/analyzer-allowlist.yaml: -------------------------------------------------------------------------------- 1 | suites: 2 | supportMultipleClusters: 3 | - helm 4 | - helm_upgrade 5 | - operator 6 | - pilot_revisioncmd 7 | - security_file_mounted_certs 8 | - security_sds_egress -------------------------------------------------------------------------------- /releasenotes/notes/26851.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 26851 6 | releaseNotes: 7 | - | 8 | **Added** Listener Access Logs when ResponseFlag from Envoy is set. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/29034.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - 28970 6 | releaseNotes: 7 | - | 8 | **Fixed** namespace shorthand flag missing in dashboard subcommand. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/30683.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 30683 6 | releaseNotes: 7 | - | 8 | **Fixed** Avoid unnecessary full push in service entry store. -------------------------------------------------------------------------------- /releasenotes/notes/31186.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: environments 4 | issue: 5 | - 31186 6 | releaseNotes: 7 | - | 8 | **Fixed** Improved output of istioctl YAML diff commands. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/32201.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** a flag setting ShutdownDuration in pilot and its default value is 10s. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/36044.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** the `--duration` flag never gets used in the `istioctl bug-report` command. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/36809.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 36162 6 | releaseNotes: 7 | - | 8 | **Added** configurable service-cluster naming scheme support. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/40142.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Added** support for MAGLEV load balancing algorithm for consistent hashing. -------------------------------------------------------------------------------- /releasenotes/notes/40778.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** `kube-inject` crashes when the pod annotation `proxy.istio.io/config` is set. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/41330.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 40598 6 | releaseNotes: 7 | - | 8 | **Added** precheck for revision when running `istioctl uninstall`. -------------------------------------------------------------------------------- /releasenotes/notes/41785.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | issue: 6 | - 41170 7 | 8 | releaseNotes: 9 | - | 10 | **Added** analyzer for telemetry resource. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/42203.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | 5 | releaseNotes: 6 | - | 7 | **Added** support for using QAT (QuickAssist Technology) PrivateKeyProvider in SDS. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/42377.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 42377 6 | releaseNotes: 7 | - | 8 | **Added** support for k8s ServiceInternalTrafficPolicy. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/43318.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Fixed** ignoring default CA certificate when `PeerCertificateVerifier` is created. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/43434.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 35915 6 | releaseNotes: 7 | - | 8 | **Added** support for scraping metrics in dual stack clusters. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/46277.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 46277 6 | releaseNotes: 7 | - | 8 | **Fixed** health_checkers extensions is not compiled in. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/46592.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 46592 6 | 7 | releaseNotes: 8 | - | 9 | **Added** Waypoint can now run as non-root. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/47099.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** `failoverPriority` and `failover` to work together with each other. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48203.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 47328 6 | releaseNotes: 7 | - | 8 | **Added** support for customizing timeout when resolving jwksUri 9 | -------------------------------------------------------------------------------- /releasenotes/notes/48471.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 48336 6 | releaseNotes: 7 | - | 8 | **Added** always `istio.cluster_id` tag to all tracing spans. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/cni-dns-capture.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 29511 6 | releaseNotes: 7 | - | 8 | **Fixed** smart DNS support in Istio CNI. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-operator-httpfetch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Deprecated** fetching charts from URLs in `istio-operator`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-legacy-auto-mtls-check.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `ENABLE_AUTO_MTLS_CHECK_POLICIES` feature flag. -------------------------------------------------------------------------------- /releasenotes/notes/openshift-ambient-profile.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 42341 6 | releaseNotes: 7 | - | 8 | **Added** `openshift-ambient` profile. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/wasm-pull-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: extensibility 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** Support for ImagePullPolicy of WasmPlugin API. 8 | -------------------------------------------------------------------------------- /samples/bookinfo/src/productpage/static/bootstrap/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/samples/bookinfo/src/productpage/static/bootstrap/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /samples/bookinfo/src/productpage/static/bootstrap/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/samples/bookinfo/src/productpage/static/bootstrap/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /pkg/test/datasets/validation/dataset/networking-v1-Sidecar.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1 2 | kind: Sidecar 3 | metadata: 4 | name: valid-sidecar-config 5 | spec: 6 | egress: 7 | - hosts: 8 | - "abc/*" 9 | -------------------------------------------------------------------------------- /pkg/test/datasets/validation/dataset/networking-v1alpha3-WorkloadEntry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: WorkloadEntry 3 | metadata: 4 | name: valid-workload-entry 5 | spec: 6 | address: "1.2.3.4" 7 | -------------------------------------------------------------------------------- /releasenotes/notes/28915.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Updated** the experimental `precheck` command to show potential problems before upgrading. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/29942.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 29943 6 | releaseNotes: 7 | - | 8 | **Added** option to enable STS token fetch and exchange for XDS flow. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/31910.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 31910 6 | releaseNotes: 7 | - | 8 | **Fixed** PDB `maxUnavailable` field cannot be set in Istio operator 9 | -------------------------------------------------------------------------------- /releasenotes/notes/34325.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** `istioctl profile diff` and `istioctl profile dump` have unexpected info logs. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/38158.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Added** support for skipping the initial installation of CNI entirely. 8 | 9 | -------------------------------------------------------------------------------- /releasenotes/notes/39765.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Added** support for configuring max_connection_duration in DestinationRule. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/40184.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | 5 | releaseNotes: 6 | - | 7 | **Fixed** an issue where "istioctl analyze" started showing invalid warning messages. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/40220.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** IST0103 warning from `istioctl analyze` for non-injected pods on the host network. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/44105.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 44074 6 | releaseNotes: 7 | - | 8 | **Added** support for `METADATA` command operator in access log. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/44303.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Fixed** pilot has an additional invalid gateway metric that was not created by the user. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/44468.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Added** new metric named `provider_lookup_cluster_failures` for lookup cluster failures. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/44929.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where the cert validity was not accurate for `istioctl pc secret` command. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/45407.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Updated** `istioctl x workload configure` accepts IPv6 address passed in `--ingressIP`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/45640.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Removed** `uninstall` command from `istioctl experimental`, use `istioctl uninstall` instead. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/45644.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where analyzers were reporting messages for the gateway-managed services. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46087.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 46087 6 | releaseNotes: 7 | - | 8 | **Fixed** app probe: http request.host is not well propagated. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/46257.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Removed** `istioctl experimental revision tag` command, which was graduated to `istioctl tag`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46312.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 45825 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue that istio should using IMDSv2 as possible on AWS. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/46483.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where resources are being pruned when installing with the dry-run option. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46963.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | issue: 5 | - 46960 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where metric `DNSNoEndpointClusters` not working. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/48958.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 48696 6 | releaseNotes: 7 | - | 8 | **Added** `--proxy` option to `istioctl experimental wait` command. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/50572.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 50572 6 | releaseNotes: 7 | - | 8 | **Fixed** `use-waypoint` should be a label, for consistency 9 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-headless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `PILOT_ENABLE_HEADLESS_SERVICE_POD_LISTENERS` feature flag. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/ecc-csr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 23226 6 | releaseNotes: 7 | - | 8 | **Added** support for creation of CSRs using ECC based certificates. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/make-httpbin-work-ocp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: documentation 4 | releaseNotes: 5 | - | 6 | **Fixed** `httpbin` sample manifests to deploy correctly on OpenShift. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/update-se-instances.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** potential memory leak when updating service entries hostname. -------------------------------------------------------------------------------- /samples/bookinfo/src/productpage/static/bootstrap/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/samples/bookinfo/src/productpage/static/bootstrap/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /samples/bookinfo/src/productpage/static/bootstrap/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/istio/HEAD/samples/bookinfo/src/productpage/static/bootstrap/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /operator/pkg/helm/testdata/addons/a/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: addon 4 | version: 1.1.0 5 | appVersion: 1.1.0 6 | tillerVersion: ">=2.7.2" 7 | keywords: 8 | - istio-addon 9 | -------------------------------------------------------------------------------- /operator/pkg/helm/testdata/render/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: addon 4 | version: 1.1.0 5 | appVersion: 1.1.0 6 | tillerVersion: ">=2.7.2ffff" 7 | keywords: 8 | - istio-addon 9 | -------------------------------------------------------------------------------- /pkg/test/datasets/validation/dataset/telemetry-v1alpha1-Telemetry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: telemetry.istio.io/v1alpha1 2 | kind: Telemetry 3 | metadata: 4 | name: valid 5 | spec: 6 | tracing: 7 | - randomSamplingPercentage: 10.00 8 | -------------------------------------------------------------------------------- /releasenotes/notes/27509.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 27509 6 | releaseNotes: 7 | - | 8 | **Fixed** allow configure RENEW_DEADLINE for istio operator manager. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/29681.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 29681 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug where DNS agent preview produces malformed DNS responses 9 | -------------------------------------------------------------------------------- /releasenotes/notes/29855.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 29607 6 | releaseNotes: 7 | - | 8 | **Improved** 'verify-install' detects Istio injector without control plane. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/30200.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 30200 6 | releaseNotes: 7 | - | 8 | **Added** analysis interval to reduce the wasteful re-runs of analyzer 9 | -------------------------------------------------------------------------------- /releasenotes/notes/32749.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 32749 6 | releaseNotes: 7 | - | 8 | **Fixed** the upgrade and downgrade message of the control plane. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/34847.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** the deployment analyzer is ignoring service namespaces during the analysis process. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/36110.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 36110 6 | releaseNotes: 7 | - | 8 | **Added** istiod deployment respect `values.pilot.nodeSelector`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/36452.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** the global wildcard pattern match for the bug report `--include` and `--exclude` flag. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/40339.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 40339 6 | 7 | releaseNotes: 8 | - | 9 | **Promoted** `istioctl x uninstall` to `istioctl uninstall`. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/40680.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 40680 6 | releaseNotes: 7 | - | 8 | **Fixed** configuring istio.alpn filter for non-Istio mTLS. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/40809.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | 5 | releaseNotes: 6 | - | 7 | **Fixed** an issue when telemetry accesslogs is nil, will not fallback to use meshconfig. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/42252.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Fixed** an issue where the sync timeout setting doesn't work on the remote clusters. -------------------------------------------------------------------------------- /releasenotes/notes/42400.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 42400 6 | releaseNotes: 7 | - | 8 | **Fixed** updating service visibility does not push XDS to gateways 9 | -------------------------------------------------------------------------------- /releasenotes/notes/43453.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 43359 6 | releaseNotes: 7 | - | 8 | **Added** support to control trace id length on Zipkin tracing provider. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/44137.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** inaccuracies in analysis results when analyzing configuration files with empty content. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/44481.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 44469 6 | releaseNotes: 7 | - | 8 | **Added** support for `PodDisruptionBudget` (PDB) in the Gateway chart. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/45404.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 45400 6 | releaseNotes: 7 | - | 8 | **Added** the helm value of setting cni ambient config dir path. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/45643.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where there was a parse error when performing rootCA comparison for Ztunnel pods. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/47681.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where sometimes the network of waypoint was not properly configured. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48769.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 46297 6 | releaseNotes: 7 | - | 8 | **Added** `--wait` option to `istioctl experimental waypoint apply` command. -------------------------------------------------------------------------------- /releasenotes/notes/49098.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | issues: 5 | - 49098 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug that made PeerAuthentication too restrictive in Ambient mode. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/50138.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Fixed** Gateway status addresses receiving Service VIPs from outside the cluster. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/abort-with-grpc-status-code.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** support to inject faults by specifying gRPC status code 7 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-legacy-autopassthrough.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `PILOT_ENABLE_LEGACY_AUTO_PASSTHROUGH` feature flag. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-reload-sidecar-ignore-port.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `SIDECAR_IGNORE_PORT_IN_HOST_MATCH` feature flag. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/duplicate-subset-names.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Added** rejecting DestinationRules with duplicate subset names. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/envoyfilter-app-protocals-match.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** support for matching `ApplicationProtocols` in EnvoyFilter. -------------------------------------------------------------------------------- /releasenotes/notes/fix-istioctl-x-precheck-missing-revision.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** `revision` flag missing in `istioctl x precheck`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/nonroot-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 23379 6 | releaseNotes: 7 | - | 8 | **Improved** gateway deployments to run as non-root by default. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/pq-memory-leak.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue causing memory to not be freed after XDS clients disconnect. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-convert-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 29153 6 | 7 | releaseNotes: 8 | - | 9 | **Removed** istioctl convert-ingress command 10 | -------------------------------------------------------------------------------- /releasenotes/notes/wasm-extension-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 25843 6 | releaseNotes: 7 | - | 8 | **Added** Istio Wasm Extension Grafana Dashboard. 9 | -------------------------------------------------------------------------------- /tests/integration/telemetry/api/testdata/registry-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | .dockerconfigjson: {{ .DockerConfigJson }} 4 | kind: Secret 5 | metadata: 6 | name: reg-cred 7 | type: kubernetes.io/dockerconfigjson 8 | -------------------------------------------------------------------------------- /manifests/profiles/demo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | egressGateways: 6 | - name: istio-egressgateway 7 | enabled: true 8 | values: 9 | profile: demo -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input/helm_values_enablement.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | gateways: 6 | istio-egressgateway: 7 | enabled: true -------------------------------------------------------------------------------- /operator/pkg/helm/testdata/addons/invalid/a/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: addon 4 | version: 1.1.0 5 | appVersion: 1.1.0 6 | tillerVersion: ">=2.7.2" 7 | keywords: 8 | - istio-addon 9 | -------------------------------------------------------------------------------- /operator/pkg/helm/testdata/addons/invalid/b/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: addon 4 | version: 1.1.0 5 | appVersion: 1.1.0 6 | tillerVersion: ">=2.7.2" 7 | keywords: 8 | - istio-addon 9 | -------------------------------------------------------------------------------- /operator/pkg/helm/testdata/render/templates/fs_template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: {{.Values.description}} 3 | name: addon 4 | version: 1.1.0 5 | appVersion: 1.1.0 6 | tillerVersion: ">=2.7.2" 7 | keywords: 8 | - istio-addon -------------------------------------------------------------------------------- /operator/pkg/object/testdata/well-formed-with-space.out.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: myconfigmap 5 | namespace: default 6 | data: 7 | mydata: "First line of data\nSecond line of data " 8 | -------------------------------------------------------------------------------- /pkg/test/datasets/validation/dataset/networking-v1alpha3-Sidecar.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Sidecar 3 | metadata: 4 | name: valid-sidecar-config 5 | spec: 6 | egress: 7 | - hosts: 8 | - "abc/*" 9 | -------------------------------------------------------------------------------- /pkg/test/datasets/validation/dataset/networking-v1beta1-Sidecar.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: Sidecar 3 | metadata: 4 | name: valid-sidecar-config 5 | spec: 6 | egress: 7 | - hosts: 8 | - "abc/*" 9 | -------------------------------------------------------------------------------- /prow/config/topology/single.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "kind": "Kubernetes", 4 | "clusterName": "istio-testing", 5 | "podSubnet": "10.10.0.0/16", 6 | "svcSubnet": "10.255.10.0/24", 7 | "network": "istio-testing" 8 | } 9 | ] -------------------------------------------------------------------------------- /releasenotes/notes/27300.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 27300 6 | 7 | releaseNotes: 8 | - | 9 | **Added** ability to configure domain suffix for multicluster installation -------------------------------------------------------------------------------- /releasenotes/notes/28753.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 28753 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `istioctl apply` as an alias for `istioctl install`. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/30067.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 30067 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug where ISTIO_META_IDLE_TIMEOUT is not reflected when set to "0s". 9 | -------------------------------------------------------------------------------- /releasenotes/notes/31946.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 31946 6 | releaseNotes: 7 | - | 8 | **Added** support to watch local secret resource updates for external istiod 9 | -------------------------------------------------------------------------------- /releasenotes/notes/34633.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Fixed** an issue in which ADS would hang due to the wrong `syncCh` size being provided. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/35014.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 33558 6 | releaseNotes: 7 | - | 8 | **Added** support for sourceip hash loadbalancing in TCP proxy. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/36655.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 36514 6 | releaseNotes: 7 | - | 8 | **Added** Common Expression Language (CEL) filter support for access logs. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/38750.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where removing inline Network and HTTP filters was not working properly. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/40851.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | 5 | releaseNotes: 6 | - | 7 | **Fixed** an issue that built-in provider should fallback to meshconfig when format is unset. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/41644.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | 5 | issue: 6 | - 41631 7 | 8 | releaseNotes: 9 | - | 10 | **Fixed** an issue where `pilotExists` always return `false`. -------------------------------------------------------------------------------- /releasenotes/notes/46161.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** `istioctl experimental describe` provides wrong Gateway information when using injected gateway. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46540.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 46540 6 | 7 | releaseNotes: 8 | - | 9 | **Fixed** adding waypoints can cause traffic disruption 10 | -------------------------------------------------------------------------------- /releasenotes/notes/46584.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - 46563 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where `istioctl analyze` would analyze irrelevant configmaps. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/46651.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 46524 6 | releaseNotes: 7 | - | 8 | **Removed** support for installing `ambient` profile with in-cluster operator. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/47081.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 47081 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where auto allocation is allocation incorrect ips. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/47342.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 47341 6 | releaseNotes: 7 | - | 8 | **Fixed** Issue relying only on `HTTPRoute` to check `ReferenceGrant` 9 | -------------------------------------------------------------------------------- /releasenotes/notes/47705.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - 47696 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where `istioctl tag list` command didn't accept `--output` flag. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/48762.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 48751 6 | releaseNotes: 7 | - | 8 | **Added** `allocateLoadBalancerNodePorts` config option to the Gateway chart. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/49139.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where the delta ADS client received a response which contains RemoveResources -------------------------------------------------------------------------------- /releasenotes/notes/49675.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Added** Allow user to add customized annotation to istiod service account resource through helm chart. -------------------------------------------------------------------------------- /releasenotes/notes/cni-rolling-max-available.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Added** rolling update max unavailable to CNI Helm chart to speed up deploys. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-legacy-credential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `PILOT_ENABLE_LEGACY_ISTIO_MUTUAL_CREDENTIAL_NAME` feature flag. -------------------------------------------------------------------------------- /releasenotes/notes/drop-reload-prioritized-leader-election.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `PRIORITIZED_LEADER_ELECTION` feature flag. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/experimental-telemetry-api-tracing.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 24284 6 | 7 | releaseNotes: 8 | - | 9 | **Added** experimental support for Telemetry API. -------------------------------------------------------------------------------- /releasenotes/notes/gateway-dual-stack.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Added** ability to install gateway helm chart with a dual-stack service definition. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/grpc-stats.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | issue: 5 | - 43908 6 | - 44144 7 | releaseNotes: 8 | - | 9 | **Fixed** an issue where grpc stats are absent. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/helm-ambient.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Added** helm values for easier installation of ambient when the user wishes to use Helm. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/inbound-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | releaseNotes: 5 | - | 6 | **Fixed** a bug where Envoy filter with service match is not working for inbound clusters. 7 | 8 | -------------------------------------------------------------------------------- /releasenotes/notes/ingress-named-port.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | - 23052 6 | releaseNotes: 7 | - | 8 | **Improved** support for Ingress by allowing named port references. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/istioctl-install-errors.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Improved** `istioctl install` to give more details during installation failures. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/istioctl-sort-events-by-creation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Improved** `istioctl bug-report` to sort gathered events by creation date. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/min-k8-ver-for-1.8.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 28814 6 | releaseNotes: 7 | - | 8 | **Added** Istio 1.8 supports kubernetes versions 1.16 to 1.19. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/min-k8-ver-for-1.9.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 30176 6 | releaseNotes: 7 | - | 8 | **Added** Istio 1.9 supports Kubernetes versions 1.17 to 1.20. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/proxy-stats-inclusion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 26546 6 | releaseNotes: 7 | - | 8 | **Added** Proxy config to control Envoy native stats generation. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/send-stat.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | releaseNotes: 5 | - | 6 | **Added** a new stat "pilot_xds_send_time" that records send time of the generated configuration. 7 | -------------------------------------------------------------------------------- /tests/integration/security/testdata/reachability/global-peer-authn.yaml.tmpl: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: PeerAuthentication 3 | metadata: 4 | name: "default" 5 | spec: 6 | mtls: 7 | mode: {{ .MTLSMode }} 8 | -------------------------------------------------------------------------------- /pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict-in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: PeerAuthentication 3 | metadata: 4 | name: strict-mtls 5 | spec: 6 | mtls: 7 | mode: STRICT 8 | 9 | -------------------------------------------------------------------------------- /releasenotes/notes/28942.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 28970 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug where locality weights are only applied when outlier detection is enabled. -------------------------------------------------------------------------------- /releasenotes/notes/30208.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - 30208 6 | 7 | releaseNotes: 8 | - | 9 | **Fixed** dashboard controlz could not port forward to istiod pod. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/30991.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 30991 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug preventing `istioctl kube-inject` from working with revisions. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/31075.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | - 31075 6 | releaseNotes: 7 | - | 8 | **Added** /debug/connections debug interface to list the current connected clients. -------------------------------------------------------------------------------- /releasenotes/notes/31573.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: EnvoyFilter 4 | issue: 5 | - 31573 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug where the EnvoyFilter HTTP_FILTER didn't support INSERT_FIRST 9 | -------------------------------------------------------------------------------- /releasenotes/notes/31779.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: network 4 | issue: 5 | - 31779 6 | releaseNotes: 7 | - | 8 | **Added** SDS screts fetch faliure metric `pilot_sds_certificate_errors_total`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/31797.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: enhancement 3 | area: environments 4 | issue: 5 | - 31732 6 | releaseNotes: 7 | - | 8 | **Added** support for slash characters in environment variables on injectionURL 9 | -------------------------------------------------------------------------------- /releasenotes/notes/41858.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Removed** warning if istio-cni is not the default CNI plugin when CNI is used as a standalone plugin. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/43120.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Improved** `istioctl operator remove` command to run without the confirmation in the dry-run mode. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/43179.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | issues: 5 | - 43178 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where `ALL_METRICS` does not disable metrics as expected. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/43508.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: documentation 4 | issue: 5 | - 43508 6 | releaseNotes: 7 | - | 8 | **Fixed** add ambient test framework flag for quick running integration test. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/44820.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 44820 6 | releaseNotes: 7 | - | 8 | **Fixed** the bug where patching http_route affects other virtualhosts. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/46104.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where `verify-install` has incorrect results when installed deployments are not healthy. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46421.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 46421 6 | releaseNotes: 7 | - | 8 | **Added** basic ztunnel support for revisions when installing with istioctl. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/49511.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where commands relying on Envoy config dump may not work due to the presence of ECDS config. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/49851.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 49851 6 | releaseNotes: 7 | - | 8 | **Added** Implement support in waypoint for istio.io/waypoint-for annotation. -------------------------------------------------------------------------------- /releasenotes/notes/check-disabled-status.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where disabling a log provider through Istio telemetry API would not work. -------------------------------------------------------------------------------- /releasenotes/notes/concurrent-map-write.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** Fix to an concurrent map write error that leads to a crash in istiod 7 | -------------------------------------------------------------------------------- /releasenotes/notes/dashboard-reporter-dropdown.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 27595 6 | releaseNotes: 7 | - | 8 | **Added** Istio Grafana Dashboards Query Reporter Dropdown. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/dr-analyzer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | releaseNotes: 5 | - | 6 | **Added** Analyzer warning for DestinationRule not using CaCertificates to validate server identity. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/env-workload-rsa-keysize.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Added** an environment variable for configuring the RSA key size of workload certificates. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/httpregexrewrite.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 22290 6 | releaseNotes: 7 | - | 8 | **Added** support for Regex Rewrite in VirtualService HTTPRewrite 9 | -------------------------------------------------------------------------------- /releasenotes/notes/kiali-update-v1.29.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 30438 6 | 7 | releaseNotes: 8 | - | 9 | **Updated** Kiali addon to the latest version v1.29. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/rpm-builds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 9117 6 | releaseNotes: 7 | - | 8 | **Added** RPM packages for running the Istio sidecar on a VM to the release. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/use-client-protocol.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | releaseNotes: 6 | - | 7 | **Added** Support for specifying "UseClientProtocol" in DestinationRule in Http. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/validate-unknown.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 24861 6 | releaseNotes: 7 | - | 8 | **Improved** `istioctl validate` to check for unknown fields in resources. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/wasm-fail-open.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: extensibility 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** an option to fail open on fetch failure and VM fatal errors. 8 | 9 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | contact_links: 2 | - name: "Crash bug" 3 | url: https://istio.io/about/security-vulnerabilities/ 4 | about: "Please file any bug causing a crash to istio-security-vulnerability-reports@googlegroups.com." 5 | -------------------------------------------------------------------------------- /manifests/profiles/openshift.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | cni: 6 | enabled: true 7 | namespace: kube-system 8 | values: 9 | profile: openshift 10 | -------------------------------------------------------------------------------- /pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-disable-in.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: security.istio.io/v1beta1 3 | kind: PeerAuthentication 4 | metadata: 5 | name: disable-mtls 6 | spec: 7 | mtls: 8 | mode: DISABLE 9 | -------------------------------------------------------------------------------- /pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-permissive-in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: PeerAuthentication 3 | metadata: 4 | name: permissive-mtls 5 | spec: 6 | mtls: 7 | mode: PERMISSIVE 8 | -------------------------------------------------------------------------------- /releasenotes/notes/13330.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 13330 6 | releaseNotes: 7 | - | 8 | **Added** support traffic mirroring to multiple destinations in VirtualService. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/28003.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 28003 6 | 7 | releaseNotes: 8 | - | 9 | **Added** Istio resource status now includes Observed Generation 10 | -------------------------------------------------------------------------------- /releasenotes/notes/28794.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | releaseNotes: 5 | - | 6 | **Enabled** DNS capture in istio-agent by default for VMs installed using `istioctl x workload entry configure`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/33293.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | issue: 5 | - 33293 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug where secret files are not watched once they are removed and added back. -------------------------------------------------------------------------------- /releasenotes/notes/33537.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 33537 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `istioctl install` will now do `IST0139` analysis on webhooks. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/33737.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 33737 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug where retryRemoteLocalities configuration is rejected by Envoy. -------------------------------------------------------------------------------- /releasenotes/notes/35068.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 35068 6 | releaseNotes: 7 | - | 8 | **Fixed** No Permission to list ServiceExport from remote clusters in primary cluster. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/35593.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** `istioctl bug-report` has the extra default system namespaces displayed when `--exclude` is not set. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/36813.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 36723 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue when envoy lost connection after `istio-ca-root-cert` changed. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/36835.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - https://github.com/istio/istio/issues/36290 6 | releaseNotes: 7 | - | 8 | **Added** the cluster id to `experimental ps`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/37227.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** environment variable support at Wasm extension via VM configuration in WasmPlugin API. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/37737.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 33052 6 | releaseNotes: 7 | - | 8 | **Fixed** Removing caBundle default value from Chart to allow a GitOps approach 9 | -------------------------------------------------------------------------------- /releasenotes/notes/38495.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | 5 | releaseNotes: 6 | - | 7 | **Fixed** the tcp metadata exchange between sidecar client and ISTIO_MUTUAL, tcp server at the gateway 8 | -------------------------------------------------------------------------------- /releasenotes/notes/38641.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - 38636 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue `istioctl x describe pod` return error `failed to fetch mesh config`. -------------------------------------------------------------------------------- /releasenotes/notes/43498.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 43498 6 | releaseNotes: 7 | - | 8 | **Fixed** reporting Programmed condition on Gateway API Gateway resources. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/44161.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Added** injection of `istio.io/rev` annotation to sidecars and gateways for multi-revision observability. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/44424.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 44424 6 | 7 | releaseNotes: 8 | - | 9 | **Updated** the VirtualService validation to fail on empty prefix header matcher. -------------------------------------------------------------------------------- /releasenotes/notes/46511.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where the upgrade warning is given incorrectly between default and revisioned control planes. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46614.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where Ambient pods are incorrectly processed when Ambient namespace label is changed. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46780.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where installing Istio with `empty` profile did not have components information displayed. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46845.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: extensibility 4 | releaseNotes: 5 | - | 6 | **Added** the capability to attach `WasmPlugin` to Kubernetes `Gateway` resources via the `targetRef` field. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/47703.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where sometimes control plane revisions and proxy versions were not obtained in the bug report. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48266.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 48241 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where the Istio injection webhook may be modified in dry-run mode. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/49012.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where the Kubernetes gateway was not working correctly with the namespace waypoint. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/50218.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 48634 6 | releaseNotes: 7 | - | 8 | **Removed** deprecated `external` profile, use `remote` profile instead for installation. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/add-sni-host.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 25691 6 | releaseNotes: 7 | - | 8 | **Fixed** SNI host routing issue when user uses sniHosts match in virtual service 9 | -------------------------------------------------------------------------------- /releasenotes/notes/agent-startup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** a new `startup_duration_seconds` metric to measure the latency in proxy readiness. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/consul.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | releaseNotes: 5 | - | 6 | **Removed** compiled in support for Consul service registry. Integration will be done using XDS in the future. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-istio_cni.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 49290 6 | releaseNotes: 7 | - | 8 | **Deprecated** usage of `values.istio_cni` in favor of `values.pilot.cni` 9 | -------------------------------------------------------------------------------- /releasenotes/notes/endpoint-before-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 25112 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue when high pod churn rate can cause Istiod to get stuck. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/gateway-v1alpha2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** support for the `v1alpha2` version of the [gateway-api](https://gateway-api.org/). 7 | -------------------------------------------------------------------------------- /releasenotes/notes/gomaxprocs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Added** an automatically set `GOMEMLIMIT` and `GOMAXPROCS` to all deployments to improve performance. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/graudate-revision-tag-command.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: promotion 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Promoted** the `istioctl experimental revision tag` command group to `istioctl tag`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/ingressgateway-support-daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 37610 6 | releaseNotes: 7 | - | 8 | **Added** support install gateway helm chart as daemonset. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/istioctl-uninstall.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 24360 6 | releaseNotes: 7 | - | 8 | **Added** `istioctl x uninstall` command to uninstall Istio control plane. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/k8s-tls-secret-cacerts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 38528 6 | releaseNotes: 7 | - | 8 | **Added** the ability to read `kubernetes.io/tls` type cacerts secrets. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/nested-json-log.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | issue: 5 | - 28597 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue to allow nested JSON structure in `meshConfig.accessLogFormat`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/vs-overwrite-fix.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Fixed** an issue causing routes to be overwritten by other virtual services. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/wasm-decompress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: extensibility 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** Decompress or/and untar the wasm binary when it is pulled via HTTP/HTTPS. 8 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribution guidelines 2 | 3 | So you want to hack on Istio? Yay! Please refer to Istio's overall 4 | [contribution guidelines](https://github.com/istio/community/blob/master/CONTRIBUTING.md) 5 | to find out how you can help. 6 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/manifest-generate/input/multiple_iops.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | 5 | --- 6 | 7 | apiVersion: install.istio.io/v1alpha1 8 | kind: IstioOperator 9 | spec: 10 | -------------------------------------------------------------------------------- /releasenotes/notes/24471.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 24471 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `istioctl analyze` now warns if deprecated mixer resources are present 10 | -------------------------------------------------------------------------------- /releasenotes/notes/25737.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 25737 6 | releaseNotes: 7 | - | 8 | **Removed** `istioctl manifest apply`. The simpler `install` command replaces manifest apply. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/26486.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 26517 6 | releaseNotes: 7 | - | 8 | **Fixed** Remove unreachable endpoints for non-injected workloads across networks. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/27159.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 27159 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `io` as shortname for Istio Operator resources in addition to `iop`. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/27430.yaml: -------------------------------------------------------------------------------- 1 | piVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | 5 | releaseNotes: 6 | - | 7 | **Added** `--type` for `istioctl experimental create-remote-secret` to allow user specify type for the created secret 8 | -------------------------------------------------------------------------------- /releasenotes/notes/27490.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 27490 6 | 7 | releaseNotes: 8 | - | 9 | **Updated** `istioctl proxy-config log` to allow filtering logs based on label. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/30221.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 30221 6 | 7 | releaseNotes: 8 | - | 9 | **Fixed** installation issue in which `--readiness-timeout` flag is not honored. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/31403.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | - 31403 6 | 7 | releaseNotes: 8 | - | 9 | **Updated** istio-proxy drain notification strategy to immediate from gradual. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/34802.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** the pod alias `po` for users to use `istioctl x describe po`, which is consistent with `kubectl` command. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/35220.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 35220 6 | releaseNotes: 7 | - | 8 | **Fixed** the EnvoyExternalAuthorizationHttpProvider to match HTTP headers in a case-insensitive way. -------------------------------------------------------------------------------- /releasenotes/notes/37681.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | 5 | releaseNotes: 6 | - | 7 | **Added** support for using PrivateKeyProvider in SDS. See [#35809](https://github.com/istio/istio/issues/35809) 8 | -------------------------------------------------------------------------------- /releasenotes/notes/38678.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 38678 6 | releaseNotes: 7 | - | 8 | **Fixed** some ServiceEntry hostnames can cause non-deterministic Envoy routes. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/43765.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 43765 6 | releaseNotes: 7 | - | 8 | **Improved** the `istioctl pc secret` output to display the certificate serial number in HEX. -------------------------------------------------------------------------------- /releasenotes/notes/43771.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 43771 6 | releaseNotes: 7 | - | 8 | **Improved** the `downloadIstioCtl.sh` script to not change to the home directory at the end. -------------------------------------------------------------------------------- /releasenotes/notes/43821.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 43807 6 | releaseNotes: 7 | - | 8 | **Added** config type and endpoint configuration summaries to `istioctl proxy-config all` 9 | -------------------------------------------------------------------------------- /releasenotes/notes/44071.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 44062 6 | releaseNotes: 7 | - | 8 | **Added** istiod metrics to `bug-report`, and a few more debug points like `telemetryz`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/44293.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** directory support for `istioctl validate`. Now, the `-f` flag accepts both file paths and directory paths. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/44414.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | 5 | issue: 6 | - 44413 7 | 8 | releaseNotes: 9 | - | 10 | **Added** a "VHOST NAME" column to the output of `istioctl pc route` 11 | -------------------------------------------------------------------------------- /releasenotes/notes/45749.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** support for checking telemetry labels, which now includes Istio canonical labels and K8S recommended labels. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46072.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** output format option for `istioctl experimental pre-check` command. Valid options are `log`, `json` or `yaml`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/46846.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Added** the capability to attach RequestAuthentication to Kubernetes `Gateway` resources via the `targetRef` field. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/47539.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** support for deleting multiple waypoints at once via `istioctl x waypoint delete ...` 7 | -------------------------------------------------------------------------------- /releasenotes/notes/47997.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 30987 6 | releaseNotes: 7 | - | 8 | **Added** compression for the Envoy stats endpoint, support `brotli`, `gzip` and `zstd`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/48545.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue `Makefile.k8s.mk` `fetch-root-ca` if-condition not work and can not handle `cacerts` case. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48562.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where injection failed when the name of the pod or its custom owner exceeded 63 characters. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48603.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** completion for Kubernetes pods for some commands that can select pods, such as `istioctl proxy-status `. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/49602.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 44352 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where `--log_as_json` option doesn't work for Istio init container. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/49911.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | issue: 5 | - 49911 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue that TraceId is not propagated when using OpenTelemetry access logger. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/49965.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 49965 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue with massive Virtual IPs reshuffling when add/remove duplicated host -------------------------------------------------------------------------------- /releasenotes/notes/endpoints-false-negative.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 48373 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where new endpoints may not be sent to proxies. -------------------------------------------------------------------------------- /releasenotes/notes/fix-47270.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where the External Control Plane Analyzer may not work in some remote control plane setups. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/image-auto-analyzer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** a new analyzer to check for `image: auto` in Pods and Deployments that will not be injected. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/istioctl-pc-all.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issues: 5 | - 28191 6 | releaseNotes: 7 | - | 8 | **Added** the `istioctl proxy-config all` command to view the full proxy configuration. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/jwt-parsing.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | 5 | releaseNotes: 6 | - | 7 | **Updated** dependency in Envoy to properly parse JWTs with negative values for exp, nbf or iat fields. 8 | 9 | -------------------------------------------------------------------------------- /releasenotes/notes/probe-redirect.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 34238 6 | - 29468 7 | releaseNotes: 8 | - | 9 | **Fixed** application readiness probes to properly handle redirects. -------------------------------------------------------------------------------- /releasenotes/notes/scope-push-by-sidecar-changes.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | releaseNotes: 5 | - | 6 | **Improved** the full push scoping by adding `Sidecar` config to sidecarScopeKnownConfigTypes. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/service-instance-same-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue allowing ServiceEntries to act as instances in other namespaces. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/service-select-workload-entry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | - 23683 6 | releaseNotes: 7 | - | 8 | **Added** support for Kubernetes Services to select WorkloadEntries. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/skip-graceful-termination.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: [36686] 5 | releaseNotes: 6 | - | 7 | **Improved** Abort graceful termination logic if the Envoy process terminates early -------------------------------------------------------------------------------- /releasenotes/notes/tls-tcp-conflict.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue causing TLS `ServiceEntries` to sometimes not work when created after TCP ones. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/verify-install-multi-iops.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - 42964 6 | releaseNotes: 7 | - | 8 | **Fixed** `istioctl verify-install` fails when using multiple iops. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/wasm-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: extensibility 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** support for WasmPlugin pulling image from private repo with `imagePullSecret`. 8 | -------------------------------------------------------------------------------- /manifests/helm-profiles/stable.yaml: -------------------------------------------------------------------------------- 1 | # The stable profile deploys admission control to ensure that only stable resources and fields are used 2 | # THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE 3 | experimental: 4 | stableValidationPolicy: true 5 | -------------------------------------------------------------------------------- /pkg/config/analysis/analyzers/testdata/telemetry-lightstep-meshconfig.yaml: -------------------------------------------------------------------------------- 1 | extensionProviders: 2 | - name: lightstep 3 | lightstep: 4 | service: lightstep.monitoring.svc.cluster.local 5 | port: 443 6 | accessToken: "fake-token" 7 | -------------------------------------------------------------------------------- /releasenotes/notes/27990.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 27990 6 | releaseNotes: 7 | - | 8 | **Added** add a validation warning when protocol is unset and address is also unset. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/30181.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 30181 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug when baseEjectionTime is greater than 300s, envoy will send a NACK to cds . 9 | -------------------------------------------------------------------------------- /releasenotes/notes/30885.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 30885 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue causing the timeout header `x-envoy-upstream-rq-timeout-ms` was not honoured. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/31336.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug 3 | area: networking 4 | issue: 5 | - 31336 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug causing runaway logs in `istiod` after disabling the default ingress controller. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/33536.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 33536 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug where Istio config gen fails when sum of endpoint weights over uint32 max. -------------------------------------------------------------------------------- /releasenotes/notes/34211.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 34211 6 | 7 | releaseNotes: 8 | - | 9 | **Added** privileged flag to Istio-CNI Helm charts to set `securityContext` flag. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/35723.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | issue: 5 | - 35663 6 | releaseNotes: 7 | - | 8 | **Improved** Istiod JWTRule: Failed JWKS requests are now logged with truncation to 100 characters 9 | -------------------------------------------------------------------------------- /releasenotes/notes/39190.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | releaseNotes: 6 | - | 7 | **Improved** populate `--log_output_level` and `--log_as_json` to `istio-init` container as they are in `istio-proxy` 8 | -------------------------------------------------------------------------------- /releasenotes/notes/39201.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 39201 6 | releaseNotes: 7 | - | 8 | **Fixed** WorkloadEntry.Annotations is nil and then lead to abnormal exit of pilot. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/40561.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Fixed** disable `PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING` temporarily to fix some memory/CPU cost issues. -------------------------------------------------------------------------------- /releasenotes/notes/42212.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 42212 6 | 7 | releaseNotes: 8 | - | 9 | **Fixed** ServiceEntries with other revision labels were being processed. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/42381.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - https://github.com/istio/istio/pull/42381 6 | releaseNotes: 7 | - | 8 | **Added** excludeInterfaces support to cni plugin. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/42518.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | 5 | issue: 6 | - 31809 7 | 8 | releaseNotes: 9 | - | 10 | **Fixed** an issue where you could not disable tracing in `ProxyConfig` 11 | -------------------------------------------------------------------------------- /releasenotes/notes/42778.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | 5 | issue: 6 | - 42749 7 | 8 | releaseNotes: 9 | - | 10 | **Fixed** admission webhook fails with custom header value format. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/44345.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where webhook configuration was being modified in dry-run mode when installing Istio with istioctl. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/44506.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - 40861 6 | releaseNotes: 7 | - | 8 | **Fixed** `istioctl analyze` no longer expects pods and runtime resources when analyzing files. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/44777.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 41271 6 | releaseNotes: 7 | - | 8 | **Added** support for traffic.sidecar.istio.io/excludeInterfaces annotation in proxy. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/44986.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 44986 6 | releaseNotes: 7 | - | 8 | **Fixed** cpu usage abnormally high when cert specified by DestinationRule are invalid. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/45866.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 45866 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where the hostname package is not listed as a dependency for the VM packages. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/47302.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 47227 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where the Wasmplugin resource was not correctly applied to the waypoint. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/47818.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** a flag `--all` to `istioctl experimental waypoint delete` to delete all Waypoint resources in a given namespace. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/47961.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 47960 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where uninstalling Istio didn't prune all the resources created by custom files. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/837475-caBundle.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 33052 6 | releaseNotes: 7 | - | 8 | **Fixed** Removing caBundle default value from Chart to allow a GitOps approach 9 | -------------------------------------------------------------------------------- /releasenotes/notes/add-pod-securitycontext.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 26275 6 | releaseNotes: 7 | - | 8 | **Added** support for securityContext in the k8s settings for the operator API. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/bds-removal.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Removed** using BOOTSTRAP_XDS_AGENT experimental feature to apply BOOTSTRAP EnvoyFilter patches at the startup. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/cni-promote.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - https://github.com/istio/enhancements/issues/86 6 | 7 | releaseNotes: 8 | - | 9 | **Promoted** CNI to beta. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/dns-round-robin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: [31064] 5 | releaseNotes: 6 | - | 7 | **Fixed** an issue with DNS proxying causing StatefulSets addresses to not be load balanced. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/https-on-http.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issues: 5 | - 26079 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue resulting in failure when sending external HTTPS traffic on an HTTP port. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/reliable-wasm-remote-load.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: extensibility 4 | issue: 5 | - 29989 6 | 7 | releaseNotes: 8 | - | 9 | **Added** Reliable Wasm module remote load with istio-agent. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-experimental-multicluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 29153 6 | 7 | releaseNotes: 8 | - | 9 | **Removed** istioctl experimental multicluster command 10 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-register-deregister-cmd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 29153 6 | 7 | releaseNotes: 8 | - | 9 | **Removed** istioctl register and deregister commands 10 | -------------------------------------------------------------------------------- /releasenotes/notes/set-tcp-idle-timeout-in-http-clusters.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: [] 5 | releaseNotes: 6 | - | 7 | **Added** support for setting TCP idle timeout for HTTP services. 8 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/profile-dump/input/all_off.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: default 5 | components: 6 | pilot: 7 | enabled: false 8 | cni: 9 | enabled: false 10 | -------------------------------------------------------------------------------- /releasenotes/notes/27293.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 27293 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug that locality load balancer settings were applied inbound clusters unnecessarily. -------------------------------------------------------------------------------- /releasenotes/notes/31168.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 31166 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where filter chain name is ignored when processing EnvoyFilter match. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/31522.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 31522 6 | releaseNotes: 7 | - | 8 | **Added** support to istiod to notice cacerts file changes via the `AUTO_RELOAD_PLUGIN_CERTS` env var. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/34129.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 34129 6 | releaseNotes: 7 | - | 8 | **Fixed** Gateway API xRoute does not forward the traffic to that backend when weight `0`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/35333.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** support for `trafficPolicy.loadBalancer.consistentHash` in `DestinationRule` for proxyless gRPC clients. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/35509.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Updated** `istioctl x create-remote-secret` and `istioctl x remote-clusters` to the top level command, out of 7 | experimental. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/40729.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | 5 | issue: 6 | - 39903 7 | 8 | releaseNotes: 9 | - | 10 | **Fixed** an issue to allow multiple regular expressions with the same tag name. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/40997.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where Remote JWKS URI's without a host port fail to parse into their host and port components. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/41548.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 41547 6 | releaseNotes: 7 | - | 8 | **Added** `--purge` flag to `istioctl operator remove` which will remove all revisions of Istio operator. -------------------------------------------------------------------------------- /releasenotes/notes/42184.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 42184 6 | 7 | releaseNotes: 8 | - | 9 | **Fixed** ServiceEntries using DNS_ROUND_ROBIN being able to specify 0 endpoints. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/42365.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | 5 | releaseNotes: 6 | - | 7 | **Added** `istioctl proxy-config ecds` to support retrieving typed extension configuration from Envoy for a specified pod. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/43483.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - 36860 6 | releaseNotes: 7 | - | 8 | **Fixed** `istioctl x precheck` displays unwanted IST0136 messages which are set by Istio as default. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/44712.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | 5 | issue: 6 | - 44712 7 | 8 | releaseNotes: 9 | - | 10 | **Added** health checks for those VMs that are not using auto-registration. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/46465.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** Do not include empty IP strings in VIPs (fixes crash when LoadBalancer.Ingress.IP is unset/not present) 7 | -------------------------------------------------------------------------------- /releasenotes/notes/47340.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 47340 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where the local client contained incorrect entries in the local DNS name table -------------------------------------------------------------------------------- /releasenotes/notes/47877.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where the default namespace of envoy and proxy dashboard command was not set to the actual default namespace. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48334.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 48336 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where the QUIC listeners were not correctly created when dual-stack is enabled 9 | -------------------------------------------------------------------------------- /releasenotes/notes/49713.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where the `istioctl experimental proxy-status ` compare command was not working due to unknown configs. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/access-log-service-crash.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | issue: 5 | - 30939 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where access log service causes Istio proxy to reject configuration. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/auto-san-validation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where auto-san-validation was enabled even when sni was explicitly set in the DestinationRule. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/delete-archs-helm-templates.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Removed** archs from istio-ingress/egress helm value templates and conditionally populate `nodeAffinity`. -------------------------------------------------------------------------------- /releasenotes/notes/dr-sds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | - 22019 6 | releaseNotes: 7 | - | 8 | **Improve** certificates referenced in DestinationRules to reload without a restart. 9 | 10 | 11 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-default-request-timeout.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `ISTIO_DEFAULT_REQUEST_TIMEOUT` feature flag. Please use timeout in VirtualService API. -------------------------------------------------------------------------------- /releasenotes/notes/fake_jwks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Fixed** a bug where the n dynamically generated by jwks was not base64 encoded, causing envoy to fail to parse it correctly. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/gateway-quic-support.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** support for creating mirrored QUIC listeners for non-passthrough HTTPS listeners at gateways 7 | -------------------------------------------------------------------------------- /releasenotes/notes/istioctl-proxy-config-stats.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | 5 | releaseNotes: 6 | - | 7 | **Added** stats command `istioctl experimental envoy-stats` for retrieving istio-proxy envoy metrics. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/opencensusagent.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | 5 | releaseNotes: 6 | - | 7 | **Added** added support for OpenCensusAgent formatted trace export with configurable trace context headers. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/optimize-most-specific-host-match.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Optimized** MostSpecificHostMatch to prevent fullscanning hosts when encountering wildcards. -------------------------------------------------------------------------------- /releasenotes/notes/remove-post-install-webhook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 29153 6 | 7 | releaseNotes: 8 | - | 9 | **Removed** istioctl experimental post-install webhook command 10 | -------------------------------------------------------------------------------- /releasenotes/notes/secret-watch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | issue: 5 | - 35231 6 | 7 | releaseNotes: 8 | - | 9 | **Improved** performance of TLS certificate Secret watches to reduce memory usage. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/spiffe-bundle-multiple-certs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | issue: 5 | - 44831 6 | releaseNotes: 7 | - | 8 | **Fixed** handling of remote SPIFFE trust bundles containing multiple certs. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/standard-alpn.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 24619 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue causing only internal ALPN values to be set during external TLS origination. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/strict_1xx_204_fix.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue causing proxies to send `Transfer-Encoding` headers with `1xx` and `204` responses. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/validation-mixer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | isses: 5 | - 29093 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug causing Istio to attempt to validate resource types it no longer supports. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/xds-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | - 19885 6 | releaseNotes: 7 | - | 8 | **Updated** the XDS api to serve XDS v3 by default. v2 is still available for legacy sidecar connections. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/ztunnel-chart-termgrace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: [] 5 | 6 | releaseNotes: 7 | - | 8 | **Added** Allow setting terminationGracePeriodSeconds for ztunnel pod via Helm chart. 9 | -------------------------------------------------------------------------------- /samples/open-telemetry/loki/telemetry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: telemetry.istio.io/v1alpha1 2 | kind: Telemetry 3 | metadata: 4 | name: mesh-logging 5 | namespace: istio-system 6 | spec: 7 | accessLogging: 8 | - providers: 9 | - name: otel 10 | -------------------------------------------------------------------------------- /tests/integration/pilot/testdata/some-dir/nested-dir/bad-annotation-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: some-service 5 | annotations: 6 | # This annotation doesn't exist! 7 | foobar.istio.io/dontExist: "nothing-here" -------------------------------------------------------------------------------- /tests/util/kubeconfig: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | clusters: 3 | - cluster: 4 | server: http://localhost:8080 5 | name: istio 6 | contexts: 7 | - context: 8 | cluster: istio 9 | user: "" 10 | name: istio 11 | current-context: istio 12 | kind: Config -------------------------------------------------------------------------------- /manifests/charts/base/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Istio base successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} 5 | $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} 6 | -------------------------------------------------------------------------------- /manifests/charts/ztunnel/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | ztunnel successfully installed! 2 | 3 | To learn more about the release, try: 4 | $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} 5 | $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} 6 | -------------------------------------------------------------------------------- /operator/cmd/mesh/testdata/profile-dump/input/config_path.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | profile: default 5 | components: 6 | pilot: 7 | enabled: false 8 | cni: 9 | enabled: false 10 | -------------------------------------------------------------------------------- /pilot/pkg/security/authz/builder/testdata/http/audit-full-rule-in.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: AuthorizationPolicy 3 | metadata: 4 | name: audit-all 5 | namespace: foo 6 | spec: 7 | action: AUDIT 8 | rules: 9 | - {} 10 | -------------------------------------------------------------------------------- /pkg/test/datasets/validation/dataset/networking-v1alpha3-EnvoyFilter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: EnvoyFilter 3 | metadata: 4 | name: simple-envoy-filter 5 | spec: 6 | workloadSelector: 7 | labels: 8 | app: c 9 | 10 | -------------------------------------------------------------------------------- /releasenotes/notes/31517.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 31517 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue that creates an IOP under `istio-system` when installing Istio in another namespace. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/33387.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 33387 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug where wildcard hosts are incorrectly added when sidecar specifies specific host only. -------------------------------------------------------------------------------- /releasenotes/notes/37091.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - https://github.com/istio/istio/issues/37084 6 | releaseNotes: 7 | - | 8 | **Fixed** unexpected warning logs for `istioctl install --dry-run`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/39430.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 39430 6 | releaseNotes: 7 | - | 8 | **Fixed** a bug where specifying warmupDuration without Lb policy is not configuring warmup duration. -------------------------------------------------------------------------------- /releasenotes/notes/40032.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 40027 6 | 7 | releaseNotes: 8 | - | 9 | **Added** support for use of the OpenTelemetry tracing provider with the Telemetry API. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/42818.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 42818 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where the network endpoints are incorrectly computed when network gateway changes. -------------------------------------------------------------------------------- /releasenotes/notes/43436.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 43435 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where `EnvoyFilter` for `Cluster.ConnectTimeout` was affecting unrelated `Clusters`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/43858.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | 5 | issue: 6 | - 43858 7 | 8 | releaseNotes: 9 | - | 10 | **Fixed** an issue where auto allocated service entry IPs change on host reuse 11 | -------------------------------------------------------------------------------- /releasenotes/notes/44355.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 44228 6 | releaseNotes: 7 | - | 8 | **Improved** JWT claim based routing, now support using `[]` as a separator for nested claim names. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/45216.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | 5 | issue: 6 | - 45089 7 | 8 | releaseNotes: 9 | - | 10 | **Fixed** EnvoyFilter run delete at last, It is not follow priority concept 11 | -------------------------------------------------------------------------------- /releasenotes/notes/45549.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | issue: 5 | - 45546 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where jwk issuer was not resolved correctly when having a trailing slash in the issuer URL. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/45800.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 45798 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where Istiod might crash when a cluster is deleted if the xDS cache is disabled. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/46625.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 46625 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where the istio-cni plugin was not writing ipv6 ip tables rules for dual stack clusters. -------------------------------------------------------------------------------- /releasenotes/notes/47148.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 47148 6 | releaseNotes: 7 | - | 8 | **Fixed** An issue where multiple header matches in root virtual service generates incorrect routes. -------------------------------------------------------------------------------- /releasenotes/notes/47444.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 47444 6 | releaseNotes: 7 | - | 8 | **Added** Support alternate network namespace paths (for e.g. minikube) via `values.cni.cniNetnsDir` 9 | -------------------------------------------------------------------------------- /releasenotes/notes/47617.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where sometimes `uninstall` was performed without confirmation when istiod was not available to be connected. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48253.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 48212 6 | releaseNotes: 7 | - | 8 | **Upgraded** Ambient traffic capture and redirection compatibility by switching to an in-pod mechanism. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/48544.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue that `convertToEnvoyFilterWrapper` still returns the invalid patch and may cause NPE when apply it. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/48684.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 48665 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where in-cluster analysis was unnecessarily performed when there's no config change. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/auto-mtls-headless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 24319 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where headless services without sidecars were incorrectly sent mTLS rtaffic 9 | -------------------------------------------------------------------------------- /releasenotes/notes/desc-to-admin-log-scope.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** description to `admin log` 7 | - | 8 | **Improved** output format of the active logging levels. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-healthcheck-host-override.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 45632 6 | 7 | releaseNotes: 8 | - | 9 | **Fixed** Regression in HTTPGet healthcheck probe translation. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-nodeport-meshnetwork.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue preventing NodePort services from being used as the `registryServiceName` in `meshNetworks`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/gateway-404-nr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | - 27471 6 | 7 | releaseNotes: 8 | - | 9 | **Added** the proper `NR` access log flag when no routes are present on a gateway. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/gateway-status.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | 5 | releaseNotes: 6 | - | 7 | **Removed** deprecated and unsupported status conditions `Ready`, `Scheduled`, and `Detached` from Gateway API. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/header-present.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 47341 6 | releaseNotes: 7 | - | 8 | **Fixed** VirtualService http header present match does not work with `header-name: {}` set. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/istioctl-analyze-revision.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 38148 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `--revision` to `istioctl analyze` to specify a specific revision. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/istioctl-pc-routes-print-path-separated-prefix.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** `path_separated_prefix` to the MATCH column in the output of `pc routes` command. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/lrs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issues: 5 | releaseNotes: 6 | - | 7 | **Added** Provide an option to configure the Envoy to report load stats to the LRS (LoadReportingService) server via LRS. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/prom-cert-permission.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | issue: 5 | - 29919 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where certificate provisioned by sidecar proxy cannot be used by Prometheus. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/redirect-dns-iptables.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | - 29908 6 | 7 | releaseNotes: 8 | - | 9 | **Added** flag to enable capture of dns traffic to the istio-iptables script. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/service-ordering.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Improved** service conflict resolution to favor Kubernetes Services over ServiceEntries with the same hostname. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/tls-configuration-api.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - https://github.com/istio/api/issues/2285 6 | releaseNotes: 7 | - | 8 | **Added** support for TLS configuration API for workloads. -------------------------------------------------------------------------------- /releasenotes/notes/tls-inbound-all-protocols.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Fixed** an issue where the TLSv2 version was enforced only on HTTP ports. This option is now applied to all ports. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/vm-cleanup-iptables.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 29556 6 | releaseNotes: 7 | - | 8 | **Improved** virtual machine integration to cleanup `iptables` rules when the service is stopped. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/xds-push-deadlock.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: [39209] 5 | releaseNotes: 6 | - | 7 | **Fixed** any issue that can cause xDS configuration updates to be blocked during high traffic. 8 | -------------------------------------------------------------------------------- /samples/open-telemetry/tracing/telemetry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: telemetry.istio.io/v1alpha1 2 | kind: Telemetry 3 | metadata: 4 | name: otel-demo 5 | spec: 6 | tracing: 7 | - providers: 8 | - name: otel-tracing 9 | randomSamplingPercentage: 0 10 | -------------------------------------------------------------------------------- /cni/pkg/iptables/testdata/hostprobe.golden: -------------------------------------------------------------------------------- 1 | iptables -t nat -N ISTIO_POSTRT 2 | iptables -t nat -A POSTROUTING -j ISTIO_POSTRT 3 | iptables -t nat -A ISTIO_POSTRT -m owner --socket-exists -p tcp -m set --match-set istio-inpod-probes dst -j SNAT --to-source 169.254.7.127 4 | -------------------------------------------------------------------------------- /manifests/helm-profiles/warning-edit.txt: -------------------------------------------------------------------------------- 1 | # WARNING: DO NOT EDIT, THIS FILE IS A COPY. 2 | # The original version of this file is located at /manifests/helm-profiles directory. 3 | # If you want to make a change in this file, edit the original one and run "make gen". 4 | -------------------------------------------------------------------------------- /operator/pkg/object/testdata/well-formed-with-space.yaml: -------------------------------------------------------------------------------- 1 | # there are some spaces at the end 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: myconfigmap 6 | namespace: default 7 | data: 8 | mydata: "First line of data\nSecond line of data " 9 | -------------------------------------------------------------------------------- /pkg/config/analysis/analyzers/testdata/gateway-no-workload.yaml: -------------------------------------------------------------------------------- 1 | # Gateway with bad selector 2 | # 3 | apiVersion: networking.istio.io/v1alpha3 4 | kind: Gateway 5 | metadata: 6 | name: httpbin-gateway 7 | spec: 8 | selector: 9 | istio: ingresstypo 10 | -------------------------------------------------------------------------------- /pkg/kube/inject/testdata/inputs/default.mesh.gen.yaml: -------------------------------------------------------------------------------- 1 | defaultConfig: 2 | discoveryAddress: istiod.istio-system.svc:15012 3 | defaultProviders: 4 | metrics: 5 | - prometheus 6 | enablePrometheusMerge: true 7 | rootNamespace: istio-system 8 | trustDomain: cluster.local -------------------------------------------------------------------------------- /releasenotes/notes/28346.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 28346 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `enableIstioConfigCRDs` to `base` to allow user specify whether the istio crds will be installed. -------------------------------------------------------------------------------- /releasenotes/notes/29270.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 29270 6 | 7 | releaseNotes: 8 | - | 9 | **Updated** `istioctl kube-inject` will call webhook server to get the injection template by default. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/29376.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 29336 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `istioctl verify-install` will indicate errors in red and expected configuration in green. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/30079.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - 30079 6 | 7 | releaseNotes: 8 | - | 9 | **Fixed** a bug where the env k8s setings are overrided by the env settings in the helm values. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/30261.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 30261 6 | releaseNotes: 7 | - | 8 | **Added** `istiod` JWT public key refresh job will now retry the failed fetch of the `jwks_uri` with exponential backoff. -------------------------------------------------------------------------------- /releasenotes/notes/35293.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 35172 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue when creating a Service and Gateway at the same time, causing the Service to be ignored. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/36634.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - https://github.com/istio/istio/issues/36472 6 | releaseNotes: 7 | - | 8 | **Added** `--operatorFileName` flag to `kube-inject` to support iop files. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/39188.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 39188 6 | releaseNotes: 7 | - | 8 | **Fixed** building router's routes orders, a catch all route does not short circuit other routes behind. -------------------------------------------------------------------------------- /releasenotes/notes/40085.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - https://github.com/istio/istio/issues/39982 6 | releaseNotes: 7 | - | 8 | **Added** support for parsing list type of files in `istioctl analyze`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/40198.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 40198 6 | releaseNotes: 7 | - | 8 | **Fixed** LocalityLoadBalancerSetting.failoverPriority not working properly if xds cache is enabled. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/40797.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | 5 | issue: 6 | - 40796 7 | 8 | releaseNotes: 9 | - | 10 | **Fixed** an issue where user can not delete iop resource with revision if istiod is not running. -------------------------------------------------------------------------------- /releasenotes/notes/41245.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 41244 6 | releaseNotes: 7 | - | 8 | **Added** `--skip-confirmation` flag to `istioctl operator remove` to add confirmation mechanism for operator remove. -------------------------------------------------------------------------------- /releasenotes/notes/43652.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Fixed** a bug in `istioctl analyze` where some messages are missed when there are services with no selector in the analyzed namespace. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/44151.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 44151 6 | releaseNotes: 7 | - | 8 | **Fixed** The `dns_upstream_failures_total` metric was mistakenly deleted in the previous release. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/44605.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Added** metric expiry support, when env flags `METRIC_ROTATION_INTERVAL` and 7 | `METRIC_GRACEFUL_DELETION_INTERVAL` are enabled. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/45150.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 45150 6 | releaseNotes: 7 | - | 8 | **Added** `WorkloadEntry` resources on different networks do not require an address to be specified. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/46711.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | 5 | issue: 6 | - 46653 7 | 8 | releaseNotes: 9 | - | 10 | **Fixed** `meshConfig.defaultConfig.sampling` is ignored when there's only default providers. -------------------------------------------------------------------------------- /releasenotes/notes/47045.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | issue: 5 | - 46652 6 | releaseNotes: 7 | - | 8 | **Added** support for auto-detecting the pilot's monitoring port if it is not set to the default value of `15014`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/48224.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 48224 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where memory leak caused when the remote cluster is deleted or kubeConfig is rotated. -------------------------------------------------------------------------------- /releasenotes/notes/49049.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: istioctl 4 | releaseNotes: 5 | - | 6 | **Added** namespace filtering to `istioctl pc workload` using the `--workloads-namespace` flag, to display workloads in a specific namespace. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/49379.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: istioctl 4 | issue: 5 | - 49379 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where `istioctl precheck` inaccurately reports the IST0141 message related to resource permissions. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/50157.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 49340 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where pilot CPU consumption was abnormally high when the in-cluster analysis was enabled. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/cni-refactor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Removed** the `CNI_ENABLE_INSTALL`, `CNI_ENABLE_REINSTALL`, `SKIP_CNI_BINARIES`, and `UPDATE_CNI_BINARIES` feature flags. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/dynatrace-sampler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 50001 6 | releaseNotes: 7 | - | 8 | **Enabled** configuring Dynatrace Sampler for the `OpenTelemetryTracingProvider` in `MeshConfig`. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/external-istiod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - https://github.com/istio/enhancements/issues/11 6 | 7 | releaseNotes: 8 | - | 9 | **Promoted** external control plane to alpha. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/injection-perf.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Improved** performance of sidecar injection, in particular with pods with a large number of environment variables. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/multicluster-leader-election.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 47901 6 | releaseNotes: 7 | - | 8 | **Fixed** multi-cluster leader election cannot prioritize local over remote leader. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/proxyconfig-global-mutate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: installation 4 | issue: 5 | - 40445 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue where `ProxyConfig` overrides could unexpectedly apply to other workloads. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/rds-cache-allow-any.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | issue: 5 | - 39794 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue causing `outboundTrafficPolicy` changes in `Sidecar` to not always take effect. -------------------------------------------------------------------------------- /releasenotes/notes/tls-fc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 29538 6 | releaseNotes: 7 | - | 8 | **Fixed** an issue causing client side application TLS requests sent to a PERMISSIVE mode enabled server to fail. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/tls-redirect.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: networking 4 | issue: 5 | - 27315 6 | - 27157 7 | releaseNotes: 8 | - | 9 | **Fixed** issues resulting in missing routes when using `httpsRedirect` in a `Gateway`. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/zipkin-datadog-host-ip-interpretation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: telemetry 4 | issue: 5 | - 27911 6 | releaseNotes: 7 | - | 8 | **Fixed** interpretation of $(HOST_IP) in Zipkin and Datadog tracer address. 9 | -------------------------------------------------------------------------------- /tests/integration/pilot/testdata/destinationrule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: reviews 5 | spec: 6 | host: reviews 7 | subsets: 8 | - labels: 9 | version: v1 10 | name: v1 11 | --------------------------------------------------------------------------------