├── .devcontainer
└── devcontainer.json
├── .gitattributes
├── .github
├── ISSUE_TEMPLATE
│ ├── bug_report.yml
│ ├── config.yml
│ └── feature_request.md
├── SECURITY.md
├── dependabot.yml
└── pull_request_template.md
├── .gitignore
├── BUGS-AND-FEATURE-REQUESTS.md
├── CODEOWNERS
├── CONTRIBUTING.md
├── LICENSE
├── Makefile
├── Makefile.core.mk
├── Makefile.overrides.mk
├── README.md
├── RELEASE_BRANCHES.md
├── SUPPORT.md
├── VERSION
├── architecture
├── ambient
│ ├── peer-authentication.md
│ ├── ztunnel-cni-lifecycle.md
│ └── ztunnel.md
├── environments
│ └── operator.md
├── networking
│ ├── controllers.md
│ └── pilot.md
├── security
│ ├── docs
│ │ ├── ca.dot
│ │ ├── ca.svg
│ │ ├── overview.dot
│ │ ├── overview.svg
│ │ └── sds-flow.svg
│ └── istio-agent.md
└── tests
│ └── integration.md
├── bin
├── .spelling_failures
├── build_ztunnel.sh
├── check_samples.sh
├── diff_yaml.py
├── init.sh
├── retry.sh
├── update_crds.sh
├── update_deps.sh
├── update_proxy.sh
└── update_ztunnel.sh
├── cni
├── README.md
├── cmd
│ ├── install-cni
│ │ └── main.go
│ └── istio-cni
│ │ └── main.go
├── deployments
│ └── kubernetes
│ │ └── Dockerfile.install-cni
├── pkg
│ ├── cmd
│ │ └── root.go
│ ├── config
│ │ └── config.go
│ ├── constants
│ │ └── constants.go
│ ├── install
│ │ ├── binaries.go
│ │ ├── binaries_test.go
│ │ ├── cniconfig.go
│ │ ├── cniconfig_test.go
│ │ ├── install.go
│ │ ├── install_test.go
│ │ ├── kubeconfig.go
│ │ ├── kubeconfig_test.go
│ │ ├── monitoring.go
│ │ └── testdata
│ │ │ ├── bridge.conf
│ │ │ ├── bridge.conf.golden
│ │ │ ├── invalid-arr.conflist
│ │ │ ├── invalid-map.conflist
│ │ │ ├── istio-cni-prefixed.conf
│ │ │ ├── istio-cni.conf
│ │ │ ├── istio-cni.conf.template
│ │ │ ├── istio-owned-bridge.conflist.golden
│ │ │ ├── istio-owned.conflist.golden
│ │ │ ├── kube-ca.crt
│ │ │ ├── kubeconfig-newhost
│ │ │ ├── kubeconfig-skip-tls
│ │ │ ├── kubeconfig-tls
│ │ │ ├── list-no-istio.conflist
│ │ │ ├── list-with-istio.conflist
│ │ │ ├── list-with-istio.conflist.golden
│ │ │ ├── list.conflist
│ │ │ ├── list.conflist.golden
│ │ │ ├── token-bar
│ │ │ └── token-foo
│ ├── ipset
│ │ ├── ipset.go
│ │ ├── nldeps_linux.go
│ │ ├── nldeps_mock.go
│ │ └── nldeps_unspecified.go
│ ├── iptables
│ │ ├── common_test.go
│ │ ├── iptables.go
│ │ ├── iptables_e2e_linux_test.go
│ │ ├── iptables_linux.go
│ │ ├── iptables_test.go
│ │ ├── iptables_unspecified.go
│ │ ├── nldeps.go
│ │ └── testdata
│ │ │ ├── default.golden
│ │ │ ├── default_ipv6.golden
│ │ │ ├── dns_pod_disabled_and_on_globally.golden
│ │ │ ├── dns_pod_disabled_and_on_globally_ipv6.golden
│ │ │ ├── dns_pod_enabled_and_off_globally.golden
│ │ │ ├── dns_pod_enabled_and_off_globally_ipv6.golden
│ │ │ ├── hostprobe.golden
│ │ │ ├── hostprobe_ipv6.golden
│ │ │ ├── ingress.golden
│ │ │ ├── ingress_and_virtual_interfaces.golden
│ │ │ ├── ingress_and_virtual_interfaces_ipv6.golden
│ │ │ ├── ingress_ipv6.golden
│ │ │ ├── virtual_interfaces.golden
│ │ │ └── virtual_interfaces_ipv6.golden
│ ├── log
│ │ ├── uds.go
│ │ └── uds_test.go
│ ├── monitoring
│ │ └── monitoring.go
│ ├── nodeagent
│ │ ├── cni-watcher.go
│ │ ├── cni-watcher_test.go
│ │ ├── error.go
│ │ ├── fakes_test.go
│ │ ├── healthServer.go
│ │ ├── healthServer_test.go
│ │ ├── helpers_test.go
│ │ ├── informers.go
│ │ ├── informers_test.go
│ │ ├── meshdataplane_linux.go
│ │ ├── net.go
│ │ ├── net_linux.go
│ │ ├── net_test.go
│ │ ├── netns.go
│ │ ├── netns_linux.go
│ │ ├── netns_linux_test.go
│ │ ├── netns_other.go
│ │ ├── options.go
│ │ ├── pod_cache.go
│ │ ├── pod_cache_linux_test.go
│ │ ├── podcgroupns.go
│ │ ├── podcgroupns_linux.go
│ │ ├── podcgroupns_linux_test.go
│ │ ├── podcgroupns_unspecified.go
│ │ ├── server.go
│ │ ├── server_linux.go
│ │ ├── server_linux_test.go
│ │ ├── server_unspecified.go
│ │ ├── server_unspecified_test.go
│ │ ├── testdata
│ │ │ ├── cgroupns
│ │ │ │ ├── 1
│ │ │ │ │ ├── cgroup
│ │ │ │ │ ├── ns
│ │ │ │ │ │ └── net
│ │ │ │ │ └── stat
│ │ │ │ └── 2
│ │ │ │ │ ├── cgroup
│ │ │ │ │ ├── ns
│ │ │ │ │ └── net
│ │ │ │ │ └── stat
│ │ │ └── localhost.yaml
│ │ ├── ztunnelserver.go
│ │ ├── ztunnelserver_linux.go
│ │ ├── ztunnelserver_linux_test.go
│ │ ├── ztunnelserver_mocks.go
│ │ └── ztunnelserver_unspecified.go
│ ├── plugin
│ │ ├── cnieventclient.go
│ │ ├── cnieventclient_test.go
│ │ ├── kubernetes.go
│ │ ├── plugin.go
│ │ ├── plugin_cni_conformance.go
│ │ ├── plugin_dryrun_test.go
│ │ ├── plugin_test.go
│ │ ├── sidecar_intercept_rule_mgr.go
│ │ ├── sidecar_iptables.go
│ │ ├── sidecar_iptables_linux.go
│ │ ├── sidecar_iptables_unspecified.go
│ │ ├── sidecar_redirect.go
│ │ └── testdata
│ │ │ ├── basic.txt.golden
│ │ │ ├── custom-uid-tproxy.txt.golden
│ │ │ ├── custom-uid.txt.golden
│ │ │ ├── dns.txt.golden
│ │ │ ├── include-exclude-ip.txt.golden
│ │ │ ├── include-exclude-ports.txt.golden
│ │ │ ├── invalid-drop.txt.golden
│ │ │ ├── status-ports.txt.golden
│ │ │ └── tproxy.txt.golden
│ ├── pluginlistener
│ │ ├── listener.go
│ │ └── listener_test.go
│ ├── repair
│ │ ├── monitoring.go
│ │ ├── netns_linux.go
│ │ ├── netns_unspecified.go
│ │ ├── repair.go
│ │ ├── repair_test.go
│ │ ├── repair_test_helpers.go
│ │ ├── repaircontroller.go
│ │ ├── repaircontroller_linux.go
│ │ └── repaircontroller_unspecified.go
│ ├── scopes
│ │ └── scopes.go
│ └── util
│ │ ├── enablement_selector.go
│ │ ├── netnsutil_linux.go
│ │ ├── netnsutil_unspecified.go
│ │ ├── pluginutil.go
│ │ ├── podutil.go
│ │ └── podutil_test.go
└── test
│ ├── install_cni.go
│ ├── install_k8s_test.go
│ └── testdata
│ ├── bindir
│ ├── istio-cni
│ └── istio-iptables
│ ├── env_vars.sh
│ ├── expected
│ ├── 10-calico.conflist-istioconfig
│ ├── YYY-istio-cni.conf
│ ├── ZZZ-istio-cni-kubeconfig.expected
│ ├── minikube_cni.conflist.clean
│ └── minikube_cni.conflist.expected
│ ├── k8s_svcacct
│ ├── ca.crt
│ ├── namespace
│ └── token
│ └── pre
│ ├── bad_minikube_cni.conf
│ ├── calico.conflist
│ ├── minikube_cni.conf
│ ├── non_json.conf
│ ├── noname_calico.conflist
│ ├── noplugins_calico.conflist
│ └── nover_calico.conflist
├── common-protos
└── k8s.io
│ ├── api
│ ├── admission
│ │ ├── v1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── admissionregistration
│ │ ├── v1
│ │ │ └── generated.proto
│ │ ├── v1alpha1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── apidiscovery
│ │ └── v2beta1
│ │ │ └── generated.proto
│ ├── apiserverinternal
│ │ └── v1alpha1
│ │ │ └── generated.proto
│ ├── apps
│ │ ├── v1
│ │ │ └── generated.proto
│ │ ├── v1beta1
│ │ │ └── generated.proto
│ │ └── v1beta2
│ │ │ └── generated.proto
│ ├── authentication
│ │ ├── v1
│ │ │ └── generated.proto
│ │ ├── v1alpha1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── authorization
│ │ ├── v1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── autoscaling
│ │ ├── v1
│ │ │ └── generated.proto
│ │ ├── v2
│ │ │ └── generated.proto
│ │ ├── v2beta1
│ │ │ └── generated.proto
│ │ └── v2beta2
│ │ │ └── generated.proto
│ ├── batch
│ │ ├── v1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── certificates
│ │ ├── v1
│ │ │ └── generated.proto
│ │ ├── v1alpha1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── coordination
│ │ ├── v1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── core
│ │ └── v1
│ │ │ └── generated.proto
│ ├── discovery
│ │ ├── v1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── events
│ │ ├── v1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── extensions
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── flowcontrol
│ │ ├── v1alpha1
│ │ │ └── generated.proto
│ │ ├── v1beta1
│ │ │ └── generated.proto
│ │ ├── v1beta2
│ │ │ └── generated.proto
│ │ └── v1beta3
│ │ │ └── generated.proto
│ ├── imagepolicy
│ │ └── v1alpha1
│ │ │ └── generated.proto
│ ├── networking
│ │ ├── v1
│ │ │ └── generated.proto
│ │ ├── v1alpha1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── node
│ │ ├── v1
│ │ │ └── generated.proto
│ │ ├── v1alpha1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── policy
│ │ ├── v1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── rbac
│ │ ├── v1
│ │ │ └── generated.proto
│ │ ├── v1alpha1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ ├── resource
│ │ └── v1alpha2
│ │ │ └── generated.proto
│ ├── scheduling
│ │ ├── v1
│ │ │ └── generated.proto
│ │ ├── v1alpha1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ └── storage
│ │ ├── v1
│ │ └── generated.proto
│ │ ├── v1alpha1
│ │ └── generated.proto
│ │ └── v1beta1
│ │ └── generated.proto
│ └── apimachinery
│ └── pkg
│ ├── api
│ └── resource
│ │ └── generated.proto
│ ├── apis
│ ├── meta
│ │ ├── v1
│ │ │ └── generated.proto
│ │ └── v1beta1
│ │ │ └── generated.proto
│ └── testapigroup
│ │ └── v1
│ │ └── generated.proto
│ ├── runtime
│ ├── generated.proto
│ └── schema
│ │ └── generated.proto
│ └── util
│ └── intstr
│ └── generated.proto
├── common
├── .commonfiles.sha
├── Makefile.common.mk
├── config
│ ├── .golangci.yml
│ ├── .hadolint.yml
│ ├── .yamllint.yml
│ ├── license-lint.yml
│ ├── mdl.rb
│ ├── sass-lint.yml
│ └── tslint.json
└── scripts
│ ├── check_clean_repo.sh
│ ├── copyright-banner-go.txt
│ ├── fix_copyright_banner.sh
│ ├── format_go.sh
│ ├── gobuild.sh
│ ├── kind_provisioner.sh
│ ├── lint_copyright_banner.sh
│ ├── lint_go.sh
│ ├── metallb-native.yaml
│ ├── report_build_info.sh
│ ├── run.sh
│ ├── setup_env.sh
│ └── tracing.sh
├── docker
├── Dockerfile.base
├── Dockerfile.distroless
└── iptables.yaml
├── go.mod
├── go.sum
├── istio.deps
├── istioctl
├── cmd
│ ├── istioctl
│ │ ├── doc.go
│ │ ├── istioctl_test.go
│ │ └── main.go
│ ├── istioctl_test.go
│ ├── options.go
│ ├── options_test.go
│ ├── root.go
│ ├── root_test.go
│ ├── sysexits.go
│ └── sysexits_test.go
├── docker
│ └── Dockerfile.istioctl
└── pkg
│ ├── admin
│ ├── admin.go
│ ├── istiodconfig.go
│ └── istiodconfig_test.go
│ ├── analyze
│ ├── analyze.go
│ ├── analyze_test.go
│ └── testdata
│ │ └── analyze-file
│ │ ├── public-gateway.yaml
│ │ └── specific-analyzer.yaml
│ ├── authz
│ ├── analyzer.go
│ ├── analyzer_test.go
│ ├── authz.go
│ ├── authz_test.go
│ ├── listener.go
│ └── testdata
│ │ └── configdump.yaml
│ ├── checkinject
│ ├── checkinject.go
│ ├── checkinject_test.go
│ └── testdata
│ │ └── check-inject
│ │ ├── default-injector.yaml
│ │ ├── never-match-injector.yaml
│ │ └── rev-16-injector.yaml
│ ├── cli
│ ├── context.go
│ ├── context_test.go
│ ├── kubectl_factory.go
│ ├── mock_client.go
│ ├── mock_test.go
│ ├── option.go
│ └── option_test.go
│ ├── clioptions
│ ├── central.go
│ ├── control_plane.go
│ └── doc.go
│ ├── completion
│ └── completion.go
│ ├── config
│ ├── config.go
│ └── config_test.go
│ ├── dashboard
│ ├── dashboard.go
│ └── dashboard_test.go
│ ├── describe
│ ├── describe.go
│ ├── describe_test.go
│ └── testdata
│ │ └── describe
│ │ ├── http_config.json
│ │ └── tls_config.json
│ ├── injector
│ ├── injector-list.go
│ └── injector-list_test.go
│ ├── install
│ └── k8sversion
│ │ ├── version.go
│ │ └── version_test.go
│ ├── internaldebug
│ ├── internal-debug.go
│ └── internal-debug_test.go
│ ├── kubeinject
│ ├── google.go
│ ├── kubeinject.go
│ ├── kubeinject_test.go
│ └── testdata
│ │ ├── deployment
│ │ ├── hello-with-proxyconfig-anno.yaml
│ │ ├── hello-with-proxyconfig-anno.yaml.injected
│ │ ├── hello.yaml
│ │ ├── hello.yaml.injected
│ │ └── hello.yaml.iop.injected
│ │ ├── inject-config-inline-iop.yaml
│ │ ├── inject-config-inline.yaml
│ │ ├── inject-config-iop.yaml
│ │ ├── inject-config.yaml
│ │ ├── inject-values.yaml
│ │ ├── istio-operator.yaml
│ │ └── mesh-config.yaml
│ ├── metrics
│ ├── metrics.go
│ └── metrics_test.go
│ ├── multicluster
│ ├── cluster.go
│ ├── options.go
│ ├── remote_secret.go
│ └── remote_secret_test.go
│ ├── multixds
│ ├── gather.go
│ └── google.go
│ ├── precheck
│ ├── precheck.go
│ └── precheck_test.go
│ ├── proxyconfig
│ ├── clusters.go
│ ├── proxyconfig.go
│ ├── proxyconfig_test.go
│ └── testdata
│ │ ├── config_dump.json
│ │ └── config_dump_summary.txt
│ ├── proxystatus
│ ├── proxystatus.go
│ └── proxystatus_test.go
│ ├── root
│ └── root.go
│ ├── tag
│ ├── generate.go
│ ├── generate_test.go
│ ├── revision.go
│ ├── tag.go
│ ├── tag_test.go
│ └── util.go
│ ├── util
│ ├── ambient
│ │ └── util.go
│ ├── clusters
│ │ └── wrapper.go
│ ├── common.go
│ ├── configdump
│ │ ├── bootstrap.go
│ │ ├── cluster.go
│ │ ├── ecds.go
│ │ ├── endpoint.go
│ │ ├── listener.go
│ │ ├── route.go
│ │ ├── secret.go
│ │ ├── util.go
│ │ └── wrapper.go
│ ├── constants.go
│ ├── formatting
│ │ ├── formatter.go
│ │ ├── formatter_test.go
│ │ └── msg_threshold.go
│ ├── handlers
│ │ ├── handlers.go
│ │ └── handlers_test.go
│ ├── proto
│ │ └── messageslice.go
│ └── testutil
│ │ └── util.go
│ ├── validate
│ ├── validate.go
│ └── validate_test.go
│ ├── version
│ └── version.go
│ ├── waypoint
│ ├── testdata
│ │ └── waypoint
│ │ │ ├── all-gateway
│ │ │ ├── combined-gateway
│ │ │ ├── default-gateway
│ │ │ └── no-gateway
│ ├── waypoint.go
│ └── waypoint_test.go
│ ├── workload
│ ├── testdata
│ │ ├── vmconfig-nil-proxy-metadata
│ │ │ ├── cluster.env.golden
│ │ │ ├── hosts.golden
│ │ │ ├── istio-token.golden
│ │ │ ├── mesh.yaml.golden
│ │ │ ├── root-cert.pem.golden
│ │ │ └── workloadgroup.yaml
│ │ └── vmconfig
│ │ │ ├── ipv4
│ │ │ ├── cluster.env.golden
│ │ │ ├── hosts.golden
│ │ │ ├── istio-token.golden
│ │ │ ├── mesh.yaml.golden
│ │ │ ├── meshconfig.yaml
│ │ │ ├── root-cert.pem.golden
│ │ │ └── workloadgroup.yaml
│ │ │ └── ipv6
│ │ │ ├── cluster.env.golden
│ │ │ ├── hosts.golden
│ │ │ ├── istio-token.golden
│ │ │ ├── mesh.yaml.golden
│ │ │ ├── meshconfig.yaml
│ │ │ ├── root-cert.pem.golden
│ │ │ └── workloadgroup.yaml
│ ├── workload.go
│ └── workload_test.go
│ ├── writer
│ ├── compare
│ │ ├── cluster.go
│ │ ├── comparator.go
│ │ ├── comparator_test.go
│ │ ├── listener.go
│ │ ├── route.go
│ │ ├── sds
│ │ │ ├── util.go
│ │ │ ├── writer.go
│ │ │ └── writer_test.go
│ │ └── testdata
│ │ │ ├── configdump.json
│ │ │ └── configdump_diff.json
│ ├── envoy
│ │ ├── clusters
│ │ │ └── clusters.go
│ │ ├── configdump
│ │ │ ├── cluster.go
│ │ │ ├── cluster_test.go
│ │ │ ├── configdump.go
│ │ │ ├── configdump_test.go
│ │ │ ├── ecds.go
│ │ │ ├── ecds_test.go
│ │ │ ├── endpoint.go
│ │ │ ├── endpoint_test.go
│ │ │ ├── listener.go
│ │ │ ├── listener_test.go
│ │ │ ├── route.go
│ │ │ ├── route_test.go
│ │ │ ├── secret_test.go
│ │ │ └── testdata
│ │ │ │ ├── bootstrapdump.json
│ │ │ │ ├── configdump.json
│ │ │ │ ├── ecds
│ │ │ │ ├── configdump.json
│ │ │ │ ├── output.json
│ │ │ │ ├── output.txt
│ │ │ │ └── output.yaml
│ │ │ │ ├── endpoint
│ │ │ │ ├── configdump.json
│ │ │ │ ├── emptyfilter_output.json
│ │ │ │ ├── emptyfilter_output.txt
│ │ │ │ ├── emptyfilter_output.yaml
│ │ │ │ ├── portfilter_output.json
│ │ │ │ ├── portfilter_output.txt
│ │ │ │ └── portfilter_output.yaml
│ │ │ │ ├── routes
│ │ │ │ ├── empty-gateway
│ │ │ │ │ ├── configdump.json
│ │ │ │ │ └── output.txt
│ │ │ │ ├── istio-gateway-http-route-prefix
│ │ │ │ │ ├── configdump.json
│ │ │ │ │ └── output.txt
│ │ │ │ └── k8s-gateway-http-route-path-prefix
│ │ │ │ │ ├── configdump.json
│ │ │ │ │ └── output.txt
│ │ │ │ ├── secret
│ │ │ │ ├── istio
│ │ │ │ │ ├── config_dump.json
│ │ │ │ │ └── output
│ │ │ │ └── spire
│ │ │ │ │ ├── config_dump.json
│ │ │ │ │ └── output
│ │ │ │ └── versionsummary.txt
│ │ └── logging
│ │ │ └── testdata
│ │ │ └── logging.txt
│ ├── pilot
│ │ ├── status.go
│ │ ├── status_test.go
│ │ └── testdata
│ │ │ ├── multiXdsStatusMultiPilot.txt
│ │ │ ├── multiXdsStatusMultiPilot_verbose.txt
│ │ │ └── multiXdsStatusSinglePilot.txt
│ ├── table
│ │ ├── writer.go
│ │ └── writer_test.go
│ └── ztunnel
│ │ └── configdump
│ │ ├── api.go
│ │ ├── certificates.go
│ │ ├── configdump.go
│ │ ├── configdump_test.go
│ │ ├── connections.go
│ │ ├── policies.go
│ │ ├── services.go
│ │ ├── testdata
│ │ ├── dump.json
│ │ ├── policies.txt
│ │ ├── secretsummary.txt
│ │ ├── workloadsummary.txt
│ │ └── workloadsummary_default.txt
│ │ └── workload.go
│ ├── xds
│ ├── client.go
│ └── google.go
│ └── ztunnelconfig
│ ├── ztunnelconfig.go
│ └── ztunnelconfig_test.go
├── licenses
├── cel.dev
│ └── expr
│ │ └── LICENSE
├── cloud.google.com
│ └── go
│ │ └── compute
│ │ └── metadata
│ │ └── LICENSE
├── dario.cat
│ └── mergo
│ │ └── LICENSE
├── github.com
│ ├── AdaLogics
│ │ └── go-fuzz-headers
│ │ │ └── LICENSE
│ ├── BurntSushi
│ │ └── toml
│ │ │ ├── COPYING
│ │ │ └── cmd
│ │ │ ├── toml-test-decoder
│ │ │ └── COPYING
│ │ │ ├── toml-test-encoder
│ │ │ └── COPYING
│ │ │ └── tomlv
│ │ │ └── COPYING
│ ├── MakeNowJust
│ │ └── heredoc
│ │ │ └── LICENSE
│ ├── Masterminds
│ │ ├── goutils
│ │ │ └── LICENSE.txt
│ │ ├── semver
│ │ │ └── v3
│ │ │ │ └── LICENSE.txt
│ │ └── sprig
│ │ │ └── v3
│ │ │ └── LICENSE.txt
│ ├── VividCortex
│ │ └── ewma
│ │ │ └── LICENSE
│ ├── alecholmes
│ │ └── xfccparser
│ │ │ └── LICENSE
│ ├── alecthomas
│ │ └── participle
│ │ │ └── v2
│ │ │ └── COPYING
│ ├── antlr4-go
│ │ └── antlr
│ │ │ └── v4
│ │ │ └── LICENSE
│ ├── beorn7
│ │ └── perks
│ │ │ └── LICENSE
│ ├── blang
│ │ └── semver
│ │ │ └── v4
│ │ │ └── LICENSE
│ ├── cbeuw
│ │ └── connutil
│ │ │ └── LICENSE
│ ├── cenkalti
│ │ └── backoff
│ │ │ └── v4
│ │ │ └── LICENSE
│ ├── cespare
│ │ └── xxhash
│ │ │ └── v2
│ │ │ └── LICENSE.txt
│ ├── chai2010
│ │ └── gettext-go
│ │ │ └── LICENSE
│ ├── cheggaaa
│ │ └── pb
│ │ │ └── v3
│ │ │ └── LICENSE
│ ├── cncf
│ │ └── xds
│ │ │ └── go
│ │ │ └── LICENSE
│ ├── containerd
│ │ ├── stargz-snapshotter
│ │ │ └── estargz
│ │ │ │ └── LICENSE
│ │ └── typeurl
│ │ │ └── v2
│ │ │ └── LICENSE
│ ├── containernetworking
│ │ ├── cni
│ │ │ └── LICENSE
│ │ └── plugins
│ │ │ └── LICENSE
│ ├── coreos
│ │ └── go-oidc
│ │ │ └── v3
│ │ │ └── LICENSE
│ ├── cpuguy83
│ │ └── go-md2man
│ │ │ └── v2
│ │ │ └── LICENSE.md
│ ├── cyphar
│ │ └── filepath-securejoin
│ │ │ └── LICENSE
│ ├── davecgh
│ │ └── go-spew
│ │ │ └── LICENSE
│ ├── docker
│ │ ├── cli
│ │ │ └── LICENSE
│ │ ├── distribution
│ │ │ └── LICENSE
│ │ └── docker-credential-helpers
│ │ │ └── LICENSE
│ ├── emicklei
│ │ └── go-restful
│ │ │ └── v3
│ │ │ └── LICENSE
│ ├── envoyproxy
│ │ ├── go-control-plane
│ │ │ ├── contrib
│ │ │ │ └── LICENSE
│ │ │ └── envoy
│ │ │ │ └── LICENSE
│ │ └── protoc-gen-validate
│ │ │ └── LICENSE
│ ├── evanphx
│ │ └── json-patch
│ │ │ └── v5
│ │ │ └── LICENSE
│ ├── exponent-io
│ │ └── jsonpath
│ │ │ └── LICENSE
│ ├── fatih
│ │ ├── camelcase
│ │ │ └── LICENSE.md
│ │ └── color
│ │ │ └── LICENSE.md
│ ├── felixge
│ │ ├── fgprof
│ │ │ └── LICENSE.txt
│ │ └── httpsnoop
│ │ │ └── LICENSE.txt
│ ├── fsnotify
│ │ └── fsnotify
│ │ │ └── LICENSE
│ ├── fxamacker
│ │ └── cbor
│ │ │ └── v2
│ │ │ └── LICENSE
│ ├── go-errors
│ │ └── errors
│ │ │ └── NONE
│ ├── go-jose
│ │ └── go-jose
│ │ │ └── v4
│ │ │ ├── LICENSE
│ │ │ └── json
│ │ │ └── LICENSE
│ ├── go-logr
│ │ ├── logr
│ │ │ └── LICENSE
│ │ └── stdr
│ │ │ └── LICENSE
│ ├── go-openapi
│ │ ├── jsonpointer
│ │ │ └── LICENSE
│ │ ├── jsonreference
│ │ │ └── LICENSE
│ │ └── swag
│ │ │ └── LICENSE
│ ├── go-viper
│ │ └── mapstructure
│ │ │ └── v2
│ │ │ └── LICENSE
│ ├── gobwas
│ │ └── glob
│ │ │ └── LICENSE
│ ├── gogo
│ │ └── protobuf
│ │ │ └── LICENSE
│ ├── golang
│ │ └── protobuf
│ │ │ └── LICENSE
│ ├── google
│ │ ├── btree
│ │ │ └── LICENSE
│ │ ├── cel-go
│ │ │ └── LICENSE
│ │ ├── gnostic-models
│ │ │ └── LICENSE
│ │ ├── go-cmp
│ │ │ └── LICENSE
│ │ ├── go-containerregistry
│ │ │ └── LICENSE
│ │ ├── gofuzz
│ │ │ └── LICENSE
│ │ ├── pprof
│ │ │ ├── LICENSE
│ │ │ └── third_party
│ │ │ │ └── svgpan
│ │ │ │ └── LICENSE
│ │ ├── shlex
│ │ │ └── COPYING
│ │ └── uuid
│ │ │ └── LICENSE
│ ├── gorilla
│ │ ├── mux
│ │ │ └── LICENSE
│ │ └── websocket
│ │ │ └── LICENSE
│ ├── grafana
│ │ └── regexp
│ │ │ └── LICENSE
│ ├── gregjones
│ │ └── httpcache
│ │ │ └── LICENSE.txt
│ ├── grpc-ecosystem
│ │ ├── go-grpc-middleware
│ │ │ ├── LICENSE
│ │ │ └── v2
│ │ │ │ └── LICENSE
│ │ ├── go-grpc-prometheus
│ │ │ └── LICENSE
│ │ └── grpc-gateway
│ │ │ └── v2
│ │ │ ├── LICENSE
│ │ │ └── internal
│ │ │ └── casing
│ │ │ └── LICENSE.md
│ ├── hashicorp
│ │ ├── errwrap
│ │ │ └── LICENSE
│ │ ├── go-multierror
│ │ │ └── LICENSE
│ │ ├── go-version
│ │ │ └── LICENSE
│ │ └── golang-lru
│ │ │ └── v2
│ │ │ └── LICENSE
│ ├── howardjohn
│ │ └── unshare-go
│ │ │ └── LICENSE
│ ├── huandu
│ │ └── xstrings
│ │ │ └── LICENSE
│ ├── josharian
│ │ └── intern
│ │ │ └── license.md
│ ├── json-iterator
│ │ └── go
│ │ │ └── LICENSE
│ ├── klauspost
│ │ └── compress
│ │ │ ├── LICENSE
│ │ │ ├── gzhttp
│ │ │ └── LICENSE
│ │ │ ├── internal
│ │ │ ├── lz4ref
│ │ │ │ └── LICENSE
│ │ │ └── snapref
│ │ │ │ └── LICENSE
│ │ │ ├── s2
│ │ │ ├── LICENSE
│ │ │ └── cmd
│ │ │ │ └── internal
│ │ │ │ ├── filepathx
│ │ │ │ └── LICENSE
│ │ │ │ └── readahead
│ │ │ │ └── LICENSE
│ │ │ ├── snappy
│ │ │ ├── LICENSE
│ │ │ └── xerial
│ │ │ │ └── LICENSE
│ │ │ └── zstd
│ │ │ └── internal
│ │ │ └── xxhash
│ │ │ └── LICENSE.txt
│ ├── lestrrat-go
│ │ ├── backoff
│ │ │ └── v2
│ │ │ │ └── LICENSE
│ │ ├── blackmagic
│ │ │ └── LICENSE
│ │ ├── httpcc
│ │ │ └── LICENSE
│ │ ├── iter
│ │ │ └── LICENSE
│ │ ├── jwx
│ │ │ └── LICENSE
│ │ └── option
│ │ │ └── LICENSE
│ ├── liggitt
│ │ └── tabwriter
│ │ │ └── LICENSE
│ ├── mailru
│ │ └── easyjson
│ │ │ └── LICENSE
│ ├── mattn
│ │ ├── go-colorable
│ │ │ └── LICENSE
│ │ ├── go-isatty
│ │ │ └── LICENSE
│ │ └── go-runewidth
│ │ │ └── LICENSE
│ ├── miekg
│ │ └── dns
│ │ │ └── LICENSE
│ ├── mitchellh
│ │ ├── copystructure
│ │ │ └── LICENSE
│ │ ├── go-homedir
│ │ │ └── LICENSE
│ │ ├── go-wordwrap
│ │ │ └── LICENSE.md
│ │ └── reflectwalk
│ │ │ └── LICENSE
│ ├── moby
│ │ ├── buildkit
│ │ │ └── LICENSE
│ │ ├── spdystream
│ │ │ └── LICENSE
│ │ └── term
│ │ │ └── LICENSE
│ ├── modern-go
│ │ ├── concurrent
│ │ │ └── LICENSE
│ │ └── reflect2
│ │ │ └── LICENSE
│ ├── monochromegane
│ │ └── go-gitignore
│ │ │ └── LICENSE
│ ├── munnerz
│ │ └── goautoneg
│ │ │ └── LICENSE
│ ├── mxk
│ │ └── go-flowrate
│ │ │ └── LICENSE
│ ├── onsi
│ │ └── gomega
│ │ │ └── LICENSE
│ ├── opencontainers
│ │ ├── go-digest
│ │ │ └── LICENSE
│ │ └── image-spec
│ │ │ └── LICENSE
│ ├── openshift
│ │ └── api
│ │ │ └── LICENSE
│ ├── pelletier
│ │ └── go-toml
│ │ │ └── v2
│ │ │ └── LICENSE
│ ├── peterbourgon
│ │ └── diskv
│ │ │ └── LICENSE
│ ├── pires
│ │ └── go-proxyproto
│ │ │ └── LICENSE
│ ├── pkg
│ │ └── errors
│ │ │ └── LICENSE
│ ├── planetscale
│ │ └── vtprotobuf
│ │ │ ├── LICENSE
│ │ │ └── generator
│ │ │ └── pattern
│ │ │ └── LICENSE
│ ├── pmezard
│ │ └── go-difflib
│ │ │ └── LICENSE
│ ├── prometheus
│ │ ├── client_golang
│ │ │ ├── LICENSE
│ │ │ └── internal
│ │ │ │ └── github.com
│ │ │ │ └── golang
│ │ │ │ └── gddo
│ │ │ │ └── LICENSE
│ │ ├── client_model
│ │ │ └── LICENSE
│ │ ├── common
│ │ │ └── LICENSE
│ │ ├── procfs
│ │ │ └── LICENSE
│ │ └── prometheus
│ │ │ └── LICENSE
│ ├── quic-go
│ │ ├── qpack
│ │ │ └── LICENSE.md
│ │ └── quic-go
│ │ │ └── LICENSE
│ ├── rivo
│ │ └── uniseg
│ │ │ └── LICENSE.txt
│ ├── russross
│ │ └── blackfriday
│ │ │ └── v2
│ │ │ └── LICENSE.txt
│ ├── ryanuber
│ │ └── go-glob
│ │ │ └── LICENSE
│ ├── sagikazarmark
│ │ └── locafero
│ │ │ └── LICENSE
│ ├── shopspring
│ │ └── decimal
│ │ │ └── LICENSE
│ ├── sirupsen
│ │ └── logrus
│ │ │ └── LICENSE
│ ├── sourcegraph
│ │ └── conc
│ │ │ └── LICENSE
│ ├── spf13
│ │ ├── afero
│ │ │ └── LICENSE.txt
│ │ ├── cast
│ │ │ └── LICENSE
│ │ ├── cobra
│ │ │ └── LICENSE.txt
│ │ ├── pflag
│ │ │ └── LICENSE
│ │ └── viper
│ │ │ └── LICENSE
│ ├── spiffe
│ │ └── go-spiffe
│ │ │ └── v2
│ │ │ └── LICENSE
│ ├── stoewer
│ │ └── go-strcase
│ │ │ └── LICENSE
│ ├── stretchr
│ │ ├── objx
│ │ │ └── LICENSE
│ │ └── testify
│ │ │ └── LICENSE
│ ├── subosito
│ │ └── gotenv
│ │ │ └── LICENSE
│ ├── vbatts
│ │ └── tar-split
│ │ │ └── LICENSE
│ ├── vishvananda
│ │ ├── netlink
│ │ │ └── LICENSE
│ │ └── netns
│ │ │ └── LICENSE
│ ├── x448
│ │ └── float16
│ │ │ └── LICENSE
│ ├── xeipuuv
│ │ ├── gojsonpointer
│ │ │ └── NONE
│ │ ├── gojsonreference
│ │ │ └── NONE
│ │ └── gojsonschema
│ │ │ └── NONE
│ ├── xlab
│ │ └── treeprint
│ │ │ └── LICENSE
│ ├── yl2chen
│ │ └── cidranger
│ │ │ └── LICENSE
│ └── zeebo
│ │ └── errs
│ │ └── LICENSE
├── go.opentelemetry.io
│ ├── auto
│ │ └── sdk
│ │ │ └── LICENSE
│ ├── contrib
│ │ └── instrumentation
│ │ │ └── net
│ │ │ └── http
│ │ │ └── otelhttp
│ │ │ └── LICENSE
│ ├── otel
│ │ ├── LICENSE
│ │ ├── exporters
│ │ │ ├── otlp
│ │ │ │ └── otlptrace
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ ├── otlptracegrpc
│ │ │ │ │ └── LICENSE
│ │ │ │ │ └── otlptracehttp
│ │ │ │ │ └── LICENSE
│ │ │ └── prometheus
│ │ │ │ └── LICENSE
│ │ ├── metric
│ │ │ └── LICENSE
│ │ ├── sdk
│ │ │ ├── LICENSE
│ │ │ └── metric
│ │ │ │ └── LICENSE
│ │ └── trace
│ │ │ └── LICENSE
│ └── proto
│ │ └── otlp
│ │ └── LICENSE
├── go.uber.org
│ ├── atomic
│ │ └── LICENSE.txt
│ ├── multierr
│ │ └── LICENSE.txt
│ └── zap
│ │ └── LICENSE
├── golang.org
│ └── x
│ │ ├── crypto
│ │ └── LICENSE
│ │ ├── exp
│ │ └── LICENSE
│ │ ├── net
│ │ └── LICENSE
│ │ ├── oauth2
│ │ └── LICENSE
│ │ ├── sync
│ │ └── LICENSE
│ │ ├── sys
│ │ └── LICENSE
│ │ ├── term
│ │ └── LICENSE
│ │ ├── text
│ │ └── LICENSE
│ │ └── time
│ │ └── LICENSE
├── gomodules.xyz
│ └── jsonpatch
│ │ └── v2
│ │ └── LICENSE
├── google.golang.org
│ ├── genproto
│ │ └── googleapis
│ │ │ ├── api
│ │ │ └── LICENSE
│ │ │ └── rpc
│ │ │ └── LICENSE
│ ├── grpc
│ │ └── LICENSE
│ └── protobuf
│ │ └── LICENSE
├── gopkg.in
│ ├── evanphx
│ │ └── json-patch.v4
│ │ │ └── LICENSE
│ ├── inf.v0
│ │ └── LICENSE
│ ├── natefinch
│ │ └── lumberjack.v2
│ │ │ └── LICENSE
│ ├── yaml.v2
│ │ └── LICENSE
│ └── yaml.v3
│ │ └── LICENSE
├── helm.sh
│ └── helm
│ │ └── v3
│ │ ├── LICENSE
│ │ └── pkg
│ │ ├── chart
│ │ └── loader
│ │ │ └── testdata
│ │ │ ├── LICENSE
│ │ │ ├── frobnitz.v1
│ │ │ └── LICENSE
│ │ │ ├── frobnitz.v2.reqs
│ │ │ └── LICENSE
│ │ │ ├── frobnitz
│ │ │ └── LICENSE
│ │ │ ├── frobnitz_backslash
│ │ │ └── LICENSE
│ │ │ ├── frobnitz_with_bom
│ │ │ └── LICENSE
│ │ │ └── frobnitz_with_dev_null
│ │ │ └── LICENSE
│ │ └── chartutil
│ │ └── testdata
│ │ ├── dependent-chart-alias
│ │ └── LICENSE
│ │ ├── dependent-chart-no-requirements-yaml
│ │ └── LICENSE
│ │ ├── dependent-chart-with-all-in-requirements-yaml
│ │ └── LICENSE
│ │ ├── dependent-chart-with-mixed-requirements-yaml
│ │ └── LICENSE
│ │ └── frobnitz
│ │ └── LICENSE
├── istio.io
│ ├── api
│ │ └── LICENSE
│ └── client-go
│ │ └── LICENSE
├── k8s.io
│ ├── api
│ │ └── LICENSE
│ ├── apiextensions-apiserver
│ │ └── LICENSE
│ ├── apimachinery
│ │ ├── LICENSE
│ │ └── third_party
│ │ │ └── forked
│ │ │ └── golang
│ │ │ └── LICENSE
│ ├── apiserver
│ │ └── LICENSE
│ ├── cli-runtime
│ │ └── LICENSE
│ ├── client-go
│ │ ├── LICENSE
│ │ └── third_party
│ │ │ └── forked
│ │ │ └── golang
│ │ │ └── LICENSE
│ ├── component-base
│ │ └── LICENSE
│ ├── component-helpers
│ │ └── LICENSE
│ ├── klog
│ │ └── v2
│ │ │ └── LICENSE
│ ├── kube-openapi
│ │ ├── LICENSE
│ │ └── pkg
│ │ │ ├── internal
│ │ │ └── third_party
│ │ │ │ ├── go-json-experiment
│ │ │ │ └── json
│ │ │ │ │ └── LICENSE
│ │ │ │ └── govalidator
│ │ │ │ └── LICENSE
│ │ │ └── validation
│ │ │ ├── errors
│ │ │ └── LICENSE
│ │ │ ├── spec
│ │ │ └── LICENSE
│ │ │ ├── strfmt
│ │ │ └── LICENSE
│ │ │ └── validate
│ │ │ └── LICENSE
│ ├── kubectl
│ │ └── LICENSE
│ └── utils
│ │ ├── LICENSE
│ │ ├── inotify
│ │ └── LICENSE
│ │ ├── internal
│ │ └── third_party
│ │ │ └── forked
│ │ │ └── golang
│ │ │ └── LICENSE
│ │ └── third_party
│ │ └── forked
│ │ └── golang
│ │ └── LICENSE
└── sigs.k8s.io
│ ├── apiserver-network-proxy
│ └── konnectivity-client
│ │ └── LICENSE
│ ├── controller-runtime
│ └── LICENSE
│ ├── gateway-api-inference-extension
│ └── LICENSE
│ ├── gateway-api
│ └── LICENSE
│ ├── json
│ └── LICENSE
│ ├── kustomize
│ ├── api
│ │ └── LICENSE
│ └── kyaml
│ │ └── LICENSE
│ ├── mcs-api
│ └── LICENSE
│ ├── randfill
│ └── LICENSE
│ ├── structured-merge-diff
│ └── v4
│ │ └── LICENSE
│ └── yaml
│ ├── LICENSE
│ ├── goyaml.v2
│ └── LICENSE
│ └── goyaml.v3
│ └── LICENSE
├── logo
└── istio-bluelogo-whitebackground-unframed.svg
├── manifests
├── .gitattributes
├── addons
│ ├── dashboards
│ │ ├── README.md
│ │ ├── istio-extension-dashboard.json
│ │ ├── istio-mesh-dashboard.gen.json
│ │ ├── istio-mesh.libsonnet
│ │ ├── istio-performance-dashboard.json
│ │ ├── istio-service-dashboard.json
│ │ ├── istio-workload-dashboard.json
│ │ ├── jsonnetfile.json
│ │ ├── jsonnetfile.lock.json
│ │ ├── lib
│ │ │ ├── dashboard.libsonnet
│ │ │ ├── g.libsonnet
│ │ │ ├── istio-service.libsonnet
│ │ │ ├── istio-workload.libsonnet
│ │ │ ├── lib-grid.libsonnet
│ │ │ ├── lib-query.libsonnet
│ │ │ ├── output.json
│ │ │ ├── panels.libsonnet
│ │ │ ├── queries.libsonnet
│ │ │ └── variables.libsonnet
│ │ ├── pilot-dashboard.gen.json
│ │ ├── pilot.libsonnet
│ │ ├── test_dashboard_links.sh
│ │ ├── ztunnel-dashboard.gen.json
│ │ └── ztunnel.libsonnet
│ ├── gen.sh
│ ├── values-grafana.yaml
│ ├── values-kiali.yaml
│ ├── values-loki.yaml
│ └── values-prometheus.yaml
├── charts
│ ├── README.md
│ ├── UPDATING-CHARTS.md
│ ├── base
│ │ ├── Chart.yaml
│ │ ├── README.md
│ │ ├── files
│ │ │ ├── crd-all.gen.yaml
│ │ │ ├── profile-ambient.yaml
│ │ │ ├── profile-compatibility-version-1.24.yaml
│ │ │ ├── profile-compatibility-version-1.25.yaml
│ │ │ ├── profile-compatibility-version-1.26.yaml
│ │ │ ├── profile-demo.yaml
│ │ │ ├── profile-platform-gke.yaml
│ │ │ ├── profile-platform-k3d.yaml
│ │ │ ├── profile-platform-k3s.yaml
│ │ │ ├── profile-platform-microk8s.yaml
│ │ │ ├── profile-platform-minikube.yaml
│ │ │ ├── profile-platform-openshift.yaml
│ │ │ ├── profile-preview.yaml
│ │ │ ├── profile-remote.yaml
│ │ │ └── profile-stable.yaml
│ │ ├── templates
│ │ │ ├── NOTES.txt
│ │ │ ├── crds.yaml
│ │ │ ├── defaultrevision-validatingadmissionpolicy.yaml
│ │ │ ├── defaultrevision-validatingwebhookconfiguration.yaml
│ │ │ ├── reader-serviceaccount.yaml
│ │ │ └── zzz_profile.yaml
│ │ └── values.yaml
│ ├── default
│ │ ├── Chart.yaml
│ │ ├── files
│ │ │ ├── profile-ambient.yaml
│ │ │ ├── profile-compatibility-version-1.24.yaml
│ │ │ ├── profile-compatibility-version-1.25.yaml
│ │ │ ├── profile-compatibility-version-1.26.yaml
│ │ │ ├── profile-demo.yaml
│ │ │ ├── profile-platform-gke.yaml
│ │ │ ├── profile-platform-k3d.yaml
│ │ │ ├── profile-platform-k3s.yaml
│ │ │ ├── profile-platform-microk8s.yaml
│ │ │ ├── profile-platform-minikube.yaml
│ │ │ ├── profile-platform-openshift.yaml
│ │ │ ├── profile-preview.yaml
│ │ │ ├── profile-remote.yaml
│ │ │ └── profile-stable.yaml
│ │ ├── templates
│ │ │ ├── mutatingwebhook.yaml
│ │ │ ├── validatingwebhook.yaml
│ │ │ └── zzz_profile.yaml
│ │ └── values.yaml
│ ├── gateway
│ │ ├── Chart.yaml
│ │ ├── README.md
│ │ ├── files
│ │ │ ├── profile-ambient.yaml
│ │ │ ├── profile-compatibility-version-1.24.yaml
│ │ │ ├── profile-compatibility-version-1.25.yaml
│ │ │ ├── profile-compatibility-version-1.26.yaml
│ │ │ ├── profile-demo.yaml
│ │ │ ├── profile-platform-gke.yaml
│ │ │ ├── profile-platform-k3d.yaml
│ │ │ ├── profile-platform-k3s.yaml
│ │ │ ├── profile-platform-microk8s.yaml
│ │ │ ├── profile-platform-minikube.yaml
│ │ │ ├── profile-platform-openshift.yaml
│ │ │ ├── profile-preview.yaml
│ │ │ ├── profile-remote.yaml
│ │ │ └── profile-stable.yaml
│ │ ├── templates
│ │ │ ├── NOTES.txt
│ │ │ ├── _helpers.tpl
│ │ │ ├── deployment.yaml
│ │ │ ├── hpa.yaml
│ │ │ ├── poddisruptionbudget.yaml
│ │ │ ├── role.yaml
│ │ │ ├── service.yaml
│ │ │ ├── serviceaccount.yaml
│ │ │ └── zzz_profile.yaml
│ │ ├── values.schema.json
│ │ └── values.yaml
│ ├── gateways
│ │ ├── istio-egress
│ │ │ ├── Chart.yaml
│ │ │ ├── NOTES.txt
│ │ │ ├── files
│ │ │ │ ├── profile-ambient.yaml
│ │ │ │ ├── profile-compatibility-version-1.24.yaml
│ │ │ │ ├── profile-compatibility-version-1.25.yaml
│ │ │ │ ├── profile-compatibility-version-1.26.yaml
│ │ │ │ ├── profile-demo.yaml
│ │ │ │ ├── profile-platform-gke.yaml
│ │ │ │ ├── profile-platform-k3d.yaml
│ │ │ │ ├── profile-platform-k3s.yaml
│ │ │ │ ├── profile-platform-microk8s.yaml
│ │ │ │ ├── profile-platform-minikube.yaml
│ │ │ │ ├── profile-platform-openshift.yaml
│ │ │ │ ├── profile-preview.yaml
│ │ │ │ ├── profile-remote.yaml
│ │ │ │ └── profile-stable.yaml
│ │ │ ├── templates
│ │ │ │ ├── _affinity.tpl
│ │ │ │ ├── autoscale.yaml
│ │ │ │ ├── deployment.yaml
│ │ │ │ ├── injected-deployment.yaml
│ │ │ │ ├── poddisruptionbudget.yaml
│ │ │ │ ├── role.yaml
│ │ │ │ ├── rolebindings.yaml
│ │ │ │ ├── service.yaml
│ │ │ │ ├── serviceaccount.yaml
│ │ │ │ └── zzz_profile.yaml
│ │ │ └── values.yaml
│ │ └── istio-ingress
│ │ │ ├── Chart.yaml
│ │ │ ├── NOTES.txt
│ │ │ ├── files
│ │ │ ├── profile-ambient.yaml
│ │ │ ├── profile-compatibility-version-1.24.yaml
│ │ │ ├── profile-compatibility-version-1.25.yaml
│ │ │ ├── profile-compatibility-version-1.26.yaml
│ │ │ ├── profile-demo.yaml
│ │ │ ├── profile-platform-gke.yaml
│ │ │ ├── profile-platform-k3d.yaml
│ │ │ ├── profile-platform-k3s.yaml
│ │ │ ├── profile-platform-microk8s.yaml
│ │ │ ├── profile-platform-minikube.yaml
│ │ │ ├── profile-platform-openshift.yaml
│ │ │ ├── profile-preview.yaml
│ │ │ ├── profile-remote.yaml
│ │ │ └── profile-stable.yaml
│ │ │ ├── templates
│ │ │ ├── _affinity.tpl
│ │ │ ├── autoscale.yaml
│ │ │ ├── deployment.yaml
│ │ │ ├── injected-deployment.yaml
│ │ │ ├── poddisruptionbudget.yaml
│ │ │ ├── role.yaml
│ │ │ ├── rolebindings.yaml
│ │ │ ├── service.yaml
│ │ │ ├── serviceaccount.yaml
│ │ │ └── zzz_profile.yaml
│ │ │ └── values.yaml
│ ├── install-OpenShift.md
│ ├── istio-cni
│ │ ├── Chart.yaml
│ │ ├── README.md
│ │ ├── files
│ │ │ ├── profile-ambient.yaml
│ │ │ ├── profile-compatibility-version-1.24.yaml
│ │ │ ├── profile-compatibility-version-1.25.yaml
│ │ │ ├── profile-compatibility-version-1.26.yaml
│ │ │ ├── profile-demo.yaml
│ │ │ ├── profile-platform-gke.yaml
│ │ │ ├── profile-platform-k3d.yaml
│ │ │ ├── profile-platform-k3s.yaml
│ │ │ ├── profile-platform-microk8s.yaml
│ │ │ ├── profile-platform-minikube.yaml
│ │ │ ├── profile-platform-openshift.yaml
│ │ │ ├── profile-preview.yaml
│ │ │ ├── profile-remote.yaml
│ │ │ └── profile-stable.yaml
│ │ ├── templates
│ │ │ ├── NOTES.txt
│ │ │ ├── _helpers.tpl
│ │ │ ├── clusterrole.yaml
│ │ │ ├── clusterrolebinding.yaml
│ │ │ ├── configmap-cni.yaml
│ │ │ ├── daemonset.yaml
│ │ │ ├── network-attachment-definition.yaml
│ │ │ ├── resourcequota.yaml
│ │ │ ├── serviceaccount.yaml
│ │ │ ├── zzy_descope_legacy.yaml
│ │ │ └── zzz_profile.yaml
│ │ └── values.yaml
│ ├── istio-control
│ │ └── istio-discovery
│ │ │ ├── Chart.yaml
│ │ │ ├── README.md
│ │ │ ├── files
│ │ │ ├── gateway-injection-template.yaml
│ │ │ ├── grpc-agent.yaml
│ │ │ ├── grpc-simple.yaml
│ │ │ ├── injection-template.yaml
│ │ │ ├── kube-gateway.yaml
│ │ │ ├── profile-ambient.yaml
│ │ │ ├── profile-compatibility-version-1.24.yaml
│ │ │ ├── profile-compatibility-version-1.25.yaml
│ │ │ ├── profile-compatibility-version-1.26.yaml
│ │ │ ├── profile-demo.yaml
│ │ │ ├── profile-platform-gke.yaml
│ │ │ ├── profile-platform-k3d.yaml
│ │ │ ├── profile-platform-k3s.yaml
│ │ │ ├── profile-platform-microk8s.yaml
│ │ │ ├── profile-platform-minikube.yaml
│ │ │ ├── profile-platform-openshift.yaml
│ │ │ ├── profile-preview.yaml
│ │ │ ├── profile-remote.yaml
│ │ │ ├── profile-stable.yaml
│ │ │ └── waypoint.yaml
│ │ │ ├── templates
│ │ │ ├── NOTES.txt
│ │ │ ├── _helpers.tpl
│ │ │ ├── autoscale.yaml
│ │ │ ├── clusterrole.yaml
│ │ │ ├── clusterrolebinding.yaml
│ │ │ ├── configmap-jwks.yaml
│ │ │ ├── configmap-values.yaml
│ │ │ ├── configmap.yaml
│ │ │ ├── deployment.yaml
│ │ │ ├── gateway-class-configmap.yaml
│ │ │ ├── istiod-injector-configmap.yaml
│ │ │ ├── mutatingwebhook.yaml
│ │ │ ├── poddisruptionbudget.yaml
│ │ │ ├── reader-clusterrole.yaml
│ │ │ ├── reader-clusterrolebinding.yaml
│ │ │ ├── remote-istiod-endpoints.yaml
│ │ │ ├── remote-istiod-service.yaml
│ │ │ ├── revision-tags.yaml
│ │ │ ├── role.yaml
│ │ │ ├── rolebinding.yaml
│ │ │ ├── service.yaml
│ │ │ ├── serviceaccount.yaml
│ │ │ ├── validatingadmissionpolicy.yaml
│ │ │ ├── validatingwebhookconfiguration.yaml
│ │ │ ├── zzy_descope_legacy.yaml
│ │ │ └── zzz_profile.yaml
│ │ │ └── values.yaml
│ └── ztunnel
│ │ ├── Chart.yaml
│ │ ├── README.md
│ │ ├── files
│ │ ├── profile-ambient.yaml
│ │ ├── profile-compatibility-version-1.24.yaml
│ │ ├── profile-compatibility-version-1.25.yaml
│ │ ├── profile-compatibility-version-1.26.yaml
│ │ ├── profile-demo.yaml
│ │ ├── profile-platform-gke.yaml
│ │ ├── profile-platform-k3d.yaml
│ │ ├── profile-platform-k3s.yaml
│ │ ├── profile-platform-microk8s.yaml
│ │ ├── profile-platform-minikube.yaml
│ │ ├── profile-platform-openshift.yaml
│ │ ├── profile-preview.yaml
│ │ ├── profile-remote.yaml
│ │ └── profile-stable.yaml
│ │ ├── templates
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── daemonset.yaml
│ │ ├── rbac.yaml
│ │ ├── resourcequota.yaml
│ │ └── zzz_profile.yaml
│ │ └── values.yaml
├── helm-profiles
│ ├── README.md
│ ├── ambient.yaml
│ ├── compatibility-version-1.24.yaml
│ ├── compatibility-version-1.25.yaml
│ ├── compatibility-version-1.26.yaml
│ ├── demo.yaml
│ ├── platform-gke.yaml
│ ├── platform-k3d.yaml
│ ├── platform-k3s.yaml
│ ├── platform-microk8s.yaml
│ ├── platform-minikube.yaml
│ ├── platform-openshift.yaml
│ ├── preview.yaml
│ ├── remote.yaml
│ ├── stable.yaml
│ └── warning-edit.txt
├── manifest.go
├── profiles
│ ├── ambient.yaml
│ ├── default.yaml
│ ├── demo.yaml
│ ├── empty.yaml
│ ├── minimal.yaml
│ ├── openshift-ambient.yaml
│ ├── openshift.yaml
│ ├── preview.yaml
│ ├── remote.yaml
│ └── stable.yaml
├── sample-charts
│ └── ambient
│ │ ├── Chart.yaml
│ │ └── values.yaml
└── zzz_profile.yaml
├── operator
├── README.md
├── cmd
│ └── mesh
│ │ ├── install.go
│ │ ├── manifest-generate.go
│ │ ├── manifest-generate_test.go
│ │ ├── manifest-translate.go
│ │ ├── manifest.go
│ │ ├── manifest_shared_test.go
│ │ ├── readme.tpl
│ │ ├── root.go
│ │ ├── shared.go
│ │ ├── test-util_test.go
│ │ ├── testdata
│ │ ├── manifest-generate
│ │ │ ├── data-snapshot.tar.gz
│ │ │ ├── input-extra-resources
│ │ │ │ ├── default_installation_failed.yaml
│ │ │ │ ├── default_tag.yaml
│ │ │ │ ├── duplicate_mwc.yaml
│ │ │ │ ├── envoyfilter.yaml
│ │ │ │ └── gateways.yaml
│ │ │ ├── input
│ │ │ │ ├── all_off.yaml
│ │ │ │ ├── all_on.yaml
│ │ │ │ ├── autoscaling_ingress_v2.yaml
│ │ │ │ ├── autoscaling_v2.yaml
│ │ │ │ ├── autoscaling_v2beta1_k8s_and_values.yaml
│ │ │ │ ├── bare_spec.yaml
│ │ │ │ ├── bare_values.yaml
│ │ │ │ ├── bogus_cps.yaml
│ │ │ │ ├── component_hub_tag.yaml
│ │ │ │ ├── default.yaml
│ │ │ │ ├── deprecated_autoscaling_k8s_spec.yaml
│ │ │ │ ├── duplicate_mwc.yaml
│ │ │ │ ├── empty.yaml
│ │ │ │ ├── flag_force.yaml
│ │ │ │ ├── flag_output.yaml
│ │ │ │ ├── gateways-with-custom-tags-and-no-labels.yaml
│ │ │ │ ├── gateways.yaml
│ │ │ │ ├── helm_values_enablement.yaml
│ │ │ │ ├── ingressgateway_k8s_settings.yaml
│ │ │ │ ├── install_package_path.yaml
│ │ │ │ ├── istio-cni.yaml
│ │ │ │ ├── istio-cni_tolerations.yaml
│ │ │ │ ├── istiod_remote.yaml
│ │ │ │ ├── istiod_remote_config.yaml
│ │ │ │ ├── istiod_remote_local.yaml
│ │ │ │ ├── minimal-revisioned.yaml
│ │ │ │ ├── minimal.yaml
│ │ │ │ ├── multiple_iops.yaml
│ │ │ │ ├── pilot_default.yaml
│ │ │ │ ├── pilot_disable_tracing.yaml
│ │ │ │ ├── pilot_env_var_from.yaml
│ │ │ │ ├── pilot_k8s_settings.yaml
│ │ │ │ ├── pilot_merge_meshconfig.yaml
│ │ │ │ ├── pilot_override_kubernetes.yaml
│ │ │ │ ├── pilot_override_values.yaml
│ │ │ │ ├── sidecar_template.yaml
│ │ │ │ ├── ztunnel.yaml
│ │ │ │ └── ztunnel_tolerations.yaml
│ │ │ └── output
│ │ │ │ ├── all_off.golden.yaml
│ │ │ │ ├── all_on.golden-show-in-gh-pull-request.yaml
│ │ │ │ ├── autoscaling_ingress_v2.golden.yaml
│ │ │ │ ├── autoscaling_v2.golden.yaml
│ │ │ │ ├── flag_force.golden.yaml
│ │ │ │ ├── flag_output.golden.yaml
│ │ │ │ ├── flag_output_set_values.golden.yaml
│ │ │ │ ├── flag_values_enable_egressgateway.golden.yaml
│ │ │ │ ├── gateways.golden.yaml
│ │ │ │ ├── helm_values_enablement.golden.yaml
│ │ │ │ ├── ingressgateway_k8s_settings.golden.yaml
│ │ │ │ ├── install_package_path.golden.yaml
│ │ │ │ ├── istio-cni.golden.yaml
│ │ │ │ ├── istio-cni_tolerations.golden.yaml
│ │ │ │ ├── pilot_default.golden.yaml
│ │ │ │ ├── pilot_disable_tracing.golden.yaml
│ │ │ │ ├── pilot_env_var_from.golden.yaml
│ │ │ │ ├── pilot_k8s_settings.golden.yaml
│ │ │ │ ├── pilot_merge_meshconfig.golden.yaml
│ │ │ │ ├── pilot_override_kubernetes.golden.yaml
│ │ │ │ ├── pilot_override_values.golden.yaml
│ │ │ │ ├── sidecar_template.golden.yaml
│ │ │ │ ├── ztunnel.golden.yaml
│ │ │ │ └── ztunnel_tolerations.golden.yaml
│ │ └── profile-dump
│ │ │ ├── input
│ │ │ ├── all_off.yaml
│ │ │ ├── config_path.yaml
│ │ │ └── list_path.yaml
│ │ │ └── output
│ │ │ ├── all_off.txt
│ │ │ ├── all_off.yaml
│ │ │ ├── config_path.txt
│ │ │ ├── config_path.yaml
│ │ │ ├── list_path.txt
│ │ │ └── list_path.yaml
│ │ ├── uninstall.go
│ │ └── upgrade.go
├── images
│ └── operator_render_flow.svg
├── pkg
│ ├── apis
│ │ ├── register.go
│ │ ├── types.go
│ │ ├── validation
│ │ │ ├── validation.go
│ │ │ └── validation_test.go
│ │ ├── value_types_json.go
│ │ ├── values_types.pb.go
│ │ └── values_types.proto
│ ├── component
│ │ └── component.go
│ ├── helm
│ │ ├── helm.go
│ │ ├── helm_test.go
│ │ ├── path.go
│ │ ├── path_windows.go
│ │ ├── path_windows_test.go
│ │ └── testdata
│ │ │ ├── input
│ │ │ ├── gateway-additional-containers.yaml
│ │ │ ├── gateway-deployment.yaml
│ │ │ ├── gateway-env-var-from.yaml
│ │ │ ├── gateway-init-containers.yaml
│ │ │ ├── istiod-pdb-max-unavailable.yaml
│ │ │ ├── istiod-pdb-unhealthy-pod-eviction-policy.yaml
│ │ │ ├── istiod-pdb.yaml
│ │ │ └── istiod-traffic-distribution.yaml
│ │ │ └── output
│ │ │ ├── gateway-additional-containers.golden.yaml
│ │ │ ├── gateway-deployment.golden.yaml
│ │ │ ├── gateway-env-var-from.golden.yaml
│ │ │ ├── gateway-init-containers.golden.yaml
│ │ │ ├── istiod-pdb-max-unavailable.golden.yaml
│ │ │ ├── istiod-pdb-unhealthy-pod-eviction-policy.golden.yaml
│ │ │ ├── istiod-pdb.golden.yaml
│ │ │ └── istiod-traffic-distribution.golden.yaml
│ ├── install
│ │ ├── install.go
│ │ └── wait.go
│ ├── manifest
│ │ ├── manifest.go
│ │ └── name.go
│ ├── render
│ │ ├── manifest.go
│ │ └── postprocess.go
│ ├── test
│ │ └── util.go
│ ├── tpath
│ │ └── tree.go
│ ├── uninstall
│ │ └── prune.go
│ ├── util
│ │ ├── clog
│ │ │ └── clog.go
│ │ ├── common.go
│ │ ├── errs.go
│ │ ├── errs_test.go
│ │ ├── k8s.go
│ │ ├── k8s_test.go
│ │ ├── label.go
│ │ ├── label_test.go
│ │ ├── path.go
│ │ ├── path_test.go
│ │ ├── progress
│ │ │ ├── progress.go
│ │ │ └── progress_test.go
│ │ ├── reflect.go
│ │ ├── reflect_test.go
│ │ ├── testdata
│ │ │ ├── overlay-iop.yaml
│ │ │ └── yaml
│ │ │ │ ├── input
│ │ │ │ ├── convention_boolean.yaml
│ │ │ │ ├── convention_float.yaml
│ │ │ │ ├── convention_integer.yaml
│ │ │ │ ├── yaml_layer1.yaml
│ │ │ │ ├── yaml_layer1_stdin.yaml
│ │ │ │ ├── yaml_layer2.yaml
│ │ │ │ └── yaml_layer3.yaml
│ │ │ │ └── output
│ │ │ │ ├── convention_boolean.yaml
│ │ │ │ ├── convention_float.yaml
│ │ │ │ ├── convention_integer.yaml
│ │ │ │ ├── layer1.yaml
│ │ │ │ ├── layer1_2.yaml
│ │ │ │ ├── layer1_2_3.yaml
│ │ │ │ └── layer1_stdin.yaml
│ │ ├── testhelpers
│ │ │ └── diff.go
│ │ ├── util.go
│ │ └── util_test.go
│ ├── values
│ │ ├── map.go
│ │ └── map_test.go
│ ├── version
│ │ ├── version.go
│ │ └── version_test.go
│ └── webhook
│ │ └── webhook.go
├── scripts
│ ├── run_update_branch.sh
│ ├── run_update_golden_snapshots.sh
│ └── update_version.sh
└── version
│ └── version.go
├── pilot
├── cmd
│ ├── pilot-agent
│ │ ├── app
│ │ │ ├── cmd.go
│ │ │ ├── cmd_test.go
│ │ │ ├── request.go
│ │ │ └── wait.go
│ │ ├── config
│ │ │ ├── config.go
│ │ │ └── config_test.go
│ │ ├── main.go
│ │ ├── metrics
│ │ │ └── metrics.go
│ │ ├── options
│ │ │ ├── agent.go
│ │ │ ├── agent_proxy.go
│ │ │ ├── options.go
│ │ │ ├── security.go
│ │ │ ├── security_test.go
│ │ │ └── statusserver.go
│ │ └── status
│ │ │ ├── dialer_others.go
│ │ │ ├── dialer_windows.go
│ │ │ ├── grpcready
│ │ │ └── probe.go
│ │ │ ├── ready
│ │ │ ├── probe.go
│ │ │ └── probe_test.go
│ │ │ ├── server.go
│ │ │ ├── server_test.go
│ │ │ ├── test-cert
│ │ │ ├── cert.crt
│ │ │ └── cert.key
│ │ │ ├── testserver
│ │ │ └── server.go
│ │ │ └── util
│ │ │ └── stats.go
│ └── pilot-discovery
│ │ ├── app
│ │ ├── cmd.go
│ │ ├── options.go
│ │ └── request.go
│ │ └── main.go
├── docker
│ ├── Dockerfile.pilot
│ ├── Dockerfile.proxyv2
│ └── Dockerfile.ztunnel
├── pkg
│ ├── autoregistration
│ │ ├── connections.go
│ │ ├── controller.go
│ │ ├── controller_test.go
│ │ ├── internal
│ │ │ ├── health
│ │ │ │ ├── controller.go
│ │ │ │ └── util.go
│ │ │ └── state
│ │ │ │ └── store.go
│ │ └── leak_test.go
│ ├── bootstrap
│ │ ├── certcontroller.go
│ │ ├── config_compare.go
│ │ ├── config_compare_test.go
│ │ ├── configcontroller.go
│ │ ├── configcontroller_test.go
│ │ ├── discovery.go
│ │ ├── istio_ca.go
│ │ ├── istio_ca_test.go
│ │ ├── leak_test.go
│ │ ├── mesh.go
│ │ ├── monitoring.go
│ │ ├── options.go
│ │ ├── server.go
│ │ ├── server_test.go
│ │ ├── servicecontroller.go
│ │ ├── sidecarinjector.go
│ │ ├── util.go
│ │ ├── validation.go
│ │ └── webhook.go
│ ├── config
│ │ ├── aggregate
│ │ │ ├── config.go
│ │ │ └── config_test.go
│ │ ├── file
│ │ │ ├── store.go
│ │ │ ├── store_test.go
│ │ │ └── util
│ │ │ │ └── kubeyaml
│ │ │ │ ├── kubeyaml.go
│ │ │ │ └── kubeyaml_test.go
│ │ ├── kube
│ │ │ ├── clustertrustbundle
│ │ │ │ ├── controller.go
│ │ │ │ └── controller_test.go
│ │ │ ├── crd
│ │ │ │ ├── config.go
│ │ │ │ ├── config_test.go
│ │ │ │ ├── conversion.go
│ │ │ │ ├── conversion_test.go
│ │ │ │ └── leak_test.go
│ │ │ ├── crdclient
│ │ │ │ ├── client.go
│ │ │ │ ├── client_test.go
│ │ │ │ ├── leak_test.go
│ │ │ │ ├── metrics.go
│ │ │ │ └── types.gen.go
│ │ │ ├── file
│ │ │ │ ├── controller.go
│ │ │ │ └── controller_test.go
│ │ │ ├── gateway
│ │ │ │ ├── backend_policies.go
│ │ │ │ ├── conditions.go
│ │ │ │ ├── conditions_test.go
│ │ │ │ ├── context.go
│ │ │ │ ├── controller.go
│ │ │ │ ├── controller_test.go
│ │ │ │ ├── conversion.go
│ │ │ │ ├── conversion_test.go
│ │ │ │ ├── deploymentcontroller.go
│ │ │ │ ├── deploymentcontroller_test.go
│ │ │ │ ├── gateway_collection.go
│ │ │ │ ├── gatewayclass.go
│ │ │ │ ├── gatewayclass_collection.go
│ │ │ │ ├── gatewayclass_test.go
│ │ │ │ ├── inferencepool_collection.go
│ │ │ │ ├── inferencepool_status_test.go
│ │ │ │ ├── inferencepool_test.go
│ │ │ │ ├── leak_test.go
│ │ │ │ ├── references.go
│ │ │ │ ├── references_collection.go
│ │ │ │ ├── route_collections.go
│ │ │ │ ├── status_test.go
│ │ │ │ ├── supported_features.go
│ │ │ │ └── testdata
│ │ │ │ │ ├── backend-lb-policy.status.yaml.golden
│ │ │ │ │ ├── backend-lb-policy.yaml
│ │ │ │ │ ├── backend-lb-policy.yaml.golden
│ │ │ │ │ ├── backend-tls-policy.status.yaml.golden
│ │ │ │ │ ├── backend-tls-policy.yaml
│ │ │ │ │ ├── backend-tls-policy.yaml.golden
│ │ │ │ │ ├── benchmark-httproute.yaml
│ │ │ │ │ ├── delegated.status.yaml.golden
│ │ │ │ │ ├── delegated.yaml
│ │ │ │ │ ├── delegated.yaml.golden
│ │ │ │ │ ├── deployment
│ │ │ │ │ ├── cluster-ip.yaml
│ │ │ │ │ ├── copy-labels-annotations-disabled-infra-nil.yaml
│ │ │ │ │ ├── copy-labels-annotations-disabled-infra-set.yaml
│ │ │ │ │ ├── copy-labels-annotations-enabled-infra-nil.yaml
│ │ │ │ │ ├── custom-class.yaml
│ │ │ │ │ ├── customizations.yaml
│ │ │ │ │ ├── gateway-with-infrerencepool-extproc-infra-label.yaml
│ │ │ │ │ ├── illegal_customizations.yaml
│ │ │ │ │ ├── infrastructure-labels-annotations.yaml
│ │ │ │ │ ├── istio-east-west.yaml
│ │ │ │ │ ├── istio-upgrade-to-1.24.yaml
│ │ │ │ │ ├── kube-gateway-ambient-redirect-infra.yaml
│ │ │ │ │ ├── kube-gateway-ambient-redirect.yaml
│ │ │ │ │ ├── manual-ip.yaml
│ │ │ │ │ ├── manual-sa.yaml
│ │ │ │ │ ├── multinetwork.yaml
│ │ │ │ │ ├── proxy-config-crd.yaml
│ │ │ │ │ ├── simple.yaml
│ │ │ │ │ ├── waypoint-no-network-label.yaml
│ │ │ │ │ └── waypoint.yaml
│ │ │ │ │ ├── east-west-ambient.status.yaml.golden
│ │ │ │ │ ├── east-west-ambient.yaml
│ │ │ │ │ ├── east-west-ambient.yaml.golden
│ │ │ │ │ ├── eastwest-labelport.status.yaml.golden
│ │ │ │ │ ├── eastwest-labelport.yaml
│ │ │ │ │ ├── eastwest-labelport.yaml.golden
│ │ │ │ │ ├── eastwest-remote.status.yaml.golden
│ │ │ │ │ ├── eastwest-remote.yaml
│ │ │ │ │ ├── eastwest-remote.yaml.golden
│ │ │ │ │ ├── eastwest-tlsoption.status.yaml.golden
│ │ │ │ │ ├── eastwest-tlsoption.yaml
│ │ │ │ │ ├── eastwest-tlsoption.yaml.golden
│ │ │ │ │ ├── eastwest.status.yaml.golden
│ │ │ │ │ ├── eastwest.yaml
│ │ │ │ │ ├── eastwest.yaml.golden
│ │ │ │ │ ├── grpc.status.yaml.golden
│ │ │ │ │ ├── grpc.yaml
│ │ │ │ │ ├── grpc.yaml.golden
│ │ │ │ │ ├── http.status.yaml.golden
│ │ │ │ │ ├── http.yaml
│ │ │ │ │ ├── http.yaml.golden
│ │ │ │ │ ├── invalid.status.yaml.golden
│ │ │ │ │ ├── invalid.yaml
│ │ │ │ │ ├── invalid.yaml.golden
│ │ │ │ │ ├── isolation.status.yaml.golden
│ │ │ │ │ ├── isolation.yaml
│ │ │ │ │ ├── isolation.yaml.golden
│ │ │ │ │ ├── listenerset-cross-namespace.status.yaml.golden
│ │ │ │ │ ├── listenerset-cross-namespace.yaml
│ │ │ │ │ ├── listenerset-cross-namespace.yaml.golden
│ │ │ │ │ ├── listenerset-empty-listeners.status.yaml.golden
│ │ │ │ │ ├── listenerset-empty-listeners.yaml
│ │ │ │ │ ├── listenerset-empty-listeners.yaml.golden
│ │ │ │ │ ├── listenerset-invalid.status.yaml.golden
│ │ │ │ │ ├── listenerset-invalid.yaml
│ │ │ │ │ ├── listenerset-invalid.yaml.golden
│ │ │ │ │ ├── listenerset.status.yaml.golden
│ │ │ │ │ ├── listenerset.yaml
│ │ │ │ │ ├── listenerset.yaml.golden
│ │ │ │ │ ├── mcs.status.yaml.golden
│ │ │ │ │ ├── mcs.yaml
│ │ │ │ │ ├── mcs.yaml.golden
│ │ │ │ │ ├── mesh.status.yaml.golden
│ │ │ │ │ ├── mesh.yaml
│ │ │ │ │ ├── mesh.yaml.golden
│ │ │ │ │ ├── mismatch.status.yaml.golden
│ │ │ │ │ ├── mismatch.yaml
│ │ │ │ │ ├── mismatch.yaml.golden
│ │ │ │ │ ├── mix-backend-policy.status.yaml.golden
│ │ │ │ │ ├── mix-backend-policy.yaml
│ │ │ │ │ ├── mix-backend-policy.yaml.golden
│ │ │ │ │ ├── multi-gateway.status.yaml.golden
│ │ │ │ │ ├── multi-gateway.yaml
│ │ │ │ │ ├── multi-gateway.yaml.golden
│ │ │ │ │ ├── reference-policy-inferencepool.status.yaml.golden
│ │ │ │ │ ├── reference-policy-inferencepool.yaml
│ │ │ │ │ ├── reference-policy-inferencepool.yaml.golden
│ │ │ │ │ ├── reference-policy-service.status.yaml.golden
│ │ │ │ │ ├── reference-policy-service.yaml
│ │ │ │ │ ├── reference-policy-service.yaml.golden
│ │ │ │ │ ├── reference-policy-tcp.status.yaml.golden
│ │ │ │ │ ├── reference-policy-tcp.yaml
│ │ │ │ │ ├── reference-policy-tcp.yaml.golden
│ │ │ │ │ ├── reference-policy-tls.status.yaml.golden
│ │ │ │ │ ├── reference-policy-tls.yaml
│ │ │ │ │ ├── reference-policy-tls.yaml.golden
│ │ │ │ │ ├── route-binding.status.yaml.golden
│ │ │ │ │ ├── route-binding.yaml
│ │ │ │ │ ├── route-binding.yaml.golden
│ │ │ │ │ ├── route-precedence.status.yaml.golden
│ │ │ │ │ ├── route-precedence.yaml
│ │ │ │ │ ├── route-precedence.yaml.golden
│ │ │ │ │ ├── serviceentry.status.yaml.golden
│ │ │ │ │ ├── serviceentry.yaml
│ │ │ │ │ ├── serviceentry.yaml.golden
│ │ │ │ │ ├── status.status.yaml.golden
│ │ │ │ │ ├── status.yaml
│ │ │ │ │ ├── status.yaml.golden
│ │ │ │ │ ├── tcp.status.yaml.golden
│ │ │ │ │ ├── tcp.yaml
│ │ │ │ │ ├── tcp.yaml.golden
│ │ │ │ │ ├── tls.status.yaml.golden
│ │ │ │ │ ├── tls.yaml
│ │ │ │ │ ├── tls.yaml.golden
│ │ │ │ │ ├── valid-invalid-parent-ref.status.yaml.golden
│ │ │ │ │ ├── valid-invalid-parent-ref.yaml
│ │ │ │ │ ├── valid-invalid-parent-ref.yaml.golden
│ │ │ │ │ ├── waypoint.status.yaml.golden
│ │ │ │ │ ├── waypoint.yaml
│ │ │ │ │ ├── waypoint.yaml.golden
│ │ │ │ │ ├── weighted.status.yaml.golden
│ │ │ │ │ ├── weighted.yaml
│ │ │ │ │ ├── weighted.yaml.golden
│ │ │ │ │ ├── zero.status.yaml.golden
│ │ │ │ │ ├── zero.yaml
│ │ │ │ │ └── zero.yaml.golden
│ │ │ └── ingress
│ │ │ │ ├── controller.go
│ │ │ │ ├── controller_test.go
│ │ │ │ ├── conversion_test.go
│ │ │ │ ├── gateways.go
│ │ │ │ ├── ingress.go
│ │ │ │ ├── leak_test.go
│ │ │ │ ├── status_test.go
│ │ │ │ ├── testdata
│ │ │ │ ├── overlay.yaml
│ │ │ │ ├── overlay.yaml.golden
│ │ │ │ ├── simple.yaml
│ │ │ │ ├── simple.yaml.golden
│ │ │ │ ├── tls-no-secret.yaml
│ │ │ │ ├── tls-no-secret.yaml.golden
│ │ │ │ ├── tls.yaml
│ │ │ │ └── tls.yaml.golden
│ │ │ │ └── virtualservices.go
│ │ └── memory
│ │ │ ├── controller.go
│ │ │ ├── controller_test.go
│ │ │ ├── leak_test.go
│ │ │ ├── monitor.go
│ │ │ ├── monitor_test.go
│ │ │ ├── store.go
│ │ │ └── store_test.go
│ ├── controllers
│ │ ├── ipallocate
│ │ │ ├── ipallocate.go
│ │ │ └── ipallocate_test.go
│ │ └── untaint
│ │ │ ├── nodeuntainter.go
│ │ │ └── nodeuntainter_test.go
│ ├── credentials
│ │ ├── kube
│ │ │ ├── leak_test.go
│ │ │ ├── multicluster.go
│ │ │ ├── secrets.go
│ │ │ └── secrets_test.go
│ │ └── model.go
│ ├── features
│ │ ├── ambient.go
│ │ ├── experimental.go
│ │ ├── pilot.go
│ │ ├── security.go
│ │ ├── telemetry.go
│ │ ├── tuning.go
│ │ └── xds.go
│ ├── grpc
│ │ ├── grpc.go
│ │ ├── grpc_test.go
│ │ ├── leak_test.go
│ │ └── tls.go
│ ├── keycertbundle
│ │ ├── watcher.go
│ │ └── watcher_test.go
│ ├── leaderelection
│ │ ├── k8sleaderelection
│ │ │ ├── README.md
│ │ │ ├── healthzadaptor.go
│ │ │ ├── healthzadaptor_test.go
│ │ │ ├── k8sresourcelock
│ │ │ │ ├── configmaplock.go
│ │ │ │ ├── endpointslock.go
│ │ │ │ ├── interface.go
│ │ │ │ ├── leaselock.go
│ │ │ │ └── multilock.go
│ │ │ ├── leaderelection.go
│ │ │ ├── leaderelection_test.go
│ │ │ └── metrics.go
│ │ ├── leaderelection.go
│ │ ├── leaderelection_test.go
│ │ └── leak_test.go
│ ├── model
│ │ ├── addressmap.go
│ │ ├── addressmap_test.go
│ │ ├── authentication.go
│ │ ├── authentication_test.go
│ │ ├── authorization.go
│ │ ├── authorization_test.go
│ │ ├── cluster_local.go
│ │ ├── cluster_local_test.go
│ │ ├── config.go
│ │ ├── config_test.go
│ │ ├── context.go
│ │ ├── context_test.go
│ │ ├── controller.go
│ │ ├── conversion_test.go
│ │ ├── credentials
│ │ │ ├── resource.go
│ │ │ └── resource_test.go
│ │ ├── destination_rule.go
│ │ ├── destination_rule_test.go
│ │ ├── endpointshards.go
│ │ ├── endpointshards_test.go
│ │ ├── envoyfilter.go
│ │ ├── envoyfilter_test.go
│ │ ├── extensions.go
│ │ ├── extensions_test.go
│ │ ├── fake_endpointshards.go
│ │ ├── fake_gatewaycontroller.go
│ │ ├── fake_store.go
│ │ ├── fuzz_test.go
│ │ ├── gateway.go
│ │ ├── gateway_test.go
│ │ ├── jwks_resolver.go
│ │ ├── jwks_resolver_test.go
│ │ ├── kstatus
│ │ │ ├── helper.go
│ │ │ └── helper_test.go
│ │ ├── leak_test.go
│ │ ├── listener.go
│ │ ├── log.go
│ │ ├── monitoring.go
│ │ ├── network.go
│ │ ├── network_test.go
│ │ ├── policyattachment.go
│ │ ├── policyattachment_test.go
│ │ ├── proxy_config.go
│ │ ├── proxy_config_test.go
│ │ ├── proxy_view.go
│ │ ├── proxy_view_test.go
│ │ ├── push_context.go
│ │ ├── push_context_test.go
│ │ ├── service.go
│ │ ├── service_test.go
│ │ ├── sidecar.go
│ │ ├── sidecar_test.go
│ │ ├── status
│ │ │ ├── helper.go
│ │ │ ├── helper_test.go
│ │ │ └── workloadentry.go
│ │ ├── telemetry.go
│ │ ├── telemetry_logging.go
│ │ ├── telemetry_logging_test.go
│ │ ├── telemetry_metric_test.go
│ │ ├── telemetry_test.go
│ │ ├── test
│ │ │ ├── mockopenidserver.go
│ │ │ └── testcert
│ │ │ │ ├── cert.pem
│ │ │ │ ├── cert2.pem
│ │ │ │ ├── generate.sh
│ │ │ │ ├── key.pem
│ │ │ │ └── key2.pem
│ │ ├── typed_xds_cache.go
│ │ ├── typed_xds_cache_test.go
│ │ ├── validation.go
│ │ ├── validation_test.go
│ │ ├── virtualservice.go
│ │ ├── virtualservice_test.go
│ │ └── xds_cache.go
│ ├── networking
│ │ ├── apigen
│ │ │ ├── apigen.go
│ │ │ └── apigen_test.go
│ │ ├── core
│ │ │ ├── accesslog.go
│ │ │ ├── accesslog_test.go
│ │ │ ├── cluster.go
│ │ │ ├── cluster_builder.go
│ │ │ ├── cluster_builder_test.go
│ │ │ ├── cluster_cache.go
│ │ │ ├── cluster_test.go
│ │ │ ├── cluster_tls.go
│ │ │ ├── cluster_tls_test.go
│ │ │ ├── cluster_traffic_policy.go
│ │ │ ├── cluster_traffic_policy_test.go
│ │ │ ├── cluster_waypoint.go
│ │ │ ├── configgen.go
│ │ │ ├── envoyfilter
│ │ │ │ ├── cluster_patch.go
│ │ │ │ ├── cluster_patch_test.go
│ │ │ │ ├── extension_configuration_patch.go
│ │ │ │ ├── extension_configuration_patch_test.go
│ │ │ │ ├── fuzz_test.go
│ │ │ │ ├── leak_test.go
│ │ │ │ ├── listener_patch.go
│ │ │ │ ├── listener_patch_test.go
│ │ │ │ ├── monitoring.go
│ │ │ │ ├── rc_patch.go
│ │ │ │ ├── rc_patch_test.go
│ │ │ │ ├── util.go
│ │ │ │ └── util_test.go
│ │ │ ├── extension
│ │ │ │ ├── wasmplugin.go
│ │ │ │ └── wasmplugin_test.go
│ │ │ ├── extension_config_builder.go
│ │ │ ├── fake.go
│ │ │ ├── filterchain_options.go
│ │ │ ├── fuzz_test.go
│ │ │ ├── gateway.go
│ │ │ ├── gateway_simulation_test.go
│ │ │ ├── gateway_test.go
│ │ │ ├── httproute.go
│ │ │ ├── httproute_test.go
│ │ │ ├── leak_test.go
│ │ │ ├── listener.go
│ │ │ ├── listener_address.go
│ │ │ ├── listener_builder.go
│ │ │ ├── listener_builder_test.go
│ │ │ ├── listener_inbound.go
│ │ │ ├── listener_test.go
│ │ │ ├── listener_waypoint.go
│ │ │ ├── listenertest
│ │ │ │ └── match.go
│ │ │ ├── loadbalancer
│ │ │ │ ├── fuzz_test.go
│ │ │ │ ├── loadbalancer.go
│ │ │ │ └── loadbalancer_test.go
│ │ │ ├── match
│ │ │ │ ├── match.go
│ │ │ │ └── match_test.go
│ │ │ ├── name_table.go
│ │ │ ├── networkfilter.go
│ │ │ ├── networkfilter_test.go
│ │ │ ├── peer_authentication_simulation_test.go
│ │ │ ├── route
│ │ │ │ ├── leak_test.go
│ │ │ │ ├── retry
│ │ │ │ │ ├── retry.go
│ │ │ │ │ └── retry_test.go
│ │ │ │ ├── route.go
│ │ │ │ ├── route_cache.go
│ │ │ │ ├── route_cache_test.go
│ │ │ │ ├── route_internal_test.go
│ │ │ │ └── route_test.go
│ │ │ ├── serviceentry_simulation_test.go
│ │ │ ├── sidecar_simulation_test.go
│ │ │ ├── tls.go
│ │ │ ├── tls_test.go
│ │ │ ├── tracing.go
│ │ │ ├── tracing_test.go
│ │ │ ├── tunnelingconfig
│ │ │ │ └── apply.go
│ │ │ └── waypoint.go
│ │ ├── grpcgen
│ │ │ ├── cds.go
│ │ │ ├── grpcecho_test.go
│ │ │ ├── grpcgen.go
│ │ │ ├── grpcgen_test.go
│ │ │ ├── lds.go
│ │ │ ├── lds_test.go
│ │ │ ├── rds.go
│ │ │ └── testdata
│ │ │ │ └── xds_bootstrap.json
│ │ ├── networking.go
│ │ ├── networking_test.go
│ │ ├── plugin
│ │ │ ├── authn
│ │ │ │ ├── authentication.go
│ │ │ │ ├── util.go
│ │ │ │ └── util_test.go
│ │ │ └── authz
│ │ │ │ └── authorization.go
│ │ ├── serviceentry
│ │ │ └── ip_autoallocation.go
│ │ ├── telemetry
│ │ │ ├── telemetry.go
│ │ │ └── telemetry_test.go
│ │ └── util
│ │ │ ├── fuzz_test.go
│ │ │ ├── internal_upstream.go
│ │ │ ├── util.go
│ │ │ └── util_test.go
│ ├── request
│ │ ├── command.go
│ │ └── command_test.go
│ ├── security
│ │ ├── authn
│ │ │ ├── factory.go
│ │ │ ├── policy_applier.go
│ │ │ ├── policy_applier_test.go
│ │ │ └── utils
│ │ │ │ ├── utils.go
│ │ │ │ └── utils_test.go
│ │ ├── authz
│ │ │ ├── builder
│ │ │ │ ├── builder.go
│ │ │ │ ├── builder_test.go
│ │ │ │ ├── extauthz.go
│ │ │ │ ├── fuzz_test.go
│ │ │ │ ├── logger.go
│ │ │ │ └── testdata
│ │ │ │ │ ├── http
│ │ │ │ │ ├── allow-empty-rule-in.yaml
│ │ │ │ │ ├── allow-empty-rule-out.yaml
│ │ │ │ │ ├── allow-full-rule-in.yaml
│ │ │ │ │ ├── allow-full-rule-out.yaml
│ │ │ │ │ ├── allow-host-before-111-in.yaml
│ │ │ │ │ ├── allow-host-before-111-out.yaml
│ │ │ │ │ ├── allow-nil-rule-in.yaml
│ │ │ │ │ ├── allow-nil-rule-out.yaml
│ │ │ │ │ ├── allow-path-in.yaml
│ │ │ │ │ ├── allow-path-out.yaml
│ │ │ │ │ ├── audit-full-rule-in.yaml
│ │ │ │ │ ├── audit-full-rule-out.yaml
│ │ │ │ │ ├── custom-bad-multiple-providers-in.yaml
│ │ │ │ │ ├── custom-bad-out.yaml
│ │ │ │ │ ├── custom-grpc-provider-no-namespace-out1.yaml
│ │ │ │ │ ├── custom-grpc-provider-no-namespace-out2.yaml
│ │ │ │ │ ├── custom-grpc-provider-out1.yaml
│ │ │ │ │ ├── custom-grpc-provider-out2.yaml
│ │ │ │ │ ├── custom-http-provider-out1.yaml
│ │ │ │ │ ├── custom-http-provider-out2.yaml
│ │ │ │ │ ├── custom-simple-http-in.yaml
│ │ │ │ │ ├── deny-and-allow-in.yaml
│ │ │ │ │ ├── deny-and-allow-out1.yaml
│ │ │ │ │ ├── deny-and-allow-out2.yaml
│ │ │ │ │ ├── deny-empty-rule-in.yaml
│ │ │ │ │ ├── deny-empty-rule-out.yaml
│ │ │ │ │ ├── dry-run-allow-and-deny-in.yaml
│ │ │ │ │ ├── dry-run-allow-and-deny-out1.yaml
│ │ │ │ │ ├── dry-run-allow-and-deny-out2.yaml
│ │ │ │ │ ├── dry-run-allow-in.yaml
│ │ │ │ │ ├── dry-run-allow-out.yaml
│ │ │ │ │ ├── dry-run-mix-in.yaml
│ │ │ │ │ ├── dry-run-mix-out.yaml
│ │ │ │ │ ├── extended-allow-empty-rule-out.yaml
│ │ │ │ │ ├── extended-allow-full-rule-out.yaml
│ │ │ │ │ ├── extended-allow-nil-rule-out.yaml
│ │ │ │ │ ├── extended-allow-path-out.yaml
│ │ │ │ │ ├── extended-audit-full-rule-out.yaml
│ │ │ │ │ ├── extended-custom-bad-out.yaml
│ │ │ │ │ ├── extended-custom-grpc-provider-no-namespace-out1.yaml
│ │ │ │ │ ├── extended-custom-grpc-provider-no-namespace-out2.yaml
│ │ │ │ │ ├── extended-custom-grpc-provider-out1.yaml
│ │ │ │ │ ├── extended-custom-grpc-provider-out2.yaml
│ │ │ │ │ ├── extended-custom-http-provider-out1.yaml
│ │ │ │ │ ├── extended-custom-http-provider-out2.yaml
│ │ │ │ │ ├── extended-deny-and-allow-out1.yaml
│ │ │ │ │ ├── extended-deny-and-allow-out2.yaml
│ │ │ │ │ ├── extended-deny-empty-rule-out.yaml
│ │ │ │ │ ├── extended-dry-run-allow-and-deny-out1.yaml
│ │ │ │ │ ├── extended-dry-run-allow-and-deny-out2.yaml
│ │ │ │ │ ├── extended-dry-run-allow-out.yaml
│ │ │ │ │ ├── extended-dry-run-mix-out.yaml
│ │ │ │ │ ├── extended-multiple-policies-out.yaml
│ │ │ │ │ ├── extended-simple-policy-multiple-td-aliases-out.yaml
│ │ │ │ │ ├── extended-simple-policy-principal-with-wildcard-out.yaml
│ │ │ │ │ ├── extended-simple-policy-td-aliases-out.yaml
│ │ │ │ │ ├── extended-single-policy-out.yaml
│ │ │ │ │ ├── extended-td-aliases-source-principal-out.yaml
│ │ │ │ │ ├── multiple-policies-in.yaml
│ │ │ │ │ ├── multiple-policies-out.yaml
│ │ │ │ │ ├── simple-policy-multiple-td-aliases-in.yaml
│ │ │ │ │ ├── simple-policy-multiple-td-aliases-out.yaml
│ │ │ │ │ ├── simple-policy-principal-with-wildcard-in.yaml
│ │ │ │ │ ├── simple-policy-principal-with-wildcard-out.yaml
│ │ │ │ │ ├── simple-policy-td-aliases-in.yaml
│ │ │ │ │ ├── simple-policy-td-aliases-out.yaml
│ │ │ │ │ ├── single-policy-in.yaml
│ │ │ │ │ ├── single-policy-out.yaml
│ │ │ │ │ ├── td-aliases-source-principal-in.yaml
│ │ │ │ │ └── td-aliases-source-principal-out.yaml
│ │ │ │ │ └── tcp
│ │ │ │ │ ├── allow-both-http-tcp-in.yaml
│ │ │ │ │ ├── allow-both-http-tcp-out.yaml
│ │ │ │ │ ├── allow-only-http-in.yaml
│ │ │ │ │ ├── allow-only-http-out.yaml
│ │ │ │ │ ├── audit-both-http-tcp-in.yaml
│ │ │ │ │ ├── audit-both-http-tcp-out.yaml
│ │ │ │ │ ├── custom-both-http-tcp-in.yaml
│ │ │ │ │ ├── custom-both-http-tcp-out1.yaml
│ │ │ │ │ ├── custom-both-http-tcp-out2.yaml
│ │ │ │ │ ├── custom-only-http-in.yaml
│ │ │ │ │ ├── deny-both-http-tcp-in.yaml
│ │ │ │ │ ├── deny-both-http-tcp-out.yaml
│ │ │ │ │ ├── dry-run-mix-in.yaml
│ │ │ │ │ └── dry-run-mix-out.yaml
│ │ │ ├── matcher
│ │ │ │ ├── header.go
│ │ │ │ ├── header_test.go
│ │ │ │ ├── leak_test.go
│ │ │ │ ├── metadata.go
│ │ │ │ ├── metadata_test.go
│ │ │ │ ├── string.go
│ │ │ │ ├── string_test.go
│ │ │ │ ├── template.go
│ │ │ │ └── template_test.go
│ │ │ └── model
│ │ │ │ ├── generator.go
│ │ │ │ ├── generator_test.go
│ │ │ │ ├── leak_test.go
│ │ │ │ ├── model.go
│ │ │ │ ├── model_test.go
│ │ │ │ ├── permission.go
│ │ │ │ ├── principal.go
│ │ │ │ ├── util.go
│ │ │ │ └── util_test.go
│ │ ├── model
│ │ │ ├── authentication.go
│ │ │ └── authentication_test.go
│ │ └── trustdomain
│ │ │ ├── bundle.go
│ │ │ ├── bundle_test.go
│ │ │ ├── leak_test.go
│ │ │ ├── util.go
│ │ │ └── util_test.go
│ ├── server
│ │ ├── instance.go
│ │ ├── instance_test.go
│ │ └── leak_test.go
│ ├── serviceregistry
│ │ ├── aggregate
│ │ │ ├── controller.go
│ │ │ ├── controller_test.go
│ │ │ └── leak_test.go
│ │ ├── instance.go
│ │ ├── kube
│ │ │ ├── controller
│ │ │ │ ├── ambient
│ │ │ │ │ ├── ambientindex.go
│ │ │ │ │ ├── ambientindex_multicluster_test.go
│ │ │ │ │ ├── ambientindex_serviceentry_test.go
│ │ │ │ │ ├── ambientindex_test.go
│ │ │ │ │ ├── ambientindex_workloadentry_test.go
│ │ │ │ │ ├── authorization.go
│ │ │ │ │ ├── authorization_test.go
│ │ │ │ │ ├── collectioncache.go
│ │ │ │ │ ├── helpers.go
│ │ │ │ │ ├── multicluster.go
│ │ │ │ │ ├── multicluster
│ │ │ │ │ │ ├── cluster.go
│ │ │ │ │ │ └── clusterstore.go
│ │ │ │ │ ├── multicluster_test.go
│ │ │ │ │ ├── networks.go
│ │ │ │ │ ├── nodes.go
│ │ │ │ │ ├── policies.go
│ │ │ │ │ ├── remotesecrets.go
│ │ │ │ │ ├── remotesecrets_test.go
│ │ │ │ │ ├── services.go
│ │ │ │ │ ├── services_test.go
│ │ │ │ │ ├── sidecar_interop.go
│ │ │ │ │ ├── sidecar_interop_test.go
│ │ │ │ │ ├── status.go
│ │ │ │ │ ├── statusqueue
│ │ │ │ │ │ ├── conversion.go
│ │ │ │ │ │ ├── conversion_test.go
│ │ │ │ │ │ ├── queue.go
│ │ │ │ │ │ └── queue_test.go
│ │ │ │ │ ├── testdata
│ │ │ │ │ │ ├── allow-full-in.yaml
│ │ │ │ │ │ ├── allow-full.yaml
│ │ │ │ │ │ ├── allow-groups-in.yaml
│ │ │ │ │ │ ├── allow-groups.yaml
│ │ │ │ │ │ ├── deny-groups-in.yaml
│ │ │ │ │ │ ├── deny-groups.yaml
│ │ │ │ │ │ ├── peer-authn-disable-in.yaml
│ │ │ │ │ │ ├── peer-authn-disable-port-mtls-strict-in.yaml
│ │ │ │ │ │ ├── peer-authn-disable-port-mtls-strict.yaml
│ │ │ │ │ │ ├── peer-authn-disable.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-in.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-port-mtls-strict-and-permissive-in.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-port-mtls-strict-and-permissive.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-port-mtls-strict-in.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-port-mtls-strict.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-root-permissive-namespace-strict-workload-ports-in.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-root-permissive-namespace-strict-workload-ports.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-root-permissive-workload-in.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-root-permissive-workload.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-root-strict-namespace-permissive-workload-in.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-root-strict-namespace-permissive-workload.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-root-unset-namespace-mixed-workload-ports-in.yaml
│ │ │ │ │ │ ├── peer-authn-permissive-root-unset-namespace-mixed-workload-ports.yaml
│ │ │ │ │ │ ├── peer-authn-permissive.yaml
│ │ │ │ │ │ ├── peer-authn-strict-and-disable-port-mtls-in.yaml
│ │ │ │ │ │ ├── peer-authn-strict-and-disable-port-mtls.yaml
│ │ │ │ │ │ ├── peer-authn-strict-and-permissive-port-mtls-in.yaml
│ │ │ │ │ │ ├── peer-authn-strict-and-permissive-port-mtls.yaml
│ │ │ │ │ │ ├── peer-authn-strict-and-strict-port-mtls-in.yaml
│ │ │ │ │ │ ├── peer-authn-strict-and-strict-port-mtls.yaml
│ │ │ │ │ │ ├── peer-authn-strict-in.yaml
│ │ │ │ │ │ ├── peer-authn-strict-port-mtls-strict-and-permissive-in.yaml
│ │ │ │ │ │ ├── peer-authn-strict-port-mtls-strict-and-permissive.yaml
│ │ │ │ │ │ ├── peer-authn-strict-root-permissive-namespace-strict-workload-in.yaml
│ │ │ │ │ │ ├── peer-authn-strict-root-permissive-namespace-strict-workload.yaml
│ │ │ │ │ │ ├── peer-authn-strict-root-permissive-workload-in.yaml
│ │ │ │ │ │ ├── peer-authn-strict-root-permissive-workload.yaml
│ │ │ │ │ │ ├── peer-authn-strict-root-unset-workload-port-mtls-strict-and-permissive-in.yaml
│ │ │ │ │ │ ├── peer-authn-strict-root-unset-workload-port-mtls-strict-and-permissive.yaml
│ │ │ │ │ │ ├── peer-authn-strict-workload-in.yaml
│ │ │ │ │ │ ├── peer-authn-strict-workload.yaml
│ │ │ │ │ │ ├── peer-authn-strict.yaml
│ │ │ │ │ │ ├── peer-authn-unset-port-mtls-strict-in.yaml
│ │ │ │ │ │ └── peer-authn-unset-port-mtls-strict.yaml
│ │ │ │ │ ├── waypoints.go
│ │ │ │ │ ├── waypoints_test.go
│ │ │ │ │ ├── workloads.go
│ │ │ │ │ └── workloads_test.go
│ │ │ │ ├── autoserviceexportcontroller.go
│ │ │ │ ├── autoserviceexportcontroller_test.go
│ │ │ │ ├── controller.go
│ │ │ │ ├── controller_test.go
│ │ │ │ ├── endpoint_builder.go
│ │ │ │ ├── endpoint_builder_test.go
│ │ │ │ ├── endpointslice.go
│ │ │ │ ├── endpointslice_test.go
│ │ │ │ ├── fake.go
│ │ │ │ ├── fuzz_test.go
│ │ │ │ ├── leak_test.go
│ │ │ │ ├── multicluster.go
│ │ │ │ ├── multicluster_test.go
│ │ │ │ ├── namespacecontroller.go
│ │ │ │ ├── namespacecontroller_test.go
│ │ │ │ ├── network.go
│ │ │ │ ├── network_test.go
│ │ │ │ ├── pod.go
│ │ │ │ ├── pod_test.go
│ │ │ │ ├── serviceexportcache.go
│ │ │ │ ├── serviceexportcache_test.go
│ │ │ │ ├── serviceimportcache.go
│ │ │ │ ├── serviceimportcache_test.go
│ │ │ │ ├── util.go
│ │ │ │ └── util_test.go
│ │ │ ├── conversion.go
│ │ │ ├── conversion_test.go
│ │ │ ├── leak_test.go
│ │ │ └── testdata
│ │ │ │ ├── cert.crt
│ │ │ │ └── cert.key
│ │ ├── leak_test.go
│ │ ├── memory
│ │ │ └── discovery.go
│ │ ├── mock
│ │ │ ├── discovery.go
│ │ │ ├── discovery_mock.go
│ │ │ └── discovery_test.go
│ │ ├── provider
│ │ │ └── providers.go
│ │ ├── serviceentry
│ │ │ ├── controller.go
│ │ │ ├── controller_test.go
│ │ │ ├── conversion.go
│ │ │ ├── conversion_test.go
│ │ │ ├── leak_test.go
│ │ │ ├── namespace_handler.go
│ │ │ ├── store.go
│ │ │ ├── store_test.go
│ │ │ ├── util.go
│ │ │ ├── util_test.go
│ │ │ └── workloadentry.go
│ │ ├── serviceregistry_test.go
│ │ └── util
│ │ │ ├── label
│ │ │ └── label.go
│ │ │ ├── workloadinstances
│ │ │ ├── index.go
│ │ │ ├── index_test.go
│ │ │ ├── map.go
│ │ │ ├── selector.go
│ │ │ └── util.go
│ │ │ └── xdsfake
│ │ │ └── updater.go
│ ├── simulation
│ │ └── traffic.go
│ ├── status
│ │ ├── collections.go
│ │ ├── manager.go
│ │ ├── resource.go
│ │ ├── resourcelock.go
│ │ └── resourcelock_test.go
│ ├── trustbundle
│ │ ├── leak_test.go
│ │ ├── trustbundle.go
│ │ └── trustbundle_test.go
│ ├── util
│ │ ├── informermetric
│ │ │ └── informerutil.go
│ │ ├── network
│ │ │ ├── ip.go
│ │ │ └── ip_test.go
│ │ ├── protoconv
│ │ │ └── protoconv.go
│ │ └── runtime
│ │ │ ├── leak_test.go
│ │ │ ├── runtime.go
│ │ │ └── runtime_test.go
│ └── xds
│ │ ├── ads.go
│ │ ├── ads_test.go
│ │ ├── adstest.go
│ │ ├── auth.go
│ │ ├── bench_test.go
│ │ ├── cds.go
│ │ ├── cds_test.go
│ │ ├── debug.go
│ │ ├── debug_test.go
│ │ ├── debuggen.go
│ │ ├── delta.go
│ │ ├── delta_test.go
│ │ ├── deltaadstest.go
│ │ ├── deltatest.go
│ │ ├── discovery.go
│ │ ├── discovery_test.go
│ │ ├── ecds.go
│ │ ├── ecds_test.go
│ │ ├── eds.go
│ │ ├── eds_sh_test.go
│ │ ├── eds_test.go
│ │ ├── endpoints
│ │ ├── endpoint_builder.go
│ │ ├── endpoint_builder_test.go
│ │ ├── ep_filters.go
│ │ ├── ep_filters_test.go
│ │ └── mtls_checker.go
│ │ ├── eventhandler.go
│ │ ├── filters
│ │ ├── context.go
│ │ ├── filters.go
│ │ └── filters_test.go
│ │ ├── lds.go
│ │ ├── lds_test.go
│ │ ├── leak_test.go
│ │ ├── mesh_network_test.go
│ │ ├── monitoring.go
│ │ ├── nds.go
│ │ ├── nds_test.go
│ │ ├── pcds.go
│ │ ├── proxy_dependencies.go
│ │ ├── proxy_dependencies_test.go
│ │ ├── pushqueue.go
│ │ ├── pushqueue_test.go
│ │ ├── rds.go
│ │ ├── rds_test.go
│ │ ├── requestidextension
│ │ ├── context.go
│ │ └── uuid_extension.go
│ │ ├── sds.go
│ │ ├── sds_test.go
│ │ ├── statusgen.go
│ │ ├── testdata
│ │ ├── benchmarks
│ │ │ ├── authorizationpolicy.yaml
│ │ │ ├── auto.yaml
│ │ │ ├── disabled.yaml
│ │ │ ├── empty.yaml
│ │ │ ├── externalname.yaml
│ │ │ ├── gateways-shared.yaml
│ │ │ ├── gateways.yaml
│ │ │ ├── http.yaml
│ │ │ ├── knative-gateway.yaml
│ │ │ ├── secrets.yaml
│ │ │ ├── serviceentry-workloadentry.yaml
│ │ │ ├── strict.yaml
│ │ │ ├── tcp.yaml
│ │ │ ├── telemetry-api.yaml
│ │ │ ├── tls.yaml
│ │ │ ├── virtualservice.yaml
│ │ │ └── waypoint.yaml
│ │ ├── ecds.yaml
│ │ ├── nds-se.yaml
│ │ ├── none_cds.json
│ │ ├── none_ecds.json
│ │ ├── none_eds.json
│ │ ├── none_lds_http.json
│ │ ├── none_lds_tcp.json
│ │ └── none_rds.json
│ │ ├── util.go
│ │ ├── util_test.go
│ │ ├── v3
│ │ └── model.go
│ │ ├── vm_test.go
│ │ ├── waypoint_test.go
│ │ ├── workload.go
│ │ ├── workload_test.go
│ │ ├── xds_cache_test.go
│ │ ├── xds_test.go
│ │ └── xdsgen.go
└── test
│ ├── mock
│ └── config.go
│ ├── util
│ └── diff.go
│ ├── xds
│ └── fake.go
│ └── xdstest
│ ├── endpoints.go
│ ├── extract.go
│ ├── test.go
│ └── validate.go
├── pkg
├── activenotifier
│ └── notifier.go
├── adsc
│ ├── adsc.go
│ ├── adsc_test.go
│ ├── delta.go
│ ├── delta_test.go
│ └── util.go
├── art
│ ├── art.go
│ └── istio-ascii.txt
├── backoff
│ ├── exponential.go
│ └── exponential_test.go
├── bootstrap
│ ├── config.go
│ ├── config_test.go
│ ├── fuzz_test.go
│ ├── instance.go
│ ├── instance_test.go
│ ├── option
│ │ ├── convert.go
│ │ ├── convert_test.go
│ │ ├── instance.go
│ │ ├── instances.go
│ │ └── instances_test.go
│ ├── platform
│ │ ├── aws.go
│ │ ├── aws_test.go
│ │ ├── azure.go
│ │ ├── azure_test.go
│ │ ├── discovery.go
│ │ ├── gcp.go
│ │ ├── gcp_test.go
│ │ └── platform.go
│ └── testdata
│ │ ├── all.proxycfg
│ │ ├── all_golden.json
│ │ ├── ambient.proxycfg
│ │ ├── ambient_golden.json
│ │ ├── auth.proxycfg
│ │ ├── auth_golden.json
│ │ ├── authsds.proxycfg
│ │ ├── authsds_golden.json
│ │ ├── default.proxycfg
│ │ ├── default_golden.json
│ │ ├── explicit_internal_address.proxycfg
│ │ ├── explicit_internal_address_golden.json
│ │ ├── legacy_stats_tags_regex.proxycfg
│ │ ├── legacy_stats_tags_regex_golden.json
│ │ ├── lrs.proxycfg
│ │ ├── lrs_golden.json
│ │ ├── metrics_no_statsd.proxycfg
│ │ ├── metrics_no_statsd_golden.json
│ │ ├── running.proxycfg
│ │ ├── running_golden.json
│ │ ├── runningsds.proxycfg
│ │ ├── runningsds_golden.json
│ │ ├── stats_compression_brotli.proxycfg
│ │ ├── stats_compression_brotli_golden.json
│ │ ├── stats_compression_gzip.proxycfg
│ │ ├── stats_compression_gzip_golden.json
│ │ ├── stats_compression_unknown.proxycfg
│ │ ├── stats_compression_unknown_golden.json
│ │ ├── stats_compression_zstd.proxycfg
│ │ ├── stats_compression_zstd_golden.json
│ │ ├── stats_inclusion.proxycfg
│ │ ├── stats_inclusion_golden.json
│ │ ├── tracing_datadog.proxycfg
│ │ ├── tracing_datadog_golden.json
│ │ ├── tracing_lightstep.proxycfg
│ │ ├── tracing_lightstep_golden.json
│ │ ├── tracing_none.proxycfg
│ │ ├── tracing_none_golden.json
│ │ ├── tracing_tls.proxycfg
│ │ ├── tracing_tls_custom_sni.proxycfg
│ │ ├── tracing_tls_custom_sni_golden.json
│ │ ├── tracing_tls_golden.json
│ │ ├── tracing_zipkin.proxycfg
│ │ ├── tracing_zipkin_golden.json
│ │ ├── xdsproxy.proxycfg
│ │ └── xdsproxy_golden.json
├── channels
│ ├── unbounded.go
│ └── unbounded_test.go
├── cluster
│ ├── debug.go
│ └── id.go
├── cmd
│ ├── cmd.go
│ └── flag_test.go
├── collateral
│ ├── cobra.go
│ ├── cobra_agent.go
│ ├── cobra_noagent.go
│ ├── control.go
│ ├── control_test.go
│ ├── metrics
│ │ ├── otel.go
│ │ └── otel_test.go
│ └── predicate.go
├── config
│ ├── analysis
│ │ ├── README.md
│ │ ├── analyzer.go
│ │ ├── analyzer_test.go
│ │ ├── analyzers
│ │ │ ├── all.go
│ │ │ ├── analyzers_bench_test.go
│ │ │ ├── analyzers_test.go
│ │ │ ├── annotations
│ │ │ │ └── annotations.go
│ │ │ ├── authz
│ │ │ │ ├── authorizationpolicies.go
│ │ │ │ └── authorizationpolicies_test.go
│ │ │ ├── conditions
│ │ │ │ └── conditions.go
│ │ │ ├── deployment
│ │ │ │ ├── pod.go
│ │ │ │ └── services.go
│ │ │ ├── deprecation
│ │ │ │ └── deprecation.go
│ │ │ ├── destinationrule
│ │ │ │ ├── ca-certificates.go
│ │ │ │ └── subset.go
│ │ │ ├── envoyfilter
│ │ │ │ └── envoyfilter.go
│ │ │ ├── externalcontrolplane
│ │ │ │ └── externalcontrolplane.go
│ │ │ ├── gateway
│ │ │ │ ├── certificate.go
│ │ │ │ ├── conflictinggateway.go
│ │ │ │ ├── gateway.go
│ │ │ │ └── secret.go
│ │ │ ├── injection
│ │ │ │ ├── image-auto.go
│ │ │ │ ├── injection-image.go
│ │ │ │ └── injection.go
│ │ │ ├── k8sgateway
│ │ │ │ └── workloadselector.go
│ │ │ ├── maturity
│ │ │ │ └── maturity.go
│ │ │ ├── multicluster
│ │ │ │ ├── meshnetworks.go
│ │ │ │ └── service.go
│ │ │ ├── multicluster_analyzers_test.go
│ │ │ ├── schema
│ │ │ │ ├── validation.go
│ │ │ │ └── validation_test.go
│ │ │ ├── service
│ │ │ │ └── portname.go
│ │ │ ├── serviceentry
│ │ │ │ └── protocoladdresses.go
│ │ │ ├── sidecar
│ │ │ │ ├── selector.go
│ │ │ │ └── util.go
│ │ │ ├── telemetry
│ │ │ │ ├── default_selector.go
│ │ │ │ ├── lightstep.go
│ │ │ │ ├── providers.go
│ │ │ │ ├── selector.go
│ │ │ │ └── util.go
│ │ │ ├── testdata
│ │ │ │ ├── absolute-envoy-filter-operation.yaml
│ │ │ │ ├── analyze-list-type.yaml
│ │ │ │ ├── authorizationpolicies.yaml
│ │ │ │ ├── common
│ │ │ │ │ ├── meshconfig.yaml
│ │ │ │ │ ├── meshnetworks.yaml
│ │ │ │ │ ├── sidecar-injector-configmap.yaml
│ │ │ │ │ └── sidecar-injector-enabled-nsbydefault.yaml
│ │ │ │ ├── condition-analyzer.yaml
│ │ │ │ ├── conflicting-gateways-invalid-port.yaml
│ │ │ │ ├── conflicting-gateways-multiple-ports.yaml
│ │ │ │ ├── conflicting-gateways-subSelector.yaml
│ │ │ │ ├── conflicting-gateways.yaml
│ │ │ │ ├── correct-port-name-external-name-service-type.yaml
│ │ │ │ ├── deployment-con-sec-uid.yaml
│ │ │ │ ├── deployment-multi-service-different-ns.yaml
│ │ │ │ ├── deployment-multi-service.yaml
│ │ │ │ ├── deployment-pod-sec-uid.yaml
│ │ │ │ ├── deployment-service-no-selector.yaml
│ │ │ │ ├── deprecation.yaml
│ │ │ │ ├── destinationrule-compound-mutual-simple.yaml
│ │ │ │ ├── destinationrule-compound-simple-mutual.yaml
│ │ │ │ ├── destinationrule-mutual-destination.yaml
│ │ │ │ ├── destinationrule-mutual-port.yaml
│ │ │ │ ├── destinationrule-simple-destination-credentialname-selector.yaml
│ │ │ │ ├── destinationrule-simple-destination-credentialname.yaml
│ │ │ │ ├── destinationrule-simple-destination.yaml
│ │ │ │ ├── destinationrule-simple-port-credentialname-selector.yaml
│ │ │ │ ├── destinationrule-simple-port-credentialname.yaml
│ │ │ │ ├── destinationrule-simple-port.yaml
│ │ │ │ ├── destinationrule-subsets-not-select-pods.yaml
│ │ │ │ ├── destinationrule-with-ca.yaml
│ │ │ │ ├── destinationrule-with-fake-host.yaml
│ │ │ │ ├── envoy-filter-add-operation.yaml
│ │ │ │ ├── envoy-filter-filterchain.yaml
│ │ │ │ ├── envoy-filter-patch-operation.yaml
│ │ │ │ ├── envoy-filter-remove-operation.yaml
│ │ │ │ ├── envoy-filter-replace-operation.yaml
│ │ │ │ ├── externalcontrolplane-missing-urls-custom-ns.yaml
│ │ │ │ ├── externalcontrolplane-missing-urls.yaml
│ │ │ │ ├── externalcontrolplane-using-ip-addr.yaml
│ │ │ │ ├── externalcontrolplane-valid-urls-custom-ns.yaml
│ │ │ │ ├── externalcontrolplane-valid-urls.yaml
│ │ │ │ ├── gateway-correct-port.yaml
│ │ │ │ ├── gateway-custom-ingressgateway-badport-notarget.yaml
│ │ │ │ ├── gateway-custom-ingressgateway-badport.yaml
│ │ │ │ ├── gateway-custom-ingressgateway-svcselector.yaml
│ │ │ │ ├── gateway-custom-ingressgateway-translation.yaml
│ │ │ │ ├── gateway-custom-ingressgateway.yaml
│ │ │ │ ├── gateway-different-port.yaml
│ │ │ │ ├── gateway-duplicate-certificate.yaml
│ │ │ │ ├── gateway-no-port.yaml
│ │ │ │ ├── gateway-no-workload.yaml
│ │ │ │ ├── gateway-secrets-validation.yaml
│ │ │ │ ├── gateway-secrets.yaml
│ │ │ │ ├── image-auto.yaml
│ │ │ │ ├── incorrect-port-name-external-name-service-type.yaml
│ │ │ │ ├── injection-image-distroless-no-meshconfig.yaml
│ │ │ │ ├── injection-image-distroless.yaml
│ │ │ │ ├── injection-with-mismatched-sidecar.yaml
│ │ │ │ ├── injection.yaml
│ │ │ │ ├── k8sgateway-selector.yaml
│ │ │ │ ├── mesh-with-automtls.yaml
│ │ │ │ ├── misannotated.yaml
│ │ │ │ ├── multicluster-unknown-serviceregistry.yaml
│ │ │ │ ├── multicluster
│ │ │ │ │ ├── inconsistent-service-1.yaml
│ │ │ │ │ └── inconsistent-service-2.yaml
│ │ │ │ ├── peerauthentication-crd.yaml
│ │ │ │ ├── pod-con-sec-uid.yaml
│ │ │ │ ├── pod-sec-uid.yaml
│ │ │ │ ├── relative-envoy-filter-operation.yaml
│ │ │ │ ├── service-no-port-name-system-namespace.yaml
│ │ │ │ ├── service-no-port-name.yaml
│ │ │ │ ├── service-port-name.yaml
│ │ │ │ ├── serviceentry-address-allocated-mesh-cfg.yaml
│ │ │ │ ├── serviceentry-address-allocated.yaml
│ │ │ │ ├── serviceentry-address-required-lowercase.yaml
│ │ │ │ ├── serviceentry-address-required-uppercase.yaml
│ │ │ │ ├── serviceentry-missing-addresses-protocol-mesh-cfg.yaml
│ │ │ │ ├── serviceentry-missing-addresses-protocol.yaml
│ │ │ │ ├── sidecar-default-selector.yaml
│ │ │ │ ├── sidecar-injector-configmap-absolute-override.yaml
│ │ │ │ ├── sidecar-injector-configmap-with-revision-canary.yaml
│ │ │ │ ├── sidecar-selector.yaml
│ │ │ │ ├── telemetry-default-selector.yaml
│ │ │ │ ├── telemetry-disable-provider.yaml
│ │ │ │ ├── telemetry-invalid-provider.yaml
│ │ │ │ ├── telemetry-lightstep-meshconfig.yaml
│ │ │ │ ├── telemetry-lightstep.yaml
│ │ │ │ ├── telemetry-selector.yaml
│ │ │ │ ├── virtualservice_conflictingmeshgatewayhosts.yaml
│ │ │ │ ├── virtualservice_conflictingmeshgatewayhosts_with_exportto.yaml
│ │ │ │ ├── virtualservice_destinationhosts.yaml
│ │ │ │ ├── virtualservice_destinationrules.yaml
│ │ │ │ ├── virtualservice_dupmatches.yaml
│ │ │ │ ├── virtualservice_gateways.yaml
│ │ │ │ ├── virtualservice_host_not_found_gateway.yaml
│ │ │ │ ├── virtualservice_host_not_found_gateway_beta.yaml
│ │ │ │ ├── virtualservice_host_not_found_gateway_with_ns_prefix.yaml
│ │ │ │ ├── virtualservice_host_not_found_gateway_with_ns_prefix_beta.yaml
│ │ │ │ ├── virtualservice_internal_gateway_ref.yaml
│ │ │ │ ├── virtualservice_jwtclaimroute.yaml
│ │ │ │ ├── virtualservice_overlappingmatches.yaml
│ │ │ │ ├── virtualservice_route_rule_no_effects_ingress.yaml
│ │ │ │ └── webhook.yaml
│ │ │ ├── util
│ │ │ │ ├── config.go
│ │ │ │ ├── constants.go
│ │ │ │ ├── exportto.go
│ │ │ │ ├── exportto_test.go
│ │ │ │ ├── find_errorline_utils.go
│ │ │ │ ├── find_errorline_utils_test.go
│ │ │ │ ├── hosts.go
│ │ │ │ ├── hosts_test.go
│ │ │ │ ├── in_mesh.go
│ │ │ │ ├── proxyconfig.go
│ │ │ │ ├── service_lookup.go
│ │ │ │ └── service_lookup_test.go
│ │ │ ├── virtualservice
│ │ │ │ ├── conflictingmeshgatewayhosts.go
│ │ │ │ ├── destinationhosts.go
│ │ │ │ ├── destinationrules.go
│ │ │ │ ├── gateways.go
│ │ │ │ ├── jwtclaimroute.go
│ │ │ │ └── util.go
│ │ │ └── webhook
│ │ │ │ └── webhook.go
│ │ ├── context.go
│ │ ├── diag
│ │ │ ├── helper.go
│ │ │ ├── level.go
│ │ │ ├── message.go
│ │ │ ├── message_test.go
│ │ │ ├── messages.go
│ │ │ └── messages_test.go
│ │ ├── incluster
│ │ │ └── controller.go
│ │ ├── legacy
│ │ │ ├── source
│ │ │ │ └── kube
│ │ │ │ │ └── origin.go
│ │ │ └── util
│ │ │ │ └── kuberesource
│ │ │ │ └── resources.go
│ │ ├── local
│ │ │ ├── analyze_test.go
│ │ │ ├── context.go
│ │ │ ├── defaults.go
│ │ │ ├── helpers_test.go
│ │ │ ├── istiod_analyze.go
│ │ │ └── local.go
│ │ ├── metadata.go
│ │ ├── msg
│ │ │ ├── generate.main.go
│ │ │ ├── messages.gen.go
│ │ │ ├── messages.go
│ │ │ └── messages.yaml
│ │ ├── scope
│ │ │ └── scope.go
│ │ └── testing
│ │ │ └── fixtures
│ │ │ └── context.go
│ ├── constants
│ │ └── constants.go
│ ├── conversion.go
│ ├── crd
│ │ ├── validator.go
│ │ └── validator_test.go
│ ├── doc.go
│ ├── gateway
│ │ ├── gateway.go
│ │ ├── gateway_test.go
│ │ └── kube
│ │ │ ├── gatewayapi.go
│ │ │ └── inferenceextension.go
│ ├── host
│ │ ├── name.go
│ │ ├── name_test.go
│ │ ├── names.go
│ │ └── names_test.go
│ ├── kube
│ │ ├── conversion.go
│ │ └── conversion_test.go
│ ├── labels
│ │ ├── instance.go
│ │ └── instance_test.go
│ ├── mesh
│ │ ├── fuzz_test.go
│ │ ├── kubemesh
│ │ │ ├── leak_test.go
│ │ │ ├── watcher.go
│ │ │ └── watcher_test.go
│ │ ├── leak_test.go
│ │ ├── mesh.go
│ │ ├── mesh_test.go
│ │ ├── meshwatcher
│ │ │ ├── collection.go
│ │ │ ├── leak_test.go
│ │ │ ├── mesh.go
│ │ │ ├── mesh_test.go
│ │ │ ├── networks.go
│ │ │ ├── networks_test.go
│ │ │ └── watcher_test_utils.go
│ │ └── watchers.go
│ ├── model.go
│ ├── model_test.go
│ ├── protocol
│ │ ├── instance.go
│ │ └── instance_test.go
│ ├── resource
│ │ ├── instance.go
│ │ ├── instance_test.go
│ │ ├── metadata.go
│ │ ├── metadata_test.go
│ │ ├── name.go
│ │ ├── name_test.go
│ │ ├── origin.go
│ │ ├── serialization.go
│ │ └── version.go
│ ├── schema
│ │ ├── ast
│ │ │ ├── ast.go
│ │ │ └── ast_test.go
│ │ ├── codegen
│ │ │ ├── collections.go
│ │ │ ├── common.go
│ │ │ ├── templates
│ │ │ │ ├── clients.go.tmpl
│ │ │ │ ├── collections.go.tmpl
│ │ │ │ ├── crdclient.go.tmpl
│ │ │ │ ├── gvk.go.tmpl
│ │ │ │ ├── gvr.go.tmpl
│ │ │ │ ├── kind.go.tmpl
│ │ │ │ └── types.go.tmpl
│ │ │ └── tools
│ │ │ │ └── collections.main.go
│ │ ├── collection
│ │ │ ├── schema.go
│ │ │ ├── schemas.go
│ │ │ └── schemas_test.go
│ │ ├── collections
│ │ │ ├── collections.agent.gen.go
│ │ │ ├── collections.gen.go
│ │ │ ├── extras.go
│ │ │ └── mock.go
│ │ ├── generate.go
│ │ ├── gvk
│ │ │ └── resources.gen.go
│ │ ├── gvr
│ │ │ └── resources.gen.go
│ │ ├── kind
│ │ │ ├── kind.go
│ │ │ └── resources.gen.go
│ │ ├── kubeclient
│ │ │ ├── common.go
│ │ │ ├── common_test.go
│ │ │ └── resources.gen.go
│ │ ├── kubetypes
│ │ │ ├── common.go
│ │ │ └── resources.gen.go
│ │ ├── metadata.yaml
│ │ └── resource
│ │ │ ├── schema.go
│ │ │ └── schema_test.go
│ ├── security
│ │ ├── security.go
│ │ └── security_test.go
│ ├── validation
│ │ ├── agent
│ │ │ ├── extensionprovider.go
│ │ │ ├── extensionprovider_test.go
│ │ │ ├── validation.go
│ │ │ └── validation_test.go
│ │ ├── envoyfilter
│ │ │ ├── envoyfilter.go
│ │ │ └── envoyfilter_test.go
│ │ ├── fuzz_test.go
│ │ ├── header_value_validator.go
│ │ ├── openapi_test.go
│ │ ├── testdata
│ │ │ └── crds
│ │ │ │ ├── authz-invalid.yaml
│ │ │ │ ├── authz-valid.yaml
│ │ │ │ ├── destinationrule-invalid.yaml
│ │ │ │ ├── destinationrule-valid.yaml
│ │ │ │ ├── peerauth-invalid.yaml
│ │ │ │ ├── peerauth-valid.yaml
│ │ │ │ ├── proxyconfig-invalid.yaml
│ │ │ │ ├── proxyconfig-valid.yaml
│ │ │ │ ├── reqauth-invalid.yaml
│ │ │ │ ├── reqauth-valid.yaml
│ │ │ │ ├── serviceentry-invalid.yaml
│ │ │ │ ├── serviceentry-valid.yaml
│ │ │ │ ├── telemetry-invalid.yaml
│ │ │ │ ├── telemetry-valid.yaml
│ │ │ │ ├── wasm-invalid.yaml
│ │ │ │ ├── wasm-valid.yaml
│ │ │ │ ├── workloadentry-invalid.yaml
│ │ │ │ ├── workloadentry-valid.yaml
│ │ │ │ ├── workloadgroup-invalid.yaml
│ │ │ │ └── workloadgroup-valid.yaml
│ │ ├── validation.go
│ │ ├── validation_agent.go
│ │ ├── validation_istiod.go
│ │ ├── validation_test.go
│ │ ├── virtualservice.go
│ │ └── virtualservice_test.go
│ ├── visibility
│ │ └── visibility.go
│ └── xds
│ │ ├── deprecated.go
│ │ ├── filter_types.gen.go
│ │ ├── filter_types.go
│ │ ├── filters.go
│ │ └── xds.go
├── ctrlz
│ ├── assets
│ │ ├── assets.go
│ │ ├── static
│ │ │ ├── css
│ │ │ │ ├── all.css
│ │ │ │ ├── bootstrap-4.0.0.min.css
│ │ │ │ ├── dark_syntax-1.14.0.css
│ │ │ │ ├── fontawesome-all-5.0.6.css
│ │ │ │ └── fonts.css
│ │ │ ├── favicons
│ │ │ │ ├── android-144x144.png
│ │ │ │ ├── android-192x192.png
│ │ │ │ ├── android-36x36.png
│ │ │ │ ├── android-48x48.png
│ │ │ │ ├── android-72x72.png
│ │ │ │ ├── android-96x196.png
│ │ │ │ ├── apple-touch-icon-180x180.png
│ │ │ │ ├── favicon-16x16.png
│ │ │ │ ├── favicon-32x32.png
│ │ │ │ ├── favicon.ico
│ │ │ │ ├── pwa-192x192.png
│ │ │ │ ├── pwa-512x512.png
│ │ │ │ ├── tile150x150.png
│ │ │ │ ├── tile310x150.png
│ │ │ │ ├── tile310x310.png
│ │ │ │ └── tile70x70.png
│ │ │ ├── img
│ │ │ │ └── exclamation-mark.svg
│ │ │ ├── js
│ │ │ │ ├── bootstrap-4.0.0.min.js
│ │ │ │ ├── clipboard-1.7.1.min.js
│ │ │ │ ├── jquery-3.2.1.slim.min.js
│ │ │ │ ├── misc.js
│ │ │ │ ├── popper-1.12.9.min.js
│ │ │ │ └── prism-1.14.0.min.js
│ │ │ └── manifest.json
│ │ └── templates
│ │ │ ├── 404.html
│ │ │ ├── home.html
│ │ │ ├── layouts
│ │ │ ├── base.html
│ │ │ └── main.html
│ │ │ └── modules
│ │ │ ├── header.html
│ │ │ ├── last-refresh.html
│ │ │ └── sidebar.html
│ ├── ctrlz.go
│ ├── ctrlz_test.go
│ ├── fw
│ │ ├── context.go
│ │ └── utils.go
│ ├── home.go
│ ├── options.go
│ └── topics
│ │ ├── args.go
│ │ ├── assets
│ │ ├── assets.go
│ │ └── templates
│ │ │ ├── args.html
│ │ │ ├── collection
│ │ │ ├── item.html
│ │ │ ├── list.html
│ │ │ └── main.html
│ │ │ ├── env.html
│ │ │ ├── mem.html
│ │ │ ├── proc.html
│ │ │ ├── scopes.html
│ │ │ ├── signals.html
│ │ │ └── version.html
│ │ ├── env.go
│ │ ├── mem.go
│ │ ├── proc.go
│ │ ├── scopes.go
│ │ ├── signals_unix.go
│ │ ├── signals_unspecified.go
│ │ └── version.go
├── dns
│ ├── client
│ │ ├── dns.go
│ │ ├── dns_test.go
│ │ ├── leak_test.go
│ │ ├── monitoring.go
│ │ └── proxy.go
│ ├── proto
│ │ ├── nds.pb.go
│ │ └── nds.proto
│ └── server
│ │ ├── name_table.go
│ │ └── name_table_test.go
├── env
│ ├── var.go
│ └── var_test.go
├── envoy
│ ├── admin.go
│ ├── agent.go
│ ├── agent_test.go
│ ├── proxy.go
│ ├── proxy_test.go
│ └── testdata
│ │ ├── bootstrap.json
│ │ ├── bootstrap.yaml
│ │ └── envoy_bootstrap_v2.tmpl.json
├── features
│ ├── security.go
│ └── telemetry.go
├── file
│ ├── fadvise_linux.go
│ ├── fadvise_unspecified.go
│ ├── file.go
│ └── file_test.go
├── filewatcher
│ ├── fakefilewatcher.go
│ ├── fakefilewatcher_test.go
│ ├── filewatcher.go
│ ├── filewatcher_test.go
│ └── worker.go
├── flag
│ ├── flag.go
│ └── flag_test.go
├── fuzz
│ ├── README.md
│ ├── util.go
│ └── util_test.go
├── h2c
│ └── wrapper.go
├── hbone
│ ├── README.md
│ ├── dialer.go
│ ├── dialer_test.go
│ ├── doubledialer.go
│ ├── server.go
│ └── util.go
├── http
│ ├── get.go
│ └── headers
│ │ ├── builder.go
│ │ └── wellknown.go
├── istio-agent
│ ├── agent.go
│ ├── agent_test.go
│ ├── grpcxds
│ │ └── grpc_bootstrap.go
│ ├── health
│ │ ├── health_check.go
│ │ ├── health_check_test.go
│ │ ├── health_probers.go
│ │ ├── health_probers_test.go
│ │ └── leak_test.go
│ ├── leak_test.go
│ ├── metrics
│ │ └── metrics.go
│ ├── plugins.go
│ ├── testdata
│ │ ├── grpc-bootstrap.json
│ │ └── token
│ ├── xds_proxy.go
│ ├── xds_proxy_delta.go
│ ├── xds_proxy_delta_test.go
│ └── xds_proxy_test.go
├── jwt
│ ├── jwt.go
│ ├── routing.go
│ └── routing_test.go
├── keepalive
│ ├── options.go
│ └── options_test.go
├── kube
│ ├── adapter.go
│ ├── apimirror
│ │ └── probe.go
│ ├── client.go
│ ├── client_config.go
│ ├── client_factory.go
│ ├── client_test.go
│ ├── controllers
│ │ ├── common.go
│ │ ├── common_test.go
│ │ ├── example_test.go
│ │ ├── queue.go
│ │ └── queue_test.go
│ ├── informerfactory
│ │ └── factory.go
│ ├── inject
│ │ ├── app_probe.go
│ │ ├── app_probe_test.go
│ │ ├── fuzz_test.go
│ │ ├── initializer.go
│ │ ├── initializer_test.go
│ │ ├── inject.go
│ │ ├── inject_test.go
│ │ ├── leak_test.go
│ │ ├── monitoring.go
│ │ ├── openshift.go
│ │ ├── template.go
│ │ ├── testdata
│ │ │ └── inject
│ │ │ │ ├── auth.non-default-service-account.yaml
│ │ │ │ ├── auth.non-default-service-account.yaml.injected
│ │ │ │ ├── auth.yaml
│ │ │ │ ├── auth.yaml.injected
│ │ │ │ ├── cronjob-old-version.yaml.injected
│ │ │ │ ├── cronjob.yaml
│ │ │ │ ├── cronjob.yaml.injected
│ │ │ │ ├── custom-template.iop.yaml
│ │ │ │ ├── custom-template.yaml
│ │ │ │ ├── custom-template.yaml.injected
│ │ │ │ ├── daemonset-old-version.yaml.injected
│ │ │ │ ├── daemonset.yaml
│ │ │ │ ├── daemonset.yaml.injected
│ │ │ │ ├── deploymentconfig-multi.yaml
│ │ │ │ ├── deploymentconfig-multi.yaml.injected
│ │ │ │ ├── deploymentconfig-with-canonical-service-label.yaml
│ │ │ │ ├── deploymentconfig-with-canonical-service-label.yaml.injected
│ │ │ │ ├── deploymentconfig.yaml
│ │ │ │ ├── deploymentconfig.yaml.injected
│ │ │ │ ├── enable-core-dump.yaml
│ │ │ │ ├── enable-core-dump.yaml.injected
│ │ │ │ ├── explicit-security-context.yaml
│ │ │ │ ├── explicit-security-context.yaml.injected
│ │ │ │ ├── format-duration.yaml
│ │ │ │ ├── format-duration.yaml.injected
│ │ │ │ ├── frontend.yaml
│ │ │ │ ├── frontend.yaml.injected
│ │ │ │ ├── gateway-spire.yaml
│ │ │ │ ├── gateway-spire.yaml.injected
│ │ │ │ ├── gateway-with-default-container.yaml
│ │ │ │ ├── gateway-with-default-container.yaml.injected
│ │ │ │ ├── gateway.yaml
│ │ │ │ ├── gateway.yaml.injected
│ │ │ │ ├── grpc-agent.yaml
│ │ │ │ ├── grpc-agent.yaml.injected
│ │ │ │ ├── grpc-simple.yaml
│ │ │ │ ├── grpc-simple.yaml.injected
│ │ │ │ ├── hello-always.yaml.injected
│ │ │ │ ├── hello-cncf-networks.yaml.injected
│ │ │ │ ├── hello-existing-cncf-networks-json.yaml
│ │ │ │ ├── hello-existing-cncf-networks-json.yaml.injected
│ │ │ │ ├── hello-existing-cncf-networks.yaml
│ │ │ │ ├── hello-existing-cncf-networks.yaml.injected
│ │ │ │ ├── hello-host-network-with-ns.yaml
│ │ │ │ ├── hello-host-network-with-ns.yaml.injected
│ │ │ │ ├── hello-host-network.yaml
│ │ │ │ ├── hello-host-network.yaml.injected
│ │ │ │ ├── hello-ignore.yaml
│ │ │ │ ├── hello-ignore.yaml.injected
│ │ │ │ ├── hello-image-pull-secret.yaml
│ │ │ │ ├── hello-image-pull-secret.yaml.injected
│ │ │ │ ├── hello-image-secrets-in-values.iop.yaml
│ │ │ │ ├── hello-image-secrets-in-values.yaml.injected
│ │ │ │ ├── hello-mount-mtls-certs.yaml.injected
│ │ │ │ ├── hello-mtls-not-ready.yaml
│ │ │ │ ├── hello-mtls-not-ready.yaml.injected
│ │ │ │ ├── hello-multi.yaml
│ │ │ │ ├── hello-multi.yaml.injected
│ │ │ │ ├── hello-multiple-image-secrets.yaml.injected
│ │ │ │ ├── hello-namespace.yaml
│ │ │ │ ├── hello-namespace.yaml.injected
│ │ │ │ ├── hello-never.yaml.injected
│ │ │ │ ├── hello-old-version.yaml.injected
│ │ │ │ ├── hello-openshift-custom-injection.yaml
│ │ │ │ ├── hello-openshift-custom-injection.yaml.injected
│ │ │ │ ├── hello-openshift-tproxy.yaml
│ │ │ │ ├── hello-openshift-tproxy.yaml.injected
│ │ │ │ ├── hello-openshift.yaml
│ │ │ │ ├── hello-openshift.yaml.injected
│ │ │ │ ├── hello-probes-localhost.yaml
│ │ │ │ ├── hello-probes-localhost.yaml.injected
│ │ │ │ ├── hello-probes-noProxyHoldApplication-ProxyConfig.yaml
│ │ │ │ ├── hello-probes-noProxyHoldApplication-ProxyConfig.yaml.injected
│ │ │ │ ├── hello-probes-proxyHoldApplication-ProxyConfig.yaml
│ │ │ │ ├── hello-probes-proxyHoldApplication-ProxyConfig.yaml.injected
│ │ │ │ ├── hello-probes-with-flag-set-in-annotation.yaml
│ │ │ │ ├── hello-probes-with-flag-set-in-annotation.yaml.injected
│ │ │ │ ├── hello-probes-with-flag-unset-in-annotation.yaml
│ │ │ │ ├── hello-probes-with-flag-unset-in-annotation.yaml.injected
│ │ │ │ ├── hello-probes.proxyHoldsApplication.yaml.injected
│ │ │ │ ├── hello-probes.yaml
│ │ │ │ ├── hello-probes.yaml.injected
│ │ │ │ ├── hello-proxy-override.yaml
│ │ │ │ ├── hello-proxy-override.yaml.injected
│ │ │ │ ├── hello-readiness.yaml
│ │ │ │ ├── hello-readiness.yaml.injected
│ │ │ │ ├── hello-service.yaml
│ │ │ │ ├── hello-service.yaml.injected
│ │ │ │ ├── hello-template-in-values.iop.yaml
│ │ │ │ ├── hello-template-in-values.yaml.injected
│ │ │ │ ├── hello-tproxy.yaml.injected
│ │ │ │ ├── hello-tracing-disabled.yaml
│ │ │ │ ├── hello-tracing-disabled.yaml.injected
│ │ │ │ ├── hello.proxyHoldsApplication.yaml.injected
│ │ │ │ ├── hello.yaml
│ │ │ │ ├── hello.yaml.cni.injected
│ │ │ │ ├── hello.yaml.injected
│ │ │ │ ├── hello.yaml.proxyImageName.injected
│ │ │ │ ├── https-probes.yaml
│ │ │ │ ├── https-probes.yaml.injected
│ │ │ │ ├── init-no-intercept-no-native-sidecar.yaml
│ │ │ │ ├── init-no-intercept-no-native-sidecar.yaml.injected
│ │ │ │ ├── job-old-version.yaml.injected
│ │ │ │ ├── job.yaml
│ │ │ │ ├── job.yaml.injected
│ │ │ │ ├── kubevirtInterfaces.yaml
│ │ │ │ ├── kubevirtInterfaces.yaml.injected
│ │ │ │ ├── kubevirtInterfaces_list.yaml
│ │ │ │ ├── kubevirtInterfaces_list.yaml.injected
│ │ │ │ ├── list-frontend.yaml
│ │ │ │ ├── list-frontend.yaml.injected
│ │ │ │ ├── list.yaml
│ │ │ │ ├── list.yaml.injected
│ │ │ │ ├── merge-probers.yaml
│ │ │ │ ├── merge-probers.yaml.injected
│ │ │ │ ├── multi-container.yaml
│ │ │ │ ├── multi-container.yaml.injected
│ │ │ │ ├── multi-init.yaml
│ │ │ │ ├── multi-init.yaml.injected
│ │ │ │ ├── multiple-templates.yaml
│ │ │ │ ├── multiple-templates.yaml.injected
│ │ │ │ ├── named_port.yaml
│ │ │ │ ├── named_port.yaml.injected
│ │ │ │ ├── native-sidecar-old-version.yaml.injected
│ │ │ │ ├── native-sidecar-opt-in.yaml
│ │ │ │ ├── native-sidecar-opt-in.yaml.injected
│ │ │ │ ├── native-sidecar-opt-out.yaml
│ │ │ │ ├── native-sidecar-opt-out.yaml.injected
│ │ │ │ ├── native-sidecar.yaml
│ │ │ │ ├── native-sidecar.yaml.injected
│ │ │ │ ├── one_container.yaml
│ │ │ │ ├── one_container.yaml.injected
│ │ │ │ ├── only-proxy-container.yaml
│ │ │ │ ├── only-proxy-container.yaml.injected
│ │ │ │ ├── pod-old-version.yaml.injected
│ │ │ │ ├── pod.yaml
│ │ │ │ ├── pod.yaml.injected
│ │ │ │ ├── prometheus-scrape.yaml
│ │ │ │ ├── prometheus-scrape.yaml.injected
│ │ │ │ ├── prometheus-scrape2.yaml
│ │ │ │ ├── prometheus-scrape2.yaml.injected
│ │ │ │ ├── proxy-override-args-native.yaml.injected
│ │ │ │ ├── proxy-override-args.yaml
│ │ │ │ ├── proxy-override-args.yaml.injected
│ │ │ │ ├── proxy-override-runas.yaml
│ │ │ │ ├── proxy-override-runas.yaml.cni.injected
│ │ │ │ ├── proxy-override-runas.yaml.injected
│ │ │ │ ├── proxy-override-runas.yaml.tproxy.injected
│ │ │ │ ├── proxy-override.yaml
│ │ │ │ ├── proxy-override.yaml.injected
│ │ │ │ ├── ready_live.yaml
│ │ │ │ ├── ready_live.yaml.injected
│ │ │ │ ├── ready_only.yaml
│ │ │ │ ├── ready_only.yaml.injected
│ │ │ │ ├── replicaset-old-version.yaml.injected
│ │ │ │ ├── replicaset.yaml
│ │ │ │ ├── replicaset.yaml.injected
│ │ │ │ ├── replicationcontroller.yaml
│ │ │ │ ├── replicationcontroller.yaml.injected
│ │ │ │ ├── reroute-virtual-interfaces.yaml
│ │ │ │ ├── reroute-virtual-interfaces.yaml.injected
│ │ │ │ ├── reroute-virtual-interfaces_list.yaml
│ │ │ │ ├── reroute-virtual-interfaces_list.yaml.injected
│ │ │ │ ├── resource_annotations.yaml
│ │ │ │ ├── resource_annotations.yaml.injected
│ │ │ │ ├── sidecar-spire.yaml
│ │ │ │ ├── sidecar-spire.yaml.injected
│ │ │ │ ├── spire-template.iop.yaml
│ │ │ │ ├── startup_live.yaml
│ │ │ │ ├── startup_live.yaml.injected
│ │ │ │ ├── startup_only.yaml
│ │ │ │ ├── startup_only.yaml.injected
│ │ │ │ ├── startup_ready_live.yaml
│ │ │ │ ├── startup_ready_live.yaml.injected
│ │ │ │ ├── statefulset-old-version.yaml.injected
│ │ │ │ ├── statefulset.yaml
│ │ │ │ ├── statefulset.yaml.injected
│ │ │ │ ├── status_annotations.yaml
│ │ │ │ ├── status_annotations.yaml.injected
│ │ │ │ ├── status_annotations_zeroport.yaml
│ │ │ │ ├── status_annotations_zeroport.yaml.injected
│ │ │ │ ├── status_params.yaml
│ │ │ │ ├── status_params.yaml.injected
│ │ │ │ ├── tcp-probes.yaml
│ │ │ │ ├── tcp-probes.yaml.injected
│ │ │ │ ├── traffic-annotations-bad-excludeinboundports.yaml
│ │ │ │ ├── traffic-annotations-bad-excludeipranges.yaml
│ │ │ │ ├── traffic-annotations-bad-excludeoutboundports.yaml
│ │ │ │ ├── traffic-annotations-bad-includeinboundports.yaml
│ │ │ │ ├── traffic-annotations-bad-includeipranges.yaml
│ │ │ │ ├── traffic-annotations-empty-includes.yaml
│ │ │ │ ├── traffic-annotations-empty-includes.yaml.injected
│ │ │ │ ├── traffic-annotations-wildcards.yaml
│ │ │ │ ├── traffic-annotations-wildcards.yaml.injected
│ │ │ │ ├── traffic-annotations.yaml
│ │ │ │ ├── traffic-annotations.yaml.injected
│ │ │ │ ├── traffic-params-empty-includes.yaml
│ │ │ │ ├── traffic-params-empty-includes.yaml.injected
│ │ │ │ ├── traffic-params.yaml
│ │ │ │ ├── traffic-params.yaml.injected
│ │ │ │ ├── truncate-canonical-name-custom-controller-pod.yaml
│ │ │ │ ├── truncate-canonical-name-custom-controller-pod.yaml.injected
│ │ │ │ ├── truncate-canonical-name-pod.yaml
│ │ │ │ ├── truncate-canonical-name-pod.yaml.injected
│ │ │ │ ├── two_container.yaml
│ │ │ │ ├── two_container.yaml.injected
│ │ │ │ ├── user-volume.yaml
│ │ │ │ └── user-volume.yaml.injected
│ │ ├── validate.go
│ │ ├── watcher.go
│ │ ├── watcher_test.go
│ │ ├── webhook.go
│ │ └── webhook_test.go
│ ├── kclient
│ │ ├── client.go
│ │ ├── client_test.go
│ │ ├── clienttest
│ │ │ ├── crd.go
│ │ │ ├── direct.go
│ │ │ ├── direct_test.go
│ │ │ └── test_helpers.go
│ │ ├── crdwatcher.go
│ │ ├── crdwatcher_test.go
│ │ ├── delayed.go
│ │ ├── events.go
│ │ ├── helpers.go
│ │ ├── index.go
│ │ ├── index_test.go
│ │ ├── interfaces.go
│ │ ├── leak_test.go
│ │ └── untyped.go
│ ├── krt
│ │ ├── README.md
│ │ ├── bench_test.go
│ │ ├── collection.go
│ │ ├── collection_test.go
│ │ ├── conformance_test.go
│ │ ├── core.go
│ │ ├── debug.go
│ │ ├── dynamic.go
│ │ ├── fetch.go
│ │ ├── files
│ │ │ ├── files.go
│ │ │ └── files_test.go
│ │ ├── filter.go
│ │ ├── helpers.go
│ │ ├── index.go
│ │ ├── index_test.go
│ │ ├── informer.go
│ │ ├── informer_test.go
│ │ ├── internal.go
│ │ ├── join.go
│ │ ├── join_test.go
│ │ ├── krttest
│ │ │ └── helpers.go
│ │ ├── leak_test.go
│ │ ├── map.go
│ │ ├── map_test.go
│ │ ├── nestedjoin.go
│ │ ├── nestedjoin_test.go
│ │ ├── options.go
│ │ ├── processor.go
│ │ ├── processor_test.go
│ │ ├── recomputetrigger.go
│ │ ├── recomputetrigger_test.go
│ │ ├── singleton.go
│ │ ├── singleton_test.go
│ │ ├── static.go
│ │ ├── static_test.go
│ │ ├── status.go
│ │ ├── status_test.go
│ │ ├── sync.go
│ │ ├── testing.go
│ │ └── util.go
│ ├── kubetypes
│ │ └── types.go
│ ├── labels
│ │ └── labels.go
│ ├── mcs
│ │ └── register.go
│ ├── multicluster
│ │ ├── cluster.go
│ │ ├── clusterstore.go
│ │ ├── component.go
│ │ ├── fake.go
│ │ ├── secretcontroller.go
│ │ └── secretcontroller_test.go
│ ├── namespace
│ │ └── filter.go
│ ├── portforwarder.go
│ ├── rpc_creds.go
│ ├── rpc_creds_test.go
│ ├── spdy.go
│ ├── util.go
│ ├── util_test.go
│ ├── version.go
│ ├── version_test.go
│ └── watcher
│ │ └── configmapwatcher
│ │ ├── configmapwatcher.go
│ │ └── configmapwatcher_test.go
├── lazy
│ ├── lazy.go
│ └── lazy_test.go
├── log
│ ├── config.go
│ ├── config_test.go
│ ├── default.go
│ ├── default_test.go
│ ├── klog.go
│ ├── logr.go
│ ├── logr_test.go
│ ├── options.go
│ ├── options_test.go
│ ├── scope.go
│ ├── scope_test.go
│ ├── uds.go
│ ├── uds_test.go
│ └── zapcore_handler.go
├── maps
│ └── maps.go
├── model
│ ├── authentication.go
│ ├── fips.go
│ ├── proxy.go
│ ├── proxy_test.go
│ ├── wasm.go
│ └── xds.go
├── monitoring
│ ├── base.go
│ ├── counter.go
│ ├── derived_gauge.go
│ ├── disabled.go
│ ├── distribution.go
│ ├── doc.go
│ ├── example_distribution_test.go
│ ├── example_gauge_test.go
│ ├── example_sum_test.go
│ ├── gauge.go
│ ├── monitoring.go
│ ├── monitoring_test.go
│ ├── monitortest
│ │ └── test.go
│ ├── options.go
│ └── units.go
├── network
│ ├── error.go
│ └── id.go
├── platform
│ └── platform.go
├── proto
│ ├── merge
│ │ ├── merge.go
│ │ └── merge_test.go
│ └── types.go
├── proxy
│ └── proxyinfo.go
├── ptr
│ ├── pointer.go
│ └── pointer_test.go
├── queue
│ ├── delay.go
│ ├── delay_test.go
│ ├── instance.go
│ ├── instance_test.go
│ ├── leak_test.go
│ ├── metrics.go
│ ├── metrics_test.go
│ └── util.go
├── revisions
│ ├── default_watcher.go
│ ├── default_watcher_test.go
│ ├── leak_test.go
│ ├── tag_watcher.go
│ └── tag_watcher_test.go
├── security
│ ├── authentication.go
│ ├── mock.go
│ ├── retry.go
│ ├── security.go
│ └── security_test.go
├── sleep
│ ├── sleep.go
│ └── sleep_test.go
├── slices
│ ├── slices.go
│ └── slices_test.go
├── spiffe
│ ├── spiffe.go
│ └── spiffe_test.go
├── test
│ ├── cert
│ │ ├── ca
│ │ │ ├── intermediate.go
│ │ │ └── root.go
│ │ └── cert.go
│ ├── config
│ │ ├── mock_config.pb.go
│ │ └── mock_config.proto
│ ├── csrctrl
│ │ ├── authority
│ │ │ ├── authority.go
│ │ │ └── policies.go
│ │ ├── controllers
│ │ │ ├── csr_controller.go
│ │ │ └── start_csrctrl.go
│ │ └── signer
│ │ │ ├── ca_provider.go
│ │ │ └── signer.go
│ ├── datasets
│ │ ├── Readme.md
│ │ └── validation
│ │ │ ├── dataset.go
│ │ │ └── dataset
│ │ │ ├── extensions-v1alpha1-WasmPlugin.yaml
│ │ │ ├── networking-v1-DestinationRule.yaml
│ │ │ ├── networking-v1-Gateway.yaml
│ │ │ ├── networking-v1-ServiceEntry.yaml
│ │ │ ├── networking-v1-Sidecar.yaml
│ │ │ ├── networking-v1-VirtualService.yaml
│ │ │ ├── networking-v1-WorkloadEntry.yaml
│ │ │ ├── networking-v1-WorkloadGroup.yaml
│ │ │ ├── networking-v1alpha3-DestinationRule.yaml
│ │ │ ├── networking-v1alpha3-EnvoyFilter.yaml
│ │ │ ├── networking-v1alpha3-Gateway.yaml
│ │ │ ├── networking-v1alpha3-ServiceEntry.yaml
│ │ │ ├── networking-v1alpha3-Sidecar.yaml
│ │ │ ├── networking-v1alpha3-VirtualService.yaml
│ │ │ ├── networking-v1alpha3-WorkloadEntry.yaml
│ │ │ ├── networking-v1alpha3-WorkloadGroup.yaml
│ │ │ ├── networking-v1beta1-DestinationRule.yaml
│ │ │ ├── networking-v1beta1-Gateway.yaml
│ │ │ ├── networking-v1beta1-ProxyConfig.yaml
│ │ │ ├── networking-v1beta1-ServiceEntry.yaml
│ │ │ ├── networking-v1beta1-Sidecar.yaml
│ │ │ ├── networking-v1beta1-VirtualService.yaml
│ │ │ ├── networking-v1beta1-WorkloadEntry.yaml
│ │ │ ├── networking-v1beta1-WorkloadGroup.yaml
│ │ │ ├── security-v1-AuthorizationPolicy.yaml
│ │ │ ├── security-v1-PeerAuthentication.yaml
│ │ │ ├── security-v1-RequestAuthentication.yaml
│ │ │ ├── security-v1beta1-AuthorizationPolicy.yaml
│ │ │ ├── security-v1beta1-PeerAuthentication.yaml
│ │ │ ├── security-v1beta1-RequestAuthentication.yaml
│ │ │ ├── telemetry-v1-Telemetry.yaml
│ │ │ └── telemetry-v1alpha1-Telemetry.yaml
│ ├── echo
│ │ ├── client.go
│ │ ├── cmd
│ │ │ ├── client
│ │ │ │ ├── client_test.go
│ │ │ │ └── main.go
│ │ │ └── server
│ │ │ │ └── main.go
│ │ ├── common
│ │ │ ├── dialer.go
│ │ │ ├── metrics.go
│ │ │ ├── model.go
│ │ │ ├── scheme
│ │ │ │ └── scheme.go
│ │ │ ├── util.go
│ │ │ └── websocket.go
│ │ ├── docker
│ │ │ ├── Dockerfile.app
│ │ │ ├── Dockerfile.app_sidecar
│ │ │ ├── Dockerfile.app_sidecar_base
│ │ │ ├── Dockerfile.app_sidecar_base_centos
│ │ │ ├── Dockerfile.app_sidecar_centos_8
│ │ │ ├── echo-start.sh
│ │ │ └── sudoers
│ │ ├── fields.go
│ │ ├── parse.go
│ │ ├── proto
│ │ │ ├── echo.pb.go
│ │ │ ├── echo.proto
│ │ │ └── echo_grpc.pb.go
│ │ ├── response.go
│ │ ├── responses.go
│ │ └── server
│ │ │ ├── endpoint
│ │ │ ├── doublehbone.go
│ │ │ ├── grpc.go
│ │ │ ├── grpcbootstrap.go
│ │ │ ├── hbone.go
│ │ │ ├── http.go
│ │ │ ├── instance.go
│ │ │ ├── tcp.go
│ │ │ ├── udp.go
│ │ │ └── util.go
│ │ │ ├── forwarder
│ │ │ ├── config.go
│ │ │ ├── dns.go
│ │ │ ├── executor.go
│ │ │ ├── grpc.go
│ │ │ ├── http.go
│ │ │ ├── instance.go
│ │ │ ├── protocol.go
│ │ │ ├── tcp.go
│ │ │ ├── tls.go
│ │ │ ├── udp.go
│ │ │ ├── util.go
│ │ │ ├── websocket.go
│ │ │ └── xds.go
│ │ │ └── instance.go
│ ├── env
│ │ ├── istio.go
│ │ └── variable.go
│ ├── envoy
│ │ └── binary.go
│ ├── failer.go
│ ├── failer_test.go
│ ├── fakes
│ │ ├── gce_metadata_server
│ │ │ ├── Dockerfile
│ │ │ ├── Makefile
│ │ │ └── main.go
│ │ └── imageregistry
│ │ │ ├── .gitignore
│ │ │ ├── Dockerfile
│ │ │ ├── Makefile
│ │ │ └── main.go
│ ├── framework
│ │ ├── README.md
│ │ ├── analyzer-allowlist.yaml
│ │ ├── components
│ │ │ ├── ambient
│ │ │ │ └── waypoint.go
│ │ │ ├── authz
│ │ │ │ ├── headers.go
│ │ │ │ ├── kube.go
│ │ │ │ ├── kubelocal.go
│ │ │ │ ├── provider.go
│ │ │ │ └── server.go
│ │ │ ├── cluster
│ │ │ │ ├── cluster.go
│ │ │ │ ├── clusters.go
│ │ │ │ ├── config.go
│ │ │ │ ├── kube
│ │ │ │ │ ├── cluster.go
│ │ │ │ │ └── factory.go
│ │ │ │ └── topology.go
│ │ │ ├── crd
│ │ │ │ └── gateway.go
│ │ │ ├── echo
│ │ │ │ ├── caller.go
│ │ │ │ ├── calloptions.go
│ │ │ │ ├── check
│ │ │ │ │ ├── checkers.go
│ │ │ │ │ └── visitor.go
│ │ │ │ ├── checker.go
│ │ │ │ ├── common
│ │ │ │ │ ├── call.go
│ │ │ │ │ ├── deployment
│ │ │ │ │ │ ├── echos.go
│ │ │ │ │ │ ├── external.go
│ │ │ │ │ │ └── namespace.go
│ │ │ │ │ └── ports
│ │ │ │ │ │ └── ports.go
│ │ │ │ ├── config.go
│ │ │ │ ├── config
│ │ │ │ │ ├── builder.go
│ │ │ │ │ ├── param
│ │ │ │ │ │ ├── params.go
│ │ │ │ │ │ ├── template.go
│ │ │ │ │ │ ├── template_test.go
│ │ │ │ │ │ └── wellknown.go
│ │ │ │ │ ├── source.go
│ │ │ │ │ └── sources.go
│ │ │ │ ├── config_test.go
│ │ │ │ ├── deployment
│ │ │ │ │ ├── builder.go
│ │ │ │ │ └── flags.go
│ │ │ │ ├── echotest
│ │ │ │ │ ├── config.go
│ │ │ │ │ ├── echotest.go
│ │ │ │ │ ├── filters.go
│ │ │ │ │ ├── filters_test.go
│ │ │ │ │ ├── run.go
│ │ │ │ │ └── setup.go
│ │ │ │ ├── flags.go
│ │ │ │ ├── instance.go
│ │ │ │ ├── instances.go
│ │ │ │ ├── kube
│ │ │ │ │ ├── builder.go
│ │ │ │ │ ├── deployment.go
│ │ │ │ │ ├── flags.go
│ │ │ │ │ ├── instance.go
│ │ │ │ │ ├── pod_controller.go
│ │ │ │ │ ├── sidecar.go
│ │ │ │ │ ├── templates
│ │ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ │ ├── service.yaml
│ │ │ │ │ │ └── vm_deployment.yaml
│ │ │ │ │ ├── testdata
│ │ │ │ │ │ ├── basic.yaml
│ │ │ │ │ │ ├── disable-automount-sa.yaml
│ │ │ │ │ │ ├── healthcheck-rewrite.yaml
│ │ │ │ │ │ ├── multiple-istio-versions-no-proxy.yaml
│ │ │ │ │ │ ├── multiple-istio-versions.yaml
│ │ │ │ │ │ ├── multiversion.yaml
│ │ │ │ │ │ ├── proxyless-custom-image.yaml
│ │ │ │ │ │ ├── proxyless.yaml
│ │ │ │ │ │ ├── secret.yaml
│ │ │ │ │ │ └── two-workloads-one-nosidecar.yaml
│ │ │ │ │ ├── util.go
│ │ │ │ │ ├── workload.go
│ │ │ │ │ └── workload_manager.go
│ │ │ │ ├── match
│ │ │ │ │ ├── matcher.go
│ │ │ │ │ ├── matchers.go
│ │ │ │ │ └── matchers_test.go
│ │ │ │ ├── namespacedname.go
│ │ │ │ ├── port.go
│ │ │ │ ├── portgen.go
│ │ │ │ ├── services.go
│ │ │ │ ├── sidecar.go
│ │ │ │ ├── util
│ │ │ │ │ └── traffic
│ │ │ │ │ │ ├── generator.go
│ │ │ │ │ │ └── result.go
│ │ │ │ ├── workload.go
│ │ │ │ └── workloadclass.go
│ │ │ ├── environment
│ │ │ │ └── kube
│ │ │ │ │ ├── fake.go
│ │ │ │ │ ├── flags.go
│ │ │ │ │ ├── kube.go
│ │ │ │ │ └── settings.go
│ │ │ ├── gcemetadata
│ │ │ │ ├── gce_metadata_server.yaml
│ │ │ │ ├── gcemetadata.go
│ │ │ │ └── kube.go
│ │ │ ├── istio
│ │ │ │ ├── ca.go
│ │ │ │ ├── cleanup.go
│ │ │ │ ├── config.go
│ │ │ │ ├── configmap.go
│ │ │ │ ├── eastwest.go
│ │ │ │ ├── flags.go
│ │ │ │ ├── gateway.go
│ │ │ │ ├── ingress.go
│ │ │ │ ├── ingress
│ │ │ │ │ └── interface.go
│ │ │ │ ├── installer.go
│ │ │ │ ├── istio.go
│ │ │ │ ├── kube.go
│ │ │ │ └── util.go
│ │ │ ├── istioctl
│ │ │ │ ├── istioctl.go
│ │ │ │ └── kube.go
│ │ │ ├── jwt
│ │ │ │ ├── kube.go
│ │ │ │ └── server.go
│ │ │ ├── namespace
│ │ │ │ ├── kube.go
│ │ │ │ ├── namespace.go
│ │ │ │ ├── namespace_test.go
│ │ │ │ └── static.go
│ │ │ ├── opentelemetry
│ │ │ │ ├── kube.go
│ │ │ │ └── opentelemetry-collector.go
│ │ │ ├── prometheus
│ │ │ │ ├── kube.go
│ │ │ │ └── prometheus.go
│ │ │ ├── registryredirector
│ │ │ │ ├── kube.go
│ │ │ │ ├── registry_redirector_server.yaml
│ │ │ │ └── registryredirector.go
│ │ │ └── zipkin
│ │ │ │ ├── kube.go
│ │ │ │ └── zipkin.go
│ │ ├── config.go
│ │ ├── config
│ │ │ ├── config.go
│ │ │ └── map.go
│ │ ├── errors
│ │ │ └── deprecations.go
│ │ ├── integration
│ │ │ ├── component.go
│ │ │ ├── framework_test.go
│ │ │ └── main_test.go
│ │ ├── label
│ │ │ ├── filter.go
│ │ │ ├── instance.go
│ │ │ ├── labels.go
│ │ │ └── labels_test.go
│ │ ├── logging.go
│ │ ├── operations.go
│ │ ├── resource
│ │ │ ├── config
│ │ │ │ ├── apply
│ │ │ │ │ ├── option.go
│ │ │ │ │ └── options.go
│ │ │ │ ├── cleanup
│ │ │ │ │ └── strategy.go
│ │ │ │ ├── factory.go
│ │ │ │ └── plan.go
│ │ │ ├── context.go
│ │ │ ├── dumper.go
│ │ │ ├── environment.go
│ │ │ ├── flags.go
│ │ │ ├── flags_test.go
│ │ │ ├── matcher.go
│ │ │ ├── matcher_test.go
│ │ │ ├── resource.go
│ │ │ ├── settings.go
│ │ │ ├── setup.go
│ │ │ ├── version.go
│ │ │ └── version_test.go
│ │ ├── resourceid.go
│ │ ├── runtime.go
│ │ ├── scope.go
│ │ ├── scope_test.go
│ │ ├── suite.go
│ │ ├── suite_test.go
│ │ ├── suitecontext.go
│ │ ├── telemetry.go
│ │ ├── test.go
│ │ └── testcontext.go
│ ├── helm
│ │ └── helm.go
│ ├── json.go
│ ├── kube
│ │ ├── dump.go
│ │ └── util.go
│ ├── loadbalancersim
│ │ ├── lb_test.go
│ │ ├── loadbalancer
│ │ │ ├── edf.go
│ │ │ ├── leastrequest.go
│ │ │ ├── priority.go
│ │ │ ├── roundrobin.go
│ │ │ └── weight.go
│ │ ├── locality
│ │ │ ├── locality.go
│ │ │ └── match.go
│ │ ├── mesh
│ │ │ ├── client.go
│ │ │ ├── mesh.go
│ │ │ └── node.go
│ │ ├── network
│ │ │ ├── connection.go
│ │ │ └── helper.go
│ │ ├── timer
│ │ │ └── queue.go
│ │ └── timeseries
│ │ │ ├── data.go
│ │ │ └── instance.go
│ ├── profile
│ │ └── fgprof.go
│ ├── prow
│ │ └── util.go
│ ├── scopes
│ │ └── scopes.go
│ ├── shell
│ │ └── shell.go
│ ├── util.go
│ ├── util
│ │ ├── assert
│ │ │ ├── assert.go
│ │ │ └── tracker.go
│ │ ├── file
│ │ │ └── file.go
│ │ ├── retry
│ │ │ ├── retry.go
│ │ │ └── retry_test.go
│ │ ├── structpath
│ │ │ ├── instance.go
│ │ │ └── instance_test.go
│ │ ├── tmpl
│ │ │ ├── evaluate.go
│ │ │ ├── execute.go
│ │ │ └── parse.go
│ │ └── yml
│ │ │ ├── apply.go
│ │ │ ├── apply_test.go
│ │ │ ├── cache.go
│ │ │ ├── file.go
│ │ │ ├── parse.go
│ │ │ ├── parts.go
│ │ │ └── parts_test.go
│ └── util_test.go
├── testcerts
│ ├── generate-certs.sh
│ └── testcerts.go
├── tracing
│ └── tracing.go
├── typemap
│ ├── map.go
│ └── map_test.go
├── uds
│ ├── listener.go
│ └── listener_test.go
├── url
│ ├── url.go
│ └── url_test.go
├── util
│ ├── concurrent
│ │ └── debouncer.go
│ ├── gogoprotomarshal
│ │ └── protomarshal.go
│ ├── grpc
│ │ └── codes.go
│ ├── hash
│ │ ├── hash.go
│ │ └── hash_test.go
│ ├── identifier
│ │ ├── util.go
│ │ └── util_test.go
│ ├── image
│ │ └── registry.go
│ ├── istiomultierror
│ │ └── util.go
│ ├── net
│ │ ├── ip.go
│ │ └── ip_test.go
│ ├── protomarshal
│ │ ├── grpc.go
│ │ └── protomarshal.go
│ ├── sets
│ │ ├── set.go
│ │ └── set_test.go
│ ├── shellescape
│ │ ├── quote.go
│ │ └── quote_test.go
│ ├── smallset
│ │ ├── smallset.go
│ │ └── smallset_test.go
│ └── strcase
│ │ ├── camelcase.go
│ │ └── camelcase_test.go
├── version
│ ├── cobra.go
│ ├── cobra_test.go
│ ├── stats.go
│ ├── version.go
│ ├── version_linux_test.go
│ └── version_test.go
├── wasm
│ ├── cache.go
│ ├── cache_test.go
│ ├── convert.go
│ ├── convert_test.go
│ ├── httpfetcher.go
│ ├── httpfetcher_test.go
│ ├── imagefetcher.go
│ ├── imagefetcher_test.go
│ ├── leak_test.go
│ ├── monitoring.go
│ └── options.go
├── webhooks
│ ├── monitoring.go
│ ├── util
│ │ └── util.go
│ ├── validation
│ │ ├── controller
│ │ │ ├── controller.go
│ │ │ ├── controller_test.go
│ │ │ └── monitoring.go
│ │ └── server
│ │ │ ├── monitoring.go
│ │ │ ├── server.go
│ │ │ └── server_test.go
│ ├── webhookpatch.go
│ └── webhookpatch_test.go
├── wellknown
│ └── wellknown.go
├── workloadapi
│ ├── fuzz_test.go
│ ├── security
│ │ ├── authorization.pb.go
│ │ ├── authorization.proto
│ │ ├── authorization_json.gen.go
│ │ └── authorization_vtproto.pb.go
│ ├── workload.pb.go
│ ├── workload.proto
│ ├── workload_json.gen.go
│ └── workload_vtproto.pb.go
├── xds
│ ├── monitoring.go
│ ├── server.go
│ └── server_test.go
└── zdsapi
│ ├── zds.pb.go
│ └── zds.proto
├── prow
├── benchtest.sh
├── buildx-create
├── config
│ ├── ambient-sc.yaml
│ ├── calico.md
│ ├── calico.yaml
│ ├── clustertrustbundles.yaml
│ ├── default.yaml
│ ├── metrics
│ │ └── metrics.yaml
│ ├── mixedlb-service.yaml
│ ├── modern.yaml
│ └── topology
│ │ ├── ambient-multicluster.json
│ │ ├── external-istiod-multicluster.json
│ │ ├── external-istiod.json
│ │ ├── multicluster-large.json
│ │ ├── multicluster.json
│ │ └── single.json
├── coverage.sh
├── integ-suite-kind.sh
├── lib.sh
├── release-commit.sh
└── release-test.sh
├── release
├── downloadIstioCandidate.sh
└── downloadIstioCtl.sh
├── releasenotes
├── README.md
├── notes
│ ├── 13330.yaml
│ ├── 14400-optional-jwt-issuer.yaml
│ ├── 16585.yaml
│ ├── 18152.yaml
│ ├── 18487.yaml
│ ├── 19300.yaml
│ ├── 21340.yaml
│ ├── 21715.yaml
│ ├── 22161.yaml
│ ├── 2309-gateway-api.yaml
│ ├── 24471.yaml
│ ├── 24554.yaml
│ ├── 24737.yaml
│ ├── 24905.yaml
│ ├── 25280.yaml
│ ├── 25302.yaml
│ ├── 25350.yaml
│ ├── 25519.yaml
│ ├── 25669.yaml
│ ├── 25678.yaml
│ ├── 25737.yaml
│ ├── 25746.yaml
│ ├── 25794.yaml
│ ├── 25818.yaml
│ ├── 25832.yaml
│ ├── 26001.yaml
│ ├── 26185.yaml
│ ├── 26486.yaml
│ ├── 26668.yaml
│ ├── 26851.yaml
│ ├── 26940.yaml
│ ├── 27049.yaml
│ ├── 27084.yaml
│ ├── 27086.yaml
│ ├── 27115.yaml
│ ├── 27159.yaml
│ ├── 27239.yaml
│ ├── 27293.yaml
│ ├── 27300.yaml
│ ├── 27342.yaml
│ ├── 27425.yaml
│ ├── 27430.yaml
│ ├── 27490.yaml
│ ├── 27509-lease-duration.yaml
│ ├── 27509.yaml
│ ├── 27566.yaml
│ ├── 27606.yaml
│ ├── 27696.yaml
│ ├── 27726.yaml
│ ├── 27734.yaml
│ ├── 27771.yaml
│ ├── 27947.yaml
│ ├── 27976.yaml
│ ├── 27990.yaml
│ ├── 28003.yaml
│ ├── 28269.yaml
│ ├── 28344.yaml
│ ├── 28346.yaml
│ ├── 28406.yaml
│ ├── 28604.yaml
│ ├── 28742.yaml
│ ├── 28753.yaml
│ ├── 28794.yaml
│ ├── 28797.yaml
│ ├── 28915.yaml
│ ├── 28942.yaml
│ ├── 28996.yaml
│ ├── 29032.yaml
│ ├── 29034.yaml
│ ├── 29183.yaml
│ ├── 29270.yaml
│ ├── 29275.yaml
│ ├── 29372.yaml
│ ├── 29376.yaml
│ ├── 29414.yaml
│ ├── 29427.yaml
│ ├── 29445.yaml
│ ├── 29608.yaml
│ ├── 29681.yaml
│ ├── 29855.yaml
│ ├── 29894.yaml
│ ├── 29918.yaml
│ ├── 29942.yaml
│ ├── 30014.yaml
│ ├── 30067.yaml
│ ├── 30070.yaml
│ ├── 30079.yaml
│ ├── 30181.yaml
│ ├── 30200.yaml
│ ├── 30203.yaml
│ ├── 30208.yaml
│ ├── 30221.yaml
│ ├── 30261.yaml
│ ├── 30294.yaml
│ ├── 30683.yaml
│ ├── 30705.yaml
│ ├── 30723.yaml
│ ├── 30833.yaml
│ ├── 30838.yaml
│ ├── 30868.yaml
│ ├── 30885.yaml
│ ├── 30991.yaml
│ ├── 31075.yaml
│ ├── 31095.yaml
│ ├── 31168.yaml
│ ├── 31186.yaml
│ ├── 31336.yaml
│ ├── 31338.yaml
│ ├── 31403.yaml
│ ├── 31517.yaml
│ ├── 31522.yaml
│ ├── 31573.yaml
│ ├── 31695-releasenote.yaml
│ ├── 31779.yaml
│ ├── 31797.yaml
│ ├── 31853.yaml
│ ├── 31910.yaml
│ ├── 31946.yaml
│ ├── 3215.yaml
│ ├── 32201.yaml
│ ├── 32462.yaml
│ ├── 32469.yaml
│ ├── 32513.yaml
│ ├── 32539.yaml
│ ├── 32588.yaml
│ ├── 32749.yaml
│ ├── 33293.yaml
│ ├── 33359.yaml
│ ├── 33387.yaml
│ ├── 33405.yaml
│ ├── 33455.yaml
│ ├── 33472.yaml
│ ├── 33536.yaml
│ ├── 33537.yaml
│ ├── 33734.yaml
│ ├── 33737.yaml
│ ├── 33841.yaml
│ ├── 33864.yaml
│ ├── 33879.yaml
│ ├── 34065.yaml
│ ├── 34086.yaml
│ ├── 34118.yaml
│ ├── 34129.yaml
│ ├── 34211.yaml
│ ├── 34325.yaml
│ ├── 34633.yaml
│ ├── 34802.yaml
│ ├── 34811.yaml
│ ├── 34814.yaml
│ ├── 34847.yaml
│ ├── 34896.yaml
│ ├── 34944.yaml
│ ├── 34982.yaml
│ ├── 35014.yaml
│ ├── 35059.yaml
│ ├── 35068.yaml
│ ├── 35111.yaml
│ ├── 35220.yaml
│ ├── 35229.yaml
│ ├── 35290.yaml
│ ├── 35293.yaml
│ ├── 35333.yaml
│ ├── 35357.yaml
│ ├── 35385.yaml
│ ├── 35405.yaml
│ ├── 35429.yaml
│ ├── 35475.yaml
│ ├── 35480-ext-authz.yaml
│ ├── 35483.yaml
│ ├── 35485.yaml
│ ├── 35509.yaml
│ ├── 35539.yaml
│ ├── 35593.yaml
│ ├── 35648.yaml
│ ├── 35657.yaml
│ ├── 35712.yaml
│ ├── 35723.yaml
│ ├── 35771.yaml
│ ├── 35883.yaml
│ ├── 35884.yaml
│ ├── 36044.yaml
│ ├── 36107.yaml
│ ├── 36110.yaml
│ ├── 36181-gateway-rsa-ecdsa.yaml
│ ├── 36258.yaml
│ ├── 36274.yaml
│ ├── 36277.yaml
│ ├── 36278.yaml
│ ├── 36290.yaml
│ ├── 36422.yaml
│ ├── 36434.yaml
│ ├── 36452.yaml
│ ├── 36465.yaml
│ ├── 36499.yaml
│ ├── 36510.yaml
│ ├── 36533.yaml
│ ├── 36541.yaml
│ ├── 36566.yaml
│ ├── 36570.yaml
│ ├── 36634.yaml
│ ├── 36644.yaml
│ ├── 36655.yaml
│ ├── 36713.yaml
│ ├── 36778.yaml
│ ├── 36796.yaml
│ ├── 36806.yaml
│ ├── 36809.yaml
│ ├── 36813.yaml
│ ├── 36817.yaml
│ ├── 36835.yaml
│ ├── 36896.yaml
│ ├── 36911.yaml
│ ├── 36928.yaml
│ ├── 36946.yaml
│ ├── 36959.yaml
│ ├── 37057.yaml
│ ├── 37091.yaml
│ ├── 37183.yaml
│ ├── 37223.yaml
│ ├── 37227.yaml
│ ├── 37259.yaml
│ ├── 37356.yaml
│ ├── 37415.yaml
│ ├── 37581.yaml
│ ├── 37637.yaml
│ ├── 37677.yaml
│ ├── 37681.yaml
│ ├── 37708.yaml
│ ├── 37737.yaml
│ ├── 37903.yaml
│ ├── 37946.yaml
│ ├── 38021.yaml
│ ├── 38077.yaml
│ ├── 38083.yaml
│ ├── 38088.yaml
│ ├── 38146.yaml
│ ├── 38158.yaml
│ ├── 38192.yaml
│ ├── 38250.yaml
│ ├── 38273.yaml
│ ├── 38429.yaml
│ ├── 38495.yaml
│ ├── 38543.yaml
│ ├── 38641.yaml
│ ├── 38650.yaml
│ ├── 38676.yaml
│ ├── 38678.yaml
│ ├── 38689.yaml
│ ├── 38703.yaml
│ ├── 38750.yaml
│ ├── 38801.yaml
│ ├── 38833.yaml
│ ├── 38885.yaml
│ ├── 39050.yaml
│ ├── 39110.yaml
│ ├── 39146.yaml
│ ├── 39188.yaml
│ ├── 39190.yaml
│ ├── 39201.yaml
│ ├── 39272.yaml
│ ├── 39366.yaml
│ ├── 39404.yaml
│ ├── 39430.yaml
│ ├── 39505.yaml
│ ├── 39521.yaml
│ ├── 39525.yaml
│ ├── 39699.yaml
│ ├── 39726.yaml
│ ├── 39729.yaml
│ ├── 39765.yaml
│ ├── 39825.yaml
│ ├── 40032.yaml
│ ├── 40085.yaml
│ ├── 40093.yaml
│ ├── 40115.yaml
│ ├── 40142.yaml
│ ├── 40184.yaml
│ ├── 40198.yaml
│ ├── 40220.yaml
│ ├── 40244.yaml
│ ├── 40268.yaml
│ ├── 40297.yaml
│ ├── 40299.yaml
│ ├── 40339.yaml
│ ├── 40394.yaml
│ ├── 40405.yaml
│ ├── 40561.yaml
│ ├── 40578.yaml
│ ├── 40680.yaml
│ ├── 40727.yaml
│ ├── 40729.yaml
│ ├── 40778.yaml
│ ├── 40797.yaml
│ ├── 40809.yaml
│ ├── 40851.yaml
│ ├── 40997.yaml
│ ├── 41018.yaml
│ ├── 41020.yaml
│ ├── 41066.yaml
│ ├── 41114.yaml
│ ├── 41161.yaml
│ ├── 41171.yaml
│ ├── 41212.yaml
│ ├── 41245.yaml
│ ├── 41322.yaml
│ ├── 41330.yaml
│ ├── 41425.yaml
│ ├── 41431.yaml
│ ├── 41483.yaml
│ ├── 41541.yaml
│ ├── 41548.yaml
│ ├── 41621.yaml
│ ├── 41644.yaml
│ ├── 41761.yaml
│ ├── 41785.yaml
│ ├── 41858.yaml
│ ├── 41908.yaml
│ ├── 41911.yaml
│ ├── 41912.yaml
│ ├── 41923.yaml
│ ├── 41996.yaml
│ ├── 42104.yaml
│ ├── 42119.yaml
│ ├── 42173.yaml
│ ├── 42184.yaml
│ ├── 42203.yaml
│ ├── 42212.yaml
│ ├── 42235.yaml
│ ├── 42248.yaml
│ ├── 42252.yaml
│ ├── 42365.yaml
│ ├── 42377.yaml
│ ├── 42381.yaml
│ ├── 42398.yaml
│ ├── 42400.yaml
│ ├── 42414.yaml
│ ├── 42513.yaml
│ ├── 42518.yaml
│ ├── 42576.yaml
│ ├── 42712.yaml
│ ├── 42778.yaml
│ ├── 42818.yaml
│ ├── 42832.yaml
│ ├── 42852.yaml
│ ├── 42919.yaml
│ ├── 43045.yaml
│ ├── 43060.yaml
│ ├── 43064.yaml
│ ├── 43099.yaml
│ ├── 43104.yaml
│ ├── 43120.yaml
│ ├── 43173.yaml
│ ├── 43179.yaml
│ ├── 43318.yaml
│ ├── 43355.yaml
│ ├── 43372.yaml
│ ├── 43398.yaml
│ ├── 43433.yaml
│ ├── 43434.yaml
│ ├── 43436.yaml
│ ├── 43453.yaml
│ ├── 43483.yaml
│ ├── 43498.yaml
│ ├── 43508.yaml
│ ├── 43535.yaml
│ ├── 43580.yaml
│ ├── 43652.yaml
│ ├── 43688.yaml
│ ├── 43706.yaml
│ ├── 43709.yaml
│ ├── 43710.yaml
│ ├── 43765.yaml
│ ├── 43771.yaml
│ ├── 43775.yaml
│ ├── 43821.yaml
│ ├── 43848.yaml
│ ├── 43850.yaml
│ ├── 43853.yaml
│ ├── 43858.yaml
│ ├── 43876.yaml
│ ├── 43892.yaml
│ ├── 43897.yaml
│ ├── 43921.yaml
│ ├── 43945.yaml
│ ├── 43951.yaml
│ ├── 43986.yaml
│ ├── 43998.yaml
│ ├── 44002.yaml
│ ├── 44017.yaml
│ ├── 44071.yaml
│ ├── 44105.yaml
│ ├── 44123.yaml
│ ├── 44137.yaml
│ ├── 44151.yaml
│ ├── 44152.yaml
│ ├── 44159.yaml
│ ├── 44161.yaml
│ ├── 44195.yaml
│ ├── 44293.yaml
│ ├── 44303.yaml
│ ├── 44345.yaml
│ ├── 44355.yaml
│ ├── 44388.yaml
│ ├── 44414.yaml
│ ├── 44424.yaml
│ ├── 44439.yaml
│ ├── 44468.yaml
│ ├── 44481.yaml
│ ├── 44506.yaml
│ ├── 44605.yaml
│ ├── 44712.yaml
│ ├── 44777.yaml
│ ├── 44820.yaml
│ ├── 44916.yaml
│ ├── 44929.yaml
│ ├── 44931.yaml
│ ├── 44986.yaml
│ ├── 45150.yaml
│ ├── 45216.yaml
│ ├── 45243.yaml
│ ├── 45275.yaml
│ ├── 45329.yaml
│ ├── 45331.yaml
│ ├── 45404.yaml
│ ├── 45407.yaml
│ ├── 45413.yaml
│ ├── 45415-overlapping-wildcards.yaml
│ ├── 45472.yaml
│ ├── 45489.yaml
│ ├── 45506.yaml
│ ├── 45549.yaml
│ ├── 45564-virtualHost-Domains-for-dual-stack.yaml
│ ├── 45577.yaml
│ ├── 45640.yaml
│ ├── 45641.yaml
│ ├── 45643.yaml
│ ├── 45644.yaml
│ ├── 45695.yaml
│ ├── 45719.yaml
│ ├── 45734.yaml
│ ├── 45749.yaml
│ ├── 45758.yaml
│ ├── 45800.yaml
│ ├── 45831.yaml
│ ├── 45842.yaml
│ ├── 45866.yaml
│ ├── 45894.yaml
│ ├── 45919.yaml
│ ├── 46035.yaml
│ ├── 46051.yaml
│ ├── 46072.yaml
│ ├── 46073.yaml
│ ├── 46087.yaml
│ ├── 46088.yaml
│ ├── 46104.yaml
│ ├── 46121.yaml
│ ├── 46136.yaml
│ ├── 46161.yaml
│ ├── 46241.yaml
│ ├── 46257.yaml
│ ├── 46267.yaml
│ ├── 46277.yaml
│ ├── 46312.yaml
│ ├── 46339.yaml
│ ├── 46348.yaml
│ ├── 46421.yaml
│ ├── 46437.yaml
│ ├── 46465.yaml
│ ├── 46483.yaml
│ ├── 46511.yaml
│ ├── 46514.yaml
│ ├── 46531.yaml
│ ├── 46540.yaml
│ ├── 46553.yaml
│ ├── 46584.yaml
│ ├── 46592.yaml
│ ├── 46597.yaml
│ ├── 46614.yaml
│ ├── 46625.yaml
│ ├── 46651.yaml
│ ├── 46678.yaml
│ ├── 46693.yaml
│ ├── 46711.yaml
│ ├── 46719.yaml
│ ├── 46725.yaml
│ ├── 46780.yaml
│ ├── 46844.yaml
│ ├── 46845.yaml
│ ├── 46846.yaml
│ ├── 46847.yaml
│ ├── 46868.yaml
│ ├── 46880.yaml
│ ├── 46901.yaml
│ ├── 46935.yaml
│ ├── 46963.yaml
│ ├── 46968.yaml
│ ├── 47045.yaml
│ ├── 47063.yaml
│ ├── 47081.yaml
│ ├── 47099.yaml
│ ├── 47148.yaml
│ ├── 47211.yaml
│ ├── 47218.yaml
│ ├── 47252.yaml
│ ├── 47269.yaml
│ ├── 47273.yaml
│ ├── 47290.yaml
│ ├── 47300.yaml
│ ├── 47302.yaml
│ ├── 47318.yaml
│ ├── 47340.yaml
│ ├── 47342.yaml
│ ├── 47412.yaml
│ ├── 47444.yaml
│ ├── 47515.yaml
│ ├── 47538.yaml
│ ├── 47539.yaml
│ ├── 47574.yaml
│ ├── 47617.yaml
│ ├── 47681.yaml
│ ├── 47703.yaml
│ ├── 47705.yaml
│ ├── 47740.yaml
│ ├── 47818.yaml
│ ├── 47835-otlp-http-exporter.yaml
│ ├── 47877.yaml
│ ├── 47946.yaml
│ ├── 47957.yaml
│ ├── 47961.yaml
│ ├── 47990.yaml
│ ├── 47997.yaml
│ ├── 48017.yaml
│ ├── 48019.yaml
│ ├── 48021.yaml
│ ├── 48031.yaml
│ ├── 48047-probe-return-body.yaml
│ ├── 48089.yaml
│ ├── 48147.yaml
│ ├── 48174.yaml
│ ├── 48203.yaml
│ ├── 48207.yaml
│ ├── 48224.yaml
│ ├── 48253.yaml
│ ├── 48266.yaml
│ ├── 48312.yaml
│ ├── 48318.yaml
│ ├── 48334.yaml
│ ├── 48368.yaml
│ ├── 48461.yaml
│ ├── 48466.yaml
│ ├── 48471.yaml
│ ├── 48526.yaml
│ ├── 48544.yaml
│ ├── 48545.yaml
│ ├── 48557.yaml
│ ├── 48562.yaml
│ ├── 48580.yaml
│ ├── 48593.yaml
│ ├── 48595.yaml
│ ├── 48603.yaml
│ ├── 48621.yaml
│ ├── 48684.yaml
│ ├── 48689.yaml
│ ├── 48762.yaml
│ ├── 48769.yaml
│ ├── 48780.yaml
│ ├── 48786.yaml
│ ├── 48814.yaml
│ ├── 48818.yaml
│ ├── 48843.yaml
│ ├── 48882.yaml
│ ├── 48958.yaml
│ ├── 48982.yaml
│ ├── 48985.yaml
│ ├── 49011.yaml
│ ├── 49012.yaml
│ ├── 49029.yaml
│ ├── 49049.yaml
│ ├── 49098.yaml
│ ├── 49139.yaml
│ ├── 49364.yaml
│ ├── 49368.yaml
│ ├── 49379.yaml
│ ├── 49435.yaml
│ ├── 49443.yaml
│ ├── 49476.yaml
│ ├── 49489.yaml
│ ├── 49511.yaml
│ ├── 49537.yaml
│ ├── 49539.yaml
│ ├── 49555.yaml
│ ├── 49602.yaml
│ ├── 49620.yaml
│ ├── 49638.yaml
│ ├── 49675.yaml
│ ├── 49700.yaml
│ ├── 49713.yaml
│ ├── 49802.yaml
│ ├── 49851.yaml
│ ├── 49896.yaml
│ ├── 49911.yaml
│ ├── 49960.yaml
│ ├── 49965.yaml
│ ├── 50060.yaml
│ ├── 50110.yaml
│ ├── 50124.yaml
│ ├── 50132.yaml
│ ├── 50138.yaml
│ ├── 50157.yaml
│ ├── 50195.yaml
│ ├── 50218.yaml
│ ├── 50221.yaml
│ ├── 50267.yaml
│ ├── 50328.yaml
│ ├── 50347.yaml
│ ├── 50355.yaml
│ ├── 50395.yaml
│ ├── 50452.yaml
│ ├── 50506.yaml
│ ├── 50572.yaml
│ ├── 50596.yaml
│ ├── 50688.yaml
│ ├── 50700.yaml
│ ├── 50728.yaml
│ ├── 50737.yaml
│ ├── 50747.yaml
│ ├── 50781.yaml
│ ├── 50791.yaml
│ ├── 50804.yaml
│ ├── 50933.yaml
│ ├── 51044.yaml
│ ├── 51050.yaml
│ ├── 51070.yaml
│ ├── 51072.yaml
│ ├── 51074.yaml
│ ├── 51078.yaml
│ ├── 51081.yaml
│ ├── 51174.yaml
│ ├── 51204.yaml
│ ├── 51221.yaml
│ ├── 51239.yaml
│ ├── 51278.yaml
│ ├── 51289.yaml
│ ├── 51296.yaml
│ ├── 51311.yaml
│ ├── 51377.yaml
│ ├── 51399.yaml
│ ├── 51429.yaml
│ ├── 51496.yaml
│ ├── 51506.yaml
│ ├── 51559.yaml
│ ├── 51565-waypoint-sourcelabels.yaml
│ ├── 51568.yaml
│ ├── 51595.yaml
│ ├── 51636.yaml
│ ├── 51640.yaml
│ ├── 51692.yaml
│ ├── 51726.yaml
│ ├── 51761.yaml
│ ├── 51800.yaml
│ ├── 51826.yaml
│ ├── 51897.yaml
│ ├── 51898.yaml
│ ├── 51900.yaml
│ ├── 51934.yaml
│ ├── 51936.yaml
│ ├── 51939.yaml
│ ├── 51966.yaml
│ ├── 51967.yaml
│ ├── 51972.yaml
│ ├── 51979.yaml
│ ├── 51987.yaml
│ ├── 52005.yaml
│ ├── 52017.yaml
│ ├── 52033.yaml
│ ├── 52034-labels.yaml
│ ├── 52049.yaml
│ ├── 52055.yaml
│ ├── 52082.yaml
│ ├── 52127.yaml
│ ├── 52177.yaml
│ ├── 52192.yaml
│ ├── 52252.yaml
│ ├── 52319.yaml
│ ├── 52320.yaml
│ ├── 52323.yaml
│ ├── 52367.yaml
│ ├── 52413.yaml
│ ├── 52422.yaml
│ ├── 52519.yaml
│ ├── 52534.yaml
│ ├── 52540.yaml
│ ├── 52558.yaml
│ ├── 52597.yaml
│ ├── 52612.yaml
│ ├── 52630.yaml
│ ├── 52631.yaml
│ ├── 52645.yaml
│ ├── 52663.yaml
│ ├── 52743.yaml
│ ├── 52753.yaml
│ ├── 52835.yaml
│ ├── 52850.yaml
│ ├── 52873.yaml
│ ├── 52877.yaml
│ ├── 52883.yaml
│ ├── 52899.yaml
│ ├── 52901.yaml
│ ├── 52981.yaml
│ ├── 53016.yaml
│ ├── 53086.yaml
│ ├── 53091.yaml
│ ├── 53120.yaml
│ ├── 53121.yaml
│ ├── 53153.yaml
│ ├── 53279.yaml
│ ├── 53294.yaml
│ ├── 53318.yaml
│ ├── 53331.yaml
│ ├── 53337.yaml
│ ├── 53339.yaml
│ ├── 53351.yaml
│ ├── 53385.yaml
│ ├── 53402.yaml
│ ├── 53429.yaml
│ ├── 53450.yaml
│ ├── 53566.yaml
│ ├── 53571.yaml
│ ├── 53572.yaml
│ ├── 53577.yaml
│ ├── 53582.yaml
│ ├── 53588.yaml
│ ├── 53624.yaml
│ ├── 53650.yaml
│ ├── 53736.yaml
│ ├── 53778.yaml
│ ├── 53801.yaml
│ ├── 53829-2.yaml
│ ├── 53829.yaml
│ ├── 53845-condition-for-ingress-waypoint.yaml
│ ├── 53852.yaml
│ ├── 53861.yaml
│ ├── 53862.yaml
│ ├── 53880.yaml
│ ├── 53884.yaml
│ ├── 53894.yaml
│ ├── 53906.yaml
│ ├── 53933.yaml
│ ├── 53951.yaml
│ ├── 53974.yaml
│ ├── 53989.yaml
│ ├── 53998.yaml
│ ├── 54000.yaml
│ ├── 54002.yaml
│ ├── 54043.yaml
│ ├── 54064.yaml
│ ├── 54071.yaml
│ ├── 54095.yaml
│ ├── 54118.yaml
│ ├── 54141.yaml
│ ├── 54145.yaml
│ ├── 54146.yaml
│ ├── 54180.yaml
│ ├── 54264.yaml
│ ├── 54267.yaml
│ ├── 54280.yaml
│ ├── 54289.yaml
│ ├── 54292.yaml
│ ├── 54311.yaml
│ ├── 54334.yaml
│ ├── 54357.yaml
│ ├── 54458.yaml
│ ├── 54562.yaml
│ ├── 54565.yaml
│ ├── 54575.yaml
│ ├── 54643.yaml
│ ├── 54644.yaml
│ ├── 54667.yaml
│ ├── 54675.yaml
│ ├── 54680.yaml
│ ├── 54690.yaml
│ ├── 54714.yaml
│ ├── 54726.yaml
│ ├── 54738.yaml
│ ├── 54780.yaml
│ ├── 54825.yaml
│ ├── 54843.yaml
│ ├── 54892.yaml
│ ├── 54909.yaml
│ ├── 54930.yaml
│ ├── 54935.yaml
│ ├── 54959.yaml
│ ├── 54962-istioctl-timeout.yaml
│ ├── 55047.yaml
│ ├── 55055.yaml
│ ├── 55092.yaml
│ ├── 55139.yaml
│ ├── 55152.yaml
│ ├── 55157.yaml
│ ├── 55194.yaml
│ ├── 55236.yaml
│ ├── 55238.yaml
│ ├── 55258.yaml
│ ├── 55281.yaml
│ ├── 55304.yaml
│ ├── 55316.yaml
│ ├── 55406.yaml
│ ├── 55409.yaml
│ ├── 55465.yaml
│ ├── 55478.yaml
│ ├── 55567.yaml
│ ├── 55568.yaml
│ ├── 55569.yaml
│ ├── 55676.yaml
│ ├── 55692.yaml
│ ├── 55742.yaml
│ ├── 55744.yaml
│ ├── 55746.yaml
│ ├── 55803.yaml
│ ├── 55843.yaml
│ ├── 55848.yaml
│ ├── 55859.yaml
│ ├── 55871.yaml
│ ├── 55968.yaml
│ ├── 55976.yaml
│ ├── 56004.yaml
│ ├── 56011-sandwich-allowedRoutes.yaml
│ ├── 56021.yaml
│ ├── 56048.yaml
│ ├── 56076.yaml
│ ├── 56083.yaml
│ ├── 56090.yaml
│ ├── 56091.yaml
│ ├── 56093.yaml
│ ├── 56103.yaml
│ ├── 56110.yaml
│ ├── 56217.yaml
│ ├── 56240.yaml
│ ├── 56276.yaml
│ ├── 56297.yaml
│ ├── 56300.yaml
│ ├── 56306.yaml
│ ├── 56353.yaml
│ ├── 56414.yaml
│ ├── 56441.yaml
│ ├── 56454.yaml
│ ├── 56476.yaml
│ ├── 56477.yaml
│ ├── 56500.yaml
│ ├── 56529.yaml
│ ├── 56559.yaml
│ ├── 56560.yaml
│ ├── 56577.yaml
│ ├── 56600.yaml
│ ├── 56662.yaml
│ ├── 56666.yaml
│ ├── 56687.yaml
│ ├── 56695.yaml
│ ├── 56738.yaml
│ ├── 56827.yaml
│ ├── 56845-inference-extension.yaml
│ ├── 56854.yaml
│ ├── 837475-caBundle.yaml
│ ├── abort-with-grpc-status-code.yaml
│ ├── access-log-service-crash.yaml
│ ├── add-affinity-field-to-istiod.yaml
│ ├── add-cluster-id-for-cluster-sync-metrics.yaml
│ ├── add-customized-ca-metadata-support-to-istio-agent.yaml
│ ├── add-default-revision-webhook.yaml
│ ├── add-idle-timeout-to-destination-rule-tcp-settings.yaml
│ ├── add-istiod-uptime-metric.yaml
│ ├── add-openshift-profile.yaml
│ ├── add-overwrite-flag.yaml
│ ├── add-pod-securitycontext.yaml
│ ├── add-release-notes-generation.yaml
│ ├── add-remote-profile.yaml
│ ├── add-sni-host.yaml
│ ├── add-tolerations-field-to-istiod.yaml
│ ├── add_trust_domans_san_validator.yaml
│ ├── add_updateInterval_to_env_var.yaml
│ ├── addon-remove.yaml
│ ├── agent-dns-capture.yaml
│ ├── agent-dns-forward-parallel.yaml
│ ├── agent-metrics.yaml
│ ├── agent-probe-keepalives.yaml
│ ├── agent-startup.yaml
│ ├── agent-xds-piggyback.yaml
│ ├── agent-xds-proxy.yaml
│ ├── alpn-gateway-auto.yaml
│ ├── alt-stat-name.yaml
│ ├── ambient-customize-updatestrategy.yaml
│ ├── ambient-dns-on.yaml
│ ├── ambient-hostnetwork.yaml
│ ├── ambient-ingress-discovery.yaml
│ ├── ambient-logs.yaml
│ ├── ambient-ns-policy.yaml
│ ├── ambient-peer-authentication.yaml
│ ├── ambient-redirect.yaml
│ ├── ambient-service-entry.yaml
│ ├── ambient-telemetry.yaml
│ ├── ambient-waypoint-portlevel.yaml
│ ├── ap-gateway-class-status.yml
│ ├── ap-not-in-root-ns-gwclass-targetref.yml
│ ├── api-server-cluster-local.yaml
│ ├── apko-distroless.yaml
│ ├── artifact-naming.yaml
│ ├── audit-authz-policy.yaml
│ ├── authz-dry-run-alpha.yaml
│ ├── authz-dry-run.yaml
│ ├── authz-ext-authz.yaml
│ ├── auto-allocate-dns.yaml
│ ├── auto-auto-passthrough.yaml
│ ├── auto-mtls-headless.yaml
│ ├── auto-mtls-passthrough.yaml
│ ├── auto-passthrough-regression.yaml
│ ├── auto-san-validation-support.yaml
│ ├── auto-san-validation.yaml
│ ├── auto-sni-support.yaml
│ ├── autoregistered-workload-entry-locality.yaml
│ ├── azureTags.yaml
│ ├── backend-policies.yaml
│ ├── backend-tls.yaml
│ ├── backpressure.yaml
│ ├── bad-envoy-build.yaml
│ ├── bds-removal.yaml
│ ├── bookinfo-openshift.yaml
│ ├── bootstrap-histogram-buckets.yaml
│ ├── bootstrap-override-config-gateway-injection-template.yaml
│ ├── bug-fix-for-arch-helm-templates.yaml
│ ├── bug-fix-serviceentry-workloadselector.yaml
│ ├── bug-fix-virtualservice-visibilty-private.yaml
│ ├── bug-report-perf.yaml
│ ├── bug-report-rps-limit.yaml
│ ├── bug-report-speedup.yaml
│ ├── bug-report.yaml
│ ├── cds-cache.yaml
│ ├── cds-nack-passthrough.yaml
│ ├── check-cacerts-completeness.yaml
│ ├── check-disabled-status.yaml
│ ├── chiron.yaml
│ ├── cipher_suites.yaml
│ ├── cipher_suites_mesh_to_mesh.yaml
│ ├── cluster-labels-prometheus.yaml
│ ├── cluster-specific-generate.yaml
│ ├── cluster-trust-bundle.yaml
│ ├── cncf-ebpf-enable.yaml
│ ├── cncf-ebpf.yaml
│ ├── cni-combine-repair-and-install.yaml
│ ├── cni-dns-capture.yaml
│ ├── cni-drop-psp.yaml
│ ├── cni-memory.yaml
│ ├── cni-no-sh.yaml
│ ├── cni-pprof.yaml
│ ├── cni-promote.yaml
│ ├── cni-refactor.yaml
│ ├── cni-rolling-max-available.yaml
│ ├── cni-uds-log.yaml
│ ├── compatibility-profile-native-sidecar.yaml
│ ├── compatibility-version-1-20.yaml
│ ├── concurrent-map-write.yaml
│ ├── configdump-query-types.yaml
│ ├── configmap-mount.yaml
│ ├── consul.yaml
│ ├── correct-virtualmachine-config-format.yaml
│ ├── crd-webhook-v1.yaml
│ ├── credential-name-support-egress-sidecar.yaml
│ ├── crl_support.yaml
│ ├── curl-sample.yaml
│ ├── custom-gw-classname.yaml
│ ├── dashboard-custom-port.yaml
│ ├── dashboard-reporter-dropdown.yaml
│ ├── debug-auth.yaml
│ ├── debug-handlers.yaml
│ ├── dedupe-mismatch-output.yaml
│ ├── default-access-log.yaml
│ ├── default-container.yaml
│ ├── default-json-logging-envoy-telemetry-api.yaml
│ ├── deferred_cluster_creation.yaml
│ ├── deferred_stats_creation.yaml
│ ├── delay-app-start.yaml
│ ├── delete-archs-helm-templates.yaml
│ ├── delta-xds-default.yaml
│ ├── delta-xds-stale.yaml
│ ├── deprecate-global-archconfig.yaml
│ ├── deprecate-istio_cni.yaml
│ ├── deprecate-k8sca-upto-v1.20.yaml
│ ├── deprecate-operator-httpfetch.yaml
│ ├── deprecated-envoy-filter.yaml
│ ├── desc-to-admin-log-scope.yaml
│ ├── destination-cluster-stats-label.yaml
│ ├── destination-rule-proxyprotocol
│ ├── destination-rule-tunneling.yaml
│ ├── destination-rule-workload-selector.yaml
│ ├── detect-cni.yaml
│ ├── disable-fs-group-injection.yaml
│ ├── disable-host-header-fallback.yaml
│ ├── disable-leader-elect.yaml
│ ├── dns-localhost-loop.yaml
│ ├── dns-nxdomain.yaml
│ ├── dns-round-robin.yaml
│ ├── double-ack.yaml
│ ├── double-wildcard.yaml
│ ├── dr-analyzer.yaml
│ ├── dr-ca-cert-analyzer-errorr-line.yaml
│ ├── dr-san-validation.yaml
│ ├── dr-sds.yaml
│ ├── drop-118-ingress.yaml
│ ├── drop-coredump.yaml
│ ├── drop-default-request-timeout.yaml
│ ├── drop-default-tracing.yaml
│ ├── drop-distribution.yaml
│ ├── drop-gateway-alpha.yaml
│ ├── drop-headless.yaml
│ ├── drop-iop.yaml
│ ├── drop-istioctl-mesh.yaml
│ ├── drop-kustomize.yaml
│ ├── drop-legacy-auto-mtls-check.yaml
│ ├── drop-legacy-autopassthrough.yaml
│ ├── drop-legacy-credential.yaml
│ ├── drop-legacy-fsgroup-injection.yaml
│ ├── drop-legacy-inbound-passthrough.yaml
│ ├── drop-legacy-ingress-flag.yaml
│ ├── drop-legacy-inheritance-flag.yaml
│ ├── drop-legacy-istio-trace-tags.yaml
│ ├── drop-legacy-lb-flag.yaml
│ ├── drop-legacy-partial-full-push.yaml
│ ├── drop-legacy-spiffe-bundle-endpoints.yaml
│ ├── drop-log-rotate.yaml
│ ├── drop-protocol-detection.yaml
│ ├── drop-reload-plugin-certs.yaml
│ ├── drop-reload-prioritized-leader-election.yaml
│ ├── drop-reload-sidecar-ignore-port.yaml
│ ├── drop-taint.yaml
│ ├── drop-tcp-probe.yaml
│ ├── drop-telemetry-envoyfilter.yaml
│ ├── drop-xds-v2.yaml
│ ├── dual-stack-alpha.yaml
│ ├── duplicate-subset-names.yaml
│ ├── duplicated-extra-stats-tag.yaml
│ ├── dynatrace-sampler.yaml
│ ├── ecc-csr.yaml
│ ├── ecc-p384.yaml
│ ├── ecdh_support.yaml
│ ├── ef-tls-regression.yaml
│ ├── enable-auto-sni.yaml
│ ├── enable-enhanced-scope.yaml
│ ├── enable-verify-certificate-at-client.yaml
│ ├── endpoint-before-pod.yaml
│ ├── endpoint-slice.yaml
│ ├── endpoint-termination.yaml
│ ├── endpoints-false-negative.yaml
│ ├── env-workload-rsa-keysize.yaml
│ ├── envoy-eds-cache.yaml
│ ├── envoy-filter-removal.yaml
│ ├── envoy-filter.yaml
│ ├── envoy-stats-proxy-admin-port.yaml
│ ├── envoy-status-port-proxy-protocol.yaml
│ ├── envoyfilter-app-protocals-match.yaml
│ ├── envoyfilter-legacy-names.yaml
│ ├── envoyfilter-listenerfilter-merge.yaml
│ ├── envoyfilter-patch-context.yaml
│ ├── es-drop-beta.yaml
│ ├── eviction-bug.yaml
│ ├── exit-if-sds-socket-not-found.yaml
│ ├── experimental-telemetry-api-tracing.yaml
│ ├── extended-jwt.yaml
│ ├── external-istiod.yaml
│ ├── external-name-on.yaml
│ ├── external-name.yaml
│ ├── externalname-ambient.yaml
│ ├── failover-priority-lb.yaml
│ ├── failover-validation.yaml
│ ├── fake_jwks.yaml
│ ├── file-mounted-crl.yaml
│ ├── filter-order.yaml
│ ├── fips.yaml
│ ├── fix-42598.yaml
│ ├── fix-42675.yaml
│ ├── fix-44318.yaml
│ ├── fix-45653.yaml
│ ├── fix-47270.yaml
│ ├── fix-56328-revert-istio-remote.yaml
│ ├── fix-analysis-gatewayport.yaml
│ ├── fix-chained-cni-helm.yaml
│ ├── fix-cni-ipv6-detection.yaml
│ ├── fix-concurrency.yaml
│ ├── fix-custom-injection-openshift.yaml
│ ├── fix-custom-injection-runas.yaml
│ ├── fix-default-filter-chain.yaml
│ ├── fix-eks-ipv6.yaml
│ ├── fix-enable-absolute-fqdn-domain-vhost.yaml
│ ├── fix-external-name.yaml
│ ├── fix-gateway-not-respect-image-pull-policy.yaml
│ ├── fix-healthcheck-host-override.yaml
│ ├── fix-high-memory-usage-due-toserviceentries.yaml
│ ├── fix-httproute-status-parentref-single-result.yaml
│ ├── fix-iptables-state-custom-table.yaml
│ ├── fix-istioctl-describe-ingressinfo.yaml
│ ├── fix-istioctl-revision.yaml
│ ├── fix-istioctl-version.yaml
│ ├── fix-istioctl-x-precheck-missing-revision.yaml
│ ├── fix-multicluster-secret-filtering.yaml
│ ├── fix-nodeport-meshnetwork.yaml
│ ├── fix-overlapping-se.yaml
│ ├── fix-peer-veth-lookup-on-openshift.yaml
│ ├── fix-proxyconfig-endpoints-json.yaml
│ ├── fix-remove-iop-not-work.yaml
│ ├── fix-revision-admin-log.yaml
│ ├── fix-se-stale-ep.yaml
│ ├── fix-stackdriver-install.yaml
│ ├── fix-workload-group-labels.yaml
│ ├── flagprotocol-sniffing.yaml
│ ├── focal-debian10.yaml
│ ├── fsgroup.yaml
│ ├── full-push-regression.yaml
│ ├── futureproof-version.yaml
│ ├── gateway-404-nr.yaml
│ ├── gateway-allowedroutes-fix.yaml
│ ├── gateway-api118.yaml
│ ├── gateway-customization.yaml
│ ├── gateway-dual-stack.yaml
│ ├── gateway-gwc-publish-supportedfeatures.yaml
│ ├── gateway-handler.yaml
│ ├── gateway-infra-gep.yaml
│ ├── gateway-naming.yaml
│ ├── gateway-quic-support.yaml
│ ├── gateway-rg-beta.yaml
│ ├── gateway-status.yaml
│ ├── gateway-v1alpha2.yaml
│ ├── gateway-v1beta1.yaml
│ ├── gauge-empty-metrics.yaml
│ ├── generate-operator-manifest.yaml
│ ├── gke-install.yaml
│ ├── global-nad.yaml
│ ├── gogo-protobuf.yaml
│ ├── gomaxprocs.yaml
│ ├── gomemlimit.yaml
│ ├── grace-ratio-jitter.yaml
│ ├── grafana-dashboards-reporter-correction.yaml
│ ├── grafana-rate-interval.yaml
│ ├── graudate-revision-tag-command.yaml
│ ├── grpc-inbound-retry.yaml
│ ├── grpc-probe.yaml
│ ├── grpc-stats.yaml
│ ├── gw-allow-labels.yaml
│ ├── gw-hostname-resolution.yaml
│ ├── gw-manual-deployment.yaml
│ ├── header-present.yaml
│ ├── header-validation.yaml
│ ├── headless-auto-http.yaml
│ ├── headless-endpoint-update.yaml
│ ├── helm-ambient.yaml
│ ├── helm-configurable-scaling-behavior.yaml
│ ├── helm-profiles.yaml
│ ├── helm_chart_gateway_serviceaccount_annotations.yaml
│ ├── helm_chart_gateway_topologyspreadconstraints.yaml
│ ├── helm_chart_istiodiscovery_defaultvalues.yaml
│ ├── helm_chart_pilot_deployment_affinity_tolerations.yaml
│ ├── helm_chart_pilot_extraargsvolumes
│ ├── helm_chart_pilot_topologyspreadconstraints.yaml
│ ├── helm_exposing_waypoint_and_ztunnel_ports.yaml
│ ├── host-in-route-destination.yaml
│ ├── http-metadata-exchange.yaml
│ ├── http-route-validation.yaml
│ ├── http10-sniffing.yaml
│ ├── http2-probes.yaml
│ ├── httpregexrewrite.yaml
│ ├── httproute-status-for-svc-svcentry.yaml
│ ├── https-on-http.yaml
│ ├── ignore-port.yaml
│ ├── image-auto-analyzer.yaml
│ ├── impersonate-flags-in-cli.yaml
│ ├── inbound-cluster-name.yaml
│ ├── inbound-cluster-rename.yaml
│ ├── inbound-passthrough.yaml
│ ├── inbound-patch.yaml
│ ├── ingress-name-conflict.yaml
│ ├── ingress-named-port.yaml
│ ├── ingress-routes.yaml
│ ├── ingress-use-waypoint-namespace.yaml
│ ├── ingressgateway-support-daemonset.yaml
│ ├── inject-disabled.yaml
│ ├── injection-perf.yaml
│ ├── injector-list.yaml
│ ├── injector-selectors.yaml
│ ├── install-autoscalingv2.yaml
│ ├── invalid-rbac-filter.yaml
│ ├── ip-allocation-v2-default.yaml
│ ├── ip-sni-hosts.yaml
│ ├── iptables-lock.yaml
│ ├── istio-ca-root-cert-kube-system.yaml
│ ├── istio-mutual-cred-name.yaml
│ ├── istio-remote-service-has-istio-io-rev-label.yaml
│ ├── istioctl-additional-address.yaml
│ ├── istioctl-analyze-revision.yaml
│ ├── istioctl-install-errors.yaml
│ ├── istioctl-pc-all.yaml
│ ├── istioctl-pc-routes-print-path-separated-prefix.yaml
│ ├── istioctl-proxy-config-stats-prom-merged.yaml
│ ├── istioctl-proxy-config-stats.yaml
│ ├── istioctl-ps-improvements.yaml
│ ├── istioctl-sort-events-by-creation.yaml
│ ├── istioctl-uninstall.yaml
│ ├── istioctl-xds-piggyback.yaml
│ ├── istioctl_completion-ns.yaml
│ ├── istioctl_completion.yaml
│ ├── istiod-chart-deployment-annotations-support.yaml
│ ├── istiod-cluster-metric.yaml
│ ├── istiod-config-size-bytes.yaml
│ ├── istiod-sds.yaml
│ ├── json-log-sort.yaml
│ ├── jwks-cluster.yaml
│ ├── jwt-aud.yaml
│ ├── jwt-from-cookies.yaml
│ ├── jwt-parsing.yaml
│ ├── jwt-route.yaml
│ ├── k8s-auth.yaml
│ ├── k8s-tls-secret-cacerts.yaml
│ ├── kiali-update-v1.29.yaml
│ ├── kiali-update-v1.34.yaml
│ ├── kiali-update-v1.55.1.yaml
│ ├── kiali-update-v1.55.yaml
│ ├── kiali-update-v1.59.1.yaml
│ ├── kiali-update-v1.60.yaml
│ ├── kiali-update-v1.63.yaml
│ ├── kiali-update-v1.67.yaml
│ ├── kiali-update-v1.72.yaml
│ ├── kiali-update-v1.76.yaml
│ ├── kiali-update-v1.79.yaml
│ ├── kiali-update-v1.87.yaml
│ ├── kiali-update-v2.0.yaml
│ ├── kiali-update-v2.5.yaml
│ ├── kiali-update.yaml
│ ├── kubernetes-ingress-prefix.yaml
│ ├── lazy-sidecar-init.yaml
│ ├── limit-csr-clusterrole.yaml
│ ├── locality-lb-docs.yaml
│ ├── locality-service.yaml
│ ├── lrs.yaml
│ ├── make-httpbin-work-ocp.yaml
│ ├── make-revision-tag-work-when-istiod-remote-is-enabled.yaml
│ ├── manifest-base-cleanup.yaml
│ ├── max-concurrent-streams.yaml
│ ├── max-rps-xds.yaml
│ ├── max-socket-events.yaml
│ ├── mc-gateway-ports.yaml
│ ├── mcp-removal.yaml
│ ├── mcs-cluster-local.yaml
│ ├── mcs-host.yaml
│ ├── mcs-service-discovery.yaml
│ ├── merge-dr.yaml
│ ├── merge-svc.yaml
│ ├── mesh-expansion.yaml
│ ├── meshctl-bug-report-context-fix.yaml
│ ├── min-k8-ver-for-1.8.yaml
│ ├── min-k8-ver-for-1.9.yaml
│ ├── move-istio_cni-to-pilot-values.yaml
│ ├── multi-service-merge.yaml
│ ├── multicluster-global-domain.yaml
│ ├── multicluster-install-docs.yaml
│ ├── multicluster-leader-election.yaml
│ ├── multicuster-secret-auth.yaml
│ ├── namespace-filter-deadlock.yaml
│ ├── native-sidecar-annotation.yaml
│ ├── native-sidecar-default.yaml
│ ├── native-stats.yaml
│ ├── nds-merging.yaml
│ ├── nested-json-log.yaml
│ ├── network-gw-metadata.yaml
│ ├── network-label.yaml
│ ├── new_lb_algorithm_default.yaml
│ ├── no-1p-jwt.yaml
│ ├── no_extension_lookup_by_name.yaml
│ ├── noble-base.yaml
│ ├── nonroot-gateway.yaml
│ ├── ns-filter.yaml
│ ├── opencensus-removal.yaml
│ ├── opencensusagent.yaml
│ ├── openmetrics-merging.yaml
│ ├── openshift-ambient-profile.yaml
│ ├── operator-drop-diff.yaml
│ ├── operator-drop-dump.yaml
│ ├── operator-max-concurrent-reconcile-40810.yaml
│ ├── operator_revision.yaml
│ ├── optimize-gatewayPortNotOnWorkload.yaml
│ ├── optimize-most-specific-host-match.yaml
│ ├── optional_mutual.yaml
│ ├── otel-accesslog-formatter.yaml
│ ├── otel-builtin-labels.yaml
│ ├── otel-tracing-provider-resource-detectors.yaml
│ ├── out-of-mesh-server.yaml
│ ├── passthrough-subsets.yaml
│ ├── passthrough-tls.yaml
│ ├── pc-merge-metadata.yaml
│ ├── pdb-resolve.yaml
│ ├── peer-authn-port-level-pass-through-filter.yaml
│ ├── pilot-autoscale.yaml
│ ├── pilot-discovery-scoped-namespaces.yaml
│ ├── pilot-dupe-ip.yaml
│ ├── pilot-envvarfrom.yaml
│ ├── pilot-load-dns-cert-known-location-deprecate-flags.yaml
│ ├── pilot-status-too-many-logs.yaml
│ ├── pilot-svc-trafficDistribution.yaml
│ ├── pod-controller-avoid-ip-search.yaml
│ ├── pod-ip-listener.yaml
│ ├── pq-memory-leak.yaml
│ ├── pqc.yaml
│ ├── preserve-http1-header-case.yaml
│ ├── preserve-original-src-ip.yaml
│ ├── probe-redirect.yaml
│ ├── prom-cert-permission.yaml
│ ├── prom-rewrite.yaml
│ ├── propagate-injection-config-errors.yaml
│ ├── protocol-detection-timeout.yaml
│ ├── proxy-config-image-type.yaml
│ ├── proxy-headers.yaml
│ ├── proxy-protocol.yaml
│ ├── proxy-stats-inclusion.yaml
│ ├── proxyconfig-global-mutate.yaml
│ ├── psfile.yaml
│ ├── push-cds-and-eds-on-virtualservice-update.yaml
│ ├── push-cds-on-auto-passthrough-gateway-change.yaml
│ ├── random-dns-upstream-selection.yaml
│ ├── rds-cache-alias.yaml
│ ├── rds-cache-allow-any.yaml
│ ├── redirect-dns-iptables.yaml
│ ├── refactor-install-script.yaml
│ ├── refactor-keycertbundle.yaml
│ ├── refresh-rds-cache.yaml
│ ├── release-channels-remote-cluster.yaml
│ ├── release-channels.yaml
│ ├── reliable-wasm-remote-load.yaml
│ ├── remote-cluster-respect-revision.yaml
│ ├── remote-ip.yaml
│ ├── remove-addons-mixer-istioctl.yaml
│ ├── remove-anyuid-openshift.yaml
│ ├── remove-convert-ingress.yaml
│ ├── remove-experimental-multicluster.yaml
│ ├── remove-extra-multicluster-helm-values.yaml
│ ├── remove-istio-io-rev-label.yaml
│ ├── remove-operator-httpfetch.yaml
│ ├── remove-post-install-webhook.yaml
│ ├── remove-register-deregister-cmd.yaml
│ ├── remove-remote-profile.yaml
│ ├── replace-virtualhost.yaml
│ ├── reset-before-request.yaml
│ ├── restrict-istio-cni-node-daemonset.yaml
│ ├── retry-budget.yaml
│ ├── retry-hosts.yaml
│ ├── retry_backoff.yaml
│ ├── revision-cmd.yaml
│ ├── revision-install-create-istiod-service.yaml
│ ├── revision-tag-command.yaml
│ ├── revision-tag-default-validation.yaml
│ ├── route-collapse.yaml
│ ├── rpm-builds.yaml
│ ├── runtime-values.yaml
│ ├── scope-push-by-sidecar-changes.yaml
│ ├── scope-root-ca-configmap.yaml
│ ├── sds-cacert-precedence.yaml
│ ├── se-conflict.yaml
│ ├── se-target-port.yaml
│ ├── secret-watch.yaml
│ ├── securitycontext-condition.yaml
│ ├── send-stat.yaml
│ ├── serverca-expand-certs.yaml
│ ├── service-instance-same-namespace.yaml
│ ├── service-ordering.yaml
│ ├── service-select-workload-entry.yaml
│ ├── serviceentry-ip-auto-allocation.yaml
│ ├── serviceregistry-order.yaml
│ ├── set-tcp-idle-timeout-in-http-clusters.yaml
│ ├── set-user-agent.yaml
│ ├── sidecar-api-connectionpool.yaml
│ ├── sidecar-port-merge.yaml
│ ├── sidecar-scope-unit.yaml
│ ├── sidecar-vs-delegate.yaml
│ ├── sidecarInjectorWebhook-custom-annotations.yaml
│ ├── skip-graceful-termination.yaml
│ ├── skip-mx-headers.yaml
│ ├── sni-dnat-default.yaml
│ ├── spiffe-bundle-multiple-certs.yaml
│ ├── spire-files.yaml
│ ├── ssh-iptables.yaml
│ ├── stale-cert-expiration-metrics.yaml
│ ├── standard-alpn.yaml
│ ├── startupProbe.yaml
│ ├── strict_1xx_204_fix.yaml
│ ├── support-features.yaml
│ ├── svc-external-name.yaml
│ ├── targetPort-service-entry.yaml
│ ├── telemetry-cel.yaml
│ ├── telemetry-implicit-match-all.yaml
│ ├── telemetry-native.yaml
│ ├── terminating-headless.yaml
│ ├── tls-configuration-api.yaml
│ ├── tls-fc.yaml
│ ├── tls-inbound-all-protocols.yaml
│ ├── tls-inbound.yaml
│ ├── tls-redirect.yaml
│ ├── tls-tcp-conflict.yaml
│ ├── tracing-canonical-service.yaml
│ ├── traffic-distribution.yaml
│ ├── trim-certificate-chain.yaml
│ ├── trust-domain-validation.yaml
│ ├── uninject-not-work.yaml
│ ├── update-envoy-filters-in-place.yaml
│ ├── update-grafana-memory-compute.yaml
│ ├── update-jaeger-v1.22.yaml
│ ├── update-pdb-version.yaml
│ ├── update-se-instances.yaml
│ ├── updateMinK8sto1.13.yaml
│ ├── upstream-tls-version.yaml
│ ├── use-client-protocol.yaml
│ ├── v1-read-crd.yaml
│ ├── validate-appprotocol.yaml
│ ├── validate-unknown.yaml
│ ├── validating-webhook-reconcile-change.yaml
│ ├── validation-mixer.yaml
│ ├── validation-warning.yaml
│ ├── verify-install-multi-iops.yaml
│ ├── vhost-name-generation.yaml
│ ├── vm-cleanup-iptables.yaml
│ ├── vm-iptables-inbound.yaml
│ ├── vm-label.yaml
│ ├── vm-multiple-targetport.yaml
│ ├── vm-registration.yaml
│ ├── vs-ineffective-warning.yaml
│ ├── vs-overwrite-fix.yaml
│ ├── wait-when-distribution-tracing-disabled.yaml
│ ├── warn-deprecated-provider.yaml
│ ├── wasm-cache-with-tag-stripped-url.yaml
│ ├── wasm-decompress.yaml
│ ├── wasm-download-fallback.yaml
│ ├── wasm-extension-dashboard.yaml
│ ├── wasm-fail-open.yaml
│ ├── wasm-fail-reload.yaml
│ ├── wasm-https-insecure-support.yaml
│ ├── wasm-insecure-all.yaml
│ ├── wasm-multilayer.yaml
│ ├── wasm-pull-policy-http.yaml
│ ├── wasm-pull-policy.yaml
│ ├── wasm-secret.yaml
│ ├── wasm-traffic-selector.yaml
│ ├── wasmplugin.yaml
│ ├── waypoint-auto-http2.yaml
│ ├── waypoint-mirror.yaml
│ ├── waypoint-revision.yaml
│ ├── waypoint-tcproute.yaml
│ ├── wds.yaml
│ ├── we-memory-leaks.yaml
│ ├── we-updates.yaml
│ ├── webhook-analyzer.yaml
│ ├── webhook-ca-bundle.yaml
│ ├── workload-entry-service-select.yaml
│ ├── workload-name.yaml
│ ├── x-check-inject.yaml
│ ├── x-istio-log.yaml
│ ├── xds-authz.yaml
│ ├── xds-partial-full.yaml
│ ├── xds-push-deadlock.yaml
│ ├── xds-v3.yaml
│ ├── zipkin-datadog-host-ip-interpretation.yaml
│ ├── ztunnel-chart-priorityclassname.yaml
│ ├── ztunnel-chart-termgrace.yaml
│ ├── ztunnel-helm-chart-revert.yaml
│ └── ztunnel-helm-chart.yaml
└── template.yaml
├── samples
├── README.md
├── addons
│ ├── README.md
│ ├── extras
│ │ ├── prometheus-operator.yaml
│ │ ├── skywalking.yaml
│ │ └── zipkin.yaml
│ ├── grafana.yaml
│ ├── jaeger.yaml
│ ├── kiali.yaml
│ ├── loki.yaml
│ └── prometheus.yaml
├── ambient-argo
│ ├── README.md
│ ├── application
│ │ ├── application.yaml
│ │ ├── bookinfo-versions.yaml
│ │ ├── details-waypoint.yaml
│ │ ├── details.yaml
│ │ ├── ingress-gateway.yaml
│ │ ├── namespace.yaml
│ │ ├── productpage.yaml
│ │ ├── ratings.yaml
│ │ ├── reviews-waypoint.yaml
│ │ ├── reviews.yaml
│ │ └── route-reviews-90-10.yaml
│ ├── documentation
│ │ ├── Ambient Upgrade - Strategies.png
│ │ ├── argo-reference-arch.dot
│ │ └── argo-reference-arch.svg
│ ├── istio
│ │ ├── cni.yaml
│ │ ├── control-plane-appset.yaml
│ │ ├── extras.yaml
│ │ ├── tags.yaml
│ │ └── ztunnel.yaml
│ ├── meta-application.yaml
│ └── tag-chart
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ ├── mutatingwebhooks.yaml
│ │ ├── shimservice.yaml
│ │ └── validatingwebhook.yaml
│ │ └── values.yaml
├── bookinfo
│ ├── README.md
│ ├── demo-profile-no-gateways.yaml
│ ├── gateway-api
│ │ ├── bookinfo-gateway.yaml
│ │ ├── route-all-v1.yaml
│ │ ├── route-reviews-50-v3.yaml
│ │ ├── route-reviews-90-10.yaml
│ │ ├── route-reviews-v1.yaml
│ │ └── route-reviews-v3.yaml
│ ├── networking
│ │ ├── bookinfo-gateway.yaml
│ │ ├── certmanager-gateway.yaml
│ │ ├── destination-rule-all-mtls.yaml
│ │ ├── destination-rule-all.yaml
│ │ ├── destination-rule-reviews.yaml
│ │ ├── egress-rule-google-apis.yaml
│ │ ├── fault-injection-details-v1.yaml
│ │ ├── virtual-service-all-v1.yaml
│ │ ├── virtual-service-details-v2.yaml
│ │ ├── virtual-service-ratings-db.yaml
│ │ ├── virtual-service-ratings-mysql-vm.yaml
│ │ ├── virtual-service-ratings-mysql.yaml
│ │ ├── virtual-service-ratings-test-abort.yaml
│ │ ├── virtual-service-ratings-test-delay.yaml
│ │ ├── virtual-service-reviews-50-v3.yaml
│ │ ├── virtual-service-reviews-80-20.yaml
│ │ ├── virtual-service-reviews-90-10.yaml
│ │ ├── virtual-service-reviews-jason-v2-v3.yaml
│ │ ├── virtual-service-reviews-test-v2.yaml
│ │ ├── virtual-service-reviews-v2-v3.yaml
│ │ └── virtual-service-reviews-v3.yaml
│ ├── platform
│ │ └── kube
│ │ │ ├── README.md
│ │ │ ├── bookinfo-certificate.yaml
│ │ │ ├── bookinfo-db.yaml
│ │ │ ├── bookinfo-details-dualstack.yaml
│ │ │ ├── bookinfo-details-v2.yaml
│ │ │ ├── bookinfo-details.yaml
│ │ │ ├── bookinfo-dualstack.yaml
│ │ │ ├── bookinfo-ingress.yaml
│ │ │ ├── bookinfo-mysql.yaml
│ │ │ ├── bookinfo-psa.yaml
│ │ │ ├── bookinfo-ratings-discovery-dualstack.yaml
│ │ │ ├── bookinfo-ratings-discovery.yaml
│ │ │ ├── bookinfo-ratings-dualstack.yaml
│ │ │ ├── bookinfo-ratings-v2-mysql-vm.yaml
│ │ │ ├── bookinfo-ratings-v2-mysql.yaml
│ │ │ ├── bookinfo-ratings-v2.yaml
│ │ │ ├── bookinfo-ratings.yaml
│ │ │ ├── bookinfo-reviews-v2.yaml
│ │ │ ├── bookinfo-versions.yaml
│ │ │ ├── bookinfo.yaml
│ │ │ ├── cleanup.sh
│ │ │ └── productpage-nodeport.yaml
│ ├── policy
│ │ └── productpage_envoy_ratelimit.yaml
│ ├── src
│ │ ├── build-services.sh
│ │ ├── details
│ │ │ ├── Dockerfile
│ │ │ ├── Gemfile
│ │ │ ├── Gemfile.lock
│ │ │ └── details.rb
│ │ ├── docker-bake.hcl
│ │ ├── mongodb
│ │ │ ├── Dockerfile
│ │ │ ├── ratings_data.json
│ │ │ └── script.sh
│ │ ├── mysql
│ │ │ ├── Dockerfile
│ │ │ └── mysqldb-init.sql
│ │ ├── productpage
│ │ │ ├── Dockerfile
│ │ │ ├── productpage.py
│ │ │ ├── requirements.in
│ │ │ ├── requirements.txt
│ │ │ ├── static
│ │ │ │ ├── img
│ │ │ │ │ └── izzy.png
│ │ │ │ └── tailwind
│ │ │ │ │ └── tailwind.css
│ │ │ ├── templates
│ │ │ │ ├── index.html
│ │ │ │ └── productpage.html
│ │ │ ├── test-requirements.in
│ │ │ ├── test-requirements.txt
│ │ │ └── tests
│ │ │ │ └── unit
│ │ │ │ └── test_productpage.py
│ │ ├── ratings
│ │ │ ├── Dockerfile
│ │ │ ├── package.json
│ │ │ └── ratings.js
│ │ └── reviews
│ │ │ ├── .gitignore
│ │ │ ├── Dockerfile
│ │ │ ├── build.gradle
│ │ │ ├── reviews-application
│ │ │ ├── build.gradle
│ │ │ └── src
│ │ │ │ ├── main
│ │ │ │ ├── java
│ │ │ │ │ └── application
│ │ │ │ │ │ ├── ReviewsApplication.java
│ │ │ │ │ │ └── rest
│ │ │ │ │ │ └── LibertyRestEndpoint.java
│ │ │ │ └── webapp
│ │ │ │ │ ├── WEB-INF
│ │ │ │ │ ├── ibm-web-ext.xml
│ │ │ │ │ └── web.xml
│ │ │ │ │ └── index.html
│ │ │ │ └── test
│ │ │ │ └── java
│ │ │ │ └── test
│ │ │ │ └── TestApplication.java
│ │ │ ├── reviews-wlpcfg
│ │ │ ├── build.gradle
│ │ │ ├── servers
│ │ │ │ └── LibertyProjectServer
│ │ │ │ │ └── server.xml
│ │ │ ├── shared
│ │ │ │ └── .gitkeep
│ │ │ └── src
│ │ │ │ └── test
│ │ │ │ └── java
│ │ │ │ └── it
│ │ │ │ ├── EndpointTest.java
│ │ │ │ ├── TestApplication.java
│ │ │ │ └── rest
│ │ │ │ └── LibertyRestEndpointTest.java
│ │ │ └── settings.gradle
│ └── swagger.yaml
├── builder
│ ├── README.md
│ └── docker-bake.hcl
├── certs
│ ├── README.md
│ ├── ca-cert-alt-2.pem
│ ├── ca-cert-alt.pem
│ ├── ca-cert.pem
│ ├── ca-key-alt-2.pem
│ ├── ca-key-alt.pem
│ ├── ca-key.pem
│ ├── cert-chain-alt-2.pem
│ ├── cert-chain-alt.pem
│ ├── cert-chain.pem
│ ├── generate-workload.sh
│ ├── leaf-workload-bar-cert.pem
│ ├── leaf-workload-foo-cert.pem
│ ├── root-cert-alt.pem
│ ├── root-cert-combined-2.pem
│ ├── root-cert-combined.pem
│ ├── root-cert.pem
│ ├── workload-bar-cert.pem
│ ├── workload-bar-key.pem
│ ├── workload-bar-root-certs.pem
│ ├── workload-foo-cert.pem
│ ├── workload-foo-key.pem
│ └── workload-foo-root-certs.pem
├── cicd
│ └── skaffold
│ │ ├── README.md
│ │ └── skaffold.yaml
├── curl
│ ├── README.md
│ └── curl.yaml
├── custom-bootstrap
│ ├── README.md
│ ├── custom-bootstrap.yaml
│ └── example-app.yaml
├── extauthz
│ ├── README.md
│ ├── cmd
│ │ └── extauthz
│ │ │ ├── main.go
│ │ │ └── main_test.go
│ ├── docker
│ │ └── Dockerfile
│ ├── ext-authz.yaml
│ └── local-ext-authz.yaml
├── external
│ ├── README.md
│ ├── aptget.yaml
│ ├── github.yaml
│ └── pypi.yaml
├── grpc-echo
│ ├── README.md
│ └── grpc-echo.yaml
├── health-check
│ ├── liveness-command.yaml
│ ├── liveness-http-same-port.yaml
│ └── server.go
├── helloworld
│ ├── README.md
│ ├── gateway-api
│ │ ├── README.md
│ │ ├── helloworld-gateway.yaml
│ │ ├── helloworld-route.yaml
│ │ └── helloworld-versions.yaml
│ ├── gen-helloworld.sh
│ ├── helloworld-dual-stack.yaml
│ ├── helloworld-gateway.yaml
│ ├── helloworld.yaml
│ ├── loadgen.sh
│ └── src
│ │ ├── Dockerfile
│ │ ├── app.py
│ │ ├── requirements.in
│ │ └── requirements.txt
├── httpbin
│ ├── README.md
│ ├── gateway-api
│ │ └── httpbin-gateway.yaml
│ ├── httpbin-gateway.yaml
│ ├── httpbin-nodeport.yaml
│ ├── httpbin.yaml
│ └── sample-client
│ │ └── fortio-deploy.yaml
├── jwt-server
│ ├── jwt-server.yaml
│ ├── src
│ │ ├── Dockerfile
│ │ ├── Makefile
│ │ ├── main.go
│ │ └── main_test.go
│ └── testdata
│ │ ├── README.MD
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
├── kind-lb
│ ├── README.md
│ └── setupkind.sh
├── multicluster
│ ├── README.md
│ ├── expose-istiod-https.yaml
│ ├── expose-istiod-rev.yaml.tmpl
│ ├── expose-istiod.yaml
│ ├── expose-services.yaml
│ └── gen-eastwest-gateway.sh
├── open-telemetry
│ ├── als
│ │ └── README.md
│ ├── loki
│ │ ├── REAME.md
│ │ ├── iop.yaml
│ │ ├── otel.yaml
│ │ └── telemetry.yaml
│ ├── otel.yaml
│ └── tracing
│ │ ├── README.md
│ │ └── telemetry.yaml
├── proxy-coredump
│ ├── README.md
│ └── daemonset.yaml
├── ratelimit
│ ├── local-rate-limit-service.yaml
│ └── rate-limit-service.yaml
├── security
│ ├── psp
│ │ └── sidecar-psp.yaml
│ └── spire
│ │ ├── README.md
│ │ ├── clusterspiffeid.yaml
│ │ ├── curl-spire.yaml
│ │ ├── istio-spire-config.yaml
│ │ ├── sleep-spire.yaml
│ │ └── spire-quickstart.yaml
├── sleep
│ ├── README.md
│ └── sleep.yaml
├── tcp-echo
│ ├── README.md
│ ├── gateway-api
│ │ ├── tcp-echo-20-v2.yaml
│ │ └── tcp-echo-all-v1.yaml
│ ├── src
│ │ ├── Dockerfile
│ │ ├── main.go
│ │ └── main_test.go
│ ├── tcp-echo-20-v2.yaml
│ ├── tcp-echo-all-v1.yaml
│ ├── tcp-echo-dual-stack.yaml
│ ├── tcp-echo-ipv4.yaml
│ ├── tcp-echo-ipv6.yaml
│ ├── tcp-echo-services.yaml
│ └── tcp-echo.yaml
├── wasm_modules
│ ├── README.md
│ └── header_injector
│ │ ├── .gitignore
│ │ ├── BUILD
│ │ ├── Dockerfile
│ │ ├── Makefile
│ │ ├── WORKSPACE
│ │ ├── plugin.cc
│ │ └── plugin.h
└── websockets
│ ├── README.md
│ ├── app.yaml
│ └── route.yaml
├── security
├── README.md
├── pkg
│ ├── cmd
│ │ └── constants.go
│ ├── credentialfetcher
│ │ ├── fetcher.go
│ │ ├── fetcher_test.go
│ │ └── plugin
│ │ │ ├── gce.go
│ │ │ ├── gce_test.go
│ │ │ ├── leak_test.go
│ │ │ ├── mock.go
│ │ │ └── token.go
│ ├── k8s
│ │ ├── chiron
│ │ │ ├── fuzz_test.go
│ │ │ ├── test-data
│ │ │ │ ├── example-ca-cert.pem
│ │ │ │ ├── example-ca-cert2.pem
│ │ │ │ └── example-invalid-ca-cert.pem
│ │ │ ├── utils.go
│ │ │ └── utils_test.go
│ │ ├── configutil.go
│ │ ├── configutil_test.go
│ │ ├── controller
│ │ │ └── casecret.go
│ │ └── tokenreview
│ │ │ ├── k8sauthn.go
│ │ │ └── k8sauthn_test.go
│ ├── monitoring
│ │ └── monitoring.go
│ ├── nodeagent
│ │ ├── cache
│ │ │ ├── helper.go
│ │ │ ├── leak_test.go
│ │ │ ├── monitoring.go
│ │ │ ├── secretcache.go
│ │ │ ├── secretcache_test.go
│ │ │ └── testdata
│ │ │ │ ├── cert-chain.pem
│ │ │ │ ├── file-to-watch.txt
│ │ │ │ ├── key.pem
│ │ │ │ ├── root-cert.pem
│ │ │ │ └── testjwt
│ │ ├── caclient
│ │ │ ├── credentials.go
│ │ │ └── providers
│ │ │ │ ├── citadel
│ │ │ │ ├── client.go
│ │ │ │ ├── client_test.go
│ │ │ │ ├── leak_test.go
│ │ │ │ └── testdata
│ │ │ │ │ └── token
│ │ │ │ └── mock
│ │ │ │ └── mockcaclient.go
│ │ ├── cafile
│ │ │ └── cafile.go
│ │ ├── sds
│ │ │ ├── leak_test.go
│ │ │ ├── sdsservice.go
│ │ │ ├── sdsservice_test.go
│ │ │ └── server.go
│ │ ├── test
│ │ │ └── mock
│ │ │ │ └── caserver.go
│ │ └── util
│ │ │ └── util.go
│ ├── pki
│ │ ├── ca
│ │ │ ├── ca.go
│ │ │ ├── ca_test.go
│ │ │ ├── fuzz_test.go
│ │ │ ├── mock
│ │ │ │ └── fakeca.go
│ │ │ ├── root-certs-for-testing.pem
│ │ │ ├── selfsignedcarootcertrotator.go
│ │ │ └── selfsignedcarootcertrotator_test.go
│ │ ├── error
│ │ │ ├── error.go
│ │ │ └── error_test.go
│ │ ├── ra
│ │ │ ├── common.go
│ │ │ ├── common_test.go
│ │ │ ├── fuzz_test.go
│ │ │ ├── k8s_ra.go
│ │ │ ├── k8s_ra_test.go
│ │ │ └── leak_test.go
│ │ ├── testdata
│ │ │ ├── README.md
│ │ │ ├── cert-chain-10y.pem
│ │ │ ├── cert-chain-trailing-line.pem
│ │ │ ├── cert-chain.pem
│ │ │ ├── cert-noroot.pem
│ │ │ ├── cert-parse-fail.pem
│ │ │ ├── cert-verify-fail.pem
│ │ │ ├── cert.pem
│ │ │ ├── crl
│ │ │ │ ├── bad-ca-crl.pem
│ │ │ │ ├── ca-cert.pem
│ │ │ │ ├── ca-crl.pem
│ │ │ │ ├── ca-key.pem
│ │ │ │ ├── cert-chain.pem
│ │ │ │ ├── cert.sh
│ │ │ │ └── root-cert.pem
│ │ │ ├── ec-root-cert.pem
│ │ │ ├── ec-root-key.pem
│ │ │ ├── ec-workload-cert.pem
│ │ │ ├── ec-workload-key.pem
│ │ │ ├── example-ca-cert.pem
│ │ │ ├── expired-cert.pem
│ │ │ ├── key-10y.pem
│ │ │ ├── key-mismatch.pem
│ │ │ ├── key-parse-fail.pem
│ │ │ ├── key-verify-fail.pem
│ │ │ ├── key.pem
│ │ │ ├── multilevelpki
│ │ │ │ ├── certs.sh
│ │ │ │ ├── ecc-certs.sh
│ │ │ │ ├── ecc-int-cert-chain.pem
│ │ │ │ ├── ecc-int-cert.pem
│ │ │ │ ├── ecc-int-key.pem
│ │ │ │ ├── ecc-int2-cert-chain.pem
│ │ │ │ ├── ecc-int2-cert.pem
│ │ │ │ ├── ecc-int2-key.pem
│ │ │ │ ├── ecc-root-cert.pem
│ │ │ │ ├── ecc-root-key.pem
│ │ │ │ ├── int-cert-chain.pem
│ │ │ │ ├── int-cert.cfg
│ │ │ │ ├── int-cert.pem
│ │ │ │ ├── int-key.pem
│ │ │ │ ├── int2-cert-chain.pem
│ │ │ │ ├── int2-cert.cfg
│ │ │ │ ├── int2-cert.pem
│ │ │ │ ├── int2-key.pem
│ │ │ │ ├── root-cert.pem
│ │ │ │ └── root-key.pem
│ │ │ ├── notexpired-cert.pem
│ │ │ ├── root-cert-10y.pem
│ │ │ ├── root-verify-fail.pem
│ │ │ ├── self-signed-root-cert.pem
│ │ │ ├── spiffe-int-cert.pem
│ │ │ ├── spiffe-root-cert-1.pem
│ │ │ ├── spiffe-root-cert-2.pem
│ │ │ ├── spiffe-workload-cert.pem
│ │ │ ├── spiffe-workload-key.pem
│ │ │ ├── workload-cert.pem
│ │ │ └── workload-key.pem
│ │ └── util
│ │ │ ├── crypto.go
│ │ │ ├── crypto_test.go
│ │ │ ├── dual_use.go
│ │ │ ├── dual_use_test.go
│ │ │ ├── generate_cert.go
│ │ │ ├── generate_cert_test.go
│ │ │ ├── generate_csr.go
│ │ │ ├── generate_csr_test.go
│ │ │ ├── keycertbundle.go
│ │ │ ├── keycertbundle_test.go
│ │ │ ├── san.go
│ │ │ ├── san_test.go
│ │ │ ├── verify_cert.go
│ │ │ └── verify_cert_test.go
│ ├── server
│ │ └── ca
│ │ │ ├── authenticate
│ │ │ ├── cert_authenticator.go
│ │ │ ├── cert_authenticator_test.go
│ │ │ ├── common_test.go
│ │ │ ├── fuzz_test.go
│ │ │ ├── kubeauth
│ │ │ │ ├── kube_jwt.go
│ │ │ │ └── kube_jwt_test.go
│ │ │ ├── oidc.go
│ │ │ ├── oidc_test.go
│ │ │ ├── xfcc_authenticator.go
│ │ │ └── xfcc_authenticator_test.go
│ │ │ ├── fuzz_test.go
│ │ │ ├── monitoring.go
│ │ │ ├── node_auth.go
│ │ │ ├── node_auth_test.go
│ │ │ ├── server.go
│ │ │ └── server_test.go
│ └── util
│ │ ├── certutil.go
│ │ ├── certutil_test.go
│ │ ├── jwtutil.go
│ │ ├── jwtutil_test.go
│ │ ├── mock
│ │ └── fakecertutil.go
│ │ └── testdata
│ │ └── cert-util.pem
├── samples
│ └── plugin_ca_certs
│ │ ├── README.md
│ │ ├── ca-cert.pem
│ │ ├── ca-key.pem
│ │ ├── ca.cfg
│ │ ├── cert-chain.pem
│ │ ├── gen_certs.sh
│ │ └── root-cert.pem
└── tools
│ ├── deb
│ └── description
│ ├── generate_cert
│ └── main.go
│ ├── generate_csr
│ └── main.go
│ └── jwt
│ ├── README.md
│ ├── requirements.txt
│ ├── sa-jwt.py
│ └── samples
│ ├── README.md
│ ├── demo.jwt
│ ├── gen-jwt.py
│ ├── groups-scope.jwt
│ ├── jwks.json
│ ├── key.pem
│ └── requirements.txt
├── tests
├── binary
│ ├── binaries_test.go
│ └── dependencies_test.go
├── common
│ └── jwt
│ │ ├── jwks.json
│ │ ├── jwt_token.go
│ │ ├── jwt_token_test.go
│ │ └── key.pem
├── fuzz
│ ├── Dockerfile.fuzz
│ ├── README.md
│ ├── aggregate_controller_fuzzer.go
│ ├── analyzer_fuzzer.go
│ ├── autoregistration_controller_fuzzer.go
│ ├── bootstrap_fuzzer.go
│ ├── compare_fuzzer.go
│ ├── config_validation_fuzzer.go
│ ├── crd_roundtrip_fuzzer.go
│ ├── fuzz.go
│ ├── inject_fuzzer.go
│ ├── kube_crd_fuzzer.go
│ ├── mesh_fuzzer.go
│ ├── misc_fuzzers.go
│ ├── oss_fuzz_build.sh
│ ├── pilot_model_fuzzer.go
│ ├── pilot_networking_fuzzer.go
│ ├── pilot_security_fuzzer.go
│ ├── pkg_util_fuzzer.go
│ ├── pki_fuzzer.go
│ ├── regression_test.go
│ ├── security_fuzzer.go
│ ├── testdata
│ │ ├── FuzzAggregateController
│ │ │ └── 5196264820572160
│ │ ├── FuzzAnalyzer
│ │ │ ├── 6087702507290624
│ │ │ └── 6169070276837376
│ │ ├── FuzzBNMUnmarshalJSON
│ │ │ └── 4811475191988224
│ │ ├── FuzzCRDRoundtrip
│ │ │ ├── 4664081669292032
│ │ │ └── 6428395234263040
│ │ ├── FuzzCheckIstioOperatorSpec
│ │ │ └── 5772621131153408
│ │ ├── FuzzConfigValidation2
│ │ │ ├── 4534596883578880
│ │ │ ├── fuzz_config_validation2.dict
│ │ │ └── seed1
│ │ ├── FuzzFindRootCertFromCertificateChainBytes
│ │ │ └── 6118602084843520
│ │ ├── FuzzHelmReconciler
│ │ │ └── 5691906075000832
│ │ ├── FuzzJwtUtil
│ │ │ └── 5085913745588224
│ │ ├── FuzzParseInputs
│ │ │ └── 4863517148708864
│ │ ├── FuzzResolveK8sConflict
│ │ │ └── 5719923521880064
│ │ ├── FuzzTranslateFromValueToSpec
│ │ │ └── 5041840540745728
│ │ ├── FuzzValidateClusters
│ │ │ ├── 5567080949219328
│ │ │ ├── 6380814220263424
│ │ │ └── 6699710718017536
│ │ └── inject
│ │ │ └── fuzz_into_resource_file.dict
│ ├── utils
│ │ └── utils.go
│ ├── v1alpha3_fuzzer.go
│ └── xds_fuzzer.go
├── integration
│ ├── GKE.md
│ ├── README.md
│ ├── ambient
│ │ ├── baseline_test.go
│ │ ├── cacert_rotation_test.go
│ │ ├── cni
│ │ │ └── main_test.go
│ │ ├── cnirepair
│ │ │ └── main_test.go
│ │ ├── cniupgrade
│ │ │ └── main_test.go
│ │ ├── gateway_conformance_test.go
│ │ ├── istioctl_test.go
│ │ ├── main_test.go
│ │ ├── registry_setup_test.go
│ │ ├── testdata
│ │ │ ├── automtls-partial-sidecar-dr-disable.yaml
│ │ │ ├── automtls-partial-sidecar-dr-mutual.yaml
│ │ │ ├── automtls-partial-sidecar-dr-no-tls.yaml
│ │ │ ├── automtls-passthrough.yaml
│ │ │ ├── beta-mtls-automtls-workload.yaml
│ │ │ ├── beta-mtls-automtls.yaml
│ │ │ ├── beta-mtls-off.yaml
│ │ │ ├── beta-mtls-on.yaml
│ │ │ ├── beta-mtls-permissive.yaml
│ │ │ ├── beta-per-port-mtls.yaml
│ │ │ ├── gateway-api.yaml
│ │ │ ├── global-plaintext.yaml
│ │ │ ├── no-peer-authn.yaml
│ │ │ ├── only-hbone.yaml
│ │ │ ├── plaintext-to-permissive.yaml
│ │ │ ├── registry-secret.yaml
│ │ │ ├── requestauthn
│ │ │ │ └── waypoint-jwt.yaml.tmpl
│ │ │ └── wasm-filter.yaml
│ │ ├── traffic_test.go
│ │ ├── untaint
│ │ │ ├── main_test.go
│ │ │ └── untaint_test.go
│ │ ├── util.go
│ │ ├── wasm_test.go
│ │ └── waypoint_test.go
│ ├── base.yaml
│ ├── create_cluster_gke.sh
│ ├── helm
│ │ ├── install_test.go
│ │ ├── main_test.go
│ │ ├── upgrade
│ │ │ ├── helm_upgrade_test.go
│ │ │ ├── main_test.go
│ │ │ └── util.go
│ │ └── util.go
│ ├── iop-ambient-test-defaults.yaml
│ ├── iop-externalistiod-config-integration-test-defaults.yaml
│ ├── iop-externalistiod-primary-integration-test-defaults.yaml
│ ├── iop-integration-test-defaults-with-quic.yaml
│ ├── iop-integration-test-defaults.yaml
│ ├── iop-remote-integration-test-defaults.yaml
│ ├── iop-remote-integration-test-gateways.yaml
│ ├── iop-wds.yaml
│ ├── pilot
│ │ ├── README.md
│ │ ├── analysis
│ │ │ ├── analysis_test.go
│ │ │ └── main_test.go
│ │ ├── analyze_test.go
│ │ ├── cni
│ │ │ └── cniversionskew_test.go
│ │ ├── cni_race_test.go
│ │ ├── common
│ │ │ ├── routing.go
│ │ │ └── traffic.go
│ │ ├── cross_revision_test.go
│ │ ├── dns_auto_allocation_test.go
│ │ ├── ds_ep_loadbalancer_test.go
│ │ ├── forwardproxy
│ │ │ ├── cert_gen.go
│ │ │ └── envoy_config_generator.go
│ │ ├── gateway_conformance_test.go
│ │ ├── gateway_test.go
│ │ ├── grpc_probe_test.go
│ │ ├── gw_topology_test.go
│ │ ├── headers_test.go
│ │ ├── ingress_test.go
│ │ ├── istioctl_test.go
│ │ ├── label_test.go
│ │ ├── locality_test.go
│ │ ├── localwatcher
│ │ │ └── localsecretwatcher_test.go
│ │ ├── main_test.go
│ │ ├── mcs
│ │ │ ├── autoexport
│ │ │ │ └── autoexport_test.go
│ │ │ ├── common
│ │ │ │ └── common.go
│ │ │ └── discoverability
│ │ │ │ └── discoverability_test.go
│ │ ├── mirror_test.go
│ │ ├── multi_version_revision_test.go
│ │ ├── multicluster_test.go
│ │ ├── multiplecontrolplanes
│ │ │ └── main_test.go
│ │ ├── original_src_addr_test.go
│ │ ├── preserve_http_header_case_test.go
│ │ ├── proxyconfig
│ │ │ └── proxyconfig_test.go
│ │ ├── revisioned_upgrade_test.go
│ │ ├── revisions
│ │ │ ├── revision_tag_test.go
│ │ │ ├── revisions_test.go
│ │ │ └── uninstall_test.go
│ │ ├── routing_test.go
│ │ ├── tcp_probe_test.go
│ │ ├── testdata
│ │ │ ├── a.yaml
│ │ │ ├── authz-a.yaml
│ │ │ ├── authz-b.yaml
│ │ │ ├── destinationrule.yaml
│ │ │ ├── external-forward-proxy-deployment.yaml
│ │ │ ├── forward-proxy
│ │ │ │ ├── configmap.tmpl.yaml
│ │ │ │ └── service.tmpl.yaml
│ │ │ ├── gateway-api-crd.yaml
│ │ │ ├── gateway-api-inference-extension-crd.yaml
│ │ │ ├── gateway.json
│ │ │ ├── gateway.yaml
│ │ │ ├── hello.yaml
│ │ │ ├── invalid.md
│ │ │ ├── invalid.yaml
│ │ │ ├── mcs-serviceexport-crd.yaml
│ │ │ ├── mcs-serviceimport-crd.yaml
│ │ │ ├── some-dir
│ │ │ │ ├── missing-gateway.yaml
│ │ │ │ └── nested-dir
│ │ │ │ │ └── bad-annotation-service.yaml
│ │ │ ├── traffic-mirroring-template.yaml
│ │ │ ├── traffic-shifting.yaml
│ │ │ ├── tunneling
│ │ │ │ ├── destination-rule.tmpl.yaml
│ │ │ │ ├── gateway
│ │ │ │ │ ├── tcp
│ │ │ │ │ │ ├── gateway.tmpl.yaml
│ │ │ │ │ │ └── virtual-service.tmpl.yaml
│ │ │ │ │ └── tls
│ │ │ │ │ │ ├── istio-mutual
│ │ │ │ │ │ ├── gateway.tmpl.yaml
│ │ │ │ │ │ ├── mtls.tmpl.yaml
│ │ │ │ │ │ └── virtual-service.tmpl.yaml
│ │ │ │ │ │ └── passthrough
│ │ │ │ │ │ ├── gateway.tmpl.yaml
│ │ │ │ │ │ ├── originate-tls.tmpl.yaml
│ │ │ │ │ │ └── virtual-service.tmpl.yaml
│ │ │ │ └── sidecar
│ │ │ │ │ └── virtual-service.tmpl.yaml
│ │ │ ├── upgrade
│ │ │ │ ├── 1.10.0-install.yaml.tar
│ │ │ │ ├── 1.11.0-beta.1-cni-install.yaml.tar
│ │ │ │ ├── 1.6.11-install.yaml.tar
│ │ │ │ ├── 1.7.6-install.yaml.tar
│ │ │ │ ├── 1.8.6-install.yaml.tar
│ │ │ │ ├── 1.9.5-install.yaml.tar
│ │ │ │ └── README.md
│ │ │ └── virtualservice.yaml
│ │ ├── tunneling_test.go
│ │ ├── validation_test.go
│ │ ├── vm_test.go
│ │ ├── webhook_test.go
│ │ └── workloadentry_test.go
│ ├── security
│ │ ├── authz_test.go
│ │ ├── ca_custom_root
│ │ │ ├── main_test.go
│ │ │ ├── multi_root_test.go
│ │ │ ├── secure_naming_test.go
│ │ │ ├── trust_domain_alias_secure_naming_test.go
│ │ │ └── trust_domain_validation_test.go
│ │ ├── cacert_rotation
│ │ │ └── main_test.go
│ │ ├── crl
│ │ │ ├── crl_test.go
│ │ │ ├── main_test.go
│ │ │ └── util
│ │ │ │ └── cert.go
│ │ ├── ecc_signature_algorithm
│ │ │ ├── main_test.go
│ │ │ └── mtls_strict_test.go
│ │ ├── egress_gateway_origination_test.go
│ │ ├── egress_sidecar_tls_origination_test.go
│ │ ├── external_ca
│ │ │ ├── main_test.go
│ │ │ └── reachability_test.go
│ │ ├── file_mounted_certs
│ │ │ ├── main_test.go
│ │ │ └── p2p_mtls_test.go
│ │ ├── filebased_tls_origination
│ │ │ ├── destination_rule_tls_test.go
│ │ │ ├── egress_gateway_origination_test.go
│ │ │ └── main_test.go
│ │ ├── fuzz
│ │ │ ├── README.md
│ │ │ ├── backends
│ │ │ │ ├── apache
│ │ │ │ │ └── apache.yaml
│ │ │ │ ├── nginx
│ │ │ │ │ └── nginx.yaml
│ │ │ │ └── tomcat
│ │ │ │ │ ├── Dockerfile
│ │ │ │ │ ├── Makefile
│ │ │ │ │ ├── private
│ │ │ │ │ ├── HelloWorld.java
│ │ │ │ │ └── WEB-INF
│ │ │ │ │ │ └── web.xml
│ │ │ │ │ └── tomcat.yaml
│ │ │ ├── fuzz_test.go
│ │ │ ├── fuzzers
│ │ │ │ ├── dotdotpwn
│ │ │ │ │ ├── Dockerfile
│ │ │ │ │ ├── Makefile
│ │ │ │ │ ├── dotdotpwn.yaml
│ │ │ │ │ └── run.sh
│ │ │ │ ├── jwt_tool
│ │ │ │ │ ├── Dockerfile
│ │ │ │ │ ├── Makefile
│ │ │ │ │ ├── jwt_tool.yaml
│ │ │ │ │ ├── jwtconf.ini
│ │ │ │ │ ├── run.sh
│ │ │ │ │ ├── sample-RSA-private.pem
│ │ │ │ │ └── sample-RSA-public.pem
│ │ │ │ └── wfuzz
│ │ │ │ │ ├── wfuzz.yaml
│ │ │ │ │ └── wordlist.yaml
│ │ │ ├── main_test.go
│ │ │ └── overview.jpg
│ │ ├── https_jwt
│ │ │ ├── https_jwt_test.go
│ │ │ ├── main_test.go
│ │ │ └── testdata
│ │ │ │ └── remotehttps.yaml.tmpl
│ │ ├── ingress_test.go
│ │ ├── jwt_test.go
│ │ ├── main_test.go
│ │ ├── mtls_healthcheck_test.go
│ │ ├── normalization_test.go
│ │ ├── pass_through_filter_chain_test.go
│ │ ├── policy_attachment_only
│ │ │ ├── jwt_gateway_test.go
│ │ │ ├── main_test.go
│ │ │ └── testdata
│ │ │ │ ├── authz
│ │ │ │ ├── gateway-api.yaml.tmpl
│ │ │ │ └── gateway-authz.yaml.tmpl
│ │ │ │ └── requestauthn
│ │ │ │ ├── gateway-api.yaml.tmpl
│ │ │ │ └── gateway-jwt.yaml.tmpl
│ │ ├── reachability_test.go
│ │ ├── remote_jwks
│ │ │ ├── main_test.go
│ │ │ ├── remote_jwks_test.go
│ │ │ └── testdata
│ │ │ │ ├── requestauthn-no-se-no-issuer.yaml.tmpl
│ │ │ │ ├── requestauthn-no-se.yaml.tmpl
│ │ │ │ ├── requestauthn-with-se-no-issuer.yaml.tmpl
│ │ │ │ ├── requestauthn-with-se-timeout.yaml.tmpl
│ │ │ │ └── requestauthn-with-se.yaml.tmpl
│ │ ├── sds_ingress
│ │ │ ├── quic
│ │ │ │ └── ingress_test.go
│ │ │ └── util
│ │ │ │ ├── generate_certs.sh
│ │ │ │ ├── test_certs.go
│ │ │ │ └── util.go
│ │ ├── testdata
│ │ │ ├── authz
│ │ │ │ ├── allow-namespace.yaml.tmpl
│ │ │ │ ├── allow-principal.yaml.tmpl
│ │ │ │ ├── allow-serviceaccount.yaml.tmpl
│ │ │ │ ├── conditions.yaml.tmpl
│ │ │ │ ├── custom-provider.yaml.tmpl
│ │ │ │ ├── deny-global.yaml.tmpl
│ │ │ │ ├── deny-namespace.yaml.tmpl
│ │ │ │ ├── deny-principal.yaml.tmpl
│ │ │ │ ├── egress-gateway.yaml.tmpl
│ │ │ │ ├── ingress-gateway.yaml.tmpl
│ │ │ │ ├── jwt.yaml.tmpl
│ │ │ │ ├── mtls.yaml.tmpl
│ │ │ │ ├── not-host.yaml.tmpl
│ │ │ │ ├── not-method.yaml.tmpl
│ │ │ │ ├── not-namespace.yaml.tmpl
│ │ │ │ ├── not-port.yaml.tmpl
│ │ │ │ ├── path-normalization.yaml.tmpl
│ │ │ │ ├── path-precedence.yaml.tmpl
│ │ │ │ ├── path-templating.yaml.tmpl
│ │ │ │ ├── plaintext.yaml.tmpl
│ │ │ │ ├── workload-bad.yaml.tmpl
│ │ │ │ ├── workload-ns.yaml.tmpl
│ │ │ │ ├── workload-system-ns.yaml.tmpl
│ │ │ │ └── workload.yaml.tmpl
│ │ │ ├── reachability
│ │ │ │ ├── automtls-passthrough.yaml.tmpl
│ │ │ │ ├── global-dr.yaml.tmpl
│ │ │ │ ├── global-peer-authn.yaml.tmpl
│ │ │ │ ├── migration.yaml.tmpl
│ │ │ │ ├── workload-dr.yaml.tmpl
│ │ │ │ ├── workload-peer-authn-port-override.yaml.tmpl
│ │ │ │ └── workload-peer-authn.yaml.tmpl
│ │ │ └── requestauthn
│ │ │ │ ├── aud.yaml.tmpl
│ │ │ │ ├── authn-authz.yaml.tmpl
│ │ │ │ ├── authn-only.yaml.tmpl
│ │ │ │ ├── forward.yaml.tmpl
│ │ │ │ ├── gateway-api.yaml.tmpl
│ │ │ │ ├── gateway-jwt.yaml.tmpl
│ │ │ │ ├── global-jwt.yaml.tmpl
│ │ │ │ ├── headers-params.yaml.tmpl
│ │ │ │ ├── ingress.yaml.tmpl
│ │ │ │ ├── invalid-jwks.yaml.tmpl
│ │ │ │ ├── remote.yaml.tmpl
│ │ │ │ └── timeout.yaml.tmpl
│ │ └── util
│ │ │ ├── cert
│ │ │ └── cert.go
│ │ │ ├── framework.go
│ │ │ ├── reachability
│ │ │ └── context.go
│ │ │ └── secret
│ │ │ └── secret.go
│ ├── telemetry
│ │ ├── api
│ │ │ ├── accesslogs_test.go
│ │ │ ├── customize_metrics_test.go
│ │ │ ├── dashboard_test.go
│ │ │ ├── istioctl_metrics_test.go
│ │ │ ├── registry_setup_test.go
│ │ │ ├── setup_test.go
│ │ │ ├── stats_test.go
│ │ │ ├── testdata
│ │ │ │ ├── accesslog
│ │ │ │ │ ├── enable-filter-state-log.yaml
│ │ │ │ │ ├── filter.yaml
│ │ │ │ │ ├── mode-client.yaml
│ │ │ │ │ ├── mode-clientserver.yaml
│ │ │ │ │ ├── mode-server.yaml
│ │ │ │ │ └── targetref.yaml
│ │ │ │ ├── additional-labels.yaml
│ │ │ │ ├── attributegen.yaml
│ │ │ │ ├── bad-filter.yaml
│ │ │ │ ├── bad-wasm-envoy-filter-fail-open.yaml
│ │ │ │ ├── gateway-api.yaml
│ │ │ │ ├── gateway-wasm-filter.yaml
│ │ │ │ ├── registry-secret.yaml
│ │ │ │ └── wasm-filter.yaml
│ │ │ └── wasmplugin_test.go
│ │ ├── policy
│ │ │ ├── envoy_ratelimit_test.go
│ │ │ ├── helper_test.go
│ │ │ ├── testdata
│ │ │ │ ├── enable_envoy_local_ratelimit.yaml
│ │ │ │ ├── enable_envoy_local_ratelimit_per_route.yaml
│ │ │ │ ├── enable_envoy_local_ratelimit_sa.yaml
│ │ │ │ ├── enable_envoy_ratelimit.yaml
│ │ │ │ └── rate-limit-configmap.yaml
│ │ │ ├── traffic_allow_any_test.go
│ │ │ └── traffic_registry_only_test.go
│ │ ├── testdata
│ │ │ ├── external-service-entry.yaml
│ │ │ ├── istio-mtls-dest-rule.yaml
│ │ │ ├── istio-mtls-gateway.yaml
│ │ │ └── istio-mtls-vs.yaml
│ │ ├── tracing
│ │ │ ├── otelcollector
│ │ │ │ ├── testdata
│ │ │ │ │ ├── echo-gateway-tracing.yaml
│ │ │ │ │ ├── echo-gateway.yaml
│ │ │ │ │ ├── otel-grpc-with-initial-metadata.yaml
│ │ │ │ │ ├── otel-tracing-http.yaml
│ │ │ │ │ ├── otel-tracing-res-detectors.yaml
│ │ │ │ │ ├── otel-tracing-with-auth.yaml
│ │ │ │ │ └── otel-tracing.yaml
│ │ │ │ └── tracing_test.go
│ │ │ ├── tracing.go
│ │ │ └── zipkin
│ │ │ │ ├── client_tracing_test.go
│ │ │ │ ├── main_test.go
│ │ │ │ └── server_tracing_test.go
│ │ └── util.go
│ └── tests.mk
├── testdata
│ ├── bootstrap_tmpl.json
│ ├── certs
│ │ ├── README.md
│ │ ├── ca.crl
│ │ ├── cert.crt
│ │ ├── cert.key
│ │ ├── default
│ │ │ ├── cert-chain.pem
│ │ │ ├── key.pem
│ │ │ └── root-cert.pem
│ │ ├── dns
│ │ │ ├── cert-chain-unused.pem
│ │ │ ├── cert-chain.pem
│ │ │ ├── fake-cert-chain.pem
│ │ │ ├── fake-root-cert.pem
│ │ │ ├── key.pem
│ │ │ └── root-cert.pem
│ │ ├── dummy.crl
│ │ ├── generate.sh
│ │ ├── mountedcerts-client
│ │ │ ├── cert-chain.pem
│ │ │ ├── key.pem
│ │ │ └── root-cert.pem
│ │ ├── mountedcerts-server
│ │ │ ├── cert-chain.pem
│ │ │ ├── key.pem
│ │ │ └── root-cert.pem
│ │ └── pilot
│ │ │ ├── ca-cert.pem
│ │ │ ├── ca-key.pem
│ │ │ ├── cert-chain.pem
│ │ │ ├── key.pem
│ │ │ └── root-cert.pem
│ ├── config
│ │ ├── authn.yaml
│ │ ├── byon.yaml
│ │ ├── destination-rule-all.yaml
│ │ ├── destination-rule-fqdn.yaml
│ │ ├── destination-rule-locality.yaml
│ │ ├── destination-rule-passthrough.yaml
│ │ ├── destination-rule-ssl.yaml
│ │ ├── egressgateway.yaml
│ │ ├── external_services.yaml
│ │ ├── gateway-all.yaml
│ │ ├── gateway-tcp-a.yaml
│ │ ├── ingress.yaml
│ │ ├── ingressgateway.yaml
│ │ ├── none.yaml
│ │ ├── rule-content-route.yaml
│ │ ├── rule-default-route-append-headers.yaml
│ │ ├── rule-default-route-cors-policy.yaml
│ │ ├── rule-default-route.yaml
│ │ ├── rule-fault-injection.yaml
│ │ ├── rule-ingressgateway.yaml
│ │ ├── rule-redirect-injection.yaml
│ │ ├── rule-regex-route.yaml
│ │ ├── rule-route-via-egressgateway.yaml
│ │ ├── rule-websocket-route.yaml
│ │ ├── rule-weighted-route.yaml
│ │ ├── se-example-gw.yaml
│ │ ├── se-example.yaml
│ │ ├── static-weighted-se.yaml
│ │ └── virtual-service-all.yaml
│ ├── envoy_local.json
│ ├── local
│ │ └── etc
│ │ │ └── certs
│ │ │ ├── cert-chain.pem
│ │ │ ├── key.pem
│ │ │ └── root-cert.pem
│ ├── mcp_bootstrap_tmpl.json
│ ├── multicluster
│ │ └── envoy_local_v2.yaml
│ └── networking
│ │ ├── envoyfilter-without-service
│ │ └── configs.yaml
│ │ ├── ingress-gateway
│ │ └── configs.yaml
│ │ ├── sidecar-ns-scope
│ │ └── configs.yaml
│ │ └── sidecar-without-service
│ │ └── configs.yaml
└── util
│ ├── common_utils.go
│ ├── compare_utils.go
│ ├── kubeconfig
│ ├── leak
│ ├── check.go
│ └── check_test.go
│ ├── pki
│ ├── apiserver.crt
│ ├── apiserver.key
│ ├── k8sca.crt
│ └── k8sca.key
│ └── sanitycheck
│ └── sanity_check.go
└── tools
├── .gitignore
├── bug-report
└── pkg
│ ├── archive
│ └── archive.go
│ ├── bugreport
│ ├── bugreport.go
│ └── flags.go
│ ├── cluster
│ ├── cluster.go
│ └── cluster_test.go
│ ├── common
│ └── common.go
│ ├── config
│ ├── config.go
│ └── config_test.go
│ ├── content
│ └── content.go
│ ├── filter
│ ├── filter.go
│ └── filter_test.go
│ ├── kubeclient
│ └── kubeclient.go
│ ├── kubectlcmd
│ └── kubectlcmd.go
│ ├── processlog
│ ├── processlog.go
│ └── processlog_test.go
│ ├── testdata
│ ├── input
│ │ ├── format_json.log
│ │ ├── format_txt.log
│ │ └── ingress.log
│ └── output
│ │ ├── format_json_no_time_filter.log
│ │ ├── format_json_with_time_filter.log
│ │ ├── format_txt_no_time_filter.log
│ │ ├── format_txt_with_time_filter.log
│ │ ├── multi_line_entries.log
│ │ ├── range_equals.log
│ │ └── range_not_equals.log
│ └── util
│ ├── match
│ └── match.go
│ └── path
│ └── path.go
├── build-base-images.sh
├── build-kind-image.sh
├── certs
├── Makefile.k8s.mk
├── Makefile.selfsigned.mk
├── README.md
└── common.mk
├── commonfiles-postprocess.sh
├── convert_RbacConfig_to_ClusterRbacConfig.sh
├── docker
├── docker-builder
├── builder
│ ├── crane.go
│ └── tar.go
├── common.go
├── crane.go
├── docker.go
├── dockerfile
│ └── parse.go
├── main.go
└── types.go
├── docker-copy.sh
├── docker.yaml
├── dump-docker-logs.sh
├── dump_kubernetes.sh
├── gen_istio_image_list.sh
├── go-compile-verbose
├── go-compile-without-link
├── go-ordered-test
├── go-stress-test
├── golangci-override.yaml
├── istio-docker.mk
├── istio-iptables
└── pkg
│ ├── README.md
│ ├── builder
│ ├── helper.go
│ ├── iptables_builder_impl.go
│ ├── iptables_builder_test.go
│ └── testdata
│ │ ├── append-insert-multi-restore.golden
│ │ ├── append-insert-multi.golden
│ │ ├── append-multi-restore.golden
│ │ ├── append-multi.golden
│ │ ├── append-single-restore.golden
│ │ ├── append-single.golden
│ │ ├── insert-multi-restore.golden
│ │ ├── insert-multi.golden
│ │ ├── insert-single-restore.golden
│ │ ├── insert-single.golden
│ │ ├── multi-rules-new-chain-v4-restore.golden
│ │ ├── multi-rules-new-chain-v4.golden
│ │ ├── multi-rules-new-chain-v6-restore.golden
│ │ └── multi-rules-new-chain-v6.golden
│ ├── capture
│ ├── helper.go
│ ├── run.go
│ ├── run_linux.go
│ ├── run_linux_test.go
│ ├── run_test.go
│ ├── run_unspecified.go
│ └── testdata
│ │ ├── basic-exclude-nic.golden
│ │ ├── dns-uid-gid.golden
│ │ ├── drop-invalid.golden
│ │ ├── empty.golden
│ │ ├── host-ipv4-loopback-cidr.golden
│ │ ├── inbound-ports-include.golden
│ │ ├── inbound-ports-tproxy.golden
│ │ ├── inbound-ports-wildcard-tproxy.golden
│ │ ├── inbound-ports-wildcard.golden
│ │ ├── ip-range.golden
│ │ ├── ipnets-with-kube-virt-interfaces.golden
│ │ ├── ipnets.golden
│ │ ├── ipv6-dns-outbound-owner-groups-exclude.golden
│ │ ├── ipv6-dns-outbound-owner-groups.golden
│ │ ├── ipv6-dns-uid-gid.golden
│ │ ├── ipv6-empty-inbound-ports.golden
│ │ ├── ipv6-inbound-ports.golden
│ │ ├── ipv6-ipnets.golden
│ │ ├── ipv6-outbound-ports.golden
│ │ ├── ipv6-uid-gid.golden
│ │ ├── ipv6-virt-interfaces.golden
│ │ ├── kube-virt-interfaces.golden
│ │ ├── loopback-outbound-iprange.golden
│ │ ├── outbound-owner-groups-exclude.golden
│ │ ├── outbound-owner-groups.golden
│ │ ├── outbound-ports-include.golden
│ │ └── tproxy.golden
│ ├── cmd
│ └── root.go
│ ├── config
│ ├── config.go
│ ├── config_linux.go
│ ├── config_other.go
│ ├── config_test.go
│ ├── types.go
│ ├── validation.go
│ └── validation_test.go
│ ├── constants
│ └── constants.go
│ ├── dependencies
│ ├── implementation.go
│ ├── implementation_linux.go
│ ├── implementation_linux_test.go
│ ├── implementation_test.go
│ ├── implementation_unspecified.go
│ ├── interface.go
│ └── stub.go
│ └── validation
│ ├── validator.go
│ ├── vld.go
│ ├── vld_unix.go
│ └── vld_unspecified.go
├── packaging
├── common
│ ├── envoy_bootstrap.json
│ ├── istio-start.sh
│ ├── istio.service
│ └── sidecar.env
├── packaging.mk
└── postinst.sh
├── proto
├── buf.golang-json.yaml
├── buf.golang.yaml
├── buf.yaml
└── proto.mk
└── skip-image.sh
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | contact_links:
2 | - name: "Crash bug"
3 | url: https://istio.io/about/security-vulnerabilities/
4 | about: "Please file any bug causing a crash to istio-security-vulnerability-reports@googlegroups.com."
5 |
--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contribution guidelines
2 |
3 | So you want to hack on Istio? Yay! Please refer to Istio's overall
4 | [contribution guidelines](https://github.com/istio/community/blob/master/CONTRIBUTING.md)
5 | to find out how you can help.
6 |
--------------------------------------------------------------------------------
/VERSION:
--------------------------------------------------------------------------------
1 | 1.28
2 |
--------------------------------------------------------------------------------
/bin/.spelling_failures:
--------------------------------------------------------------------------------
1 | OWNERS
2 | vendor/
3 |
--------------------------------------------------------------------------------
/cni/pkg/install/testdata/invalid-arr.conflist:
--------------------------------------------------------------------------------
1 | []
2 |
--------------------------------------------------------------------------------
/cni/pkg/install/testdata/invalid-map.conflist:
--------------------------------------------------------------------------------
1 | {}
2 |
--------------------------------------------------------------------------------
/cni/pkg/install/testdata/token-bar:
--------------------------------------------------------------------------------
1 | bar
--------------------------------------------------------------------------------
/cni/pkg/install/testdata/token-foo:
--------------------------------------------------------------------------------
1 | foo
--------------------------------------------------------------------------------
/cni/pkg/nodeagent/testdata/cgroupns/1/ns/net:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/cni/pkg/nodeagent/testdata/cgroupns/1/ns/net
--------------------------------------------------------------------------------
/cni/pkg/nodeagent/testdata/cgroupns/2/ns/net:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/cni/pkg/nodeagent/testdata/cgroupns/2/ns/net
--------------------------------------------------------------------------------
/cni/test/testdata/bindir/istio-cni:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/cni/test/testdata/bindir/istio-cni
--------------------------------------------------------------------------------
/cni/test/testdata/bindir/istio-iptables:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/cni/test/testdata/bindir/istio-iptables
--------------------------------------------------------------------------------
/cni/test/testdata/k8s_svcacct/namespace:
--------------------------------------------------------------------------------
1 | kube-system
--------------------------------------------------------------------------------
/cni/test/testdata/pre/non_json.conf:
--------------------------------------------------------------------------------
1 | "This is not json"
2 |
3 | Maybe it magically parses but shouldn't
4 |
--------------------------------------------------------------------------------
/common/.commonfiles.sha:
--------------------------------------------------------------------------------
1 | d46067e1a8ba3db4abe2635af5807f00ba1981e6
2 |
--------------------------------------------------------------------------------
/istioctl/pkg/kubeinject/testdata/inject-values.yaml:
--------------------------------------------------------------------------------
1 | global:
2 | suffix: test
3 |
--------------------------------------------------------------------------------
/istioctl/pkg/waypoint/testdata/waypoint/all-gateway:
--------------------------------------------------------------------------------
1 | NAMESPACE NAME REVISION TRAFFIC TYPE PROGRAMMED
2 | default waypoint default none True
3 | fake waypoint default none True
4 |
--------------------------------------------------------------------------------
/istioctl/pkg/waypoint/testdata/waypoint/default-gateway:
--------------------------------------------------------------------------------
1 | NAME REVISION TRAFFIC TYPE PROGRAMMED
2 | waypoint default none True
3 |
--------------------------------------------------------------------------------
/istioctl/pkg/waypoint/testdata/waypoint/no-gateway:
--------------------------------------------------------------------------------
1 | No waypoints found.
2 |
--------------------------------------------------------------------------------
/istioctl/pkg/workload/testdata/vmconfig-nil-proxy-metadata/hosts.golden:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/istioctl/pkg/workload/testdata/vmconfig-nil-proxy-metadata/hosts.golden
--------------------------------------------------------------------------------
/istioctl/pkg/workload/testdata/vmconfig-nil-proxy-metadata/istio-token.golden:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/istioctl/pkg/workload/testdata/vmconfig-nil-proxy-metadata/istio-token.golden
--------------------------------------------------------------------------------
/istioctl/pkg/workload/testdata/vmconfig-nil-proxy-metadata/root-cert.pem.golden:
--------------------------------------------------------------------------------
1 | fake-CA-cert
--------------------------------------------------------------------------------
/istioctl/pkg/workload/testdata/vmconfig/ipv4/hosts.golden:
--------------------------------------------------------------------------------
1 | 10.10.10.11 istiod-rev-1.istio-system.svc
2 |
--------------------------------------------------------------------------------
/istioctl/pkg/workload/testdata/vmconfig/ipv4/istio-token.golden:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/istioctl/pkg/workload/testdata/vmconfig/ipv4/istio-token.golden
--------------------------------------------------------------------------------
/istioctl/pkg/workload/testdata/vmconfig/ipv4/root-cert.pem.golden:
--------------------------------------------------------------------------------
1 | fake-CA-cert
--------------------------------------------------------------------------------
/istioctl/pkg/workload/testdata/vmconfig/ipv6/hosts.golden:
--------------------------------------------------------------------------------
1 | fd00:10:96::2 istiod-rev-1.istio-system.svc
2 |
--------------------------------------------------------------------------------
/istioctl/pkg/workload/testdata/vmconfig/ipv6/istio-token.golden:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/istioctl/pkg/workload/testdata/vmconfig/ipv6/istio-token.golden
--------------------------------------------------------------------------------
/istioctl/pkg/workload/testdata/vmconfig/ipv6/root-cert.pem.golden:
--------------------------------------------------------------------------------
1 | fake-CA-cert
--------------------------------------------------------------------------------
/istioctl/pkg/writer/envoy/configdump/testdata/versionsummary.txt:
--------------------------------------------------------------------------------
1 | Istio Version: 1.10.0
2 | Istio Proxy Version: 436f365a8007cd8a13a9f1321e7cce94bcc8883e
3 | Envoy Version: 1.18.3/Clean/RELEASE/BoringSSL
4 |
--------------------------------------------------------------------------------
/istioctl/pkg/writer/ztunnel/configdump/testdata/policies.txt:
--------------------------------------------------------------------------------
1 | NAMESPACE POLICY NAME ACTION SCOPE
2 | default allow-nothing Allow Namespace
3 | default allow-waypoint Allow WorkloadSelector
4 |
--------------------------------------------------------------------------------
/licenses/github.com/go-errors/errors/NONE:
--------------------------------------------------------------------------------
1 | NO LICENSE FOUND
2 |
--------------------------------------------------------------------------------
/licenses/github.com/xeipuuv/gojsonpointer/NONE:
--------------------------------------------------------------------------------
1 | NO LICENSE FOUND
2 |
--------------------------------------------------------------------------------
/licenses/github.com/xeipuuv/gojsonreference/NONE:
--------------------------------------------------------------------------------
1 | NO LICENSE FOUND
2 |
--------------------------------------------------------------------------------
/licenses/github.com/xeipuuv/gojsonschema/NONE:
--------------------------------------------------------------------------------
1 | NO LICENSE FOUND
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz.v1/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz.v2.reqs/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz_backslash/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz_with_bom/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chart/loader/testdata/frobnitz_with_dev_null/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chartutil/testdata/dependent-chart-alias/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chartutil/testdata/dependent-chart-no-requirements-yaml/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chartutil/testdata/dependent-chart-with-all-in-requirements-yaml/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chartutil/testdata/dependent-chart-with-mixed-requirements-yaml/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/licenses/helm.sh/helm/v3/pkg/chartutil/testdata/frobnitz/LICENSE:
--------------------------------------------------------------------------------
1 | LICENSE placeholder.
2 |
--------------------------------------------------------------------------------
/manifests/addons/dashboards/lib/g.libsonnet:
--------------------------------------------------------------------------------
1 | import 'github.com/grafana/grafonnet/gen/grafonnet-latest/main.libsonnet'
2 |
--------------------------------------------------------------------------------
/manifests/charts/ztunnel/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }}
2 |
--------------------------------------------------------------------------------
/manifests/helm-profiles/compatibility-version-1.25.yaml:
--------------------------------------------------------------------------------
1 | pilot:
2 | env:
3 | # 1.27 behavioral changes
4 | ENABLE_NATIVE_SIDECARS: "false"
5 | ambient:
6 | # 1.26 behavioral changes
7 | shareHostNetworkNamespace: true
8 |
--------------------------------------------------------------------------------
/manifests/helm-profiles/compatibility-version-1.26.yaml:
--------------------------------------------------------------------------------
1 | pilot:
2 | env:
3 | # 1.27 behavioral changes
4 | ENABLE_NATIVE_SIDECARS: "false"
--------------------------------------------------------------------------------
/manifests/helm-profiles/platform-gke.yaml:
--------------------------------------------------------------------------------
1 | cni:
2 | cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work
3 | resourceQuotas:
4 | enabled: true
5 | resourceQuotas:
6 | enabled: true
7 |
--------------------------------------------------------------------------------
/manifests/helm-profiles/platform-k3d.yaml:
--------------------------------------------------------------------------------
1 | cni:
2 | cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d
3 | cniBinDir: /bin
4 |
--------------------------------------------------------------------------------
/manifests/helm-profiles/platform-k3s.yaml:
--------------------------------------------------------------------------------
1 | cni:
2 | cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d
3 | cniBinDir: /var/lib/rancher/k3s/data/cni
4 |
--------------------------------------------------------------------------------
/manifests/helm-profiles/platform-microk8s.yaml:
--------------------------------------------------------------------------------
1 | cni:
2 | cniConfDir: /var/snap/microk8s/current/args/cni-network
3 | cniBinDir: /var/snap/microk8s/current/opt/cni/bin
4 |
--------------------------------------------------------------------------------
/manifests/helm-profiles/platform-minikube.yaml:
--------------------------------------------------------------------------------
1 | cni:
2 | cniNetnsDir: /var/run/docker/netns
3 |
--------------------------------------------------------------------------------
/manifests/helm-profiles/stable.yaml:
--------------------------------------------------------------------------------
1 | # The stable profile deploys admission control to ensure that only stable resources and fields are used
2 | # THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE
3 | experimental:
4 | stableValidationPolicy: true
5 |
--------------------------------------------------------------------------------
/manifests/profiles/demo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 | components:
5 | egressGateways:
6 | - name: istio-egressgateway
7 | enabled: true
8 | values:
9 | profile: demo
--------------------------------------------------------------------------------
/manifests/profiles/stable.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 | values:
5 | profile: stable
6 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/data-snapshot.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/operator/cmd/mesh/testdata/manifest-generate/data-snapshot.tar.gz
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input-extra-resources/gateways.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: user-ingressgateway-ns
5 | labels:
6 | istio-injection: disabled
7 |
8 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input/all_off.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 | profile: empty
5 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input/bare_spec.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input/bare_values.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | metadata:
4 | namespace: istio-system
5 | spec:
6 | values:
7 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input/default.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 | profile: default
5 |
6 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input/empty.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 | profile: empty
5 |
6 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input/flag_output.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 | profile: empty
5 | components:
6 | pilot:
7 | enabled: true
8 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input/helm_values_enablement.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 | values:
5 | gateways:
6 | istio-egressgateway:
7 | enabled: true
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input/minimal-revisioned.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 | profile: minimal
5 | revision: test-rev
6 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input/minimal.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 | profile: minimal
5 |
6 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/input/multiple_iops.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: install.istio.io/v1alpha1
2 | kind: IstioOperator
3 | spec:
4 |
5 | ---
6 |
7 | apiVersion: install.istio.io/v1alpha1
8 | kind: IstioOperator
9 | spec:
10 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/output/all_off.golden.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/operator/cmd/mesh/testdata/manifest-generate/output/all_off.golden.yaml
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/output/flag_force.golden.yaml:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/manifest-generate/output/gateways.golden.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/operator/cmd/mesh/testdata/manifest-generate/output/gateways.golden.yaml
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/profile-dump/output/list_path.txt:
--------------------------------------------------------------------------------
1 | [0].mountPath="/etc/istio/egressgateway-certs"
2 | [0].name="egressgateway-certs"
3 |
--------------------------------------------------------------------------------
/operator/cmd/mesh/testdata/profile-dump/output/list_path.yaml:
--------------------------------------------------------------------------------
1 | - mountPath: /etc/istio/egressgateway-certs
2 | name: egressgateway-certs
3 |
4 |
--------------------------------------------------------------------------------
/operator/pkg/helm/testdata/input/gateway-deployment.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/operator/pkg/helm/testdata/input/gateway-deployment.yaml
--------------------------------------------------------------------------------
/operator/pkg/helm/testdata/input/istiod-pdb-max-unavailable.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | values:
3 | pdb:
4 | minAvailable: 1
5 | maxUnavailable: 1
--------------------------------------------------------------------------------
/operator/pkg/helm/testdata/input/istiod-pdb-unhealthy-pod-eviction-policy.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | values:
3 | pdb:
4 | minAvailable: 1
5 | unhealthyPodEvictionPolicy: AlwaysAllow
--------------------------------------------------------------------------------
/operator/pkg/helm/testdata/input/istiod-pdb.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | values:
3 | pdb:
4 | minAvailable: 1
--------------------------------------------------------------------------------
/operator/pkg/helm/testdata/input/istiod-traffic-distribution.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | values:
3 | trafficDistribution: PreferClose
--------------------------------------------------------------------------------
/pilot/pkg/config/kube/gateway/testdata/deployment/illegal_customizations.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: gateway.networking.k8s.io/v1beta1
2 | kind: Gateway
3 | metadata:
4 | annotations:
5 | gateway.istio.io/controller-version: "5"
6 | ---
7 |
--------------------------------------------------------------------------------
/pilot/pkg/config/kube/gateway/testdata/east-west-ambient.yaml.golden:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pilot/pkg/config/kube/gateway/testdata/east-west-ambient.yaml.golden
--------------------------------------------------------------------------------
/pilot/pkg/config/kube/gateway/testdata/eastwest-remote.yaml.golden:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pilot/pkg/config/kube/gateway/testdata/eastwest-remote.yaml.golden
--------------------------------------------------------------------------------
/pilot/pkg/config/kube/gateway/testdata/mismatch.yaml.golden:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pilot/pkg/config/kube/gateway/testdata/mismatch.yaml.golden
--------------------------------------------------------------------------------
/pilot/pkg/config/kube/gateway/testdata/waypoint.yaml.golden:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pilot/pkg/config/kube/gateway/testdata/waypoint.yaml.golden
--------------------------------------------------------------------------------
/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-disable-in.yaml:
--------------------------------------------------------------------------------
1 |
2 | apiVersion: security.istio.io/v1
3 | kind: PeerAuthentication
4 | metadata:
5 | name: disable-mtls
6 | spec:
7 | mtls:
8 | mode: DISABLE
9 |
--------------------------------------------------------------------------------
/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-disable.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-disable.yaml
--------------------------------------------------------------------------------
/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-permissive-in.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: security.istio.io/v1
2 | kind: PeerAuthentication
3 | metadata:
4 | name: permissive-mtls
5 | spec:
6 | mtls:
7 | mode: PERMISSIVE
8 |
--------------------------------------------------------------------------------
/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-permissive.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-permissive.yaml
--------------------------------------------------------------------------------
/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict-in.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: security.istio.io/v1
2 | kind: PeerAuthentication
3 | metadata:
4 | name: strict-mtls
5 | spec:
6 | mtls:
7 | mode: STRICT
8 |
9 |
--------------------------------------------------------------------------------
/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pilot/pkg/serviceregistry/kube/controller/ambient/testdata/peer-authn-strict.yaml
--------------------------------------------------------------------------------
/pkg/config/analysis/analyzers/testdata/common/meshconfig.yaml:
--------------------------------------------------------------------------------
1 | defaultConfig:
2 | image:
3 | imageType: distroless
4 |
--------------------------------------------------------------------------------
/pkg/config/analysis/analyzers/testdata/mesh-with-automtls.yaml:
--------------------------------------------------------------------------------
1 | enableAutoMtls: true
--------------------------------------------------------------------------------
/pkg/config/analysis/analyzers/testdata/peerauthentication-crd.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apiextensions.k8s.io/v1beta1
2 | kind: CustomResourceDefinition
3 | metadata:
4 | name: peerauthentications.security.istio.io
5 | spec:
--------------------------------------------------------------------------------
/pkg/config/analysis/analyzers/testdata/serviceentry-address-allocated-mesh-cfg.yaml:
--------------------------------------------------------------------------------
1 | defaultConfig:
2 | proxyMetadata:
3 | ISTIO_META_DNS_CAPTURE: "true"
4 |
--------------------------------------------------------------------------------
/pkg/config/analysis/analyzers/testdata/serviceentry-missing-addresses-protocol-mesh-cfg.yaml:
--------------------------------------------------------------------------------
1 | defaultConfig:
2 | proxyMetadata:
3 | ISTIO_META_DNS_CAPTURE: "true"
4 | ISTIO_META_DNS_AUTO_ALLOCATE: "true"
5 |
--------------------------------------------------------------------------------
/pkg/config/analysis/analyzers/testdata/telemetry-lightstep-meshconfig.yaml:
--------------------------------------------------------------------------------
1 | extensionProviders:
2 | - name: lightstep
3 | lightstep:
4 | service: lightstep.monitoring.svc.cluster.local
5 | port: 443
6 | accessToken: "fake-token"
7 |
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/android-144x144.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/android-144x144.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/android-192x192.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/android-192x192.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/android-36x36.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/android-36x36.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/android-48x48.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/android-48x48.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/android-72x72.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/android-72x72.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/android-96x196.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/android-96x196.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/apple-touch-icon-180x180.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/apple-touch-icon-180x180.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/favicon-16x16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/favicon-16x16.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/favicon-32x32.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/favicon-32x32.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/favicon.ico
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/pwa-192x192.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/pwa-192x192.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/pwa-512x512.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/pwa-512x512.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/tile150x150.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/tile150x150.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/tile310x150.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/tile310x150.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/tile310x310.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/tile310x310.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/favicons/tile70x70.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/pkg/ctrlz/assets/static/favicons/tile70x70.png
--------------------------------------------------------------------------------
/pkg/ctrlz/assets/static/js/misc.js:
--------------------------------------------------------------------------------
1 | "use strict"
2 |
--------------------------------------------------------------------------------
/pkg/envoy/testdata/bootstrap.json:
--------------------------------------------------------------------------------
1 | {"key": "value"}
--------------------------------------------------------------------------------
/pkg/envoy/testdata/bootstrap.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # Sample custom bootstrap in YAML
3 | key: value
4 | ip: "[$(HOST_IP)]:8126"
5 | ip2: "$(HOST_IP):8126"
6 |
--------------------------------------------------------------------------------
/pkg/istio-agent/testdata/token:
--------------------------------------------------------------------------------
1 | fake
--------------------------------------------------------------------------------
/pkg/test/datasets/validation/dataset/networking-v1-Sidecar.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1
2 | kind: Sidecar
3 | metadata:
4 | name: valid-sidecar-config
5 | spec:
6 | egress:
7 | - hosts:
8 | - "abc/*"
9 |
--------------------------------------------------------------------------------
/pkg/test/datasets/validation/dataset/networking-v1-WorkloadEntry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1
2 | kind: WorkloadEntry
3 | metadata:
4 | name: valid-workload-entry
5 | spec:
6 | address: 1.2.3.4
7 |
--------------------------------------------------------------------------------
/pkg/test/datasets/validation/dataset/networking-v1alpha3-Sidecar.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1alpha3
2 | kind: Sidecar
3 | metadata:
4 | name: valid-sidecar-config
5 | spec:
6 | egress:
7 | - hosts:
8 | - "abc/*"
9 |
--------------------------------------------------------------------------------
/pkg/test/datasets/validation/dataset/networking-v1alpha3-WorkloadEntry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1alpha3
2 | kind: WorkloadEntry
3 | metadata:
4 | name: valid-workload-entry
5 | spec:
6 | address: "1.2.3.4"
7 |
--------------------------------------------------------------------------------
/pkg/test/datasets/validation/dataset/networking-v1beta1-ProxyConfig.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1beta1
2 | kind: ProxyConfig
3 | metadata:
4 | name: valid-example-pc
5 | spec:
6 | concurrency: 3
7 |
--------------------------------------------------------------------------------
/pkg/test/datasets/validation/dataset/networking-v1beta1-Sidecar.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1beta1
2 | kind: Sidecar
3 | metadata:
4 | name: valid-sidecar-config
5 | spec:
6 | egress:
7 | - hosts:
8 | - "abc/*"
9 |
--------------------------------------------------------------------------------
/pkg/test/datasets/validation/dataset/networking-v1beta1-WorkloadEntry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.istio.io/v1beta1
2 | kind: WorkloadEntry
3 | metadata:
4 | name: valid-workload-entry
5 | spec:
6 | address: 1.2.3.4
7 |
--------------------------------------------------------------------------------
/pkg/test/datasets/validation/dataset/telemetry-v1-Telemetry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: telemetry.istio.io/v1
2 | kind: Telemetry
3 | metadata:
4 | name: valid
5 | spec:
6 | tracing:
7 | - randomSamplingPercentage: 10.00
8 |
--------------------------------------------------------------------------------
/pkg/test/datasets/validation/dataset/telemetry-v1alpha1-Telemetry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: telemetry.istio.io/v1alpha1
2 | kind: Telemetry
3 | metadata:
4 | name: valid
5 | spec:
6 | tracing:
7 | - randomSamplingPercentage: 10.00
8 |
--------------------------------------------------------------------------------
/pkg/test/echo/docker/sudoers:
--------------------------------------------------------------------------------
1 | root ALL=(ALL) ALL
2 | %wheel ALL=(ALL) ALL
3 | application ALL=NOPASSWD: ALL
4 | istio-proxy ALL=NOPASSWD: ALL
5 |
--------------------------------------------------------------------------------
/pkg/test/fakes/gce_metadata_server/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM scratch
2 | ARG TARGETARCH
3 | COPY ./main-${TARGETARCH:-amd64} /gce-metadata-server
4 | EXPOSE 8080
5 | CMD ["/gce-metadata-server"]
6 |
--------------------------------------------------------------------------------
/pkg/test/fakes/imageregistry/.gitignore:
--------------------------------------------------------------------------------
1 | main*
2 |
--------------------------------------------------------------------------------
/pkg/test/fakes/imageregistry/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM scratch
2 | ARG TARGETARCH
3 | COPY main-${TARGETARCH:-amd64} /registry
4 | ENTRYPOINT ["/registry"]
5 |
--------------------------------------------------------------------------------
/pkg/test/framework/README.md:
--------------------------------------------------------------------------------
1 | Please see [this wiki page](https://github.com/istio/istio/wiki/Istio-Test-Framework) for info on using
2 | the test framework.
3 |
--------------------------------------------------------------------------------
/pkg/test/framework/analyzer-allowlist.yaml:
--------------------------------------------------------------------------------
1 | suites:
2 | supportMultipleClusters:
3 | - helm
4 | - helm_upgrade
5 | - operator
6 | - pilot_revisioncmd
7 | - security_file_mounted_certs
8 | - security_sds_egress
--------------------------------------------------------------------------------
/pkg/test/framework/components/echo/kube/testdata/secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 | name: myregistrykey
--------------------------------------------------------------------------------
/prow/config/topology/single.json:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "kind": "Kubernetes",
4 | "clusterName": "istio-testing",
5 | "podSubnet": "10.10.0.0/16",
6 | "svcSubnet": "10.255.10.0/24",
7 | "network": "istio-testing"
8 | }
9 | ]
--------------------------------------------------------------------------------
/releasenotes/notes/13330.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 13330
6 | releaseNotes:
7 | - |
8 | **Added** support traffic mirroring to multiple destinations in VirtualService.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/24471.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 24471
6 |
7 | releaseNotes:
8 | - |
9 | **Added** `istioctl analyze` now warns if deprecated mixer resources are present
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/25737.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 25737
6 | releaseNotes:
7 | - |
8 | **Removed** `istioctl manifest apply`. The simpler `install` command replaces manifest apply.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/26486.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 26517
6 | releaseNotes:
7 | - |
8 | **Fixed** Remove unreachable endpoints for non-injected workloads across networks.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/26851.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 26851
6 | releaseNotes:
7 | - |
8 | **Added** Listener Access Logs when ResponseFlag from Envoy is set.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/27159.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 27159
6 |
7 | releaseNotes:
8 | - |
9 | **Added** `io` as shortname for Istio Operator resources in addition to `iop`.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/27300.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 27300
6 |
7 | releaseNotes:
8 | - |
9 | **Added** ability to configure domain suffix for multicluster installation
--------------------------------------------------------------------------------
/releasenotes/notes/27430.yaml:
--------------------------------------------------------------------------------
1 | piVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 |
5 | releaseNotes:
6 | - |
7 | **Added** `--type` for `istioctl experimental create-remote-secret` to allow user specify type for the created secret
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/27490.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 27490
6 |
7 | releaseNotes:
8 | - |
9 | **Updated** `istioctl proxy-config log` to allow filtering logs based on label.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/27509.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 27509
6 | releaseNotes:
7 | - |
8 | **Fixed** allow configure RENEW_DEADLINE for istio operator manager.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/27726.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: networking
4 | issue:
5 | - 27726
6 | releaseNotes:
7 | - |
8 | **Fixed** pilot agent app probe connection leak.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/27990.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 27990
6 | releaseNotes:
7 | - |
8 | **Added** add a validation warning when protocol is unset and address is also unset.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/28003.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 28003
6 |
7 | releaseNotes:
8 | - |
9 | **Added** Istio resource status now includes Observed Generation
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/28753.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 28753
6 |
7 | releaseNotes:
8 | - |
9 | **Added** `istioctl apply` as an alias for `istioctl install`.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/28794.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | releaseNotes:
5 | - |
6 | **Enabled** DNS capture in istio-agent by default for VMs installed using `istioctl x workload entry configure`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/28915.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Updated** the experimental `precheck` command to show potential problems before upgrading.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/28942.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: networking
4 | issue:
5 | - 28970
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug where locality weights are only applied when outlier detection is enabled.
--------------------------------------------------------------------------------
/releasenotes/notes/29034.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 28970
6 | releaseNotes:
7 | - |
8 | **Fixed** namespace shorthand flag missing in dashboard subcommand.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/29681.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: networking
4 | issue:
5 | - 29681
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug where DNS agent preview produces malformed DNS responses
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/29855.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 29607
6 | releaseNotes:
7 | - |
8 | **Improved** 'verify-install' detects Istio injector without control plane.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/29942.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | issue:
5 | - 29943
6 | releaseNotes:
7 | - |
8 | **Added** option to enable STS token fetch and exchange for XDS flow.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/30067.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: networking
4 | issue:
5 | - 30067
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug where ISTIO_META_IDLE_TIMEOUT is not reflected when set to "0s".
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/30181.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: networking
4 | issue:
5 | - 30181
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug when baseEjectionTime is greater than 300s, envoy will send a NACK to cds .
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/30200.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 30200
6 | releaseNotes:
7 | - |
8 | **Added** analysis interval to reduce the wasteful re-runs of analyzer
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/30208.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 30208
6 |
7 | releaseNotes:
8 | - |
9 | **Fixed** dashboard controlz could not port forward to istiod pod.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/30221.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 30221
6 |
7 | releaseNotes:
8 | - |
9 | **Fixed** installation issue in which `--readiness-timeout` flag is not honored.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/30683.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: networking
4 | issue:
5 | - 30683
6 | releaseNotes:
7 | - |
8 | **Fixed** Avoid unnecessary full push in service entry store.
--------------------------------------------------------------------------------
/releasenotes/notes/30885.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: networking
4 | issue:
5 | - 30885
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue causing the timeout header `x-envoy-upstream-rq-timeout-ms` was not honoured.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/30991.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 30991
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug preventing `istioctl kube-inject` from working with revisions.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/31075.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | issue:
5 | - 31075
6 | releaseNotes:
7 | - |
8 | **Added** /debug/connections debug interface to list the current connected clients.
--------------------------------------------------------------------------------
/releasenotes/notes/31186.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: environments
4 | issue:
5 | - 31186
6 | releaseNotes:
7 | - |
8 | **Fixed** Improved output of istioctl YAML diff commands.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/31336.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug
3 | area: networking
4 | issue:
5 | - 31336
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug causing runaway logs in `istiod` after disabling the default ingress controller.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/31403.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | issue:
5 | - 31403
6 |
7 | releaseNotes:
8 | - |
9 | **Updated** istio-proxy drain notification strategy to immediate from gradual.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/31573.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: EnvoyFilter
4 | issue:
5 | - 31573
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug where the EnvoyFilter HTTP_FILTER didn't support INSERT_FIRST
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/31779.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: network
4 | issue:
5 | - 31779
6 | releaseNotes:
7 | - |
8 | **Added** SDS screts fetch faliure metric `pilot_sds_certificate_errors_total`.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/31797.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: enhancement
3 | area: environments
4 | issue:
5 | - 31732
6 | releaseNotes:
7 | - |
8 | **Added** support for slash characters in environment variables on injectionURL
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/31853.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | issue:
5 | releaseNotes:
6 | - |
7 | **Added** metrics for istiod informer errors.
--------------------------------------------------------------------------------
/releasenotes/notes/31910.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 31910
6 | releaseNotes:
7 | - |
8 | **Fixed** PDB `maxUnavailable` field cannot be set in Istio operator
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/31946.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 31946
6 | releaseNotes:
7 | - |
8 | **Added** support to watch local secret resource updates for external istiod
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/32201.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** a flag setting ShutdownDuration in pilot and its default value is 10s.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/32513.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 32513
6 | releaseNotes:
7 | - |
8 | **Added** `--dry-run` flag for `istioctl x uninstall`.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/32749.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 32749
6 | releaseNotes:
7 | - |
8 | **Fixed** the upgrade and downgrade message of the control plane.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/33293.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: security
4 | issue:
5 | - 33293
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug where secret files are not watched once they are removed and added back.
--------------------------------------------------------------------------------
/releasenotes/notes/33536.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 33536
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug where Istio config gen fails when sum of endpoint weights over uint32 max.
--------------------------------------------------------------------------------
/releasenotes/notes/33537.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 33537
6 |
7 | releaseNotes:
8 | - |
9 | **Added** `istioctl install` will now do `IST0139` analysis on webhooks.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/33737.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 33737
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug where retryRemoteLocalities configuration is rejected by Envoy.
--------------------------------------------------------------------------------
/releasenotes/notes/34065.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 34065
6 | releaseNotes:
7 | - |
8 | **Added** validator for empty regex match.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/34211.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 34211
6 |
7 | releaseNotes:
8 | - |
9 | **Added** privileged flag to Istio-CNI Helm charts to set `securityContext` flag.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/34325.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `istioctl profile diff` and `istioctl profile dump` have unexpected info logs.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/34633.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** an issue in which ADS would hang due to the wrong `syncCh` size being provided.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/34802.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** the pod alias `po` for users to use `istioctl x describe po`, which is consistent with `kubectl` command.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/34811.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 34811
6 | releaseNotes:
7 | - |
8 | **Fixed** Istioctl does not wait on CNI DaemonSet update
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/34847.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** the deployment analyzer is ignoring service namespaces during the analysis process.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/34982.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `istioctl admin log` format.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/35014.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 33558
6 | releaseNotes:
7 | - |
8 | **Added** support for sourceip hash loadbalancing in TCP proxy.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/35068.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 35068
6 | releaseNotes:
7 | - |
8 | **Fixed** No Permission to list ServiceExport from remote clusters in primary cluster.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/35220.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | issue:
5 | - 35220
6 | releaseNotes:
7 | - |
8 | **Fixed** the EnvoyExternalAuthorizationHttpProvider to match HTTP headers in a case-insensitive way.
--------------------------------------------------------------------------------
/releasenotes/notes/35483.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** precheck now detects usage of Alpha Annotations.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/35593.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `istioctl bug-report` has the extra default system namespaces displayed when `--exclude` is not set.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/35648.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Added** Support arm64 api for operator, add nodeAffinity arm64 expression.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/35712.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** the release tar URL by adding the patch version.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/35723.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | issue:
5 | - 35663
6 | releaseNotes:
7 | - |
8 | **Improved** Istiod JWTRule: Failed JWKS requests are now logged with truncation to 100 characters
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/36044.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** the `--duration` flag never gets used in the `istioctl bug-report` command.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/36110.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 36110
6 | releaseNotes:
7 | - |
8 | **Added** istiod deployment respect `values.pilot.nodeSelector`.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/36290.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 |
5 | releaseNotes:
6 | - |
7 | **Added** `CLUSTER` column in the output of `istioctl ps` command.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/36452.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** the global wildcard pattern match for the bug report `--include` and `--exclude` flag.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/36533.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** the output format flag to `operator dump`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/36570.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `operator init --dry-run` creates unexpected namespaces.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/36655.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 36514
6 | releaseNotes:
7 | - |
8 | **Added** Common Expression Language (CEL) filter support for access logs.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/36809.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 36162
6 | releaseNotes:
7 | - |
8 | **Added** configurable service-cluster naming scheme support.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/36813.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 36723
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue when envoy lost connection after `istio-ca-root-cert` changed.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/36817.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Added** Implement OpenTelemetry Access Log.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/36835.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - https://github.com/istio/istio/issues/36290
6 | releaseNotes:
7 | - |
8 | **Added** the cluster id to `experimental ps`.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/37227.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** environment variable support at Wasm extension via VM configuration in WasmPlugin API.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/37581.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** `istioctl analyze` beta API version support for file resources.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/37681.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 |
5 | releaseNotes:
6 | - |
7 | **Added** support for using PrivateKeyProvider in SDS. See [#35809](https://github.com/istio/istio/issues/35809)
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/37737.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 33052
6 | releaseNotes:
7 | - |
8 | **Fixed** Removing caBundle default value from Chart to allow a GitOps approach
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/37903.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where removing a HTTP filter is not working properly.
--------------------------------------------------------------------------------
/releasenotes/notes/38021.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** pod full name to IST0103 analysis message.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/38158.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Added** support for skipping the initial installation of CNI entirely.
8 |
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/38192.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Added** WorkloadMode selection to Logging.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/38273.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** `istioctl ps` support ECDS.
--------------------------------------------------------------------------------
/releasenotes/notes/38495.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** the tcp metadata exchange between sidecar client and ISTIO_MUTUAL, tcp server at the gateway
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/38641.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 38636
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue `istioctl x describe pod` return error `failed to fetch mesh config`.
--------------------------------------------------------------------------------
/releasenotes/notes/38678.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 38678
6 | releaseNotes:
7 | - |
8 | **Fixed** some ServiceEntry hostnames can cause non-deterministic Envoy routes.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/38750.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where removing inline Network and HTTP filters was not working properly.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/39146.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** run `istioctl verify-install` fail with `demo` profile.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/39190.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Improved** populate `--log_output_level` and `--log_as_json` to `istio-init` container as they are in `istio-proxy`
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/39201.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 39201
6 | releaseNotes:
7 | - |
8 | **Fixed** WorkloadEntry.Annotations is nil and then lead to abnormal exit of pilot.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/39525.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `x injector list` provides wrong pods information.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/39765.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Added** support for configuring max_connection_duration in DestinationRule.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/40093.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** an issue where updating a secret caused a `missing pulling secret`
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/40142.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Added** support for MAGLEV load balancing algorithm for consistent hashing.
--------------------------------------------------------------------------------
/releasenotes/notes/40184.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** an issue where "istioctl analyze" started showing invalid warning messages.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/40220.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** IST0103 warning from `istioctl analyze` for non-injected pods on the host network.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/40339.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 40339
6 |
7 | releaseNotes:
8 | - |
9 | **Promoted** `istioctl x uninstall` to `istioctl uninstall`.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/40561.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** disable `PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING` temporarily to fix some memory/CPU cost issues.
--------------------------------------------------------------------------------
/releasenotes/notes/40680.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 40680
6 | releaseNotes:
7 | - |
8 | **Fixed** configuring istio.alpn filter for non-Istio mTLS.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/40778.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `kube-inject` crashes when the pod annotation `proxy.istio.io/config` is set.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/40809.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** an issue when telemetry accesslogs is nil, will not fallback to use meshconfig.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/40851.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** an issue that built-in provider should fallback to meshconfig when format is unset.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/41330.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 40598
6 | releaseNotes:
7 | - |
8 | **Added** precheck for revision when running `istioctl uninstall`.
--------------------------------------------------------------------------------
/releasenotes/notes/41483.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** manifest URL path displays `amd64` package for arm users.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/41644.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 |
5 | issue:
6 | - 41631
7 |
8 | releaseNotes:
9 | - |
10 | **Fixed** an issue where `pilotExists` always return `false`.
--------------------------------------------------------------------------------
/releasenotes/notes/41785.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | issue:
6 | - 41170
7 |
8 | releaseNotes:
9 | - |
10 | **Added** analyzer for telemetry resource.
11 |
--------------------------------------------------------------------------------
/releasenotes/notes/41858.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Removed** warning if istio-cni is not the default CNI plugin when CNI is used as a standalone plugin.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/41911.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `verify-install` fails to detect daemonsets' component statuses.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/41996.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 |
5 | issue:
6 | - 41763
7 | releaseNotes:
8 | - |
9 | **Added** support for `reporting_interval`.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/42104.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 |
5 | issue:
6 | - 42080
7 | releaseNotes:
8 | - |
9 | **Fixed** OpenTelemetry tracer not working.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/42203.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 |
5 | releaseNotes:
6 | - |
7 | **Added** support for using QAT (QuickAssist Technology) PrivateKeyProvider in SDS.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/42212.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 42212
6 |
7 | releaseNotes:
8 | - |
9 | **Fixed** ServiceEntries with other revision labels were being processed.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/42252.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** an issue where the sync timeout setting doesn't work on the remote clusters.
--------------------------------------------------------------------------------
/releasenotes/notes/42377.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 42377
6 | releaseNotes:
7 | - |
8 | **Added** support for k8s ServiceInternalTrafficPolicy.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/42381.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - https://github.com/istio/istio/pull/42381
6 | releaseNotes:
7 | - |
8 | **Added** excludeInterfaces support to cni plugin.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/42400.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 42400
6 | releaseNotes:
7 | - |
8 | **Fixed** updating service visibility does not push XDS to gateways
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/42414.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** locality label missing for a sidecar without service selected.
--------------------------------------------------------------------------------
/releasenotes/notes/42518.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 |
5 | issue:
6 | - 31809
7 |
8 | releaseNotes:
9 | - |
10 | **Fixed** an issue where you could not disable tracing in `ProxyConfig`
11 |
--------------------------------------------------------------------------------
/releasenotes/notes/42576.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: test
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Removed** Remove useless code in grpc.go
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/42778.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 |
5 | issue:
6 | - 42749
7 |
8 | releaseNotes:
9 | - |
10 | **Fixed** admission webhook fails with custom header value format.
11 |
--------------------------------------------------------------------------------
/releasenotes/notes/43120.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Improved** `istioctl operator remove` command to run without the confirmation in the dry-run mode.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/43173.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Fixed** `appProtocol` field not taking effect in IstioOperator ServicePort.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/43179.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | issues:
5 | - 43178
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where `ALL_METRICS` does not disable metrics as expected.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/43318.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: security
4 | releaseNotes:
5 | - |
6 | **Fixed** ignoring default CA certificate when `PeerCertificateVerifier` is created.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/43434.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 35915
6 | releaseNotes:
7 | - |
8 | **Added** support for scraping metrics in dual stack clusters.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/43453.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 43359
6 | releaseNotes:
7 | - |
8 | **Added** support to control trace id length on Zipkin tracing provider.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/43498.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 43498
6 | releaseNotes:
7 | - |
8 | **Fixed** reporting Programmed condition on Gateway API Gateway resources.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/43508.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: documentation
4 | issue:
5 | - 43508
6 | releaseNotes:
7 | - |
8 | **Fixed** add ambient test framework flag for quick running integration test.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/43709.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** resource namespace resolution for `istioctl` commands.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/43710.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 43710
6 | releaseNotes:
7 | - |
8 | **Added** prefix matching on query parameter.
--------------------------------------------------------------------------------
/releasenotes/notes/43765.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 43765
6 | releaseNotes:
7 | - |
8 | **Improved** the `istioctl pc secret` output to display the certificate serial number in HEX.
--------------------------------------------------------------------------------
/releasenotes/notes/43771.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 43771
6 | releaseNotes:
7 | - |
8 | **Improved** the `downloadIstioCtl.sh` script to not change to the home directory at the end.
--------------------------------------------------------------------------------
/releasenotes/notes/43821.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 43807
6 | releaseNotes:
7 | - |
8 | **Added** config type and endpoint configuration summaries to `istioctl proxy-config all`
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/43876.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 43655
6 | releaseNotes:
7 | - |
8 | **Added** make inbound port configurable.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/44071.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 44062
6 | releaseNotes:
7 | - |
8 | **Added** istiod metrics to `bug-report`, and a few more debug points like `telemetryz`.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/44105.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 44074
6 | releaseNotes:
7 | - |
8 | **Added** support for `METADATA` command operator in access log.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/44137.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** inaccuracies in analysis results when analyzing configuration files with empty content.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/44161.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** injection of `istio.io/rev` annotation to sidecars and gateways for multi-revision observability.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/44293.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** directory support for `istioctl validate`. Now, the `-f` flag accepts both file paths and directory paths.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/44303.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Fixed** pilot has an additional invalid gateway metric that was not created by the user.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/44345.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where webhook configuration was being modified in dry-run mode when installing Istio with istioctl.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/44414.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 |
5 | issue:
6 | - 44413
7 |
8 | releaseNotes:
9 | - |
10 | **Added** a "VHOST NAME" column to the output of `istioctl pc route`
11 |
--------------------------------------------------------------------------------
/releasenotes/notes/44424.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 44424
6 |
7 | releaseNotes:
8 | - |
9 | **Updated** the VirtualService validation to fail on empty prefix header matcher.
--------------------------------------------------------------------------------
/releasenotes/notes/44468.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Added** new metric named `provider_lookup_cluster_failures` for lookup cluster failures.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/44481.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 44469
6 | releaseNotes:
7 | - |
8 | **Added** support for `PodDisruptionBudget` (PDB) in the Gateway chart.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/44506.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 40861
6 | releaseNotes:
7 | - |
8 | **Fixed** `istioctl analyze` no longer expects pods and runtime resources when analyzing files.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/44777.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 41271
6 | releaseNotes:
7 | - |
8 | **Added** support for traffic.sidecar.istio.io/excludeInterfaces annotation in proxy.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/44820.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 44820
6 | releaseNotes:
7 | - |
8 | **Fixed** the bug where patching http_route affects other virtualhosts.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/44929.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where the cert validity was not accurate for `istioctl pc secret` command.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/44931.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support for yaml output to `istioctl admin log`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/44986.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 44986
6 | releaseNotes:
7 | - |
8 | **Fixed** cpu usage abnormally high when cert specified by DestinationRule are invalid.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/45275.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Updated** minimum supported Kubernetes version to 1.24.x.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/45331.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: security
4 | releaseNotes:
5 | - |
6 | **Fixed** use defer to unlock mutex
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/45404.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 45400
6 | releaseNotes:
7 | - |
8 | **Added** the helm value of setting cni ambient config dir path.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/45407.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Updated** `istioctl x workload configure` accepts IPv6 address passed in `--ingressIP`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/45640.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Removed** `uninstall` command from `istioctl experimental`, use `istioctl uninstall` instead.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/45643.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where there was a parse error when performing rootCA comparison for Ztunnel pods.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/45644.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where analyzers were reporting messages for the gateway-managed services.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/45749.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support for checking telemetry labels, which now includes Istio canonical labels and K8S recommended labels.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/45866.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 45866
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where the hostname package is not listed as a dependency for the VM packages.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/45894.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** volumes and volumeMounts to the gateways chart.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46072.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** output format option for `istioctl experimental pre-check` command. Valid options are `log`, `json` or `yaml`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46087.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 46087
6 | releaseNotes:
7 | - |
8 | **Fixed** app probe: http request.host is not well propagated.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/46104.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where `verify-install` has incorrect results when installed deployments are not healthy.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46161.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `istioctl experimental describe` provides wrong Gateway information when using injected gateway.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46257.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Removed** `istioctl experimental revision tag` command, which was graduated to `istioctl tag`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46277.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 46277
6 | releaseNotes:
7 | - |
8 | **Fixed** health_checkers extensions is not compiled in.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/46312.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 45825
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue that istio should using IMDSv2 as possible on AWS.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/46339.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue: []
5 |
6 | releaseNotes:
7 | - |
8 | **Added** an flag to disable OTel builtin resource labels.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/46421.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 46421
6 | releaseNotes:
7 | - |
8 | **Added** basic ztunnel support for revisions when installing with istioctl.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/46483.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where resources are being pruned when installing with the dry-run option.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46511.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where the upgrade warning is given incorrectly between default and revisioned control planes.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46514.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue: []
5 |
6 | releaseNotes:
7 | - |
8 | **Added** support for network wasm plugins.
--------------------------------------------------------------------------------
/releasenotes/notes/46540.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 46540
6 |
7 | releaseNotes:
8 | - |
9 | **Fixed** adding waypoints can cause traffic disruption
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/46584.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 46563
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where `istioctl analyze` would analyze irrelevant configmaps.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/46592.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | issue:
5 | - 46592
6 |
7 | releaseNotes:
8 | - |
9 | **Added** Waypoint can now run as non-root.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/46614.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where Ambient pods are incorrectly processed when Ambient namespace label is changed.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46651.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 46524
6 | releaseNotes:
7 | - |
8 | **Removed** support for installing `ambient` profile with in-cluster operator.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/46780.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where installing Istio with `empty` profile did not have components information displayed.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46845.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: extensibility
4 | releaseNotes:
5 | - |
6 | **Added** the capability to attach `WasmPlugin` to Kubernetes `Gateway` resources via the `targetRef` field.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46846.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | releaseNotes:
5 | - |
6 | **Added** the capability to attach RequestAuthentication to Kubernetes `Gateway` resources via the `targetRef` field.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/46963.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | issue:
5 | - 46960
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where metric `DNSNoEndpointClusters` not working.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/47063.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: security
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** support for plugged root cert rotation.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/47081.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 47081
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where auto allocation is allocation incorrect ips.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/47099.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** `failoverPriority` and `failover` to work together with each other.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/47302.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 47227
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where the Wasmplugin resource was not correctly applied to the waypoint.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/47342.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 47341
6 | releaseNotes:
7 | - |
8 | **Fixed** Issue relying only on `HTTPRoute` to check `ReferenceGrant`
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/47539.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support for deleting multiple waypoints at once via `istioctl x waypoint delete <waypoint1> <waypoint2> ...`
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/47681.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where sometimes the network of waypoint was not properly configured.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/47703.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where sometimes control plane revisions and proxy versions were not obtained in the bug report.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/47705.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 47696
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where `istioctl tag list` command didn't accept `--output` flag.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/47818.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** a flag `--all` to `istioctl experimental waypoint delete` to delete all Waypoint resources in a given namespace.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/47961.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 47960
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where uninstalling Istio didn't prune all the resources created by custom files.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/47997.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 30987
6 | releaseNotes:
7 | - |
8 | **Added** compression for the Envoy stats endpoint, support `brotli`, `gzip` and `zstd`.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/48019.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Removed** support for `policy/v1beta1` API version of `PodDisruptionBudget`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48021.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where `istioctl experimental version` has no proxy info shown.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48031.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** support for delta ADS client.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48203.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | issue:
5 | - 47328
6 | releaseNotes:
7 | - |
8 | **Added** support for customizing timeout when resolving jwksUri
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/48266.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 48241
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where the Istio injection webhook may be modified in dry-run mode.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/48368.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 48368
6 | releaseNotes:
7 | - |
8 | **Fixed** kube-virt-related rules not being removed by istio-clean-iptables tool.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/48471.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 48336
6 | releaseNotes:
7 | - |
8 | **Added** always `istio.cluster_id` tag to all tracing spans.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/48526.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue `proxyconfig ecds` didn't show all `EcdsConfigDump`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48545.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue `Makefile.k8s.mk` `fetch-root-ca` if-condition not work and can not handle `cacerts` case.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48557.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** bootstrap summary to all config dumps' summary.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48562.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where injection failed when the name of the pod or its custom owner exceeded 63 characters.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48593.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Improved** injector list to exclude ambient namespaces.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48595.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** injector list has duplicated namespace shown for the same injector hook.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48603.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** completion for Kubernetes pods for some commands that can select pods, such as `istioctl proxy-status <pod>`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48762.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 48751
6 | releaseNotes:
7 | - |
8 | **Added** `allocateLoadBalancerNodePorts` config option to the Gateway chart.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/48769.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 46297
6 | releaseNotes:
7 | - |
8 | **Added** `--wait` option to `istioctl experimental waypoint apply` command.
--------------------------------------------------------------------------------
/releasenotes/notes/48786.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** prefix to WasmPlugin resource name.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/48958.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 48696
6 | releaseNotes:
7 | - |
8 | **Added** `--proxy` option to `istioctl experimental wait` command.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/49012.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where the Kubernetes gateway was not working correctly with the namespace waypoint.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/49098.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: security
4 | issues:
5 | - 49098
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug that made PeerAuthentication too restrictive in Ambient mode.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/49139.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where the delta ADS client received a response which contains RemoveResources
--------------------------------------------------------------------------------
/releasenotes/notes/49435.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Added** support for configuring waypoint in Service.
--------------------------------------------------------------------------------
/releasenotes/notes/49443.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** `istioctl dashboard istio-debug` to display the Istio debug endpoints dashboard.
--------------------------------------------------------------------------------
/releasenotes/notes/49511.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where commands relying on Envoy config dump may not work due to the presence of ECDS config.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/49602.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 44352
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where `--log_as_json` option doesn't work for Istio init container.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/49638.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 49638
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug with mixed cases Hosts in Gateway and TLS redirect results in stale RDS.
--------------------------------------------------------------------------------
/releasenotes/notes/49675.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** Allow user to add customized annotation to istiod service account resource through helm chart.
--------------------------------------------------------------------------------
/releasenotes/notes/49851.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 49851
6 | releaseNotes:
7 | - |
8 | **Added** Implement support in waypoint for istio.io/waypoint-for annotation.
--------------------------------------------------------------------------------
/releasenotes/notes/49911.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | issue:
5 | - 49911
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue that TraceId is not propagated when using OpenTelemetry access logger.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/49965.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 49965
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue with massive Virtual IPs reshuffling when add/remove duplicated host
--------------------------------------------------------------------------------
/releasenotes/notes/50138.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** Gateway status addresses receiving Service VIPs from outside the cluster.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/50195.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | issue:
5 | - 50195
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where status code always unset when using OpenTelemetry Tracing.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/50218.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 48634
6 | releaseNotes:
7 | - |
8 | **Removed** deprecated `external` profile, use `remote` profile instead for installation.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/50452.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue that CORS filter forwarded preflight request if the origin is not allowed.
--------------------------------------------------------------------------------
/releasenotes/notes/50572.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 50572
6 | releaseNotes:
7 | - |
8 | **Fixed** `use-waypoint` should be a label, for consistency
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/50688.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 50688
6 | releaseNotes:
7 | - |
8 | **Fixed** build EDS typed cluster endpoints with domain address.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/50737.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 50737
6 | releaseNotes:
7 | - |
8 | **Fixed** added serverside keepalives to waypoint HBONE endpoints
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/51044.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 50808
6 | releaseNotes:
7 | - |
8 | **Removed** Istio Stackdriver metrics from XDS.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/51050.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Updated** Change `istio-cni` config map to only expose env vars that are actually user-configurable
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/51070.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 50808
6 | releaseNotes:
7 | - |
8 | **Removed** Istio Stackdriver logs from XDS.
--------------------------------------------------------------------------------
/releasenotes/notes/51072.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue that span name isn't set when using the OpenTelemetry tracing provider.
--------------------------------------------------------------------------------
/releasenotes/notes/51074.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 50958
6 | releaseNotes:
7 | - |
8 | **Fixed** Ensure CNI plugin inherits CNI agent log level, simplify CNI logging config
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/51078.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 50808
6 | releaseNotes:
7 | - |
8 | **Removed** OpenCensus tracer from Istio XDS.
--------------------------------------------------------------------------------
/releasenotes/notes/51204.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 51182
6 | releaseNotes:
7 | - |
8 | **Fixed** ZDS should not pass down trust_domain
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/51221.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** Incorrect iptables rules for ambient in IPv6 mode
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/51239.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: documentation
4 | releaseNotes:
5 | - |
6 | **Improved** the look and feel of Bookinfo app.
--------------------------------------------------------------------------------
/releasenotes/notes/51296.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 51296
6 | releaseNotes:
7 | - |
8 | **Improved** the output for `istioctl version` to be more user-friendly.
--------------------------------------------------------------------------------
/releasenotes/notes/51429.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** K8S job pod IPs may not be fully unenrolled from ambient despite being in a terminated state
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/51559.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 51294
6 | releaseNotes:
7 | - |
8 | **Added** a status subcommand that prints out the status of gateway(s) for a given namespace.
--------------------------------------------------------------------------------
/releasenotes/notes/51568.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 51567
6 | releaseNotes:
7 | - |
8 | **Fixed** false positives in IST0128 and IST0129 when credentialName and workloadSelector are set.
--------------------------------------------------------------------------------
/releasenotes/notes/51640.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Fixed** statsMatcher's regex which didn't match route's stat_prefix
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/51897.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `ISTIO_ENABLE_OPTIMIZED_SERVICE_PUSH` feature flag.
--------------------------------------------------------------------------------
/releasenotes/notes/51898.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `ENABLE_OPTIMIZED_CONFIG_REBUILD` feature flag.
--------------------------------------------------------------------------------
/releasenotes/notes/51936.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** SourceNamespaces filters destinations (envoy clusters) for unreachable routes.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/51939.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 51886
6 | releaseNotes:
7 | - |
8 | **Added** support for matching multiple service VIPs in waypoint.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/51967.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 51747
6 | - 30282
7 | releaseNotes:
8 | - |
9 | **Fixed** matching multiple service VIPs in ServiceEntry.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/51972.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Fixed** `values.cni.logLevel` is a no-op, and is now deprecated. Use `values.{cni|global}.logging.level` instead.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/52005.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Fixed** inconsistent behavior with the `istio_agent_cert_expiry_seconds` metric.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/52033.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Fixed** an omission in ztunnel helm charts which resulted in some Kubernetes resources being created without labels
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/52127.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** netlink error may not be correctly parsed, leading to `istio-cni` not properly ignoring leftover ipset.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/52177.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 52177
6 | releaseNotes:
7 | - |
8 | **Added** add new pattern variable (%SERVICE_NAME%) for stat prefix
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/52192.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** support for matching multiple VIPs in HTTP route.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/52252.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Fixed** Wrap errors with context in Cleanup function
--------------------------------------------------------------------------------
/releasenotes/notes/52320.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 52218
6 | releaseNotes:
7 | - |
8 | **Fixed** Do not add pod to ipset if we have a partial failure adding to the dataplane.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/52367.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Fixed** Support clusterLocal host exclusions for multi-cluster.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/52413.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 52413
6 | releaseNotes:
7 | - |
8 | **Fixed** istioctl analyze report IST0145 error with wildcard host and specific subdomain.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/52630.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support for filtering Pods by label selector to `istioctl x envoy-stats`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/52631.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue: [52631]
5 | releaseNotes:
6 | - |
7 | **Added** logAsJson value to ztunnel helm chart
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/52743.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 52731
6 | releaseNotes:
7 | - |
8 | **Added** stats tags configuration for watchdog metrics.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/52899.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** `--force-apply` to override the idempotency logic if detection incorrectly assumes rules are already applied.
--------------------------------------------------------------------------------
/releasenotes/notes/53120.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 53120
6 | releaseNotes:
7 | - |
8 | **Added** Add initContainers to the istio-discovery helm chart
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/53121.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 53121
6 | releaseNotes:
7 | - |
8 | **Added** Add settings to stabilizew gateways for high traffic
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/53337.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** support for configuring certificate details while populating XFCC header.
--------------------------------------------------------------------------------
/releasenotes/notes/53339.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** shortcode `-r` for `--revision` flags in `istioctl analyze`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/53450.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support for filtering resources by namespace to `istioctl experimental injector list`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/53571.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `istioctl experimental injector list` prints webhooks not related to istio.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/53572.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** a bug where name table output contains unready endpoints for headless services.
--------------------------------------------------------------------------------
/releasenotes/notes/53582.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Removed** `--recursive` flags and hardcode recursion to ture for `istioctl analyze`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/53588.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | issue:
5 | - 52752
6 | releaseNotes:
7 | - |
8 | **Added** support for `connection.sni` rule in `AuthorizationPolicy` applied to a waypoint.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/53624.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** support for providing arbitrary environment variables to `istio-cni` chart
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/53650.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Improved** output of `istioctl pc secret` to display trust bundles provided by SPIRE.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/53736.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** waypoint proxy to respect trust domain.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/53778.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue that should use `upstream_peer` instead of `wasm.upstream_peer` in `filterStateObjectsToLog`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/53852.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** an issue that `istioctl install` not working on windows.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/53884.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: security
4 | issue:
5 | - 53884
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where Ambient `PeerAuthentication` policies were overly strict.
9 |
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/53894.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support for AuthorizationPolicies with `CUSTOM` action in the `istioct x authz check` command.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/53951.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** errors being raised during cleanup of iptables rules that are conditional on the iptables configuration.
--------------------------------------------------------------------------------
/releasenotes/notes/53974.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 53931
6 | releaseNotes:
7 | - |
8 | **Fixed** `istioctl pc secret` performance issue.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/53989.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 51289
6 | releaseNotes:
7 | - |
8 | **Fixed** Helm render to properly apply annotations on pilot `serviceAccount`
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/54000.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 54000
6 | releaseNotes:
7 | - |
8 | **Added** support for additional labels exchange for telemetry in sidecar mode.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/54064.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 54056
6 | releaseNotes:
7 | - |
8 | **Fixed** `istioctl waypoint delete --all` deletes gateway resources that are not waypoints.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/54095.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `istioctl experimental injector list` print redundant namespaces for injector webook.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/54145.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 54145
6 | releaseNotes:
7 | - |
8 | **Fixed** failed to patch managed gateway/waypoint deployment during upgrade to 1.24.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/54280.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 54280
6 | releaseNotes:
7 | - |
8 | **Fixed** non-default revisions controlling gateways lacking istio.io/rev labels.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/54292.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 53931
6 | releaseNotes:
7 | - |
8 | **Fixed** `istioctl proxyconfig` performance issue.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/54357.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 54357
6 | releaseNotes:
7 | - |
8 | **Fixed** a bug where request mirror filter incorrectly computing the percentage.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/54667.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** 'istioctl --as' implicitly sets `--as-group=""` when `--as` is used without `--as-group`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/54675.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 54545
6 | releaseNotes:
7 | - |
8 | **Added** changes for rootca-compare command to handle the case when pod has multiple root CA
--------------------------------------------------------------------------------
/releasenotes/notes/54680.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | issue:
5 | - 54672
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue that access log order instability causing connection draining.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/54714.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue in the gateway chart where `--set platform` worked but `--set global.platform` did not.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/54843.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 |
5 | releaseNotes:
6 | - |
7 | **Added** support for `istioctl waypoint delete` to delete specified revision waypoint.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/54892.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Added** support for envoyfilter to match a virtualhost on domain name as well.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/54930.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 54930
6 | releaseNotes:
7 | - |
8 | **Added** support `omit_empty_values` for `EnvoyFileAccessLog` provider in Telemetry API.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/55258.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 55243
6 | releaseNotes:
7 | - |
8 | **Fixed** `istioctl experimental describe` ignores `--namespace` flag.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/55316.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support to run specific analyzer checks using the `istioctl analyze` command.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/55406.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 39079
6 | releaseNotes:
7 | - |
8 | **Added** Support for configuring service `loadBalancerClass` on the Gateway Helm Chart.
--------------------------------------------------------------------------------
/releasenotes/notes/55409.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 55409
6 | releaseNotes:
7 | - |
8 | **Fixed** validation webhook rejecting an otherwise valid connectionPool.tcp.IdleTimeout=0s
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/55568.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Removed** deprecated `ENABLE_AUTO_SNI` flag and related codepaths.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/55569.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue ServiceEntry with WorkloadEntry not working in Ambient.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/55742.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 55741
6 | releaseNotes:
7 | - |
8 | **Fixed** `istioctl admin log` cannot modify the log level of `ingress status`.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/55843.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 |
5 | releaseNotes:
6 | - |
7 | **Added** `--revision` flags for `istioctl dashboard controlz` and `istioctl dashboard istiod-debug`.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/55871.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 53408
6 | releaseNotes:
7 | - |
8 | **Added** support for reading header values from Istiod environment variables.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/55976.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 55741
6 | releaseNotes:
7 | - |
8 | **Fixed** `istioctl admin log` now supports configuring the log level of `ip-autoallocate`.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/56048.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 53578
6 | releaseNotes:
7 | - |
8 | **Added** support customizing Ambient Enablement Labels.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/56076.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** Support for configuring `additionalContainers` and `initContainers` on the Gateway Helm Chart.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/56091.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 56086
6 |
7 | releaseNotes:
8 | - |
9 | **Added** ztunnel tolerations are now configurable via helm
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/56093.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 56087
6 |
7 | releaseNotes:
8 | - |
9 | **Added** istio-cni tolerations are now configurable via helm
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/56476.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 56417
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where `EnvoyFilter` with `targetRefs` matched incorrect resources.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/56500.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 56465
6 | releaseNotes:
7 | - |
8 | **Added** support displaying `stack-trace-level` for `istioctl admin log`.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/56559.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 56558
6 |
7 | releaseNotes:
8 | - |
9 | **Fixed** `create-remote-secret` no longer creates redundant rbac resources.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/56560.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support displaying `traffic type` for `istioctl waypoint list`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/56600.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support reset log level or stack trace level separately for `istioctl admin log`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/56662.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 56651
6 | releaseNotes:
7 | - |
8 | **Added** recording secret's namespace and name when certificate is invalid.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/56666.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support `--weight` parameter for `istioctl experimental workload group create`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/56695.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** Define default GOMEMLIMIT and GOMAXPROCS divisor to fix argo prepetual out-of-sync issue
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/56854.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support specifying proxy admin port for `istioctl experimental describe`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/837475-caBundle.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 33052
6 | releaseNotes:
7 | - |
8 | **Fixed** Removing caBundle default value from Chart to allow a GitOps approach
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/abort-with-grpc-status-code.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** support to inject faults by specifying gRPC status code
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/add-istiod-uptime-metric.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Added** a new metric to `istiod` to report server uptime.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/add-pod-securitycontext.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 26275
6 | releaseNotes:
7 | - |
8 | **Added** support for securityContext in the k8s settings for the operator API.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/add-sni-host.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: networking
4 | issue:
5 | - 25691
6 | releaseNotes:
7 | - |
8 | **Fixed** SNI host routing issue when user uses sniHosts match in virtual service
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/agent-startup.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** a new `startup_duration_seconds` metric to measure the latency in proxy readiness.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/alt-stat-name.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue causing outboundstatname in Mesh Config in not honoured for subset clusters.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/ambient-customize-updatestrategy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** updateStrategy value to ztunnel and istio-cni helm charts
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/ambient-hostnetwork.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** an issue causing `hostNetwork` pods to be ignored in ambient mode.
--------------------------------------------------------------------------------
/releasenotes/notes/ambient-logs.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Improved** logs from Envoy when connection failures occur in ambient mode to show more error details.
--------------------------------------------------------------------------------
/releasenotes/notes/ambient-service-entry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Added** initial ambient support for ServiceEntry.
--------------------------------------------------------------------------------
/releasenotes/notes/ambient-telemetry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Added** support for `Telemetry` customization in the waypoint proxy.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/bds-removal.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Removed** using BOOTSTRAP_XDS_AGENT experimental feature to apply BOOTSTRAP EnvoyFilter patches at the startup.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/check-disabled-status.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where disabling a log provider through Istio telemetry API would not work.
--------------------------------------------------------------------------------
/releasenotes/notes/cni-dns-capture.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 29511
6 | releaseNotes:
7 | - |
8 | **Fixed** smart DNS support in Istio CNI.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/cni-rolling-max-available.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** rolling update max unavailable to CNI Helm chart to speed up deploys.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/concurrent-map-write.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** Fix to an concurrent map write error that leads to a crash in istiod
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/consul.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | releaseNotes:
5 | - |
6 | **Removed** compiled in support for Consul service registry. Integration will be done using XDS in the future.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/dashboard-reporter-dropdown.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 27595
6 | releaseNotes:
7 | - |
8 | **Added** Istio Grafana Dashboards Query Reporter Dropdown.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/deprecate-istio_cni.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 49290
6 | releaseNotes:
7 | - |
8 | **Deprecated** usage of `values.istio_cni` in favor of `values.pilot.cni`
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/deprecate-operator-httpfetch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Deprecated** fetching charts from URLs in `istio-operator`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/dr-analyzer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | releaseNotes:
5 | - |
6 | **Added** Analyzer warning for DestinationRule not using CaCertificates to validate server identity.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/drop-headless.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `PILOT_ENABLE_HEADLESS_SERVICE_POD_LISTENERS` feature flag.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/drop-legacy-auto-mtls-check.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `ENABLE_AUTO_MTLS_CHECK_POLICIES` feature flag.
--------------------------------------------------------------------------------
/releasenotes/notes/drop-legacy-autopassthrough.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `PILOT_ENABLE_LEGACY_AUTO_PASSTHROUGH` feature flag.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/drop-legacy-credential.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `PILOT_ENABLE_LEGACY_ISTIO_MUTUAL_CREDENTIAL_NAME` feature flag.
--------------------------------------------------------------------------------
/releasenotes/notes/drop-legacy-ingress-flag.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `PILOT_LEGACY_INGRESS_BEHAVIOR` feature flag.
--------------------------------------------------------------------------------
/releasenotes/notes/drop-legacy-istio-trace-tags.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `PILOT_ENABLE_ISTIO_TAGS` feature flag.
--------------------------------------------------------------------------------
/releasenotes/notes/drop-legacy-lb-flag.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `ENABLE_LEGACY_LB_ALGORITHM_DEFAULT` feature flag.
--------------------------------------------------------------------------------
/releasenotes/notes/drop-legacy-partial-full-push.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `PILOT_PARTIAL_FULL_PUSHES` feature flag.
--------------------------------------------------------------------------------
/releasenotes/notes/drop-legacy-spiffe-bundle-endpoints.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | releaseNotes:
5 | - |
6 | **Removed** the `SPIFFE_BUNDLE_ENDPOINTS` feature flag.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/drop-reload-plugin-certs.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `AUTO_RELOAD_PLUGIN_CERTS` feature flag.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/drop-reload-prioritized-leader-election.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `PRIORITIZED_LEADER_ELECTION` feature flag.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/drop-reload-sidecar-ignore-port.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `SIDECAR_IGNORE_PORT_IN_HOST_MATCH` feature flag.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/drop-taint.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the experimental "taint controller" for Istio CNI.
--------------------------------------------------------------------------------
/releasenotes/notes/drop-tcp-probe.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Removed** the `REWRITE_TCP_PROBES` feature flag.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/duplicate-subset-names.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Added** rejecting DestinationRules with duplicate subset names.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/ecc-csr.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | issue:
5 | - 23226
6 | releaseNotes:
7 | - |
8 | **Added** support for creation of CSRs using ECC based certificates.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/ecc-p384.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** support for using P384 curves when using ECDSA
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/endpoint-before-pod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: networking
4 | issue:
5 | - 25112
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue when high pod churn rate can cause Istiod to get stuck.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/endpoints-false-negative.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 48373
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where new endpoints may not be sent to proxies.
--------------------------------------------------------------------------------
/releasenotes/notes/env-workload-rsa-keysize.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | releaseNotes:
5 | - |
6 | **Added** an environment variable for configuring the RSA key size of workload certificates.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/envoyfilter-app-protocals-match.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** support for matching `ApplicationProtocols` in EnvoyFilter.
--------------------------------------------------------------------------------
/releasenotes/notes/eviction-bug.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 54997
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue where ServiceEntry endpoints are leaked when a pod is evicted.
--------------------------------------------------------------------------------
/releasenotes/notes/experimental-telemetry-api-tracing.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 24284
6 |
7 | releaseNotes:
8 | - |
9 | **Added** experimental support for Telemetry API.
--------------------------------------------------------------------------------
/releasenotes/notes/fix-47270.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where the External Control Plane Analyzer may not work in some remote control plane setups.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/fix-istioctl-x-precheck-missing-revision.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `revision` flag missing in `istioctl x precheck`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/gateway-dual-stack.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** ability to install gateway helm chart with a dual-stack service definition.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/gateway-v1alpha2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** support for the `v1alpha2` version of the [gateway-api](https://gateway-api.org/).
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/gomaxprocs.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Added** an automatically set `GOMEMLIMIT` and `GOMAXPROCS` to all deployments to improve performance.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/graudate-revision-tag-command.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: promotion
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Promoted** the `istioctl experimental revision tag` command group to `istioctl tag`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/grpc-inbound-retry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue where proxy memory goes up with gRPC streaming services.
--------------------------------------------------------------------------------
/releasenotes/notes/grpc-probe.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** support rewriting gRPC probes
--------------------------------------------------------------------------------
/releasenotes/notes/grpc-stats.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | issue:
5 | - 43908
6 | - 44144
7 | releaseNotes:
8 | - |
9 | **Fixed** an issue where grpc stats are absent.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/header-validation.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue causing VirtualService header name validation to reject valid header names.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/helm-ambient.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Added** helm values for easier installation of ambient when the user wishes to use Helm.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/httpregexrewrite.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue:
5 | - 22290
6 | releaseNotes:
7 | - |
8 | **Added** support for Regex Rewrite in VirtualService HTTPRewrite
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/image-auto-analyzer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** a new analyzer to check for `image: auto` in Pods and Deployments that will not be injected.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/inbound-patch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: networking
4 | releaseNotes:
5 | - |
6 | **Fixed** a bug where Envoy filter with service match is not working for inbound clusters.
7 |
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/ingress-named-port.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | issue:
5 | - 23052
6 | releaseNotes:
7 | - |
8 | **Improved** support for Ingress by allowing named port references.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/ingressgateway-support-daemonset.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue:
5 | - 37610
6 | releaseNotes:
7 | - |
8 | **Added** support install gateway helm chart as daemonset.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/istioctl-install-errors.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Improved** `istioctl install` to give more details during installation failures.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/istioctl-pc-all.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issues:
5 | - 28191
6 | releaseNotes:
7 | - |
8 | **Added** the `istioctl proxy-config all` command to view the full proxy configuration.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/istioctl-sort-events-by-creation.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Improved** `istioctl bug-report` to sort gathered events by creation date.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/istioctl-uninstall.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 24360
6 | releaseNotes:
7 | - |
8 | **Added** `istioctl x uninstall` command to uninstall Istio control plane.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/istioctl-xds-piggyback.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Removed** the experimental flag `--xds-via-agents` to the `istioctl proxy-status` command.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/json-log-sort.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Improved** JSON access logs to emit keys in a stable ordering.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/jwt-aud.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | issue:
5 | - 49913
6 | releaseNotes:
7 | - |
8 | **Fixed** list matching for the audience claims in JWT tokens.
9 |
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/jwt-from-cookies.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | issue:
5 | - 47847
6 | releaseNotes:
7 | - |
8 | **Added** support retrieve JWT from cookies.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/jwt-parsing.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: security
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** dependency in Envoy to properly parse JWTs with negative values for exp, nbf or iat fields.
8 |
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/jwt-route.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | releaseNotes:
5 | - |
6 | **Added** support for JWT claim based routing on ingress gateways.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/k8s-tls-secret-cacerts.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: security
4 | issue:
5 | - 38528
6 | releaseNotes:
7 | - |
8 | **Added** the ability to read `kubernetes.io/tls` type cacerts secrets.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.29.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 30438
6 |
7 | releaseNotes:
8 | - |
9 | **Updated** Kiali addon to the latest version v1.29.
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.34.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to the latest version v1.34.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.55.1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to the latest version v1.55.1.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.55.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to the latest version v1.55.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.59.1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to version v1.59.1.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.60.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to version v1.60.0.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.63.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to version v1.63.1.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.67.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to version v1.67.0.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.72.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to version v1.72.0.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.76.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to version v1.76.0.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.79.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to version v1.79.0.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v1.87.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to version v1.87.0.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v2.0.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to version v2.0.0.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update-v2.5.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 |
5 | releaseNotes:
6 | - |
7 | **Updated** Kiali addon to version v2.5.0.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/kiali-update.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Updated** Kiali addon has been upgraded to v1.26
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/make-httpbin-work-ocp.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: documentation
4 | releaseNotes:
5 | - |
6 | **Fixed** `httpbin` sample manifests to deploy correctly on OpenShift.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/min-k8-ver-for-1.8.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 28814
6 | releaseNotes:
7 | - |
8 | **Added** Istio 1.8 supports kubernetes versions 1.16 to 1.19.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/min-k8-ver-for-1.9.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 30176
6 | releaseNotes:
7 | - |
8 | **Added** Istio 1.9 supports Kubernetes versions 1.17 to 1.20.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/nested-json-log.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: telemetry
4 | issue:
5 | - 28597
6 | releaseNotes:
7 | - |
8 | **Fixed** an issue to allow nested JSON structure in `meshConfig.accessLogFormat`.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/noble-base.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Upgraded** base images to use the latest Ubuntu LTS, `ubuntu:noble`. Previously, `ubuntu:focal` was used.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/nonroot-gateway.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 23379
6 | releaseNotes:
7 | - |
8 | **Improved** gateway deployments to run as non-root by default.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/ns-filter.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** a bug causing `discoverySelectors` to accidentally filter out all `GatewayClasses`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/openshift-ambient-profile.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 42341
6 | releaseNotes:
7 | - |
8 | **Added** `openshift-ambient` profile.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/operator-drop-dump.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Removed** `istioctl profile` command. The same information can be found in Istio documentation.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/otel-builtin-labels.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | releaseNotes:
5 | - |
6 | **Removed** the feature flag `ENABLE_OTEL_BUILTIN_RESOURCE_LABELS`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/pilot-envvarfrom.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** support for `envVarFrom` in `istiod` chart.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/pq-memory-leak.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue causing memory to not be freed after XDS clients disconnect.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/probe-redirect.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue:
5 | - 34238
6 | - 29468
7 | releaseNotes:
8 | - |
9 | **Fixed** application readiness probes to properly handle redirects.
--------------------------------------------------------------------------------
/releasenotes/notes/proxy-protocol.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue preventing DestinationRule `proxyProtocol` from working when TLS is disabled.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/proxy-stats-inclusion.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 26546
6 | releaseNotes:
7 | - |
8 | **Added** Proxy config to control Envoy native stats generation.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/psfile.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** Allow proxy-status for non-K8s workloads with --file
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/remove-convert-ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 29153
6 |
7 | releaseNotes:
8 | - |
9 | **Removed** istioctl convert-ingress command
10 |
--------------------------------------------------------------------------------
/releasenotes/notes/remove-operator-httpfetch.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Removed** fetching charts from URLs in `istio-operator`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/retry-budget.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** support of retry budget in the `DestinationRule`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/retry-hosts.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** support for configuring retry hosts predicate via Retry API (retry_ignore_previous_hosts).
--------------------------------------------------------------------------------
/releasenotes/notes/retry_backoff.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Added** support for specifying backoff interval during retries.
--------------------------------------------------------------------------------
/releasenotes/notes/rpm-builds.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 9117
6 | releaseNotes:
7 | - |
8 | **Added** RPM packages for running the Istio sidecar on a VM to the release.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/scope-push-by-sidecar-changes.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | releaseNotes:
5 | - |
6 | **Improved** the full push scoping by adding `Sidecar` config to sidecarScopeKnownConfigTypes.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/send-stat.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | releaseNotes:
5 | - |
6 | **Added** a new stat "pilot_xds_send_time" that records send time of the generated configuration.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/service-instance-same-namespace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue allowing ServiceEntries to act as instances in other namespaces.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/service-select-workload-entry.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | issue:
5 | - 23683
6 | releaseNotes:
7 | - |
8 | **Added** support for Kubernetes Services to select WorkloadEntries.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/sidecar-vs-delegate.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | releaseNotes:
5 | - |
6 | **Added** support for virtual service delegate for sidecar proxies.
--------------------------------------------------------------------------------
/releasenotes/notes/skip-graceful-termination.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: installation
4 | issue: [36686]
5 | releaseNotes:
6 | - |
7 | **Improved** Abort graceful termination logic if the Envoy process terminates early
--------------------------------------------------------------------------------
/releasenotes/notes/tls-tcp-conflict.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** an issue causing TLS `ServiceEntries` to sometimes not work when created after TCP ones.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/trim-certificate-chain.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 |
5 | releaseNotes:
6 | - |
7 | **Fixed** trim certificate chains before parsing to avoid unnecessary parsing errors.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/uninject-not-work.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** `x un-inject` provides wrong un-inject template.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/update-jaeger-v1.22.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | releaseNotes:
5 | - |
6 | **Updated** Jaeger addon to the latest version v1.22.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/update-pdb-version.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: installation
4 | issue:
5 | - 32005
6 |
7 | releaseNotes:
8 | - |
9 | **Added** support for policy/v1 PDB.
--------------------------------------------------------------------------------
/releasenotes/notes/update-se-instances.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | releaseNotes:
5 | - |
6 | **Fixed** potential memory leak when updating service entries hostname.
--------------------------------------------------------------------------------
/releasenotes/notes/updateMinK8sto1.13.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Updated** minimum supported Kubernetes version to 1.23.x.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/use-client-protocol.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | issue:
5 | releaseNotes:
6 | - |
7 | **Added** Support for specifying "UseClientProtocol" in DestinationRule in Http.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/validate-appprotocol.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Fixed** validate not detecting service port `appProtocol`.
7 |
--------------------------------------------------------------------------------
/releasenotes/notes/validate-unknown.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | issue:
5 | - 24861
6 | releaseNotes:
7 | - |
8 | **Improved** `istioctl validate` to check for unknown fields in resources.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/verify-install-multi-iops.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: istioctl
4 | issue:
5 | - 42964
6 | releaseNotes:
7 | - |
8 | **Fixed** `istioctl verify-install` fails when using multiple iops.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/vs-overwrite-fix.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Fixed** an issue causing routes to be overwritten by other virtual services.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/wasm-decompress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: extensibility
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** Decompress or/and untar the wasm binary when it is pulled via HTTP/HTTPS.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/wasm-extension-dashboard.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: telemetry
4 | issue:
5 | - 25843
6 | releaseNotes:
7 | - |
8 | **Added** Istio Wasm Extension Grafana Dashboard.
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/wasm-fail-open.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: extensibility
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** an option to fail open on fetch failure and VM fatal errors.
8 |
9 |
--------------------------------------------------------------------------------
/releasenotes/notes/wasm-fail-reload.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: extensibility
4 | releaseNotes:
5 | - |
6 | **Added** an option to reload the wasm VM on new requests if the VM has failed.
--------------------------------------------------------------------------------
/releasenotes/notes/wasm-pull-policy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: extensibility
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** Support for ImagePullPolicy of WasmPlugin API.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/wasm-secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: extensibility
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** support for WasmPlugin pulling image from private repo with `imagePullSecret`.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/wasmplugin.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: extensibility
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** support for Istio WasmPlugin API
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/waypoint-mirror.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: bug-fix
3 | area: traffic-management
4 | issue: [52713]
5 | releaseNotes:
6 | - |
7 | **Fixed** an issue when using mirror policies with waypoints.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/waypoint-tcproute.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: traffic-management
4 | issue: []
5 | releaseNotes:
6 | - |
7 | **Added** support for `TCPRoute` to waypoint proxies.
8 |
--------------------------------------------------------------------------------
/releasenotes/notes/webhook-analyzer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: istioctl
4 | releaseNotes:
5 | - |
6 | **Added** a new analyzer for invalid webhook configurations.
--------------------------------------------------------------------------------
/releasenotes/notes/xds-authz.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: release-notes/v2
2 | kind: feature
3 | area: networking
4 | releaseNotes:
5 | - |
6 | **Added** authorization of clients when connecting to Istiod over XDS.
7 |
--------------------------------------------------------------------------------
/samples/README.md:
--------------------------------------------------------------------------------
1 | # Istio Samples
2 |
3 | This directory contains sample applications highlighting various Istio features.
4 |
--------------------------------------------------------------------------------
/samples/ambient-argo/application/namespace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: ambient
--------------------------------------------------------------------------------
/samples/ambient-argo/documentation/Ambient Upgrade - Strategies.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/samples/ambient-argo/documentation/Ambient Upgrade - Strategies.png
--------------------------------------------------------------------------------
/samples/bookinfo/platform/kube/README.md:
--------------------------------------------------------------------------------
1 | See the [Bookinfo guide](https://istio.io/docs/guides/bookinfo.html) in Istio
2 | docs for instructions on how to run this demo application.
3 |
--------------------------------------------------------------------------------
/samples/bookinfo/src/details/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org'
2 |
3 | gem "webrick", "~> 1.7"
4 |
5 |
--------------------------------------------------------------------------------
/samples/bookinfo/src/mongodb/ratings_data.json:
--------------------------------------------------------------------------------
1 | {rating: 5}
2 | {rating: 4}
3 |
--------------------------------------------------------------------------------
/samples/bookinfo/src/productpage/static/img/izzy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/samples/bookinfo/src/productpage/static/img/izzy.png
--------------------------------------------------------------------------------
/samples/bookinfo/src/productpage/test-requirements.in:
--------------------------------------------------------------------------------
1 | requests-mock==1.5.2
2 |
--------------------------------------------------------------------------------
/samples/bookinfo/src/reviews/.gitignore:
--------------------------------------------------------------------------------
1 | .gradle
2 | reviews-application/build/
3 | reviews-wlpcfg/servers/LibertyProjectServer/apps/
4 |
--------------------------------------------------------------------------------
/samples/bookinfo/src/reviews/build.gradle:
--------------------------------------------------------------------------------
1 | allprojects {
2 | group = 'org.istio'
3 | version = '1.0'
4 | repositories {
5 | mavenCentral()
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/samples/bookinfo/src/reviews/reviews-wlpcfg/shared/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/samples/bookinfo/src/reviews/reviews-wlpcfg/shared/.gitkeep
--------------------------------------------------------------------------------
/samples/bookinfo/src/reviews/settings.gradle:
--------------------------------------------------------------------------------
1 | rootProject.name = 'reviews'
2 |
3 | include 'reviews-application'
4 | include 'reviews-wlpcfg'
5 |
--------------------------------------------------------------------------------
/samples/helloworld/src/requirements.in:
--------------------------------------------------------------------------------
1 | requests
2 | flask
3 | flask_json
4 | flask_bootstrap
5 | json2html
6 | simplejson
7 | gevent
8 | gunicorn
9 |
--------------------------------------------------------------------------------
/samples/wasm_modules/README.md:
--------------------------------------------------------------------------------
1 | # WASM demo
2 |
3 | `header_injector` is used for istio e2e tests, more tests can be found [here](https://github.com/istio-ecosystem/wasm-extensions).
4 |
--------------------------------------------------------------------------------
/samples/wasm_modules/header_injector/.gitignore:
--------------------------------------------------------------------------------
1 | bazel-*
2 | compile_commands.json
3 | *.wasm
--------------------------------------------------------------------------------
/samples/wasm_modules/header_injector/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM scratch
2 | ARG WASM_BINARY
3 | WORKDIR /
4 | COPY $WASM_BINARY /plugin.wasm
5 |
--------------------------------------------------------------------------------
/security/README.md:
--------------------------------------------------------------------------------
1 | Please check our [website](https://istio.io/docs/concepts/security/) for
2 | more information.
3 |
--------------------------------------------------------------------------------
/security/pkg/nodeagent/cache/testdata/file-to-watch.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/security/pkg/nodeagent/cache/testdata/file-to-watch.txt
--------------------------------------------------------------------------------
/security/pkg/nodeagent/caclient/providers/citadel/testdata/token:
--------------------------------------------------------------------------------
1 | fake
2 |
--------------------------------------------------------------------------------
/security/pkg/pki/ca/root-certs-for-testing.pem:
--------------------------------------------------------------------------------
1 | root-cert-2
2 | root-cert-3
--------------------------------------------------------------------------------
/security/pkg/pki/testdata/key-verify-fail.pem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/security/pkg/pki/testdata/key-verify-fail.pem
--------------------------------------------------------------------------------
/security/tools/deb/description:
--------------------------------------------------------------------------------
1 | Istio security node agent provides cert provision service for workloads.
2 |
--------------------------------------------------------------------------------
/security/tools/jwt/requirements.txt:
--------------------------------------------------------------------------------
1 | google-auth
--------------------------------------------------------------------------------
/security/tools/jwt/samples/requirements.txt:
--------------------------------------------------------------------------------
1 | jwcrypto
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzAggregateController/5196264820572160:
--------------------------------------------------------------------------------
1 | ��
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzAnalyzer/6087702507290624:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/tests/fuzz/testdata/FuzzAnalyzer/6087702507290624
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzAnalyzer/6169070276837376:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/tests/fuzz/testdata/FuzzAnalyzer/6169070276837376
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzBNMUnmarshalJSON/4811475191988224:
--------------------------------------------------------------------------------
1 | {"INSTANCE_IPS":1}
2 |
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzCRDRoundtrip/4664081669292032:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/tests/fuzz/testdata/FuzzCRDRoundtrip/4664081669292032
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzCRDRoundtrip/6428395234263040:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/tests/fuzz/testdata/FuzzCRDRoundtrip/6428395234263040
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzConfigValidation2/4534596883578880:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/tests/fuzz/testdata/FuzzConfigValidation2/4534596883578880
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzConfigValidation2/seed1:
--------------------------------------------------------------------------------
1 | {"servers":[{"port":{"number":80,"protocol":"https","name":"https"},"hosts":["bar.com"],"tls":{"httpsRedirect":true}}]}
2 |
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzFindRootCertFromCertificateChainBytes/6118602084843520:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/tests/fuzz/testdata/FuzzFindRootCertFromCertificateChainBytes/6118602084843520
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzHelmReconciler/5691906075000832:
--------------------------------------------------------------------------------
1 | apiVersion: v
2 | kind: Service
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzJwtUtil/5085913745588224:
--------------------------------------------------------------------------------
1 | .bnVsbM.
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzResolveK8sConflict/5719923521880064:
--------------------------------------------------------------------------------
1 | ���PodDisruptionBudget����
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzTranslateFromValueToSpec/5041840540745728:
--------------------------------------------------------------------------------
1 | /..: J
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzValidateClusters/5567080949219328:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/tests/fuzz/testdata/FuzzValidateClusters/5567080949219328
--------------------------------------------------------------------------------
/tests/fuzz/testdata/FuzzValidateClusters/6380814220263424:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/tests/fuzz/testdata/FuzzValidateClusters/6380814220263424
--------------------------------------------------------------------------------
/tests/integration/ambient/testdata/registry-secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | data:
3 | .dockerconfigjson: {{ .DockerConfigJson }}
4 | kind: Secret
5 | metadata:
6 | name: reg-cred
7 | type: kubernetes.io/dockerconfigjson
8 |
--------------------------------------------------------------------------------
/tests/integration/pilot/testdata/invalid.md:
--------------------------------------------------------------------------------
1 | This is a markdown not yaml.
2 |
--------------------------------------------------------------------------------
/tests/integration/pilot/testdata/invalid.yaml:
--------------------------------------------------------------------------------
1 | this causes a parse error, it's not yaml!
--------------------------------------------------------------------------------
/tests/integration/pilot/testdata/upgrade/1.11.0-beta.1-cni-install.yaml.tar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/tests/integration/pilot/testdata/upgrade/1.11.0-beta.1-cni-install.yaml.tar
--------------------------------------------------------------------------------
/tests/integration/security/fuzz/overview.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/istio/istio/ea376d391cd2a8534a7e1200cd6833dc5a1076df/tests/integration/security/fuzz/overview.jpg
--------------------------------------------------------------------------------
/tests/integration/security/testdata/reachability/global-peer-authn.yaml.tmpl:
--------------------------------------------------------------------------------
1 | apiVersion: security.istio.io/v1
2 | kind: PeerAuthentication
3 | metadata:
4 | name: "default"
5 | spec:
6 | mtls:
7 | mode: {{ .MTLSMode }}
8 |
--------------------------------------------------------------------------------
/tests/integration/telemetry/api/testdata/registry-secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | data:
3 | .dockerconfigjson: {{ .DockerConfigJson }}
4 | kind: Secret
5 | metadata:
6 | name: reg-cred
7 | type: kubernetes.io/dockerconfigjson
8 |
--------------------------------------------------------------------------------
/tests/testdata/config/authn.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: security.istio.io/v1
2 | kind: PeerAuthentication
3 | metadata:
4 | name: default
5 | namespace: default
6 | spec:
7 | mtls:
8 | mode: PERMISSIVE
9 |
--------------------------------------------------------------------------------
/tools/.gitignore:
--------------------------------------------------------------------------------
1 | docker-dev/image-built
2 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/append-insert-multi-restore.golden:
--------------------------------------------------------------------------------
1 | * table
2 | -N chain
3 | -A chain -f foo -b bar
4 | -I chain 2 -f foo -b bar
5 | -A chain -f foo -b baz
6 | COMMIT
7 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/append-insert-multi.golden:
--------------------------------------------------------------------------------
1 | -t table -N chain
2 | -t table -A chain -f foo -b bar
3 | -t table -I chain 2 -f foo -b bar
4 | -t table -A chain -f foo -b baz
5 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/append-multi-restore.golden:
--------------------------------------------------------------------------------
1 | * table
2 | -N chain
3 | -A chain -f foo -b bar
4 | -A chain -f fu -b bar
5 | -A chain -f foo -b baz
6 | COMMIT
7 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/append-multi.golden:
--------------------------------------------------------------------------------
1 | -t table -N chain
2 | -t table -A chain -f foo -b bar
3 | -t table -A chain -f fu -b bar
4 | -t table -A chain -f foo -b baz
5 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/append-single-restore.golden:
--------------------------------------------------------------------------------
1 | * table
2 | -N chain
3 | -A chain -f foo -b bar
4 | COMMIT
5 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/append-single.golden:
--------------------------------------------------------------------------------
1 | -t table -N chain
2 | -t table -A chain -f foo -b bar
3 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/insert-multi-restore.golden:
--------------------------------------------------------------------------------
1 | * table
2 | -N chain
3 | -I chain 1 -f foo -b bar
4 | -I chain 2 -f foo -b baaz
5 | -I chain 3 -f foo -b baz
6 | COMMIT
7 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/insert-multi.golden:
--------------------------------------------------------------------------------
1 | -t table -N chain
2 | -t table -I chain 1 -f foo -b bar
3 | -t table -I chain 2 -f foo -b baaz
4 | -t table -I chain 3 -f foo -b baz
5 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/insert-single-restore.golden:
--------------------------------------------------------------------------------
1 | * table
2 | -N chain
3 | -I chain 2 -f foo -b bar
4 | COMMIT
5 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/insert-single.golden:
--------------------------------------------------------------------------------
1 | -t table -N chain
2 | -t table -I chain 2 -f foo -b bar
3 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/multi-rules-new-chain-v4.golden:
--------------------------------------------------------------------------------
1 | -t table -N chain
2 | -t table -A chain -f foo -b bar
3 | -t table -I chain 2 -f foo -b bar
4 | -t table -A chain -f foo -b baz
5 | -t nat -A PREROUTING -f foo -b bar
6 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/multi-rules-new-chain-v6-restore.golden:
--------------------------------------------------------------------------------
1 | * table
2 | -N chain
3 | -A chain -f foo -b bar
4 | -I chain 2 -f foo -b bar
5 | -I chain 1 -f foo -b bar
6 | COMMIT
7 |
--------------------------------------------------------------------------------
/tools/istio-iptables/pkg/builder/testdata/multi-rules-new-chain-v6.golden:
--------------------------------------------------------------------------------
1 | -t table -N chain
2 | -t table -A chain -f foo -b bar
3 | -t table -I chain 2 -f foo -b bar
4 | -t table -I chain 1 -f foo -b bar
5 |
--------------------------------------------------------------------------------
/tools/proto/buf.golang.yaml:
--------------------------------------------------------------------------------
1 | version: v1beta1
2 | plugins:
3 | - name: go
4 | out: .
5 | opt:
6 | - paths=source_relative
7 | - name: go-grpc
8 | out: .
9 | opt:
10 | - paths=source_relative
--------------------------------------------------------------------------------