├── .devcontainer └── devcontainer.json ├── .gitattributes ├── .github └── SECURITY.md ├── .gitignore ├── BUGS-AND-FEATURE-REQUESTS.md ├── CODEOWNERS ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── Makefile.core.mk ├── Makefile.overrides.mk ├── README.md ├── SUPPORT.md ├── ambient-tests ├── .gitignore ├── Makefile ├── README.md ├── docker │ ├── .dockerignore │ ├── Dockerfile │ ├── Makefile │ ├── README.md │ └── server-and-sleep.sh ├── push_error.png ├── requirements.txt ├── scripts │ ├── config.sh │ ├── fortio │ │ ├── gen-csv.sh │ │ ├── graphs.py │ │ ├── results_to_csv.py │ │ └── run.sh │ ├── lib.py │ ├── netperf │ │ ├── gen-csv.sh │ │ ├── graphs.py │ │ ├── results_to_csv.py │ │ └── run.sh │ └── setup.sh └── yaml │ ├── cluster.yaml │ └── deploy.yaml ├── bin ├── README.md ├── export_grafana_snapshot.py ├── redeploy.sh ├── requirements.txt ├── root-transition.sh ├── setup_cluster.sh └── update_dns.py ├── cmd ├── annotations_prep │ └── main.go ├── envvarlinter │ ├── README.md │ ├── allowlist.go │ ├── envvar_test.go │ ├── main.go │ ├── rules │ │ ├── no_os_env.go │ │ └── util.go │ ├── rules_matcher.go │ └── testdata │ │ └── envuse.go ├── evaluate-docs │ ├── README.md │ ├── main.go │ ├── scorer.go │ └── scorer_hits.go ├── gen-release-notes │ ├── README.md │ ├── main.go │ ├── note.go │ ├── release_notes_schema.json │ ├── template.go │ └── templates │ │ ├── minorReleaseNotes.md │ │ ├── releaseNotes.md │ │ └── upgradeNotes.md ├── kubetype-gen │ ├── Makefile │ ├── README.md │ ├── boilerplate.go.txt │ ├── generators │ │ ├── naming.go │ │ ├── package.go │ │ ├── register.go │ │ └── types.go │ ├── main.go │ ├── metadata │ │ └── metadata.go │ ├── scanner │ │ └── scanner.go │ └── testdata │ │ ├── test_input │ │ ├── negative │ │ │ ├── defaults │ │ │ │ ├── emptygroup │ │ │ │ │ ├── doc.go │ │ │ │ │ └── type.go │ │ │ │ └── invalidgroupversion │ │ │ │ │ ├── doc.go │ │ │ │ │ └── type.go │ │ │ └── types │ │ │ │ └── type.go │ │ └── positive │ │ │ ├── defaults │ │ │ ├── doc.go │ │ │ └── type.go │ │ │ └── types │ │ │ └── type.go │ │ └── test_output │ │ ├── defaults │ │ ├── group │ │ │ └── version │ │ │ │ ├── doc.go │ │ │ │ ├── register.go │ │ │ │ └── types.go │ │ └── group2 │ │ │ └── version2 │ │ │ ├── doc.go │ │ │ ├── register.go │ │ │ └── types.go │ │ └── types │ │ ├── group │ │ └── version │ │ │ ├── doc.go │ │ │ ├── register.go │ │ │ └── types.go │ │ └── group2 │ │ └── version │ │ ├── doc.go │ │ ├── register.go │ │ └── types.go ├── license-lint │ ├── README.md │ ├── analysis.go │ ├── collector.go │ ├── config.go │ └── main.go ├── mvpage │ ├── README.md │ ├── hugoconfig.go │ ├── main.go │ └── mover.go ├── org-gen │ └── main.go ├── protoc-gen-alias │ ├── Makefile │ ├── README.md │ ├── main.go │ └── test │ │ ├── Makefile │ │ ├── alias_test.go │ │ ├── v1 │ │ ├── external.pb.go │ │ ├── external.proto │ │ ├── types.pb.go │ │ └── types.proto │ │ └── v1alpha │ │ └── types_alias.gen.go ├── protoc-gen-crd │ ├── README.md │ ├── main.go │ ├── openapiGenerator.go │ └── pkg │ │ └── protocgen │ │ └── generate.go ├── protoc-gen-docs │ ├── Makefile │ ├── README.md │ ├── dictionaries │ │ ├── custom.txt │ │ ├── en-US.aff │ │ └── en-US.dic │ ├── htmlGenerator.go │ ├── main.go │ └── testdata │ │ ├── test1.proto │ │ ├── test2.proto │ │ ├── test3.proto │ │ ├── test4.proto │ │ └── test6.proto ├── protoc-gen-golang-deepcopy │ ├── Makefile │ ├── README.md │ ├── main.go │ └── test │ │ ├── Makefile │ │ ├── deepcopy_test.go │ │ ├── generated │ │ ├── types.pb.go │ │ └── types_deepcopy.gen.go │ │ └── types.proto ├── protoc-gen-golang-jsonshim │ ├── Makefile │ ├── README.md │ ├── main.go │ └── test │ │ ├── Makefile │ │ ├── external.proto │ │ ├── generated │ │ ├── external.pb.go │ │ ├── external_json.gen.go │ │ ├── types.pb.go │ │ └── types_json.gen.go │ │ ├── jsonshim_test.go │ │ └── types.proto └── testlinter │ ├── README.md │ ├── allowlist.go │ ├── e2etest_lint_test.go │ ├── integtest_lint_test.go │ ├── lint_rules_list.go │ ├── main.go │ ├── rules │ ├── no_goroutine.go │ ├── no_short.go │ ├── no_sleep.go │ ├── short_skip.go │ ├── skip_issue.go │ └── util.go │ ├── rules_matcher.go │ ├── testdata │ ├── e2e │ │ └── e2e_test.go │ ├── integration │ │ └── integtest_test.go │ ├── integtest_integ_test.go │ └── unit_test.go │ └── unittest_lint_test.go ├── common ├── .commonfiles.sha ├── Makefile.common.mk ├── config │ ├── .golangci.yml │ ├── .hadolint.yml │ ├── .yamllint.yml │ ├── license-lint.yml │ ├── mdl.rb │ ├── sass-lint.yml │ └── tslint.json └── scripts │ ├── check_clean_repo.sh │ ├── copyright-banner-go.txt │ ├── fix_copyright_banner.sh │ ├── format_go.sh │ ├── gobuild.sh │ ├── kind_provisioner.sh │ ├── lint_copyright_banner.sh │ ├── lint_go.sh │ ├── metallb-native.yaml │ ├── report_build_info.sh │ ├── run.sh │ ├── setup_env.sh │ └── tracing.sh ├── docker └── build-tools │ ├── Dockerfile │ ├── bashrc │ ├── build-and-push.sh │ ├── docker-entrypoint.sh │ ├── install-python.sh │ ├── prow-entrypoint.sh │ └── proxy-tsan-instrumented-libcxx.sh ├── examples └── luacheck │ ├── Chart.yaml │ ├── README.md │ ├── jwt.lua │ ├── jwt_test.lua │ ├── setup.sh │ ├── templates │ ├── filter.yaml │ └── meshPolicy.yaml │ └── values.yaml ├── go.mod ├── go.sum ├── isotope ├── README.md ├── convert │ ├── README.md │ ├── cmd │ │ ├── kubernetes.go │ │ └── root.go │ ├── main.go │ └── pkg │ │ ├── consts │ │ └── consts.go │ │ ├── graph │ │ ├── graph.go │ │ ├── pct │ │ │ ├── error.go │ │ │ ├── percentage.go │ │ │ └── percentage_test.go │ │ ├── script │ │ │ ├── command.go │ │ │ ├── concurrent_command.go │ │ │ ├── concurrent_command_test.go │ │ │ ├── request_command.go │ │ │ ├── request_command_test.go │ │ │ ├── script.go │ │ │ ├── script_test.go │ │ │ ├── sleep_command.go │ │ │ └── sleep_command_test.go │ │ ├── size │ │ │ ├── byte_size.go │ │ │ ├── byte_size_test.go │ │ │ └── error.go │ │ ├── svc │ │ │ ├── marshal_test.go │ │ │ ├── service.go │ │ │ ├── unmarshal.go │ │ │ └── unmarshal_test.go │ │ ├── svctype │ │ │ ├── service_type.go │ │ │ └── service_type_test.go │ │ ├── unmarshal.go │ │ ├── unmarshal_test.go │ │ └── validation.go │ │ ├── graphviz │ │ ├── graphviz.go │ │ └── graphviz_test.go │ │ └── kubernetes │ │ ├── fortio_client.go │ │ └── kubernetes.go ├── create_tree_topology.py ├── example-config.toml ├── example-topologies │ ├── 1-service.yaml │ ├── 10-svc_10-end.yaml │ ├── 10-svc_100-end.yaml │ ├── 10-svc_1000-end.yaml │ ├── 10-svc_10000-end.yaml │ ├── 1000-svc_5000-end.yaml │ ├── canonical-2-replicas.yaml │ ├── canonical.yaml │ ├── chain-2-services-different-cluster.yaml │ ├── chain-2-services-different-namespace.yaml │ ├── chain-2-services.yaml │ ├── chain-3-services.yaml │ ├── tree-111-services.yaml │ └── tree-13-services.yaml ├── go.mod ├── go.sum ├── graph.png ├── helm-values.yaml ├── local_gateways.yaml ├── run_tests.py └── service │ ├── Dockerfile │ ├── README.md │ ├── main.go │ └── pkg │ └── srv │ ├── executable.go │ ├── graph.go │ ├── handler.go │ ├── header.go │ ├── prometheus │ └── handler.go │ └── request.go ├── licenses ├── cel.dev │ └── expr │ │ └── LICENSE ├── dario.cat │ └── mergo │ │ └── LICENSE ├── github.com │ ├── ProtonMail │ │ └── go-crypto │ │ │ └── LICENSE │ ├── antlr4-go │ │ └── antlr │ │ │ └── v4 │ │ │ └── LICENSE │ ├── client9 │ │ └── gospell │ │ │ ├── LICENSE │ │ │ └── plaintext │ │ │ └── LICENSE │ ├── cloudflare │ │ └── circl │ │ │ ├── LICENSE │ │ │ └── ecc │ │ │ └── p384 │ │ │ └── LICENSE │ ├── cyphar │ │ └── filepath-securejoin │ │ │ └── LICENSE │ ├── davecgh │ │ └── go-spew │ │ │ └── LICENSE │ ├── dgryski │ │ └── go-minhash │ │ │ └── LICENSE │ ├── ekzhu │ │ └── minhash-lsh │ │ │ └── LICENSE │ ├── emirpasic │ │ └── gods │ │ │ └── LICENSE │ ├── fsnotify │ │ └── fsnotify │ │ │ └── LICENSE │ ├── fxamacker │ │ └── cbor │ │ │ └── v2 │ │ │ └── LICENSE │ ├── go-enry │ │ └── go-license-detector │ │ │ └── v4 │ │ │ └── LICENSE.md │ ├── go-git │ │ ├── gcfg │ │ │ └── LICENSE │ │ ├── go-billy │ │ │ └── v5 │ │ │ │ └── LICENSE │ │ └── go-git │ │ │ └── v5 │ │ │ └── LICENSE │ ├── go-logr │ │ └── logr │ │ │ └── LICENSE │ ├── go-openapi │ │ ├── jsonpointer │ │ │ └── LICENSE │ │ ├── jsonreference │ │ │ └── LICENSE │ │ └── swag │ │ │ └── LICENSE │ ├── go-viper │ │ └── mapstructure │ │ │ └── v2 │ │ │ └── LICENSE │ ├── gobuffalo │ │ └── flect │ │ │ └── LICENSE │ ├── gogo │ │ └── protobuf │ │ │ └── LICENSE │ ├── golang-jwt │ │ └── jwt │ │ │ └── v5 │ │ │ └── LICENSE │ ├── golang │ │ ├── glog │ │ │ └── LICENSE │ │ ├── groupcache │ │ │ └── LICENSE │ │ └── protobuf │ │ │ └── LICENSE │ ├── gomarkdown │ │ └── markdown │ │ │ └── LICENSE.txt │ ├── google │ │ ├── cel-go │ │ │ └── LICENSE │ │ ├── gnostic-models │ │ │ └── LICENSE │ │ └── go-cmp │ │ │ └── LICENSE │ ├── hhatto │ │ └── gorst │ │ │ └── LICENSE │ ├── howardjohn │ │ └── celpp │ │ │ └── LICENSE │ ├── jbenet │ │ └── go-context │ │ │ └── LICENSE │ ├── jdkato │ │ └── prose │ │ │ └── LICENSE │ ├── josharian │ │ └── intern │ │ │ └── license.md │ ├── json-iterator │ │ └── go │ │ │ └── LICENSE │ ├── kevinburke │ │ └── ssh_config │ │ │ └── LICENSE │ ├── mailru │ │ └── easyjson │ │ │ └── LICENSE │ ├── modern-go │ │ ├── concurrent │ │ │ └── LICENSE │ │ └── reflect2 │ │ │ └── LICENSE │ ├── montanaflynn │ │ └── stats │ │ │ └── LICENSE │ ├── pelletier │ │ └── go-toml │ │ │ └── v2 │ │ │ └── LICENSE │ ├── pjbgf │ │ └── sha1cd │ │ │ └── LICENSE │ ├── pkg │ │ └── errors │ │ │ └── LICENSE │ ├── pmezard │ │ └── go-difflib │ │ │ └── LICENSE │ ├── russross │ │ └── blackfriday │ │ │ └── v2 │ │ │ └── LICENSE.txt │ ├── sagikazarmark │ │ └── locafero │ │ │ └── LICENSE │ ├── sergi │ │ └── go-diff │ │ │ └── LICENSE │ ├── shogo82148 │ │ └── go-shuffle │ │ │ └── LICENSE.md │ ├── skeema │ │ └── knownhosts │ │ │ └── LICENSE │ ├── sourcegraph │ │ └── conc │ │ │ └── LICENSE │ ├── spf13 │ │ ├── afero │ │ │ └── LICENSE.txt │ │ ├── cast │ │ │ └── LICENSE │ │ ├── cobra │ │ │ └── LICENSE.txt │ │ ├── pflag │ │ │ └── LICENSE │ │ └── viper │ │ │ └── LICENSE │ ├── stoewer │ │ └── go-strcase │ │ │ └── LICENSE │ ├── stretchr │ │ └── testify │ │ │ └── LICENSE │ ├── subosito │ │ └── gotenv │ │ │ └── LICENSE │ ├── x448 │ │ └── float16 │ │ │ └── LICENSE │ ├── xanzy │ │ └── ssh-agent │ │ │ └── LICENSE │ ├── xeipuuv │ │ ├── gojsonpointer │ │ │ └── NONE │ │ ├── gojsonreference │ │ │ └── NONE │ │ └── gojsonschema │ │ │ └── NONE │ └── yuin │ │ └── goldmark │ │ └── LICENSE ├── golang.org │ └── x │ │ ├── crypto │ │ └── LICENSE │ │ ├── exp │ │ └── LICENSE │ │ ├── mod │ │ └── LICENSE │ │ ├── net │ │ └── LICENSE │ │ ├── sync │ │ └── LICENSE │ │ ├── sys │ │ └── LICENSE │ │ ├── text │ │ └── LICENSE │ │ └── tools │ │ └── LICENSE ├── gonum.org │ └── v1 │ │ └── gonum │ │ ├── LICENSE │ │ └── graph │ │ └── formats │ │ ├── cytoscapejs │ │ └── testdata │ │ │ └── LICENSE │ │ ├── rdf │ │ └── testdata │ │ │ └── LICENSE.md │ │ └── sigmajs │ │ └── testdata │ │ └── LICENSE.txt ├── google.golang.org │ ├── genproto │ │ └── googleapis │ │ │ ├── api │ │ │ └── LICENSE │ │ │ └── rpc │ │ │ └── LICENSE │ └── protobuf │ │ └── LICENSE ├── gopkg.in │ ├── inf.v0 │ │ └── LICENSE │ ├── neurosnap │ │ └── sentences.v1 │ │ │ └── LICENSE.md │ ├── warnings.v0 │ │ └── LICENSE │ ├── yaml.v2 │ │ └── LICENSE │ └── yaml.v3 │ │ └── LICENSE ├── istio.io │ └── api │ │ └── LICENSE ├── k8s.io │ ├── apiextensions-apiserver │ │ └── LICENSE │ ├── apimachinery │ │ ├── LICENSE │ │ └── third_party │ │ │ └── forked │ │ │ └── golang │ │ │ └── LICENSE │ ├── gengo │ │ └── LICENSE │ ├── klog │ │ └── v2 │ │ │ └── LICENSE │ ├── kube-openapi │ │ ├── LICENSE │ │ └── pkg │ │ │ ├── internal │ │ │ └── third_party │ │ │ │ ├── go-json-experiment │ │ │ │ └── json │ │ │ │ │ └── LICENSE │ │ │ │ └── govalidator │ │ │ │ └── LICENSE │ │ │ └── validation │ │ │ ├── errors │ │ │ └── LICENSE │ │ │ ├── spec │ │ │ └── LICENSE │ │ │ ├── strfmt │ │ │ └── LICENSE │ │ │ └── validate │ │ │ └── LICENSE │ └── utils │ │ ├── LICENSE │ │ ├── inotify │ │ └── LICENSE │ │ ├── internal │ │ └── third_party │ │ │ └── forked │ │ │ └── golang │ │ │ └── LICENSE │ │ └── third_party │ │ └── forked │ │ └── golang │ │ └── LICENSE └── sigs.k8s.io │ ├── controller-tools │ └── LICENSE │ ├── json │ └── LICENSE │ ├── randfill │ └── LICENSE │ ├── structured-merge-diff │ └── v4 │ │ └── LICENSE │ └── yaml │ ├── LICENSE │ ├── goyaml.v2 │ └── LICENSE │ └── goyaml.v3 │ └── LICENSE ├── perf ├── .gitignore ├── README.md ├── benchmark │ ├── Chart.yaml │ ├── Pipfile │ ├── README.md │ ├── configs │ │ ├── README.md │ │ ├── istio │ │ │ ├── ext_authz │ │ │ │ ├── README.md │ │ │ │ ├── ext-authz_patch.yaml │ │ │ │ ├── installation.yaml │ │ │ │ ├── policy.yaml │ │ │ │ ├── postrun.sh │ │ │ │ ├── prerun.sh │ │ │ │ └── results │ │ │ │ │ ├── p50.png │ │ │ │ │ ├── p90.png │ │ │ │ │ ├── p99.png │ │ │ │ │ └── p999.png │ │ │ ├── ingressgateway_tls │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ └── latency.yaml │ │ │ ├── none │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ └── latency.yaml │ │ │ ├── none_tcp │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ └── latency.yaml │ │ │ ├── plaintext │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ ├── postrun.sh │ │ │ │ └── prerun.sh │ │ │ ├── security_authz_dry_run │ │ │ │ ├── config.json │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ ├── postrun.sh │ │ │ │ └── prerun.sh │ │ │ ├── security_authz_ip │ │ │ │ ├── config.json │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ ├── postrun.sh │ │ │ │ └── prerun.sh │ │ │ ├── security_authz_jwt │ │ │ │ ├── config.json │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ ├── postrun.sh │ │ │ │ └── prerun.sh │ │ │ ├── security_authz_path │ │ │ │ ├── config.json │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ ├── postrun.sh │ │ │ │ └── prerun.sh │ │ │ ├── security_peer_authn │ │ │ │ ├── config.json │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ ├── postrun.sh │ │ │ │ └── prerun.sh │ │ │ ├── telemetryv2_sd_full │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ └── latency.yaml │ │ │ ├── telemetryv2_sd_full_accesslogpolicy │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ └── latency.yaml │ │ │ ├── telemetryv2_sd_nologging │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ └── latency.yaml │ │ │ ├── telemetryv2_stats │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ └── latency.yaml │ │ │ └── telemetryv2_statswasm │ │ │ │ ├── cpu_mem.yaml │ │ │ │ ├── installation.yaml │ │ │ │ └── latency.yaml │ │ ├── linkerd │ │ │ └── linkerd_latency.yaml │ │ ├── run_perf_test.conf │ │ └── trialrun.yaml │ ├── flame │ │ ├── .gitignore │ │ ├── README.md │ │ ├── example_flame_graph │ │ │ ├── example_flagmegraph.svg │ │ │ └── example_output │ │ │ │ └── 15aa0cc9_qps_1000_c_1_1024_mixer_srv_bothsidecars_perf.svg │ │ ├── flame.sh │ │ ├── get_istiod_pprof.sh │ │ ├── get_perfdata.sh │ │ └── get_proxy_perf.sh │ ├── graph_plotter │ │ ├── README.md │ │ ├── example_plot │ │ │ ├── benchmark.csv │ │ │ └── plotter_output.png │ │ └── graph_plotter.py │ ├── linkerd │ │ ├── README.md │ │ ├── example-comparison │ │ │ ├── istio_vs_linkerd.png │ │ │ └── telemetryv2_vs_linkerd.png │ │ ├── linkerd-p50.png │ │ ├── linkerd-p90.png │ │ └── setup_linkerd.sh │ ├── run_benchmark_job.sh │ ├── runner │ │ ├── fortio.py │ │ ├── prom.py │ │ └── runner.py │ ├── security │ │ └── generate_policies │ │ │ ├── README.md │ │ │ ├── generate.go │ │ │ ├── generate_policies.go │ │ │ └── jwt.go │ ├── setup_test.sh │ ├── templates │ │ ├── fortio.yaml │ │ └── mtls.yaml │ ├── values-istio-auth.yaml │ └── values.yaml ├── docker │ ├── Dockerfile.rabbitmq │ ├── Dockerfile.redis │ ├── prom_client.py │ ├── rabbitmq │ │ └── client.py │ └── redis │ │ └── client.py ├── istio-install │ ├── README.md │ ├── addons │ │ ├── cert-manager.yaml │ │ ├── grafana-cm.yaml │ │ └── servicemonitors.yaml │ ├── base │ │ ├── Chart.yaml │ │ ├── files │ │ │ └── crds.yaml │ │ ├── templates │ │ │ ├── als.yaml │ │ │ ├── cert-manager.yaml │ │ │ ├── istio-gateway.yaml │ │ │ ├── prometheus-install.yaml │ │ │ └── prometheus-operator.yaml │ │ └── values.yaml │ ├── cluster.sh │ ├── create_sa.sh │ ├── gke_cluster_resources │ │ ├── Kptfile │ │ ├── cluster.yaml │ │ └── nodepool.yaml │ ├── istioctl_profiles │ │ ├── automtls.yaml │ │ ├── default-overlay.yaml │ │ ├── istio-non-sds.yaml │ │ ├── long-running-gateway.yaml │ │ ├── long-running.yaml │ │ ├── multi-citadel-non-sds.yaml │ │ └── sds-auth.yaml │ └── setup_istio.sh ├── load │ ├── Chart.yaml │ ├── README.md │ ├── auto-mtls │ │ ├── Chart.yaml │ │ ├── Dockerfile │ │ ├── README.md │ │ ├── scale.py │ │ ├── setup.sh │ │ ├── templates │ │ │ ├── config-changer.yaml │ │ │ ├── config-map.yaml │ │ │ ├── ingress.yaml │ │ │ ├── policy-and-dr.yaml │ │ │ └── service-graph.gen.yaml │ │ └── values.yaml │ ├── bootstrap-vm.sh │ ├── common.sh │ ├── loadclient │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── setup_test.sh │ │ ├── templates │ │ │ └── load_gen.yaml │ │ └── values.yaml │ ├── pilot │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── load_test.py │ │ ├── setup.sh │ │ ├── templates │ │ │ ├── service-entries.yaml │ │ │ └── services.yaml │ │ └── values.yaml │ ├── rotate │ │ ├── Dockerfile │ │ └── README.md │ ├── run_servicegraph_job.sh │ ├── service-graph-diagram.png │ ├── setup_large_test.sh │ ├── templates │ │ ├── _rbac.yaml │ │ ├── bad.yaml │ │ ├── config-changer.yaml │ │ ├── config-map.yaml │ │ ├── h2upgrade.yaml │ │ ├── istio-ingress.gen.yaml │ │ ├── service-graph.gen.yaml │ │ ├── sidecar.yaml │ │ └── strict.yaml │ ├── values-istio-auth.yaml │ └── values.yaml ├── other │ └── multicluster-vpc │ │ ├── .gitignore │ │ ├── README.md │ │ ├── reviews-v3.yaml │ │ ├── setup.sh │ │ └── values-istio-multicluster-vpc.yaml ├── security │ ├── sds-tests │ │ ├── egress-sds │ │ │ ├── README.md │ │ │ ├── cleanup.sh │ │ │ ├── request_script.sh │ │ │ ├── setup_client.sh │ │ │ ├── setup_destinationrule.sh │ │ │ ├── setup_gateway.sh │ │ │ ├── setup_nginx.sh │ │ │ ├── setup_test.sh │ │ │ └── setup_virtualservice.sh │ │ ├── ingress-sds │ │ │ ├── README.md │ │ │ ├── cleanup_ingress_secrets.sh │ │ │ ├── setup_client.sh │ │ │ ├── setup_gateway.sh │ │ │ ├── setup_test.sh │ │ │ ├── setup_virtualservice.sh │ │ │ └── templates │ │ │ │ └── deploy_gateway.yaml │ │ └── workload-sds │ │ │ ├── Chart.yaml │ │ │ ├── README.md │ │ │ ├── setup_test.sh │ │ │ ├── templates │ │ │ └── workload_rotate.yaml │ │ │ ├── values.yaml │ │ │ └── workload.yaml │ ├── utils │ │ ├── get_release.sh │ │ └── test-util.sh │ └── workload-deployments │ │ ├── Chart.yaml │ │ ├── templates │ │ └── httpbin_template.yaml │ │ └── values.yaml └── stability │ ├── alertmanager │ ├── Chart.yaml │ ├── prometheusrule.yaml │ ├── templates │ │ ├── alertmanager-service.yaml │ │ ├── alertmanager.yaml │ │ ├── alertmanagerconfig.yaml │ │ └── kube_state_metrics.yaml │ └── values.yaml │ ├── long_running.sh │ └── setup_test.sh ├── pkg ├── checker │ ├── README.md │ ├── allowlist.go │ ├── checker.go │ ├── report.go │ └── rule.go ├── markdown │ ├── md.go │ ├── md_test.go │ └── testdata │ │ ├── AnalysisMessageWeakSchema.input │ │ ├── AnalysisMessageWeakSchema.output │ │ ├── links.input │ │ ├── links.output │ │ ├── telemetry.input │ │ └── telemetry.output ├── orggen │ ├── org.go │ └── org │ │ └── util.go ├── protocgen │ └── generate.go ├── protomodel │ ├── baseDesc.go │ ├── enumDescriptor.go │ ├── fileDescriptor.go │ ├── frontMatter.go │ ├── locationDescriptor.go │ ├── messageDescriptor.go │ ├── model.go │ ├── packageDescriptor.go │ ├── pathVector.go │ └── serviceDescriptor.go └── schemavalidation │ └── validation.go └── vendors └── google ├── README.md ├── install_asm.sh ├── istioctl_profiles └── long-running-asm.yaml ├── long_running_asm.sh └── setup_workload.sh /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "istio build-tools", 3 | "image": "gcr.io/istio-testing/build-tools:master-6a1c744ef226989e2d5be532282f9098f77877fd", 4 | "privileged": true, 5 | "remoteEnv": { 6 | "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", 7 | "BUILD_WITH_CONTAINER": "0", 8 | "CARGO_HOME": "/home/.cargo", 9 | "RUSTUP_HOME": "/home/.rustup" 10 | }, 11 | "features": { 12 | "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}, 13 | "ghcr.io/mpriscella/features/kind:1": {} 14 | }, 15 | "customizations": { 16 | "vscode": { 17 | "extensions": [ 18 | "golang.go", 19 | "rust-lang.rust-analyzer", 20 | "eamodio.gitlens", 21 | "zxh404.vscode-proto3", 22 | "ms-azuretools.vscode-docker", 23 | "redhat.vscode-yaml", 24 | "IBM.output-colorizer" 25 | ], 26 | "settings": { 27 | "files.eol": "\n", 28 | "go.useLanguageServer": true, 29 | "go.lintTool": "golangci-lint" 30 | } 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.descriptor linguist-generated=true 2 | *.descriptor -diff -merge 3 | *.descriptor_set linguist-generated=true 4 | *.descriptor_set -diff -merge 5 | *.pb.html linguist-generated=true 6 | *.pb.go linguist-generated=true 7 | *.gen.go linguist-generated=true 8 | *.gen.yaml linguist-generated=true 9 | *.gen.json linguist-generated=true 10 | *_pb2.py linguist-generated=true 11 | manifests/charts/**/profile*.yaml linguist-generated=true 12 | go.sum merge=union 13 | vendor/** linguist-vendored 14 | common/** linguist-vendored 15 | archive/** linquist-vendored 16 | **/vmlinux.h linquist-vendored 17 | -------------------------------------------------------------------------------- /.github/SECURITY.md: -------------------------------------------------------------------------------- 1 | Refer to [Istio Security Overview](https://github.com/istio/istio/blob/master/.github/SECURITY.md) for more details. 2 | -------------------------------------------------------------------------------- /BUGS-AND-FEATURE-REQUESTS.md: -------------------------------------------------------------------------------- 1 | # Bugs and Feature Requests 2 | 3 | You can report bugs and feature requests to the Istio team in one of three places: 4 | 5 | - [Product Bugs and Feature Requests](https://github.com/istio/istio/issues) 6 | - [Documentation Bugs and Feature Requests](https://github.com/istio/istio.io/issues) 7 | - [Community and Governance Issues](https://github.com/istio/community/issues) 8 | 9 | For security vulnerabilities, please don't report a bug (which is public) and instead follow 10 | [these procedures](https://istio.io/about/security-vulnerabilities/). 11 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @istio/wg-test-and-release-maintainers 2 | cmd/gen-release-notes/templates @istio/wg-test-and-release-maintainers @istio/wg-docs-maintainers @istio/release-managers 3 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribution guidelines 2 | 3 | So you want to hack on Istio? Yay! Please refer to Istio's overall 4 | [contribution guidelines](https://github.com/istio/community/blob/master/CONTRIBUTING.md) 5 | to find out how you can help. 6 | -------------------------------------------------------------------------------- /Makefile.overrides.mk: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # this repo is on the container plan by default 16 | BUILD_WITH_CONTAINER ?= 1 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Go Report Card](https://goreportcard.com/badge/github.com/istio/tools)](https://goreportcard.com/report/github.com/istio/tools) 2 | [![GoDoc](https://godoc.org/github.com/istio/tools?status.svg)](https://godoc.org/github.com/istio/tools) 3 | 4 | # Tools 5 | 6 | This repository contains tools useful in building Istio. 7 | 8 | ## Performance Testing 9 | 10 | See [perf](./perf/README.md) for details on how to setup the performance and stability tests. 11 | -------------------------------------------------------------------------------- /SUPPORT.md: -------------------------------------------------------------------------------- 1 | # Support 2 | 3 | Here are some resources to help you understand and use Istio: 4 | 5 | - For in-depth information about how to use Istio, visit [istio.io](https://istio.io) 6 | - To ask questions and get assistance from our community, visit [GitHub Discussions](https://github.com/istio/istio/discussions) 7 | - To learn how to participate in our overall community, visit [our community page](https://istio.io/latest/get-involved/) 8 | -------------------------------------------------------------------------------- /ambient-tests/.gitignore: -------------------------------------------------------------------------------- 1 | data 2 | graphs 3 | results 4 | secrets 5 | .venv 6 | *.pcap 7 | dumps 8 | __pycache__ 9 | -------------------------------------------------------------------------------- /ambient-tests/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: docker-build run-netperf 2 | 3 | run-netperf: 4 | ./scripts/netperf/run.sh 5 | ./scripts/netperf/gen-csv.sh 6 | python ./scripts/netperf/graphs.py 7 | 8 | run-fortio: 9 | ./scripts/fortio/run.sh 10 | ./scripts/fortio/gen-csv.sh 11 | python ./scripts/fortio/graphs.py 12 | 13 | docker-build: 14 | make build push -C netperf 15 | 16 | -------------------------------------------------------------------------------- /ambient-tests/docker/.dockerignore: -------------------------------------------------------------------------------- 1 | Dockerfile 2 | -------------------------------------------------------------------------------- /ambient-tests/docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # This is the only version that is available 2 | # hadolint ignore=DL3007 3 | FROM networkstatic/netserver:latest 4 | RUN apt-get update -y && apt-get upgrade -y \ 5 | && apt-get install -y --no-install-recommends \ 6 | ca-certificates \ 7 | netcat \ 8 | net-tools \ 9 | tcpdump \ 10 | netperf \ 11 | less \ 12 | ncat \ 13 | termshark \ 14 | python3 \ 15 | curl \ 16 | && rm -rf /var/lib/apt/lists/* 17 | 18 | RUN curl -OL https://github.com/fortio/fortio/releases/download/v1.17.0/fortio_1.17.0_amd64.deb \ 19 | && dpkg -i fortio_1.17.0_amd64.deb 20 | 21 | # tcp echo port 22 | EXPOSE 6789 23 | # data port for netperf 24 | EXPOSE 35000 25 | # config port netperf 26 | EXPOSE 12865 27 | # python http server 28 | EXPOSE 8000 29 | # fortio server 30 | EXPOSE 8080 31 | EXPOSE 8078 32 | EXPOSE 8079 33 | 34 | WORKDIR "/ambient-performance" 35 | 36 | COPY . . 37 | ENTRYPOINT ["./server-and-sleep.sh"] 38 | -------------------------------------------------------------------------------- /ambient-tests/docker/Makefile: -------------------------------------------------------------------------------- 1 | CR=stjinxuan.azurecr.io 2 | NAME=ambient-performance 3 | CR_NAME=$(CR)/$(NAME) 4 | 5 | .PHONY: build push run push-cr push-local 6 | 7 | default: build 8 | 9 | build: 10 | docker build . -t $(CR_NAME) -t $(NAME) 11 | 12 | push-cr: 13 | docker push $(CR_NAME) 14 | 15 | push-local: 16 | kind load docker-image $(CR_NAME) 17 | 18 | push: push-cr 19 | 20 | run: 21 | docker run --rm --name $(NAME) $(NAME) -P 22 | -------------------------------------------------------------------------------- /ambient-tests/docker/README.md: -------------------------------------------------------------------------------- 1 | # Netperf 2 | 3 | Lightweight Docker image running netperf and an echo server. 4 | Also includes various network debugging utilities. 5 | -------------------------------------------------------------------------------- /ambient-tests/docker/server-and-sleep.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -eux 18 | netserver "$@" 19 | ncat -e /bin/cat -k -l 6789 & 20 | python ./tcp_ping/server.py & 21 | fortio server & 22 | python3 -m http.server & 23 | sleep 365d 24 | -------------------------------------------------------------------------------- /ambient-tests/push_error.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/ambient-tests/push_error.png -------------------------------------------------------------------------------- /ambient-tests/requirements.txt: -------------------------------------------------------------------------------- 1 | matplotlib 2 | pandas 3 | python-dotenv 4 | -------------------------------------------------------------------------------- /ambient-tests/scripts/fortio/gen-csv.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -eux 18 | 19 | # shellcheck disable=SC1091 20 | source scripts/config.sh 21 | 22 | # TODO: names? 23 | python scripts/fortio/results_to_csv.py < "$FORTIO_RESULTS/serial" > "$FORTIO_RESULTS/serial.csv" 24 | python scripts/fortio/results_to_csv.py < "$FORTIO_RESULTS/parallel" > "$FORTIO_RESULTS/parallel.csv" 25 | 26 | -------------------------------------------------------------------------------- /ambient-tests/scripts/netperf/gen-csv.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Create csv from key-value pairs. 18 | 19 | set -eu 20 | shopt -s extglob 21 | # shellcheck disable=SC1091 22 | source scripts/config.sh 23 | 24 | # non csv files 25 | for file in $NETPERF_RESULTS/{TCP_STREAM,TCP_CRR,TCP_RR} 26 | do 27 | echo "$file" 28 | base=$(basename "$file") 29 | python ./scripts/netperf/results_to_csv.py \ 30 | "$TEST_RUN_SEPARATOR" \ 31 | < "$file" \ 32 | > "$NETPERF_RESULTS/$base.csv" 33 | done 34 | -------------------------------------------------------------------------------- /ambient-tests/scripts/netperf/results_to_csv.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | import csv 16 | from typing import Set, List, Dict 17 | import sys 18 | 19 | TEST_RUN_SEPARATOR = sys.argv[1] 20 | 21 | fieldnames: Set[str] = set() 22 | rows: List[Dict[str, str]] = [] 23 | row: Dict[str, str] = dict() 24 | 25 | for line in sys.stdin: 26 | line = line.strip() 27 | if line.strip() == TEST_RUN_SEPARATOR: 28 | fieldnames.update(row.keys()) 29 | rows.append(row) 30 | row = dict() 31 | continue 32 | 33 | line = line.split("=") 34 | if len(line) != 2: 35 | continue 36 | 37 | row[line[0]] = line[1] 38 | 39 | writer = csv.DictWriter(sys.stdout, fieldnames=fieldnames) 40 | 41 | writer.writeheader() 42 | for row in rows: 43 | writer.writerow(row) 44 | -------------------------------------------------------------------------------- /ambient-tests/yaml/cluster.yaml: -------------------------------------------------------------------------------- 1 | kind: Cluster 2 | apiVersion: kind.x-k8s.io/v1alpha4 3 | nodes: 4 | - role: control-plane 5 | - role: worker 6 | labels: 7 | role: server 8 | - role: worker 9 | labels: 10 | role: client 11 | -------------------------------------------------------------------------------- /bin/requirements.txt: -------------------------------------------------------------------------------- 1 | requests==2.32.0 2 | selenium==3.141.0 3 | schedule==0.6.0 4 | protobuf==3.18.3 5 | google-cloud-datastore==1.8.0 6 | -------------------------------------------------------------------------------- /cmd/envvarlinter/README.md: -------------------------------------------------------------------------------- 1 | # envvarlinter 2 | 3 | envvarlinter ensures that non-test files don't use os.Getenv and os.LookupEnv and instead use the functions from pkg/env. 4 | 5 | ## Allowlist 6 | 7 | If, for some reason, you want to disable lint rule for a file, you can add the file path and rule ID in 8 | [allowlist.go](allowlist.go). Rule ID is the name of that rule file without `.go` extension. 9 | You could also specify file path in regex. 10 | 11 | If you want to disable all rules for a file path, you can specify `*` as the ID. 12 | 13 | Example: 14 | 15 | ```go 16 | var Allowlist = map[string][]string{ 17 | "/istio/mixer/pkg/*": {"skip_issue", "short_skip"}, 18 | "/istio/pilot/pkg/simply_test.go": {"*"}, 19 | } 20 | ``` 21 | 22 | ## Running envvarlinter 23 | 24 | ```bash 25 | go run envvarlinter 26 | ``` 27 | -------------------------------------------------------------------------------- /cmd/envvarlinter/allowlist.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | // Allowlist contains pairs of file and rule IDs. Each file maps to an array of rules which 18 | // should not apply to that file. Each rule is represented by its unique rule ID, which is the 19 | // file name of that rule without ".go" extension in the rules package. 20 | var Allowlist = map[string][]string{} 21 | -------------------------------------------------------------------------------- /cmd/envvarlinter/testdata/envuse.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package testdata 16 | 17 | import "os" 18 | 19 | func Envuse() { 20 | _ = os.Getenv("DONTDOIT") 21 | _, _ = os.LookupEnv("ANDDONTDOTHISEITHER") 22 | } 23 | -------------------------------------------------------------------------------- /cmd/evaluate-docs/README.md: -------------------------------------------------------------------------------- 1 | # Istio documentation evaluation 2 | 3 | The tooling in this directory is used to evaluate documentation on the Istio.io 4 | website, looking for documentation without tests and evaluating it based on 5 | Google analytics results. Pages are divided into different priorities based on 6 | thresholds for P0, P1, and P2 and a CSV file is generated with the results. This 7 | can then be imported into a Google docs spreadsheet in order to create the 8 | testing day spreadsheet. 9 | 10 | ## Usage 11 | 12 | First, export a CSV containing the Istio.io analytics. In this case, it's called 13 | istio.csv. 14 | 15 | ```bash 16 | go build . 17 | ./evaluate-docs --analyticspath istio.csv --docspath ~/code/istio/istio.io/istio.io/content/ --outpath out.csv 18 | ``` 19 | 20 | * analyticspath represents the path to the analytics CSV 21 | * docspath represents the path to a cloned, up to date copy of the Istio.io docs repo 22 | * outpath represents the file to store the evaluation results in 23 | -------------------------------------------------------------------------------- /cmd/evaluate-docs/scorer.go: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | type scorer interface { 18 | Score(filenames []FileEntry) []FileEntry 19 | } 20 | -------------------------------------------------------------------------------- /cmd/gen-release-notes/templates/releaseNotes.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Announcing Istio 3 | linktitle: 4 | subtitle: Patch Release 5 | description: Istio patch release. 6 | publishdate: 2020-07-29 7 | release: 8 | aliases: 9 | - /news/announcing- 10 | --- 11 | 12 | {{< warning >}} 13 | This is an automatically generated rough draft of the release notes and has not yet been reviewed. 14 | {{< /warning >}} 15 | 16 | This release contains bug fixes to improve robustness. This release note describes what’s different between Istio and Istio 17 | 18 | {{< relnote >}} 19 | 20 | ## Changes 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | ## Security update 34 | 35 | 36 | -------------------------------------------------------------------------------- /cmd/gen-release-notes/templates/upgradeNotes.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Upgrade Notes 3 | description: Important changes to consider when upgrading to Istio . 4 | weight: 20 5 | --- 6 | 7 | {{< warning >}} 8 | This is an automatically generated rough draft of the release notes and has not yet been reviewed. 9 | {{< /warning >}} 10 | 11 | When you upgrade from Istio to Istio , you need to consider the changes on this page. 12 | These notes detail the changes which purposefully break backwards compatibility with Istio . 13 | The notes also mention changes which preserve backwards compatibility while introducing new behavior. 14 | Changes are only included if the new behavior would be unexpected to a user of Istio . 15 | 16 | 17 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/negative/defaults/emptygroup/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Package emptygroup is for test 16 | // test should fail because the group in group/version is missing 17 | // +kubetype-gen:groupVersion=groupversion 18 | package emptygroup 19 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/negative/defaults/emptygroup/type.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package emptygroup 16 | 17 | // Test is for test 18 | // +kubetype-gen 19 | type Test struct { 20 | Field string 21 | } 22 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/negative/defaults/invalidgroupversion/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Package invalidgroupversion is for test 16 | // test should fail because the group/version is invalid (schema.ParseGroupVersion() error) 17 | // +kubetype-gen:groupVersion=group/version/version 18 | package invalidgroupversion 19 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/negative/defaults/invalidgroupversion/type.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package invalidgroupversion 16 | 17 | // Test is for test 18 | // +kubetype-gen 19 | type Test struct { 20 | Field string 21 | } 22 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/positive/defaults/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Package defaults is for test 16 | // +kubetype-gen:package=success/defaults 17 | // +kubetype-gen:groupVersion=group/version 18 | package defaults 19 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/positive/defaults/type.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package defaults 16 | 17 | // AllOverridden is for test 18 | // +kubetype-gen 19 | // +kubetype-gen:groupVersion=group2/version2 20 | // +kubetype-gen:package=success/defaults/override 21 | type AllOverridden struct { 22 | Field string 23 | } 24 | 25 | // Defaulted is for test 26 | // +kubetype-gen 27 | type Defaulted struct { 28 | Field string 29 | } 30 | 31 | // NotGenerated is for test 32 | type NotGenerated struct { 33 | Field string 34 | } 35 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_output/defaults/group/version/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Code generated by kubetype-gen. DO NOT EDIT. 16 | 17 | // Package has auto-generated kube type wrappers for raw types. 18 | // +k8s:openapi-gen=true 19 | // +k8s:deepcopy-gen=package 20 | // +groupName=group 21 | package version 22 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_output/defaults/group2/version2/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Code generated by kubetype-gen. DO NOT EDIT. 16 | 17 | // Package has auto-generated kube type wrappers for raw types. 18 | // +k8s:openapi-gen=true 19 | // +k8s:deepcopy-gen=package 20 | // +groupName=group2 21 | package version2 22 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_output/types/group/version/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Code generated by kubetype-gen. DO NOT EDIT. 16 | 17 | // Package has auto-generated kube type wrappers for raw types. 18 | // +k8s:openapi-gen=true 19 | // +k8s:deepcopy-gen=package 20 | // +groupName=group 21 | package version 22 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_output/types/group2/version/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Code generated by kubetype-gen. DO NOT EDIT. 16 | 17 | // Package has auto-generated kube type wrappers for raw types. 18 | // +k8s:openapi-gen=true 19 | // +k8s:deepcopy-gen=package 20 | // +groupName=group2.test.io 21 | package version 22 | -------------------------------------------------------------------------------- /cmd/mvpage/README.md: -------------------------------------------------------------------------------- 1 | # mvpage 2 | 3 | This tool simplifies the task of moving markdown pages within istio.io. You run the tool with 4 | 5 | ```bash 6 | mvpage 7 | ``` 8 | 9 | When the original and new markdown files are located in one of Hugo's content directory 10 | within the repo. The command will: 11 | 12 | - Move the original file to the new location (creating any necessary directories along the way). 13 | 14 | - Update all links to the moved page within the web site to point to the page's new location. 15 | 16 | - Add an alias entry to the page's front-matter such that any bookmarks set to the old page's 17 | address will continue working and be redirected to the new address automatically. 18 | -------------------------------------------------------------------------------- /cmd/protoc-gen-alias/Makefile: -------------------------------------------------------------------------------- 1 | test: build 2 | cd test && make clean test 3 | 4 | build: 5 | go install . -------------------------------------------------------------------------------- /cmd/protoc-gen-alias/README.md: -------------------------------------------------------------------------------- 1 | # protoc-gen-alias 2 | 3 | `protoc-gen-alias` is a plugin for protoc which type alias for all messages, such that one protobuf definition can 4 | be consumed from many Go packages 5 | 6 | ## Usage 7 | 8 | Usage is typically through `buf`, but you can use directly. 9 | See `test/Makefile` for example usage. 10 | 11 | ## Configuration 12 | 13 | The plugin looks for a comment like `+cue-gen:Simple:versions:v1,v1alpha` on the package. 14 | This will generate aliases to the current version, for all versions listed (the current version is ignored). 15 | 16 | ## Examples Of Generated Code 17 | 18 | ```go 19 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 20 | type Simple = v1.Simple 21 | type Simple_Name = v1.Simple_Name 22 | type Simple_Number = v1.Simple_Number 23 | type SimpleWithMap = v1.SimpleWithMap 24 | type SimpleWithMap_Nested = v1.SimpleWithMap_Nested 25 | type ReferencedMap = v1.ReferencedMap 26 | type ImportedReference = v1.ImportedReference 27 | ``` 28 | -------------------------------------------------------------------------------- /cmd/protoc-gen-alias/test/Makefile: -------------------------------------------------------------------------------- 1 | 2 | go_package = istio.io/tools/cmd/protoc-gen-golang-jsonshim/test/generated 3 | 4 | all: clean test 5 | 6 | clean: 7 | if [ -d "generated" ]; then rm -rf generated; fi 8 | 9 | test: generate gobuild gotest 10 | 11 | generate: 12 | if [ ! -d "generated" ]; then mkdir generated; fi 13 | protoc --go_out=. --go_opt=paths=source_relative \ 14 | --alias_out=. --alias_opt=paths=source_relative \ 15 | v1/*.proto 16 | 17 | gobuild: 18 | go build ./... 19 | 20 | gotest: 21 | go test . 22 | -------------------------------------------------------------------------------- /cmd/protoc-gen-alias/test/v1/external.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package istio.tools.test; 18 | 19 | option go_package = "istio.io/tools/cmd/protoc-gen-alias/test/v1"; 20 | 21 | message ExternalSimple { 22 | uint32 fieldC = 1; 23 | message ExternalNested { 24 | map fieldA = 1; 25 | } 26 | ExternalNested fieldD = 2; 27 | } 28 | -------------------------------------------------------------------------------- /cmd/protoc-gen-alias/test/v1alpha/types_alias.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-alias. DO NOT EDIT. 2 | package v1alpha 3 | 4 | import "istio.io/tools/cmd/protoc-gen-alias/test/v1" 5 | 6 | // Simple case 7 | // +cue-gen:Simple:versions:v1,v1alpha 8 | type Simple = v1.Simple 9 | type Simple_Name = v1.Simple_Name 10 | type Simple_Number = v1.Simple_Number 11 | 12 | // Simple case with map and map field should not have MarshalJSON/UnmarshalJSON 13 | type SimpleWithMap = v1.SimpleWithMap 14 | type SimpleWithMap_Nested = v1.SimpleWithMap_Nested 15 | 16 | // verify no MarshalJSON/UnmarshalJSON functions are created for referenced map 17 | type ReferencedMap = v1.ReferencedMap 18 | 19 | // verify no MarshalJSON/UnmarshalJSON functions are created for imported map 20 | type ImportedReference = v1.ImportedReference 21 | -------------------------------------------------------------------------------- /cmd/protoc-gen-crd/README.md: -------------------------------------------------------------------------------- 1 | # `protoc-gen-crd` 2 | 3 | `protoc-gen-crd` is a plugin for protobufs to compile to Kubernetes CRD (OpenAPI) schemas. 4 | 5 | This command is a fork of , which originated the Protobuf -> OpenAPI logic that forms the basis for this command. 6 | 7 | Along with general changes to support CRDs (and removal of pieces not needed for CRDs), this fork is highly Istio opinionated, hence the fork. 8 | In part, this maintains compatibility with the older CRD generation mechanism, `cue-gen`. 9 | -------------------------------------------------------------------------------- /cmd/protoc-gen-docs/Makefile: -------------------------------------------------------------------------------- 1 | 2 | all: build run 3 | 4 | build: 5 | go build -o protoc-gen-docs *.go 6 | 7 | run: 8 | rm -fr fm page fragment pf sp 9 | mkdir fm page fragment pf sp 10 | protoc -Iprotos -I. --plugin=./protoc-gen-docs --docs_out=warnings=false,emit_yaml=true,mode=html_page:page/. testdata/test1.proto testdata/test2.proto testdata/test3.proto 11 | protoc -Iprotos -I. --plugin=./protoc-gen-docs --docs_out=warnings=false,mode=html_fragment_with_front_matter:fm/. testdata/test1.proto testdata/test2.proto testdata/test3.proto 12 | protoc -Iprotos -I. --plugin=./protoc-gen-docs --docs_out=warnings=false,mode=html_fragment:fragment/. testdata/test1.proto testdata/test2.proto testdata/test3.proto 13 | protoc -Iprotos -I. --plugin=./protoc-gen-docs --docs_out=warnings=true,per_file=true,mode=html_fragment_with_front_matter:pf/. testdata/test1.proto 14 | protoc -Iprotos -I. --plugin=./protoc-gen-docs --docs_out=warnings=true,dictionary=dictionaries/en-US,custom_word_list=dictionaries/custom.txt,mode=html_fragment_with_front_matter:sp/. testdata/test6.proto 15 | 16 | clean: 17 | @rm -fr fm page fragment pf sp sp2 protoc-gen-docs 18 | -------------------------------------------------------------------------------- /cmd/protoc-gen-docs/dictionaries/custom.txt: -------------------------------------------------------------------------------- 1 | Istio 2 | 3 | -------------------------------------------------------------------------------- /cmd/protoc-gen-docs/testdata/test2.proto: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | syntax = "proto3"; 15 | 16 | package testpkg; 17 | 18 | message Test2 { 19 | // field1 is a field 20 | int32 field1 = 1; 21 | 22 | // an array of strings 23 | repeated string str = 2; 24 | 25 | double field3 = 3; 26 | float field4 = 4; 27 | fixed32 field5 = 5; 28 | sfixed32 field6 = 6; 29 | sint32 field7 = 7; 30 | uint32 field8 = 8; 31 | } 32 | -------------------------------------------------------------------------------- /cmd/protoc-gen-docs/testdata/test3.proto: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | syntax = "proto3"; 15 | 16 | // $location: https://foo.com/bar.html 17 | 18 | package testpkg2; 19 | 20 | // Test3 is a message that I use for testing. 21 | message Test3 { 22 | // field1 is a field 23 | int32 field1 = 1; 24 | 25 | // an array of strings 26 | repeated string str = 2; 27 | 28 | double field3 = 3; 29 | float field4 = 4; 30 | fixed32 field5 = 5; 31 | sfixed32 field6 = 6; 32 | sint32 field7 = 7; 33 | uint32 field8 = 8; 34 | 35 | enum Nested { 36 | ONE = 0; 37 | TWO = 1; 38 | THREE = 2; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /cmd/protoc-gen-docs/testdata/test4.proto: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | syntax = "proto3"; 15 | 16 | // Test4 is a message that I use for testing. 17 | message Test4 { 18 | // field1 is a field 19 | int32 field1 = 1; 20 | 21 | // an array of strings 22 | repeated string str = 2; 23 | 24 | double field3 = 3; 25 | float field4 = 4; 26 | fixed32 field5 = 5; 27 | sfixed32 field6 = 6; 28 | sint32 field7 = 7; 29 | uint32 field8 = 8; 30 | 31 | enum Nested { 32 | ONE = 0; 33 | TWO = 1; 34 | THREE = 2; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /cmd/protoc-gen-docs/testdata/test6.proto: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | syntax = "proto3"; 15 | 16 | // $title: My Title 17 | // $description: My Overview 18 | // $location: https://mysite.com/mypage.html 19 | // $weight: custom weight 20 | // $front_matter: foo: bar 21 | 22 | // Package-level comment 1 23 | package testpkg; 24 | 25 | // Some good words 26 | // Xsome Xbad xwords 27 | // `xsome xbad xwords` 28 | // some `xbad` words 29 | // some `xbas` xwords 30 | // some [bad](normallink) normal 31 | // some [bad][testpkg.TypeY] normal 32 | // ``` 33 | // doesntmatter 34 | // ``` 35 | // thismatters 36 | // this is fine 37 | message TypeX { 38 | } 39 | 40 | // Comment for this type 41 | message TypeY { 42 | 43 | } 44 | 45 | message TypeZ { 46 | } -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-deepcopy/Makefile: -------------------------------------------------------------------------------- 1 | test: build 2 | cd test && make clean test 3 | 4 | build: 5 | go install . -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-deepcopy/test/Makefile: -------------------------------------------------------------------------------- 1 | 2 | go_package = istio.io/tools/cmd/protoc-gen-golang-deepcopy/test/generated 3 | 4 | all: clean test 5 | 6 | clean: 7 | if [ -d "generated" ]; then rm -rf generated; fi 8 | 9 | test: generate gobuild gotest 10 | 11 | generate: 12 | if [ ! -d "generated" ]; then mkdir generated; fi 13 | protoc --go_out=./generated --golang-deepcopy_out=:./generated types.proto 14 | 15 | gobuild: 16 | go build ./... 17 | 18 | gotest: 19 | go test . 20 | -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-deepcopy/test/types.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package istio.tools.test; 18 | 19 | option go_package = ".;generated"; 20 | 21 | // ensure DeepCopyInto function is created 22 | message TagType { 23 | uint32 fieldA = 1; 24 | string fieldB = 2; 25 | } 26 | 27 | // ensure repeated field in an API is not copied twice. 28 | message RepeatedFieldType { 29 | repeated string ns = 1; 30 | } 31 | -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-jsonshim/Makefile: -------------------------------------------------------------------------------- 1 | test: build 2 | cd test && make clean test 3 | 4 | build: 5 | go install . -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-jsonshim/test/Makefile: -------------------------------------------------------------------------------- 1 | 2 | go_package = istio.io/tools/cmd/protoc-gen-golang-jsonshim/test/generated 3 | 4 | all: clean test 5 | 6 | clean: 7 | if [ -d "generated" ]; then rm -rf generated; fi 8 | 9 | test: generate gobuild gotest 10 | 11 | generate: 12 | if [ ! -d "generated" ]; then mkdir generated; fi 13 | protoc --go_out=./generated --golang-jsonshim_out=:./generated types.proto external.proto 14 | 15 | gobuild: 16 | go build ./... 17 | 18 | gotest: 19 | go test . 20 | -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-jsonshim/test/external.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package istio.tools.test; 18 | 19 | option go_package = ".;generated"; 20 | 21 | message ExternalSimple { 22 | uint32 fieldC = 1; 23 | message ExternalNested { 24 | map fieldA = 1; 25 | } 26 | ExternalNested fieldD = 2; 27 | } 28 | -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-jsonshim/test/generated/external_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package generated 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for ExternalSimple 10 | func (this *ExternalSimple) MarshalJSON() ([]byte, error) { 11 | str, err := ExternalMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for ExternalSimple 16 | func (this *ExternalSimple) UnmarshalJSON(b []byte) error { 17 | return ExternalUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for ExternalSimple_ExternalNested 21 | func (this *ExternalSimple_ExternalNested) MarshalJSON() ([]byte, error) { 22 | str, err := ExternalMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for ExternalSimple_ExternalNested 27 | func (this *ExternalSimple_ExternalNested) UnmarshalJSON(b []byte) error { 28 | return ExternalUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | var ( 32 | ExternalMarshaler = &jsonpb.Marshaler{} 33 | ExternalUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 34 | ) 35 | -------------------------------------------------------------------------------- /cmd/testlinter/allowlist.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | // Allowlist contains pairs of file and rule IDs. Each file maps to an array of rules which 18 | // should not apply to that file. Each rule is represented by its unique rule ID, which is the 19 | // file name of that rule without ".go" extension in the rules package. 20 | var Allowlist = map[string][]string{} 21 | -------------------------------------------------------------------------------- /cmd/testlinter/lint_rules_list.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | import ( 18 | "istio.io/tools/cmd/testlinter/rules" 19 | "istio.io/tools/pkg/checker" 20 | ) 21 | 22 | // LintRulesList is a map that maps test type to list of lint rules. Linter applies corresponding 23 | // list of lint rules to each type of tests. 24 | var LintRulesList = map[TestType][]checker.Rule{ 25 | UnitTest: { // list of rules which should apply to unit test file 26 | rules.NewSkipByIssue(), 27 | }, 28 | IntegTest: { // list of rules which should apply to integration test file 29 | rules.NewSkipByIssue(), 30 | }, 31 | E2eTest: { // list of rules which should apply to e2e test file 32 | rules.NewSkipByIssue(), 33 | }, 34 | } 35 | -------------------------------------------------------------------------------- /common/.commonfiles.sha: -------------------------------------------------------------------------------- 1 | 2dfbf3bcd0b3c217b5d8a285472cabf492f8eae3 2 | -------------------------------------------------------------------------------- /common/config/.hadolint.yml: -------------------------------------------------------------------------------- 1 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 2 | # 3 | # The original version of this file is located in the https://github.com/istio/common-files repo. 4 | # If you're looking at this file in a different repo and want to make a change, please go to the 5 | # common-files repo, make the change there and check it in. Then come back to this repo and run 6 | # "make update-common". 7 | 8 | ignored: 9 | - DL3008 10 | - DL3059 11 | 12 | trustedRegistries: 13 | - gcr.io 14 | - docker.io 15 | - quay.io 16 | - "*.pkg.dev" 17 | - "cgr.dev" 18 | -------------------------------------------------------------------------------- /common/config/.yamllint.yml: -------------------------------------------------------------------------------- 1 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 2 | # 3 | # The original version of this file is located in the https://github.com/istio/common-files repo. 4 | # If you're looking at this file in a different repo and want to make a change, please go to the 5 | # common-files repo, make the change there and check it in. Then come back to this repo and run 6 | # "make update-common". 7 | 8 | rules: 9 | braces: disable 10 | brackets: disable 11 | colons: enable 12 | commas: disable 13 | comments: disable 14 | comments-indentation: disable 15 | document-end: disable 16 | document-start: disable 17 | empty-lines: disable 18 | empty-values: disable 19 | hyphens: enable 20 | indentation: disable 21 | key-duplicates: enable 22 | key-ordering: disable 23 | line-length: disable 24 | new-line-at-end-of-file: disable 25 | new-lines: enable 26 | octal-values: disable 27 | quoted-strings: disable 28 | trailing-spaces: disable 29 | truthy: disable 30 | -------------------------------------------------------------------------------- /common/config/mdl.rb: -------------------------------------------------------------------------------- 1 | all 2 | rule 'MD002', :level => 1 3 | rule 'MD007', :indent => 4 4 | rule 'MD013', :line_length => 160, :code_blocks => false, :tables => false 5 | rule 'MD026', :punctuation => ".,;:!" 6 | exclude_rule 'MD013' 7 | exclude_rule 'MD014' 8 | exclude_rule 'MD030' 9 | exclude_rule 'MD032' 10 | exclude_rule 'MD033' 11 | exclude_rule 'MD041' 12 | exclude_rule 'MD046' 13 | -------------------------------------------------------------------------------- /common/config/tslint.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultSeverity": "error", 3 | "extends": [ 4 | "tslint:recommended" 5 | ], 6 | "rules": { 7 | "max-line-length": { 8 | "options": [160] 9 | }, 10 | "arrow-parens": false, 11 | "new-parens": true, 12 | "no-arg": true, 13 | "no-bitwise": true, 14 | "no-conditional-assignment": true, 15 | "no-consecutive-blank-lines": true, 16 | "no-console": { 17 | "severity": "warning", 18 | "options": ["debug", "info", "log", "time", "timeEnd", "trace"] 19 | }, 20 | "no-shadowed-variable": false, 21 | "eofline": false 22 | }, 23 | "jsRules": {}, 24 | "rulesDirectory": [] 25 | } -------------------------------------------------------------------------------- /common/scripts/copyright-banner-go.txt: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /common/scripts/format_go.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | golangci-lint run --fix -c ./common/config/.golangci.yml 25 | -------------------------------------------------------------------------------- /common/scripts/lint_copyright_banner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | set -e 25 | 26 | ec=0 27 | for fn in "$@"; do 28 | if ! grep -L -q -e "Apache License, Version 2" "${fn}"; then 29 | echo "Missing license: ${fn}" 30 | ec=1 31 | fi 32 | 33 | if ! grep -L -q -e "Copyright" "${fn}"; then 34 | echo "Missing copyright: ${fn}" 35 | ec=1 36 | fi 37 | done 38 | 39 | exit $ec 40 | -------------------------------------------------------------------------------- /common/scripts/lint_go.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | GOLANGCILINT_RUN_ARGS=(--output.text.path stdout --output.junit-xml.path "${ARTIFACTS}"/junit-lint.xml) 25 | 26 | if [[ "${ARTIFACTS}" != "" ]]; then 27 | golangci-lint run -v -c ./common/config/.golangci.yml "${GOLANGCILINT_RUN_ARGS[@]}" 28 | else 29 | golangci-lint run -v -c ./common/config/.golangci.yml 30 | fi 31 | -------------------------------------------------------------------------------- /docker/build-tools/bashrc: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Override prompt to avoid the annoying "I have no name!" in the default prompt 16 | PS1="build-tools:\w\\$ \[$(tput sgr0)\]" 17 | export PS1 18 | 19 | # Tab completion for make that works with istio's unique setup 20 | make_options=$(find /work/ -iname "Makefile*" | xargs -I {} grep -hoE '^[a-zA-Z0-9_.-]+:([^=]|$)' {} | sed 's/[^a-zA-Z0-9_.-]*$//' | sort -u) 21 | complete -W "$make_options" make 22 | -------------------------------------------------------------------------------- /docker/build-tools/install-python.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -eux 18 | 19 | PYTHON_VERSION=3.10.0 20 | apt-get install -y make build-essential libssl-dev zlib1g-dev \ 21 | libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm \ 22 | libncurses5-dev libncursesw5-dev xz-utils tk-dev 23 | wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz 24 | tar zxvf Python-${PYTHON_VERSION}.tgz 25 | cd Python-${PYTHON_VERSION} && ./configure --with-ensurepip=install && make -j 16 && make install 26 | cd .. && rm -rf ./Python-${PYTHON_VERSION} && rm -rf ./Python-${PYTHON_VERSION}.tgz 27 | -------------------------------------------------------------------------------- /examples/luacheck/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for installing lua filter 3 | name: luacheck 4 | version: 1.1.0 5 | appVersion: 1.1.0 6 | tillerVersion: ">=2.7.2" 7 | icon: https://istio.io/favicons/android-192x192.png 8 | -------------------------------------------------------------------------------- /examples/luacheck/README.md: -------------------------------------------------------------------------------- 1 | The Lua filter is injected before the Istio `jwt-auth` filter. If a JWT token is presented on an HTTP request, the Lua filter will check if the JWT token header contains `alg:ES256`, and if so, reject the request. 2 | 3 | To install the Lua filter, please invoke the following commands: 4 | 5 | ```bash 6 | $ git clone git@github.com:istio/tools.git 7 | $ cd tools/examples/luacheck/ 8 | $ ./setup.sh 9 | ``` 10 | -------------------------------------------------------------------------------- /examples/luacheck/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck disable=SC2086 18 | WD=$(dirname $0) 19 | WD=$(cd "${WD}"; pwd) 20 | cd "${WD}" 21 | 22 | set -ex 23 | 24 | helm template . | kubectl -n istio-system apply -f - 25 | -------------------------------------------------------------------------------- /examples/luacheck/templates/filter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: EnvoyFilter 3 | metadata: 4 | name: jwt-reject-lua-filter 5 | spec: 6 | filters: 7 | - listenerMatch: 8 | listenerType: GATEWAY 9 | filterName: envoy.lua 10 | filterType: HTTP 11 | filterConfig: 12 | inlineCode: |- 13 | {{ .Files.Get "jwt.lua" | nindent 10 }} 14 | -------------------------------------------------------------------------------- /examples/luacheck/templates/meshPolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.globalMeshPolicy }} 2 | apiVersion: authentication.istio.io/v1alpha1 3 | kind: MeshPolicy 4 | metadata: 5 | name: default 6 | spec: 7 | origins: 8 | - jwt: 9 | issuer: testing@secure.istio.io 10 | jwksUri: https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json 11 | peers: 12 | - mtls: {} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /examples/luacheck/values.yaml: -------------------------------------------------------------------------------- 1 | globalMeshPolicy: false 2 | -------------------------------------------------------------------------------- /isotope/convert/cmd/root.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package cmd 16 | 17 | import ( 18 | "fmt" 19 | "os" 20 | 21 | "github.com/spf13/cobra" 22 | ) 23 | 24 | // rootCmd represents the base command when called without any subcommands 25 | var rootCmd = &cobra.Command{ 26 | Use: "service-grapher", 27 | Short: "Converts a service graph expressed in YAML to various formats", 28 | } 29 | 30 | // Execute adds all child commands to the root command and sets flags 31 | // appropriately. This is called by main.main(). It only needs to happen once to 32 | // the rootCmd. 33 | func Execute() { 34 | err := rootCmd.Execute() 35 | exitIfError(err) 36 | } 37 | 38 | func exitIfError(err error) { 39 | if err != nil { 40 | fmt.Println(err) 41 | os.Exit(1) 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /isotope/convert/main.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | import "istio.io/tools/isotope/convert/cmd" 18 | 19 | func main() { 20 | cmd.Execute() 21 | } 22 | -------------------------------------------------------------------------------- /isotope/convert/pkg/graph/graph.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package graph 16 | 17 | import "istio.io/tools/isotope/convert/pkg/graph/svc" 18 | 19 | // ServiceGraph describes a set of services which mock a service-oriented 20 | // architecture. 21 | type ServiceGraph struct { 22 | Services []svc.Service `json:"services"` 23 | } 24 | -------------------------------------------------------------------------------- /isotope/convert/pkg/graph/pct/error.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package pct 16 | 17 | import "fmt" 18 | 19 | // InvalidPercentageStringError is returned when parsing an invalid percentage 20 | // string. 21 | type InvalidPercentageStringError struct { 22 | String string 23 | } 24 | 25 | func (e InvalidPercentageStringError) Error() string { 26 | return fmt.Sprintf( 27 | "invalid percentage as string: %v (must be between \"0%%\" and \"100%%\")", 28 | e.String) 29 | } 30 | 31 | // OutOfRangeError is returned when parsing a percentage that is out of range. 32 | type OutOfRangeError struct { 33 | Float float64 34 | } 35 | 36 | func (e OutOfRangeError) Error() string { 37 | return fmt.Sprintf( 38 | "percentage %v is out of range (must be between 0.0 and 1.0)", 39 | e.Float) 40 | } 41 | -------------------------------------------------------------------------------- /isotope/convert/pkg/graph/script/concurrent_command.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package script 16 | 17 | // ConcurrentCommand describes a set of commands that should be executed 18 | // simultaneously. 19 | type ConcurrentCommand []Command 20 | 21 | // UnmarshalJSON converts b to a ConcurrentCommand. b must be a JSON array of 22 | // commands. 23 | func (c *ConcurrentCommand) UnmarshalJSON(b []byte) (err error) { 24 | cmds, err := parseJSONCommands(b) 25 | if err != nil { 26 | return 27 | } 28 | *c = ConcurrentCommand(cmds) 29 | return 30 | } 31 | -------------------------------------------------------------------------------- /isotope/convert/pkg/graph/script/script.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package script 16 | 17 | import ( 18 | "encoding/json" 19 | ) 20 | 21 | // Script is a list of commands to be sequentially executed. 22 | type Script []Command 23 | 24 | // MarshalJSON encodes the Script as a JSON array of JSON objects. 25 | func (s Script) MarshalJSON() ([]byte, error) { 26 | marshallableCmds, err := commandsToMarshallable(s) 27 | if err != nil { 28 | return nil, err 29 | } 30 | return json.Marshal(marshallableCmds) 31 | } 32 | 33 | // UnmarshalJSON converts b to a Script. b must be a JSON array of Commands. 34 | func (s *Script) UnmarshalJSON(b []byte) (err error) { 35 | cmds, err := parseJSONCommands(b) 36 | if err != nil { 37 | return 38 | } 39 | *s = Script(cmds) 40 | return 41 | } 42 | -------------------------------------------------------------------------------- /isotope/convert/pkg/graph/script/sleep_command.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package script 16 | 17 | import ( 18 | "encoding/json" 19 | "time" 20 | ) 21 | 22 | // SleepCommand describes a command to pause for a duration. 23 | type SleepCommand time.Duration 24 | 25 | // UnmarshalJSON converts a JSON object to a SleepCommand. 26 | func (c *SleepCommand) UnmarshalJSON(b []byte) (err error) { 27 | var durationStr string 28 | err = json.Unmarshal(b, &durationStr) 29 | if err != nil { 30 | return 31 | } 32 | duration, err := time.ParseDuration(durationStr) 33 | if err != nil { 34 | return 35 | } 36 | *c = SleepCommand(duration) 37 | return 38 | } 39 | 40 | func (c SleepCommand) String() string { 41 | return time.Duration(c).String() 42 | } 43 | -------------------------------------------------------------------------------- /isotope/convert/pkg/graph/size/error.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package size 16 | 17 | import "fmt" 18 | 19 | // NegativeSizeError is returned when parsing a negative size. 20 | type NegativeSizeError struct { 21 | Size int64 22 | } 23 | 24 | func (e NegativeSizeError) Error() string { 25 | return fmt.Sprintf("%v must be non-negative", e.Size) 26 | } 27 | -------------------------------------------------------------------------------- /isotope/example-topologies/1-service.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | requestSize: 1 KB 3 | responseSize: 1 KB 4 | services: 5 | - name: a 6 | isEntrypoint: true 7 | -------------------------------------------------------------------------------- /isotope/example-topologies/10-svc_10-end.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | numReplicas: 1 3 | services: 4 | - isEntrypoint: true 5 | name: svc-0 6 | script: 7 | - - call: svc-0-0 8 | - call: svc-0-1 9 | - call: svc-0-2 10 | - call: svc-0-3 11 | - call: svc-0-4 12 | - call: svc-0-5 13 | - call: svc-0-6 14 | - call: svc-0-7 15 | - call: svc-0-8 16 | - name: svc-0-0 17 | - name: svc-0-1 18 | - name: svc-0-2 19 | - name: svc-0-3 20 | - name: svc-0-4 21 | - name: svc-0-5 22 | - name: svc-0-6 23 | - name: svc-0-7 24 | - name: svc-0-8 25 | -------------------------------------------------------------------------------- /isotope/example-topologies/10-svc_100-end.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | numReplicas: 10 3 | services: 4 | - isEntrypoint: true 5 | name: svc-0 6 | script: 7 | - - call: svc-0-0 8 | - call: svc-0-1 9 | - call: svc-0-2 10 | - call: svc-0-3 11 | - call: svc-0-4 12 | - call: svc-0-5 13 | - call: svc-0-6 14 | - call: svc-0-7 15 | - call: svc-0-8 16 | - name: svc-0-0 17 | script: 18 | - - call: svc-0-0-0 19 | - name: svc-0-1 20 | script: 21 | - - call: svc-0-1-0 22 | - name: svc-0-2 23 | script: 24 | - - call: svc-0-2-0 25 | - name: svc-0-3 26 | script: 27 | - - call: svc-0-3-0 28 | - name: svc-0-4 29 | script: 30 | - - call: svc-0-4-0 31 | - name: svc-0-5 32 | script: 33 | - - call: svc-0-5-0 34 | - name: svc-0-6 35 | script: 36 | - - call: svc-0-6-0 37 | - name: svc-0-7 38 | script: 39 | - - call: svc-0-7-0 40 | - name: svc-0-8 41 | script: 42 | - - call: svc-0-8-0 43 | - name: svc-0-0-0 44 | - name: svc-0-1-0 45 | - name: svc-0-2-0 46 | - name: svc-0-3-0 47 | - name: svc-0-4-0 48 | - name: svc-0-5-0 49 | - name: svc-0-6-0 50 | - name: svc-0-7-0 51 | - name: svc-0-8-0 52 | -------------------------------------------------------------------------------- /isotope/example-topologies/10-svc_1000-end.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | numReplicas: 100 3 | services: 4 | - isEntrypoint: true 5 | name: svc-0 6 | script: 7 | - - call: svc-0-0 8 | - call: svc-0-1 9 | - call: svc-0-2 10 | - call: svc-0-3 11 | - call: svc-0-4 12 | - call: svc-0-5 13 | - call: svc-0-6 14 | - call: svc-0-7 15 | - call: svc-0-8 16 | - name: svc-0-0 17 | - name: svc-0-1 18 | - name: svc-0-2 19 | - name: svc-0-3 20 | - name: svc-0-4 21 | - name: svc-0-5 22 | - name: svc-0-6 23 | - name: svc-0-7 24 | - name: svc-0-8 25 | -------------------------------------------------------------------------------- /isotope/example-topologies/10-svc_10000-end.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | numReplicas: 1000 3 | services: 4 | - isEntrypoint: true 5 | name: svc-0 6 | script: 7 | - - call: svc-0-0 8 | - call: svc-0-1 9 | - call: svc-0-2 10 | - call: svc-0-3 11 | - call: svc-0-4 12 | - call: svc-0-5 13 | - call: svc-0-6 14 | - call: svc-0-7 15 | - call: svc-0-8 16 | - name: svc-0-0 17 | - name: svc-0-1 18 | - name: svc-0-2 19 | - name: svc-0-3 20 | - name: svc-0-4 21 | - name: svc-0-5 22 | - name: svc-0-6 23 | - name: svc-0-7 24 | - name: svc-0-8 25 | -------------------------------------------------------------------------------- /isotope/example-topologies/canonical-2-replicas.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | requestSize: 1 KB 3 | responseSize: 1 KB 4 | numReplicas: 2 5 | services: 6 | - name: a 7 | - name: b 8 | - name: c 9 | script: 10 | - call: a 11 | - call: b 12 | - name: d 13 | isEntrypoint: true 14 | script: 15 | - - call: a 16 | - call: c 17 | - call: b 18 | -------------------------------------------------------------------------------- /isotope/example-topologies/canonical.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | requestSize: 1 KB 3 | responseSize: 1 KB 4 | numRbacPolicies: 3 5 | services: 6 | - name: a 7 | - name: b 8 | - name: c 9 | script: 10 | - call: a 11 | - call: b 12 | - name: d 13 | isEntrypoint: true 14 | script: 15 | - - call: a 16 | - call: c 17 | - call: b 18 | -------------------------------------------------------------------------------- /isotope/example-topologies/chain-2-services-different-cluster.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | requestSize: 1 KB 3 | responseSize: 1 KB 4 | services: 5 | - isEntrypoint: true 6 | name: a 7 | namespace: demo1 8 | cluster: cluster1 9 | script: 10 | - call: 11 | service: b 12 | hostname: b.global:8080 13 | - name: b 14 | namespace: demo2 15 | cluster: cluster2 16 | -------------------------------------------------------------------------------- /isotope/example-topologies/chain-2-services-different-namespace.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | requestSize: 1 KB 3 | responseSize: 1 KB 4 | services: 5 | - isEntrypoint: true 6 | name: a 7 | namespace: demo1 8 | script: 9 | - call: 10 | service: b 11 | hostname: b.demo2.svc.cluster.local:8080 12 | - name: b 13 | namespace: demo2 14 | -------------------------------------------------------------------------------- /isotope/example-topologies/chain-2-services.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | requestSize: 1 KB 3 | responseSize: 1 KB 4 | services: 5 | - isEntrypoint: true 6 | name: a 7 | script: 8 | - call: b 9 | - name: b 10 | -------------------------------------------------------------------------------- /isotope/example-topologies/chain-3-services.yaml: -------------------------------------------------------------------------------- 1 | services: 2 | - isEntrypoint: true 3 | name: a 4 | script: 5 | - call: b 6 | - name: b 7 | script: 8 | - call: c 9 | - name: c 10 | -------------------------------------------------------------------------------- /isotope/example-topologies/tree-13-services.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | numReplicas: 6 3 | services: 4 | - isEntrypoint: true 5 | name: d 6 | script: 7 | - - call: svc-0-0 8 | - call: svc-0-1 9 | - call: svc-0-2 10 | - name: svc-0-0 11 | script: 12 | - - call: svc-0-0-0 13 | - call: svc-0-0-1 14 | - call: svc-0-0-2 15 | - name: svc-0-1 16 | script: 17 | - - call: svc-0-1-0 18 | - call: svc-0-1-1 19 | - call: svc-0-1-2 20 | - name: svc-0-2 21 | script: 22 | - - call: svc-0-2-0 23 | - call: svc-0-2-1 24 | - call: svc-0-2-2 25 | - name: svc-0-0-0 26 | - name: svc-0-0-1 27 | - name: svc-0-0-2 28 | - name: svc-0-1-0 29 | - name: svc-0-1-1 30 | - name: svc-0-1-2 31 | - name: svc-0-2-0 32 | - name: svc-0-2-1 33 | - name: svc-0-2-2 34 | -------------------------------------------------------------------------------- /isotope/graph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/isotope/graph.png -------------------------------------------------------------------------------- /isotope/helm-values.yaml: -------------------------------------------------------------------------------- 1 | # This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 2 | # or v2/alpha3 with 'gradual migration' (using env variable at inject time). 3 | global: 4 | mtls: 5 | # Default setting for service-to-service mtls. Can be set explicitly using 6 | # destination rules or service annotations. 7 | enabled: true 8 | 9 | 10 | ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. 11 | # imagePullSecrets: 12 | # - name: "private-registry-key" 13 | 14 | # Default is 10s second 15 | refreshInterval: 10s 16 | proxy: 17 | image: proxyv2 18 | resources: 19 | requests: 20 | cpu: 2000m 21 | memory: 1024Mi 22 | 23 | # Configures the access log for each sidecar. Setting it to an empty string will 24 | # disable access log for sidecar. 25 | accessLogFile: "/dev/null" 26 | 27 | # If set, newly injected sidecars will have core dumps enabled. 28 | enableCoreDump: true 29 | 30 | mixer: 31 | resources: 32 | requests: 33 | cpu: 4000m 34 | memory: 4048Mi 35 | 36 | pilot: 37 | resources: 38 | requests: 39 | cpu: 4000m 40 | memory: 8096Mi 41 | 42 | grafana: 43 | enabled: true 44 | -------------------------------------------------------------------------------- /isotope/service/Dockerfile: -------------------------------------------------------------------------------- 1 | # Note: this image must be built from the root of the repository for access to 2 | # the vendor folder. 3 | 4 | FROM golang:1.18.4 AS builder 5 | 6 | RUN mkdir /build 7 | 8 | COPY . /build/ 9 | 10 | WORKDIR /build 11 | 12 | RUN --mount=type=cache,target=/go/pkg/mod \ 13 | --mount=type=cache,target=/root/.cache/go-build \ 14 | GOARCH=$BUILDPLATFORM CGO_ENABLED=0 GOOS=linux go build -o isotope_service ./service 15 | 16 | FROM alpine:3.12 17 | 18 | COPY --from=builder /build/isotope_service /usr/local/bin/isotope_service 19 | 20 | EXPOSE 8080 21 | 22 | ENTRYPOINT ["/usr/local/bin/isotope_service"] 23 | -------------------------------------------------------------------------------- /licenses/github.com/client9/gospell/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Nick Galbreath 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/client9/gospell/plaintext/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Nick Galbreath 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/davecgh/go-spew/LICENSE: -------------------------------------------------------------------------------- 1 | ISC License 2 | 3 | Copyright (c) 2012-2016 Dave Collins 4 | 5 | Permission to use, copy, modify, and/or distribute this software for any 6 | purpose with or without fee is hereby granted, provided that the above 7 | copyright notice and this permission notice appear in all copies. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | -------------------------------------------------------------------------------- /licenses/github.com/dgryski/go-minhash/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Damian Gryski damian@gryski.com 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/ekzhu/minhash-lsh/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Eric Zhu 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/fxamacker/cbor/v2/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019-present Faye Amacker 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /licenses/github.com/go-viper/mapstructure/v2/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2013 Mitchell Hashimoto 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/gobuffalo/flect/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2019 Mark Bates 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/golang-jwt/jwt/v5/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012 Dave Grijalva 2 | Copyright (c) 2021 golang-jwt maintainers 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 5 | 6 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 7 | 8 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 9 | 10 | -------------------------------------------------------------------------------- /licenses/github.com/jbenet/go-context/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Juan Batiz-Benet 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/jdkato/prose/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 -2018 Joseph Kato 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/josharian/intern/license.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Josh Bleecher Snyder 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/json-iterator/go/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 json-iterator 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/mailru/easyjson/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016 Mail.Ru Group 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 8 | -------------------------------------------------------------------------------- /licenses/github.com/montanaflynn/stats/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014-2023 Montana Flynn (https://montanaflynn.com) 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/pelletier/go-toml/v2/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | go-toml v2 4 | Copyright (c) 2021 - 2023 Thomas Pelletier 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | -------------------------------------------------------------------------------- /licenses/github.com/sagikazarmark/locafero/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2023 Márk Sági-Kazár 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is furnished 8 | to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /licenses/github.com/sergi/go-diff/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012-2016 The go-diff Authors. All rights reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a 4 | copy of this software and associated documentation files (the "Software"), 5 | to deal in the Software without restriction, including without limitation 6 | the rights to use, copy, modify, merge, publish, distribute, sublicense, 7 | and/or sell copies of the Software, and to permit persons to whom the 8 | Software is furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included 11 | in all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 18 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 19 | DEALINGS IN THE SOFTWARE. 20 | 21 | -------------------------------------------------------------------------------- /licenses/github.com/shogo82148/go-shuffle/LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2017 ICHINOSE Shogo 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/sourcegraph/conc/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Sourcegraph 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/spf13/cast/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Steve Francia 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /licenses/github.com/spf13/viper/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Steve Francia 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /licenses/github.com/stoewer/go-strcase/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2017, Adrian Stoewer 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/stretchr/testify/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2012-2020 Mat Ryer, Tyler Bunnell and contributors. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/subosito/gotenv/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2013 Alif Rachmawadi 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/github.com/x448/float16/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Montgomery Edwards⁴⁴⁸ and Faye Amacker 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /licenses/github.com/xeipuuv/gojsonpointer/NONE: -------------------------------------------------------------------------------- 1 | NO LICENSE FOUND 2 | -------------------------------------------------------------------------------- /licenses/github.com/xeipuuv/gojsonreference/NONE: -------------------------------------------------------------------------------- 1 | NO LICENSE FOUND 2 | -------------------------------------------------------------------------------- /licenses/github.com/xeipuuv/gojsonschema/NONE: -------------------------------------------------------------------------------- 1 | NO LICENSE FOUND 2 | -------------------------------------------------------------------------------- /licenses/github.com/yuin/goldmark/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Yusuke Inuzuka 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /licenses/gonum.org/v1/gonum/graph/formats/cytoscapejs/testdata/LICENSE: -------------------------------------------------------------------------------- 1 | 2 | 3 | Copyright (c) 2016-2018, The Cytoscape Consortium. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the “Software”), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 9 | of the Software, and to permit persons to whom the Software is furnished to do 10 | so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /licenses/gonum.org/v1/gonum/graph/formats/rdf/testdata/LICENSE.md: -------------------------------------------------------------------------------- 1 | Test suite license 2 | 3 | This document refers to nquad_tests.tar.gz, ntriple_tests.tar.gz and normalization tests in this directory. The original files can be obtained here: 4 | 5 | - [nquad_tests.tar.gz](https://w3c.github.io/rdf-tests/nquads/TESTS.tar.gz) 6 | - [ntriple_tests.tar.gz](https://w3c.github.io/rdf-tests/ntriples/TESTS.tar.gz) 7 | - [normalization tests](https://json-ld.github.io/rdf-dataset-canonicalization/). 8 | 9 | Distributed under both the [W3C Test Suite License](https://www.w3.org/Consortium/Legal/2008/04-testsuite-license) and the [W3C 3-clause BSD License](https://www.w3.org/Consortium/Legal/2008/03-bsd-license). 10 | To contribute to a W3C Test Suite, see the [policies and contribution forms](href="https://www.w3.org/2004/10/27-testcases"). 11 | 12 | -------------------------------------------------------------------------------- /licenses/gonum.org/v1/gonum/graph/formats/sigmajs/testdata/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (C) 2013-2014, Alexis Jacomy, http://sigmajs.org 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), 4 | to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 5 | and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 6 | 7 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 10 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 11 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 12 | IN THE SOFTWARE. 13 | -------------------------------------------------------------------------------- /licenses/gopkg.in/neurosnap/sentences.v1/LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | ===================== 3 | 4 | Copyright (c) 2015 Eric Bower 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | -------------------------------------------------------------------------------- /licenses/gopkg.in/warnings.v0/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016 Péter Surányi. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 15 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 16 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 17 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 18 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 20 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 24 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | -------------------------------------------------------------------------------- /licenses/k8s.io/kube-openapi/pkg/internal/third_party/govalidator/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Alex Saskevich 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /perf/.gitignore: -------------------------------------------------------------------------------- 1 | tmp/* 2 | tmp 3 | *.csv 4 | *.lock -------------------------------------------------------------------------------- /perf/README.md: -------------------------------------------------------------------------------- 1 | # Istio Performance/Stability Testing 2 | 3 | This folder contains tests for performance and stability. There are different types of test under each subdirectory. For more details, see each directories README. 4 | 5 | 1. [/istio-install](./istio-install) provides scripts and Helm values to setup Istio for performance testing. 6 | 7 | This setup is designed for very large clusters to test Istio's limits. Most tests can run on a standard Istio install. 8 | 1. [/stability](./stability) provides tests that exercise various Istio features to ensure stability. 9 | 10 | The intent of these tests is to be run continuously for extend periods of time, which differentiates them from integration tests. 11 | 1. [/benchmark](./benchmark) provides a test to measure the latency and metrics of traffic between pods in various setups. 12 | 1. [/load](./load) provides tools to generate large services to test Istio under heavy load. 13 | -------------------------------------------------------------------------------- /perf/benchmark/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: benchmark 3 | version: '1.0' 4 | description: Helm chart for istio twoPodTest 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/benchmark/Pipfile: -------------------------------------------------------------------------------- 1 | [[source]] 2 | name = "pypi" 3 | url = "https://pypi.org/simple" 4 | verify_ssl = true 5 | 6 | [dev-packages] 7 | 8 | [packages] 9 | pandas = "*" 10 | matplotlib = "*" 11 | PyYAML = "*" 12 | requests = "*" 13 | 14 | -------------------------------------------------------------------------------- /perf/benchmark/configs/README.md: -------------------------------------------------------------------------------- 1 | # Add new config to benchmark pipeline 2 | 3 | Currently we are running benchmark test towards different configs as [prow job](https://prow.istio.io/job-history/istio-prow/logs/daily-performance-benchmark) 4 | 5 | To add a new config to this pipeline, we need to add a new directory under [configs folder](https://github.com/istio/tools/tree/master/perf/benchmark/configs/istio), where we can define config parameters structured as below: 6 | 7 | - installation.yaml: install Istio with this IstioOperator overlay file on top of istioctl built-in default profile and [perf testing default overlay](https://github.com/istio/tools/tree/master/perf/istio-install/istioctl_profiles/default-overlay.yaml) 8 | - cpu_mem.yaml: if provided, run cpu, memory test with this config 9 | - latency.yaml: if provided, run latency test with this config 10 | - prerun.sh: prerun hook we want to run before test 11 | - postrun.sh: postrun hook we want to run after test 12 | 13 | An example of recently added new config: [plaintext](https://github.com/istio/tools/tree/master/perf/benchmark/configs/istio/plaintext) 14 | 15 | Note: we have a [run_perf_test.conf](./run_perf_test.conf) file to control the disable and enable of the set of perf test configs. 16 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ext_authz/ext-authz_patch.yaml: -------------------------------------------------------------------------------- 1 | data: 2 | mesh: |- 3 | extensionProviders: 4 | - name: "sample-ext-authz-grpc" 5 | envoyExtAuthzGrpc: 6 | service: "ext-authz.twopods-istio.svc.cluster.local" 7 | port: "9000" 8 | - name: "sample-ext-authz-http" 9 | envoyExtAuthzHttp: 10 | service: "ext-authz.twopods-istio.svc.cluster.local" 11 | port: "8000" 12 | includeRequestHeadersInCheck: ["x-ext-authz"] 13 | 14 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ext_authz/installation.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: install.istio.io/v1alpha1 16 | kind: IstioOperator 17 | spec: 18 | values: 19 | telemetry: 20 | enabled: true 21 | v2: 22 | enabled: true -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ext_authz/policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: AuthorizationPolicy 3 | metadata: 4 | name: http-allow 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: fortioserver 9 | action: CUSTOM 10 | provider: 11 | name: sample-ext-authz-http 12 | rules: 13 | - to: 14 | - operation: 15 | paths: ["/*"] -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ext_authz/prerun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | CONFIG_DIR=$(dirname "$0") 18 | 19 | # Install ext-authz 20 | kubectl apply -n twopods-istio -f https://raw.githubusercontent.com/istio/istio/release-1.15/samples/extauthz/ext-authz.yaml 21 | kubectl patch configmap -n istio-system istio --patch-file "${CONFIG_DIR}/ext-authz_patch.yaml" 22 | kubectl rollout restart deployment/istiod -n istio-system 23 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ext_authz/results/p50.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/benchmark/configs/istio/ext_authz/results/p50.png -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ext_authz/results/p90.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/benchmark/configs/istio/ext_authz/results/p90.png -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ext_authz/results/p99.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/benchmark/configs/istio/ext_authz/results/p99.png -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ext_authz/results/p999.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/benchmark/configs/istio/ext_authz/results/p999.png -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ingressgateway_tls/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Config: Ingress gateway TLS 3 | telemetry_mode: "ingressgateway-tls-listener-stats" 4 | conn: 5 | - 16 6 | qps: 7 | - 10 8 | - 100 9 | - 200 10 | - 400 11 | - 800 12 | - 1000 13 | 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: false 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: false 22 | 23 | run_ingress: "https://istio-ingressgateway.istio-system.svc.cluster.local" 24 | headers: "Host:fortioserver.fake-dns.org" 25 | cacert: "/tmp/gateway-secret/tls.crt" 26 | 27 | uniform: true 28 | nocatchup: true 29 | connection_reuse: '10:10' 30 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ingressgateway_tls/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | meshConfig: 5 | # This enables viewing e.g. TLS handshake statistics 6 | defaultConfig: 7 | proxyStatsMatcher: 8 | inclusionPrefixes: 9 | - "listener" 10 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/ingressgateway_tls/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: Ingress gateway TLS 3 | telemetry_mode: "ingressgateway-tls-listener-stats" 4 | conn: 5 | - 2 6 | - 4 7 | - 8 8 | - 16 9 | - 32 10 | - 64 11 | qps: 12 | - 1000 13 | 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: false 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: false 22 | 23 | run_ingress: "https://istio-ingressgateway.istio-system.svc.cluster.local" 24 | headers: "Host:fortioserver.fake-dns.org" 25 | cacert: "/tmp/gateway-secret/tls.crt" 26 | 27 | uniform: true 28 | nocatchup: true 29 | connection_reuse: '10:10' 30 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Config: No telemetry 3 | telemetry_mode: "none" 4 | conn: 5 | - 16 6 | qps: 7 | - 10 8 | - 100 9 | - 200 10 | - 400 11 | - 800 12 | - 1000 13 | duration: 240 14 | perf_record: false 15 | run_bothsidecar: true 16 | run_serversidecar: false 17 | run_clientsidecar: false 18 | run_baseline: true 19 | 20 | extra_labels: "mtls" 21 | 22 | jitter: true 23 | protocol_mode: tcp 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: No telemetry 3 | telemetry_mode: "no_istio" 4 | conn: 5 | - 2 6 | - 4 7 | - 8 8 | - 16 9 | - 32 10 | - 64 11 | qps: 12 | - 1000 13 | duration: 240 14 | size: 1024 15 | perf_record: false 16 | 17 | #if set to true in this file, should be set to false in configs/istio/telemetryv2_stats/latency.yaml and vice-versa. Or both are set to false. 18 | del_perf_record: false 19 | 20 | #the same metric were generated either run_bothsidecar is set to false or true 21 | run_bothsidecar: false 22 | 23 | run_serversidecar: false 24 | run_clientsidecar: false 25 | run_no_istio: true 26 | extra_labels: "mtls" 27 | uniform: true 28 | nocatchup: true 29 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none_tcp/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Config: No telemetry 3 | telemetry_mode: "none_tcp" 4 | conn: 5 | - 16 6 | qps: 7 | - 10 8 | - 100 9 | - 200 10 | - 400 11 | - 800 12 | - 1000 13 | duration: 240 14 | perf_record: false 15 | run_bothsidecar: true 16 | run_serversidecar: false 17 | run_clientsidecar: false 18 | run_baseline: true 19 | 20 | extra_labels: "mtls" 21 | 22 | jitter: true 23 | protocol_mode: tcp 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none_tcp/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none_tcp/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: No telemetry 3 | telemetry_mode: "none_tcp" 4 | conn: 5 | - 2 6 | - 4 7 | - 8 8 | - 16 9 | - 32 10 | - 64 11 | qps: 12 | - 1000 13 | duration: 240 14 | size: 1024 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: true 20 | 21 | extra_labels: "mtls" 22 | 23 | jitter: true 24 | protocol_mode: tcp 25 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/plaintext/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Config: plaintext 3 | telemetry_mode: "none" 4 | conn: 5 | - 16 6 | qps: 7 | - 10 8 | - 100 9 | - 200 10 | - 400 11 | - 800 12 | - 1000 13 | duration: 240 14 | size: 1024 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "plaintext" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/plaintext/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/plaintext/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: plaintext 3 | telemetry_mode: "none" 4 | conn: 5 | - 2 6 | - 4 7 | - 8 8 | - 16 9 | - 32 10 | - 64 11 | qps: 12 | - 1000 13 | duration: 240 14 | perf_record: false 15 | # we only care about both sidecar mode, which is the base line for mTLs overhead comparison. 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "plaintext" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/plaintext/postrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Delete the plaintext related config..." 18 | kubectl delete peerauthentication.security.istio.io -n"${NAMESPACE}" default 19 | kubectl delete DestinationRule -n"${NAMESPACE}" plaintext-dr-twopods 20 | echo "Restoring original Authn Policy and DestinationRule config..." 21 | 22 | [[ -s "${LOCAL_OUTPUT_DIR}/authn-policy.yaml" ]] && kubectl apply -f "${LOCAL_OUTPUT_DIR}/authn-policy.yaml" 23 | [[ -s "${LOCAL_OUTPUT_DIR}/destination-rule.yaml" ]] && kubectl apply -f "${LOCAL_OUTPUT_DIR}/destination-rule.yaml" 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_dry_run/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "authZ": 3 | { 4 | "numPolicies": 1, 5 | "numPaths":1000, 6 | "dryRun": true 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_dry_run/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: rbac, metadata-exchange and stackdriver filters 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-full-nullvm" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_dry_run" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_dry_run/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | prometheus: 10 | enabled: false 11 | stackdriver: 12 | enabled: true 13 | topology: true 14 | inboundAccessLogging: "FULL" 15 | outboundAccessLogging: "ERRORS_ONLY" 16 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_dry_run/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: rbac, metadata-exchange and stackdriver filters 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-full-nullvm" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_dry_run" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_dry_run/postrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Delete the dry-run Security Policies related config..." 18 | kubectl delete -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzPolicyDryRun.yaml" 19 | 20 | rm "${LOCAL_OUTPUT_DIR}/generator" 21 | rm "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzPolicyDryRun.yaml" 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_dry_run/prerun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Configure dry-run Security Policies..." 18 | POLICY_PATH="${WD}/security/generate_policies" 19 | 20 | echo "Build Security Policy Generator..." 21 | go build -o "${LOCAL_OUTPUT_DIR}/generator" "${POLICY_PATH}/generate_policies.go" "${POLICY_PATH}/generate.go" "${POLICY_PATH}/jwt.go" 22 | 23 | echo "Apply dry-run Security Policy to Cluster..." 24 | "${LOCAL_OUTPUT_DIR}/generator" -configFile="${CONFIG_DIR}/security_authz_dry_run/config.json" > "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzPolicyDryRun.yaml" 25 | 26 | kubectl apply -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzPolicyDryRun.yaml" 27 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "authZ": 3 | { 4 | "numPolicies": 1, 5 | "numSourceIP":1000 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_ip" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: security_authz_ip 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_ip" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/postrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Delete the Security Policies related config..." 18 | kubectl delete -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzIPPolicy.yaml" 19 | 20 | rm "${LOCAL_OUTPUT_DIR}/generator" 21 | rm "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzIPPolicy.yaml" 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/prerun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Configure Security Policies..." 18 | POLICY_PATH="${WD}/security/generate_policies" 19 | 20 | echo "Build Security Policy Generator..." 21 | go build -o "${LOCAL_OUTPUT_DIR}/generator" "${POLICY_PATH}/generate_policies.go" "${POLICY_PATH}/generate.go" "${POLICY_PATH}/jwt.go" 22 | 23 | echo "Apply Security Policy to Cluster..." 24 | "${LOCAL_OUTPUT_DIR}/generator" -configFile="${CONFIG_DIR}/security_authz_ip/config.json" > "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzIPPolicy.yaml" 25 | 26 | kubectl apply -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzIPPolicy.yaml" 27 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_jwt/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "authZ": 3 | { 4 | "numPolicies": 1, 5 | "numRequestPrincipals":1000 6 | }, 7 | "requestAuthN": 8 | { 9 | "numPolicies": 1, 10 | "NumJwks":1 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_jwt/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_jwt" 22 | 23 | jitter: true 24 | 25 | header: $SECURITY_REQUEST_AUTHN_TOKEN 26 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_jwt/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_jwt/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: security_authz_jwt 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_jwt" 22 | 23 | jitter: true 24 | 25 | header: $SECURITY_REQUEST_AUTHN_TOKEN 26 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_jwt/postrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Delete the Security Policies related config..." 18 | kubectl delete -f "${LOCAL_OUTPUT_DIR}/largeSecurityRequestAuthzJwtPolicy.yaml" 19 | 20 | cp "${LOCAL_OUTPUT_DIR}/latency.yaml" "${CONFIG_DIR}/security_authz_jwt/latency.yaml" 21 | cp "${LOCAL_OUTPUT_DIR}/cpu_mem.yaml" "${CONFIG_DIR}/security_authz_jwt/cpu_mem.yaml" 22 | 23 | rm "${LOCAL_OUTPUT_DIR}/generator" 24 | rm "${LOCAL_OUTPUT_DIR}/largeSecurityRequestAuthzJwtPolicy.yaml" 25 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "authZ": 3 | { 4 | "numPolicies": 1, 5 | "numPaths":1000 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_path" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: security_authz_path 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_path" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/postrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Delete the Security Policies related config..." 18 | kubectl delete -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzPathPolicy.yaml" 19 | 20 | rm "${LOCAL_OUTPUT_DIR}/generator" 21 | rm "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzPathPolicy.yaml" 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/prerun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Configure Security Policies..." 18 | POLICY_PATH="${WD}/security/generate_policies" 19 | 20 | echo "Build Security Policy Generator..." 21 | go build -o "${LOCAL_OUTPUT_DIR}/generator" "${POLICY_PATH}/generate_policies.go" "${POLICY_PATH}/generate.go" "${POLICY_PATH}/jwt.go" 22 | 23 | echo "Apply Security Policy to Cluster..." 24 | "${LOCAL_OUTPUT_DIR}/generator" -configFile="${CONFIG_DIR}/security_authz_path/config.json" > "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzPathPolicy.yaml" 25 | 26 | kubectl apply -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzPathPolicy.yaml" 27 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "peerAuthN": 3 | { 4 | "numPolicies": 2000, 5 | "mtlsMode":"STRICT" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_peer_authn" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: security_peer_authn 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_peer_authn" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/postrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Delete the Security Policies related config..." 18 | kubectl delete -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthnPolicy.yaml" 19 | 20 | rm "${LOCAL_OUTPUT_DIR}/generator" 21 | rm "${LOCAL_OUTPUT_DIR}/largeSecurityAuthnPolicy.yaml" 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/prerun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Configure Security Policies..." 18 | POLICY_PATH="${WD}/security/generate_policies" 19 | 20 | echo "Build Security Policy Generator..." 21 | go build -o "${LOCAL_OUTPUT_DIR}/generator" "${POLICY_PATH}/generate_policies.go" "${POLICY_PATH}/generate.go" "${POLICY_PATH}/jwt.go" 22 | 23 | echo "Apply Security Policy to Cluster..." 24 | "${LOCAL_OUTPUT_DIR}/generator" -configFile="${CONFIG_DIR}/security_peer_authn/config.json" > "${LOCAL_OUTPUT_DIR}/largeSecurityAuthnPolicy.yaml" 25 | 26 | kubectl apply -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthnPolicy.yaml" 27 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stackdriver filters 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-full-nullvm" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | prometheus: 10 | enabled: false 11 | stackdriver: 12 | enabled: true 13 | topology: true 14 | inboundAccessLogging: "FULL" 15 | outboundAccessLogging: "ERRORS_ONLY" 16 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: metadata-exchange and stackdriver filters 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-full-nullvm" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full_accesslogpolicy/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stackdriver filters and enable access log policy 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-full-nullvm-accesslog" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "mtls" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full_accesslogpolicy/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | prometheus: 10 | enabled: false 11 | stackdriver: 12 | enabled: true 13 | topology: true 14 | inboundAccessLogging: "FULL" 15 | outboundAccessLogging: "ERRORS_ONLY" 16 | accessLogPolicy: 17 | enabled: true 18 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full_accesslogpolicy/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: metadata-exchange and stackdriver filters and enable access log policy 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-full-nullvm-accesslog" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | size: 1024 16 | perf_record: false 17 | run_bothsidecar: true 18 | run_serversidecar: false 19 | run_clientsidecar: false 20 | run_baseline: false 21 | 22 | extra_labels: "mtls" 23 | 24 | jitter: true 25 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_nologging/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stackdriver filters with logging off 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-nologging-nullvm" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_nologging/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | prometheus: 10 | enabled: false 11 | stackdriver: 12 | enabled: true 13 | topology: true 14 | inboundAccessLogging: "NONE" 15 | outboundAccessLogging: "NONE" 16 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_nologging/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: metadata-exchange and stackdriver filters with logging off 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-nologging-nullvm" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_stats/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-stats-nullvm" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_stats/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | prometheus: 10 | enabled: true 11 | stackdriver: 12 | enabled: false 13 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_stats/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "istio_with_stats" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | del_perf_record: false 17 | run_bothsidecar: true 18 | run_serversidecar: false 19 | run_clientsidecar: false 20 | run_no_istio: false 21 | uniform: true 22 | nocatchup: true 23 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_statswasm/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: wasm 4 | telemetry_mode: "v2-stats-wasm" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_statswasm/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | metadataExchange: 10 | wasmEnabled: true 11 | prometheus: 12 | enabled: true 13 | wasmEnabled: true 14 | stackdriver: 15 | enabled: false 16 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_statswasm/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: wasm 4 | telemetry_mode: "v2-stats-wasm" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/linkerd/linkerd_latency.yaml: -------------------------------------------------------------------------------- 1 | mesh: "linkerd" 2 | conn: 3 | - 2 4 | - 4 5 | - 8 6 | - 16 7 | - 32 8 | - 64 9 | qps: 10 | - 1000 11 | duration: 240 12 | metrics: 13 | - p50 14 | - p90 15 | - p99 16 | perf_record: false 17 | run_serversidecar: true 18 | run_baseline: true 19 | -------------------------------------------------------------------------------- /perf/benchmark/configs/run_perf_test.conf: -------------------------------------------------------------------------------- 1 | none=true 2 | none_tcp=true 3 | plaintext=false 4 | telemetryv2_sd_full=true 5 | telemetryv2_sd_full_accesslogpolicy=false 6 | telemetryv2_sd_nologging=true 7 | telemetryv2_stats=true 8 | telemetryv2_statswasm=true 9 | security_authz_ip=true 10 | security_authz_path=true 11 | security_authz_dry_run=true 12 | security_peer_authn=true 13 | security_authz_jwt=true 14 | ingressgateway_tls=false 15 | -------------------------------------------------------------------------------- /perf/benchmark/configs/trialrun.yaml: -------------------------------------------------------------------------------- 1 | telemetry_mode: "dryrun" 2 | conn: 3 | - 8 4 | qps: 5 | - 10 6 | duration: 100 7 | metrics: 8 | - p50 9 | - p90 10 | - p99 11 | perf_record: false 12 | run_bothsidecar: true 13 | run_serversidecar: false 14 | run_clientsidecar: false 15 | run_baseline: false 16 | -------------------------------------------------------------------------------- /perf/benchmark/flame/.gitignore: -------------------------------------------------------------------------------- 1 | FlameGraph 2 | *.perf 3 | *.data 4 | -------------------------------------------------------------------------------- /perf/benchmark/graph_plotter/example_plot/plotter_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/benchmark/graph_plotter/example_plot/plotter_output.png -------------------------------------------------------------------------------- /perf/benchmark/linkerd/example-comparison/istio_vs_linkerd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/benchmark/linkerd/example-comparison/istio_vs_linkerd.png -------------------------------------------------------------------------------- /perf/benchmark/linkerd/example-comparison/telemetryv2_vs_linkerd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/benchmark/linkerd/example-comparison/telemetryv2_vs_linkerd.png -------------------------------------------------------------------------------- /perf/benchmark/linkerd/linkerd-p50.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/benchmark/linkerd/linkerd-p50.png -------------------------------------------------------------------------------- /perf/benchmark/linkerd/linkerd-p90.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/benchmark/linkerd/linkerd-p90.png -------------------------------------------------------------------------------- /perf/benchmark/templates/mtls.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: PeerAuthentication 3 | metadata: 4 | name: default 5 | namespace: {{ $.Values.namespace }} 6 | spec: 7 | mtls: 8 | mode: PERMISSIVE 9 | --- 10 | apiVersion: networking.istio.io/v1alpha3 11 | kind: DestinationRule 12 | metadata: 13 | name: fortioserver 14 | namespace: {{ $.Values.namespace }} 15 | spec: 16 | host: fortioserver 17 | trafficPolicy: 18 | portLevelSettings: 19 | - port: 20 | number: 8080 21 | tls: 22 | mode: ISTIO_MUTUAL 23 | - port: 24 | number: 8077 25 | tls: 26 | mode: DISABLE 27 | 28 | -------------------------------------------------------------------------------- /perf/docker/Dockerfile.rabbitmq: -------------------------------------------------------------------------------- 1 | FROM python:alpine 2 | 3 | # hadolint ignore=DL3013 4 | RUN pip3 install --no-cache-dir -q pika prometheus_client 5 | 6 | ENV ADDRESS rabbitmq 7 | ENV USERNAME istio 8 | 9 | COPY rabbitmq/client.py /client.py 10 | COPY prom_client.py /prom_client.py 11 | 12 | CMD ["python3", "-u", "/client.py"] 13 | -------------------------------------------------------------------------------- /perf/docker/Dockerfile.redis: -------------------------------------------------------------------------------- 1 | FROM python:alpine 2 | 3 | # hadolint ignore=DL3013 4 | RUN pip3 install --no-cache-dir -q redis prometheus_client 5 | 6 | ENV PORT 6379 7 | ENV ADDRESS redis-master 8 | 9 | ENV SLAVE_PORT 6379 10 | ENV SLAVE_ADDRESS redis-slave 11 | 12 | COPY redis/client.py /client.py 13 | COPY prom_client.py /prom_client.py 14 | 15 | CMD ["python3", "-u", "/client.py"] 16 | -------------------------------------------------------------------------------- /perf/istio-install/base/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: base 3 | version: 0.5.0 4 | description: Helm chart for istio integration test 5 | keywords: 6 | - istio 7 | - security 8 | - sidecar-injector 9 | - mixer 10 | - pilot 11 | sources: 12 | - http://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /perf/istio-install/base/templates/als.yaml: -------------------------------------------------------------------------------- 1 | {{- if $.Values.als.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | labels: 6 | app: accesslog-grpc 7 | name: accesslog-grpc 8 | namespace: istio-system 9 | spec: 10 | selector: 11 | matchLabels: 12 | app: accesslog-grpc 13 | template: 14 | metadata: 15 | annotations: 16 | sidecar.istio.io/inject: "false" 17 | linkerd.io/inject: "false" 18 | prometheus.io/scrape: "true" 19 | labels: 20 | app: accesslog-grpc 21 | spec: 22 | containers: 23 | - name: als 24 | image: {{ $.Values.als.Image }} 25 | ports: 26 | - containerPort: 18090 27 | name: grpc-accesslog 28 | - containerPort: 18091 29 | name: http-monitoring 30 | resources: 31 | requests: 32 | cpu: "2000m" 33 | memory: "2000m" 34 | --- 35 | apiVersion: v1 36 | kind: Service 37 | metadata: 38 | name: accesslog-grpc 39 | namespace: istio-system 40 | spec: 41 | ports: 42 | - name: grpc-accesslog 43 | port: 18090 44 | protocol: TCP 45 | - name: http-monitoring 46 | port: 18091 47 | protocol: TCP 48 | selector: 49 | app: accesslog-grpc 50 | {{- end }} 51 | -------------------------------------------------------------------------------- /perf/istio-install/base/values.yaml: -------------------------------------------------------------------------------- 1 | prometheus: 2 | enabled: true 3 | deploy: true 4 | memory: 32Gi 5 | storage: 500Gi 6 | storageClassName: ssd 7 | storageclass: 8 | deploy: true 9 | 10 | domain: v103.qualistio.org 11 | 12 | certManager: 13 | enabled: false 14 | # Can be prod/staging 15 | server: prod 16 | email: "" 17 | 18 | als: 19 | enabled: false 20 | Image: gcr.io/mixologist-142215/als:v002 21 | -------------------------------------------------------------------------------- /perf/istio-install/gke_cluster_resources/Kptfile: -------------------------------------------------------------------------------- 1 | apiVersion: kpt.dev/v1alpha1 2 | kind: Kptfile 3 | metadata: 4 | name: gke_cluster_resources 5 | packageMetadata: 6 | shortDescription: used for setup gke cluster with create_cluster.sh 7 | -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/automtls.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | global: 6 | mtls: 7 | enabled: false 8 | auto: true 9 | # Requiring grafana to show the perf dashboard. 10 | grafana: 11 | enabled: true -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/istio-non-sds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | nodeAgent: 6 | enabled: false 7 | 8 | values: 9 | global: 10 | mtls: 11 | enabled: true 12 | sds: 13 | enabled: false 14 | udsPath: "" 15 | useNormalJwt: false 16 | gateways: 17 | istio-ingressgateway: 18 | sds: 19 | enabled: false 20 | security: 21 | # Short lived cert to test rotation. 22 | workloadCertTtl: 300m -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/long-running-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | metadata: 4 | name: ingress 5 | spec: 6 | profile: empty # Do not install CRDs or the control plane 7 | components: 8 | ingressGateways: 9 | - name: istio-ingressgateway 10 | enabled: true 11 | k8s: 12 | hpaSpec: 13 | maxReplicas: 5 14 | minReplicas: 3 15 | scaleTargetRef: 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | name: istio-ingressgateway 19 | resources: 20 | limits: 21 | cpu: 4800m 22 | memory: 1G 23 | requests: 24 | cpu: 1000m 25 | memory: 512Mi 26 | values: 27 | gateways: 28 | istio-ingressgateway: 29 | # Enable gateway injection 30 | injectionTemplate: gateway 31 | global: 32 | proxy: 33 | enableCoreDump: true 34 | 35 | 36 | -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/long-running.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | meshConfig: 5 | defaultConfig: 6 | proxyMetadata: 7 | ISTIO_META_DNS_CAPTURE: "true" 8 | components: 9 | ingressGateways: 10 | - name: istio-ingressgateway 11 | enabled: false 12 | pilot: 13 | enabled: true 14 | k8s: 15 | resources: 16 | limits: 17 | cpu: 4800m 18 | memory: 6G 19 | requests: 20 | cpu: 1000m 21 | memory: 2G 22 | values: 23 | global: 24 | proxy: 25 | enableCoreDump: true 26 | resources: 27 | requests: 28 | cpu: 250m 29 | memory: 256Mi 30 | 31 | 32 | -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/multi-citadel-non-sds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | citadel: 6 | k8s: 7 | replicaCount: 3 8 | nodeAgent: 9 | enabled: false 10 | 11 | values: 12 | global: 13 | mtls: 14 | enabled: true 15 | sds: 16 | enabled: false 17 | udsPath: "" 18 | useNormalJwt: false 19 | security: 20 | workloadCertTtl: 30m 21 | gateways: 22 | istio-ingressgateway: 23 | sds: 24 | enabled: false -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/sds-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | nodeAgent: 6 | enabled: true 7 | 8 | values: 9 | global: 10 | # Default is 10s second 11 | refreshInterval: 1s 12 | mtls: 13 | enabled: true 14 | sds: 15 | enabled: true 16 | udsPath: "unix:/var/run/sds/uds_path" 17 | useNormalJwt: true 18 | gateways: 19 | istio-ingressgateway: 20 | sds: 21 | enabled: false -------------------------------------------------------------------------------- /perf/load/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: load 3 | version: '1.0' 4 | description: Helm chart for servicegraph test 5 | keywords: 6 | - istio 7 | - performance 8 | - qualification 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /perf/load/README.md: -------------------------------------------------------------------------------- 1 | # Load Testing 2 | 3 | This directory contains tools to generate large services to test Istio under heavy load. 4 | 5 | ## Service Graph 6 | 7 | Service Graph provides a large tree of 20 services that will call each other, generated by [isotope](../../isotope): 8 | ![service-graph-diagram.png](service-graph-diagram.png) 9 | 10 | It will also set up an instance of [Fortio](https://github.com/fortio/fortio#fortio) to generate load. 11 | 12 | ## Setup 13 | 14 | To setup a service graph, run `./setup_large_test.sh NUM`, where num is the number of instances to run. 15 | 16 | Each instance will be created in a namespace `service-graph##`. 17 | 18 | Each instance requests roughly 6 vCPUs and 6Gi of memory with Istio defaults. 19 | -------------------------------------------------------------------------------- /perf/load/auto-mtls/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: auto-mtls 3 | version: '1.0' 4 | description: Istio Auto MTLS Testing 5 | keywords: 6 | - istio 7 | - mtls 8 | - qualification 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /perf/load/auto-mtls/Dockerfile: -------------------------------------------------------------------------------- 1 | # Docker image for config changer. 2 | FROM gcr.io/google-containers/hyperkube:v1.12.1 3 | RUN apt-get update \ 4 | && apt-get install -y curl=7.52.1-5+deb9u9\ 5 | python3-pip=9.0.1-2+deb9u1 \ 6 | python3-dev=3.5.3-1 \ 7 | --no-install-recommends \ 8 | && ln -s /usr/bin/python3 /usr/local/bin/python \ 9 | && pip3 install --no-cache-dir --upgrade pip==19.2.3 \ 10 | && apt-get clean \ 11 | && rm -rf /var/lib/apt/lists/* 12 | -------------------------------------------------------------------------------- /perf/load/auto-mtls/templates/config-map.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: script 5 | data: 6 | scale.py: | 7 | {{ .Files.Get "scale.py" | indent 4 }} -------------------------------------------------------------------------------- /perf/load/auto-mtls/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: {{ .Values.serviceNamePrefix }}0-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway # use Istio default gateway implementation 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - {{ .Values.serviceNamePrefix }}0.local 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: VirtualService 18 | metadata: 19 | name: automtls 20 | spec: 21 | hosts: 22 | - {{ .Values.serviceNamePrefix }}0.local 23 | gateways: 24 | - {{ .Values.serviceNamePrefix }}0-gateway 25 | http: 26 | - route: 27 | - destination: 28 | port: 29 | number: 8080 30 | host: {{ .Values.serviceNamePrefix }}0 31 | --- 32 | -------------------------------------------------------------------------------- /perf/load/auto-mtls/templates/policy-and-dr.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/load/auto-mtls/templates/policy-and-dr.yaml -------------------------------------------------------------------------------- /perf/load/auto-mtls/values.yaml: -------------------------------------------------------------------------------- 1 | Namespace: automtls 2 | clientCount: 1 3 | 4 | # Copied from root/perf/load/values.yaml 5 | livenessProbe: false 6 | serviceGraphImage: tahler/isotope-service:1 7 | serviceNamePrefix: svc- 8 | requestSize: 128B 9 | responseSize: 1KiB 10 | replicas: 2 11 | resources: 12 | requests: 13 | cpu: 500m 14 | readinessProbe: 15 | httpGet: 16 | path: /metrics 17 | port: 8080 18 | initialDelaySeconds: 5 19 | periodSeconds: 5 20 | 21 | automtls: 22 | # true or false help us determine the effect of auto mTLS itself 23 | enable: true 24 | # The number of the replicas set for the backend service. 25 | backendReplicas: 100 26 | 27 | prometheus_scrape: false 28 | 29 | # time between config changes 30 | configSleep: 120 31 | 32 | # time between replicas changes 33 | replicasSleep: 10 34 | 35 | # ingress should be set correctly 36 | ingress: 127.0.0.1 37 | https: false 38 | domain: "incfly.local" 39 | -------------------------------------------------------------------------------- /perf/load/loadclient/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: loadclient 3 | version: '1.0' 4 | description: Helm chart for loading thru ingress 5 | keywords: 6 | - istio 7 | - performance 8 | - qualification 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /perf/load/loadclient/README.md: -------------------------------------------------------------------------------- 1 | This chart creates fortio client and points it at ingress. 2 | It sets hostname to {svcprefix}0 and starts continuous traffic 3 | -------------------------------------------------------------------------------- /perf/load/loadclient/values.yaml: -------------------------------------------------------------------------------- 1 | # ingress: 192.168.0.1 point to the external ingress IP 2 | # This should be done on the command line by --set ingress= 3 | 4 | connections: 8 5 | qps: 50 6 | size: 1024 7 | serviceHost: svc-0.local 8 | runDuration: 0 # 0 means run forever 9 | #image: tahler/fortio:prometheus 10 | image: fortio/fortio 11 | replicas: 2 12 | https: false 13 | 14 | # The service url, for example "productpage" 15 | serviceURL: "" 16 | 17 | ingress: "" 18 | 19 | # add additionalHeaders, key: Value 20 | # The following show how to add a jwt token 21 | additionalHeaders: {} 22 | # Authorization: "Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6IkRIRmJwb0lVcXJZOHQyenBBMnFYZkNtcjVWTzVaRXI0UnpIVV8tZW52dlEiLCJ0eXAiOiJKV1QifQo.eyJleHAiOjE1NzE0MTkyNTIsImZvbyI6ImJsYWJsYSIsImlhdCI6MTU2MTQxOTI1MiwiaXNzIjoidGVzdGluZ0BzZWN1cmUuaXN0aW8uaW8iLCJzdWIiOiJ0ZXN0aW5nQHNlY3VyZS5pc3Rpby5pbyJ9.JJnYan0ItEmTSPC9sETO5j46Ve0yQkC0_4uEyfShbhDzejhVavlUdrL5sE2JEq9W-SYUhwGt2eIPMxKl1E1sQn0a_4f6iU6ZxhXnXU91g2SB8-JF6wrc_I3iybrUrj39kxUZQNr-w8MRp1YBDMmKg1har98AeL0xHzdyF_gf3K57u-9_yyBoymCjQraMQPWX-MuOI18i7w9MmwfIplxD3sGpnivAma1hSAJWfRFuz_rHst08cZOl_6ZK8ineqqYL19lHLLJns3dzYIvVxdOdRs87Z5UwCyYjLlxupiLo6MHFBWNMFNgZis7wsUauWH47D-ga0JjcmVL4MRgyoP43mA" 23 | -------------------------------------------------------------------------------- /perf/load/pilot/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: pilot 3 | version: '1.0' 4 | description: Helm chart for pilot-loadtest 5 | keywords: 6 | - istio 7 | - performance 8 | - qualification 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /perf/load/pilot/templates/service-entries.yaml: -------------------------------------------------------------------------------- 1 | {{ range until (int .Values.serviceEntries) }} 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: ServiceEntry 4 | metadata: 5 | name: ext-svc-{{.}} 6 | spec: 7 | hosts: 8 | - {{.}}.example.com 9 | ports: 10 | - number: 80 11 | name: http 12 | protocol: HTTP 13 | - number: 443 14 | name: https 15 | protocol: HTTPS 16 | --- 17 | {{ end }} -------------------------------------------------------------------------------- /perf/load/pilot/templates/services.yaml: -------------------------------------------------------------------------------- 1 | {{ range until (int .Values.instances) }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: svc-{{ . }} 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: svc-{{ . }} 10 | template: 11 | metadata: 12 | annotations: 13 | sidecar.istio.io/proxyCPU: 5m 14 | sidecar.istio.io/proxyMemory: 128M 15 | labels: 16 | app: svc-{{ . }} 17 | spec: 18 | containers: 19 | # Kubernetes requires a container 20 | # Injector will replace this, giving us a pod with just the proxy 21 | - name: istio-proxy 22 | image: ignored 23 | 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: svc-{{ . }} 29 | spec: 30 | selector: 31 | app: svc-{{ . }} 32 | ports: 33 | {{ range until (int $.Values.ports) }} 34 | - port: 89{{.}} 35 | name: http-{{.}} 36 | {{ end }} 37 | --- 38 | {{ end }} -------------------------------------------------------------------------------- /perf/load/pilot/values.yaml: -------------------------------------------------------------------------------- 1 | instances: 50 2 | ports: 1 3 | serviceEntries: 50 -------------------------------------------------------------------------------- /perf/load/rotate/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gcr.io/google-containers/hyperkube:v1.12.1 2 | # istio.io/istio$ bin/gobuild.sh ./generate_cert ./security/tools/generate_cert 3 | COPY generate_cert /usr/local/bin/ 4 | -------------------------------------------------------------------------------- /perf/load/rotate/README.md: -------------------------------------------------------------------------------- 1 | Config-changer has a rotate script that does the following 2 | 3 | 1. Fetch cert and key from citadel 4 | 1. Generate short lived certificate 5 | 1. Rotate cert 6 | 7 | The script requires `generate_cert` tool from the security repository. 8 | The Dockerfile contained here builds the image. 9 | -------------------------------------------------------------------------------- /perf/load/service-graph-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/load/service-graph-diagram.png -------------------------------------------------------------------------------- /perf/load/setup_large_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # This script spins up the standard 20 services per namespace test for as many namespaces 18 | # as desired. 19 | # shellcheck disable=SC2086 20 | WD=$(dirname $0) 21 | WD=$(cd "${WD}"; pwd) 22 | cd "${WD}" 23 | 24 | set -ex 25 | 26 | # shellcheck disable=SC1091 27 | source common.sh 28 | 29 | NUM=${1:?"number of namespaces. 20 x this number"} 30 | START=${2:-"0"} 31 | INJECTION_LABEL=${3:-"istio-injection=enabled"} 32 | PERF_NAMESPACE_DELAY=${4:-30} 33 | 34 | start_servicegraphs "${NUM}" "${START}" "${INJECTION_LABEL}" "${PERF_NAMESPACE_DELAY}" 35 | -------------------------------------------------------------------------------- /perf/load/templates/_rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: RbacConfig 3 | metadata: 4 | name: default 5 | spec: 6 | mode: "ON" 7 | -------------------------------------------------------------------------------- /perf/load/templates/bad.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: badhealth 5 | spec: 6 | ports: 7 | - name: http-web 8 | port: 8080 9 | protocol: TCP 10 | selector: 11 | app: badhealth 12 | type: ClusterIP 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | labels: 18 | app: badhealth 19 | version: v1 20 | name: badhealth 21 | spec: 22 | replicas: 1 23 | selector: 24 | matchLabels: 25 | app: badhealth 26 | version: v1 27 | template: 28 | metadata: 29 | labels: 30 | app: badhealth 31 | version: v1 32 | spec: 33 | containers: 34 | - args: 35 | - --port 36 | - "8080" 37 | - --port 38 | - "3333" 39 | - --version 40 | - v1 41 | image: docker.io/istionightly/app:nightly-release-1.0 42 | imagePullPolicy: IfNotPresent 43 | name: app 44 | ports: 45 | - containerPort: 8080 46 | protocol: TCP 47 | readinessProbe: 48 | failureThreshold: 100 49 | httpGet: 50 | path: /healthz 51 | port: 3334 52 | scheme: HTTP 53 | initialDelaySeconds: 30 54 | periodSeconds: 30 55 | successThreshold: 1 56 | timeoutSeconds: 1 57 | -------------------------------------------------------------------------------- /perf/load/templates/h2upgrade.yaml: -------------------------------------------------------------------------------- 1 | {{- define "h2upgrade" }} 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: EnvoyFilter 4 | metadata: 5 | name: {{ .serviceNamePrefix }}{{ .serviceName }}-h2upgrade 6 | spec: 7 | configPatches: 8 | - applyTo: CLUSTER 9 | match: 10 | context: {{ .ctx }} 11 | cluster: 12 | service: {{ .serviceNamePrefix }}{{ .serviceName }}.{{ .Namespace }}.svc.cluster.local 13 | patch: 14 | operation: MERGE 15 | value: # cluster specification 16 | http2_protocol_options: { max_concurrent_streams: 47707 } 17 | --- 18 | {{- end }} 19 | 20 | {{- if .Values.h2upgrade }} 21 | 22 | {{- range $i, $svcName := $.Values.services }} 23 | 24 | {{- $svc := dict "serviceName" $svcName "serviceNamePrefix" $.Values.serviceNamePrefix "Namespace" $.Values.Namespace }} 25 | 26 | {{- $_ := set $svc "ctx" "GATEWAY" }} 27 | {{- template "h2upgrade" $svc }} 28 | 29 | {{- $_ := set $svc "ctx" "SIDECAR_OUTBOUND" }} 30 | {{- template "h2upgrade" $svc }} 31 | 32 | {{- end }} 33 | 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /perf/load/templates/sidecar.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Sidecar 3 | metadata: 4 | name: default 5 | spec: 6 | egress: 7 | - hosts: 8 | - "./*" 9 | - "istio-system/*" 10 | - "istio-telemetry/*" 11 | - "istio-policy/*" 12 | -------------------------------------------------------------------------------- /perf/load/templates/strict.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.mtls }} 2 | apiVersion: "security.istio.io/v1beta1" 3 | kind: "PeerAuthentication" 4 | metadata: 5 | name: "default" 6 | spec: 7 | mtls: 8 | mode: STRICT 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /perf/load/values-istio-auth.yaml: -------------------------------------------------------------------------------- 1 | # This is used to generate istio-auth.yaml for automated CI/CD test, using v1/alpha1 2 | # or v2/alpha3 with 'gradual migration' (using env variable at inject time). 3 | global: 4 | mtls: 5 | # Default setting for service-to-service mtls. Can be set explicitly using 6 | # destination rules or service annotations. 7 | enabled: true 8 | 9 | 10 | ## imagePullSecrets for all ServiceAccount. Must be set for any clustser configured with private docker registry. 11 | # imagePullSecrets: 12 | # - name: "private-registry-key" 13 | 14 | # Default is 10s second 15 | refreshInterval: 10s 16 | proxy: 17 | image: proxyv2 18 | resources: 19 | requests: 20 | cpu: 2000m 21 | memory: 1024Mi 22 | 23 | # Configures the access log for each sidecar. Setting it to an empty string will 24 | # disable access log for sidecar. 25 | accessLogFile: "/dev/null" 26 | 27 | # If set, newly injected sidecars will have core dumps enabled. 28 | enableCoreDump: true 29 | 30 | pilot: 31 | resources: 32 | requests: 33 | cpu: 4000m 34 | memory: 8096Mi 35 | 36 | grafana: 37 | enabled: true 38 | -------------------------------------------------------------------------------- /perf/other/multicluster-vpc/.gitignore: -------------------------------------------------------------------------------- 1 | tmp/ 2 | -------------------------------------------------------------------------------- /perf/other/multicluster-vpc/README.md: -------------------------------------------------------------------------------- 1 | Multi Cluster VPC Suite tests Istio Multi Cluster feature with shared VPC. 2 | 3 | To setup the environment and deploy BookInfo app to two cluters. 4 | 5 | ```plain 6 | RELEASE="release-1.1-20190209-09-16" proj="your-gcp-project" \ 7 | zone="us-central1-a" cluster1="cluster1" cluster2="cluster2" \ 8 | ./setup.sh setup 9 | ``` 10 | 11 | This will create two GKE clusters with IP aliasing enabled and install Istio 12 | accordingly in each cluster. And finally deploy BookInfo app in two clusters. 13 | 14 | To tear down the clusters and clean up the resources 15 | 16 | ```plain 17 | RELEASE="release-1.1-20190209-09-16" proj="your-gcp-project" \ 18 | zone="us-central1-a" cluster1="cluster1" cluster2="cluster2" \ 19 | ./setup.sh cleanup 20 | ``` 21 | -------------------------------------------------------------------------------- /perf/other/multicluster-vpc/reviews-v3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ################################################################################################## 3 | # Ratings service 4 | ################################################################################################## 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: ratings 9 | labels: 10 | app: ratings 11 | spec: 12 | ports: 13 | - port: 9080 14 | name: http 15 | --- 16 | ################################################################################################## 17 | # Reviews service 18 | ################################################################################################## 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: reviews 23 | labels: 24 | app: reviews 25 | spec: 26 | ports: 27 | - port: 9080 28 | name: http 29 | selector: 30 | app: reviews 31 | --- 32 | apiVersion: apps/v1 33 | kind: Deployment 34 | metadata: 35 | name: reviews-v3 36 | spec: 37 | replicas: 1 38 | template: 39 | metadata: 40 | labels: 41 | app: reviews 42 | version: v3 43 | spec: 44 | containers: 45 | - name: reviews 46 | image: istio/examples-bookinfo-reviews-v3:1.5.0 47 | imagePullPolicy: IfNotPresent 48 | ports: 49 | - containerPort: 9080 50 | -------------------------------------------------------------------------------- /perf/other/multicluster-vpc/values-istio-multicluster-vpc.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/other/multicluster-vpc/values-istio-multicluster-vpc.yaml -------------------------------------------------------------------------------- /perf/security/sds-tests/egress-sds/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -ex 18 | NUM=${NUM:?"specify the number of gateways"} 19 | CLUSTER=${CLUSTER:?"specify the cluster for running the test"} 20 | kc="kubectl --cluster ${CLUSTER}" 21 | 22 | function cleanup() { 23 | ${kc} delete ns mesh-external 24 | ${kc} delete ns clientns 25 | for s in $(kubectl -n istio-system get secrets -oname | grep "client-credential-*") 26 | do 27 | kubectl -n istio-system delete "${s}" 28 | done 29 | for s in $(kubectl -n istio-system get secrets -oname | grep "nginx-server-certs-*") 30 | do 31 | kubectl -n istio-system delete "${s}" 32 | done 33 | } 34 | 35 | cleanup 36 | -------------------------------------------------------------------------------- /perf/security/sds-tests/egress-sds/request_script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck disable=SC2086 18 | sleep 120 19 | num_curl=0 20 | num_succeed=0 21 | while true; do 22 | resp_code=$(curl -s -o /dev/null -w "%{http_code}\n" URL_TO_REPLACE) 23 | if [ ${resp_code} = 200 ]; then 24 | num_succeed=$((num_succeed+1)) 25 | else 26 | echo "$(date +"%Y-%m-%d %H:%M:%S:%3N") curl to URL_TO_REPLACE failed, response code $resp_code" 27 | fi 28 | num_curl=$((num_curl+1)) 29 | echo "$(date +"%Y-%m-%d %H:%M:%S:%3N") Out of ${num_curl} curl, ${num_succeed} succeeded." 30 | sleep 0.1 31 | done 32 | -------------------------------------------------------------------------------- /perf/security/sds-tests/ingress-sds/cleanup_ingress_secrets.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -ex 18 | 19 | NUM=${NUM:?"specify the number of gateway"} 20 | CLUSTER=${CLUSTER:?"specify the cluster for running the test"} 21 | 22 | kubectl -n istio-system delete secret ingress-root 23 | # shellcheck disable=SC2022 24 | for s in $(kubectl -n istio-system get secrets -oname | grep "httpbin-credential*") 25 | do 26 | kubectl -n istio-system delete "${s}" 27 | done -------------------------------------------------------------------------------- /perf/security/sds-tests/ingress-sds/templates/deploy_gateway.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/tools/8d2a100a81731715ea16de11e8c9f23b2ddb3948/perf/security/sds-tests/ingress-sds/templates/deploy_gateway.yaml -------------------------------------------------------------------------------- /perf/security/sds-tests/workload-sds/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: workload-sds 3 | version: '1.0' 4 | description: Helm chart for workload sds tests 5 | keywords: 6 | - istio 7 | - citadel 8 | - sds 9 | - performance 10 | - qualification 11 | sources: 12 | - http://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/favicons/android-192x192.png -------------------------------------------------------------------------------- /perf/security/sds-tests/workload-sds/values.yaml: -------------------------------------------------------------------------------- 1 | Namespace: dynamic 2 | Num: 20 3 | WorkloadLife: 180 -------------------------------------------------------------------------------- /perf/security/workload-deployments/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: workload-deployments 3 | version: '1.0' 4 | description: Helm chart for sds citadel tests 5 | keywords: 6 | - istio 7 | - citadel 8 | - sds 9 | - performance 10 | - qualification 11 | sources: 12 | - http://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /perf/security/workload-deployments/values.yaml: -------------------------------------------------------------------------------- 1 | replicas: 1 2 | -------------------------------------------------------------------------------- /perf/stability/alertmanager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: alertmanager 3 | version: '1.0' 4 | description: Helm chart for configuring alertmanager 5 | keywords: 6 | - istio 7 | - alertmanager 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png -------------------------------------------------------------------------------- /perf/stability/alertmanager/templates/alertmanager-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: alertmanager-main 5 | namespace: istio-prometheus 6 | --- 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | labels: 11 | alertmanager: main 12 | name: alertmanager-main 13 | namespace: istio-prometheus 14 | spec: 15 | ports: 16 | - name: web 17 | port: 9093 18 | targetPort: web 19 | selector: 20 | alertmanager: main 21 | app: alertmanager 22 | sessionAffinity: ClientIP 23 | --- 24 | apiVersion: monitoring.coreos.com/v1 25 | kind: ServiceMonitor 26 | metadata: 27 | labels: 28 | k8s-app: alertmanager 29 | name: alertmanager 30 | namespace: istio-prometheus 31 | spec: 32 | endpoints: 33 | - interval: 30s 34 | port: web 35 | selector: 36 | matchLabels: 37 | alertmanager: main 38 | --- -------------------------------------------------------------------------------- /perf/stability/alertmanager/templates/alertmanager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: Alertmanager 3 | metadata: 4 | labels: 5 | alertmanager: main 6 | name: main 7 | namespace: istio-prometheus 8 | spec: 9 | image: {{ .Values.image.hub }}:{{ .Values.image.tag }} 10 | nodeSelector: 11 | kubernetes.io/os: linux 12 | replicas: {{ .Values.replicaCount }} 13 | securityContext: 14 | fsGroup: 2000 15 | runAsNonRoot: true 16 | runAsUser: 1000 17 | serviceAccountName: alertmanager-main 18 | version: v0.20.0 19 | --- -------------------------------------------------------------------------------- /perf/stability/alertmanager/templates/alertmanagerconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: {} 3 | kind: Secret 4 | metadata: 5 | name: alertmanager-main 6 | namespace: istio-prometheus 7 | stringData: 8 | alertmanager.yaml: 9 | {{ toYaml .Values.config | quote }} 10 | 11 | type: Opaque 12 | --- 13 | -------------------------------------------------------------------------------- /perf/stability/alertmanager/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | hub: quay.io/prometheus/alertmanager 3 | tag: v0.20.0 4 | pullPolicy: IfNotPresent 5 | 6 | replicaCount: 2 7 | config: 8 | global: 9 | resolve_timeout: 5m 10 | route: 11 | group_by: ['alertname', 'cluster'] 12 | group_wait: 10s 13 | group_interval: 10s 14 | repeat_interval: 1h 15 | receiver: 'test' 16 | receivers: 17 | - name: 'test' 18 | webhook_configs: 19 | - url: 'http://am-webhook.istio-prometheus:5001/webhook' 20 | 21 | ## External URL which can access alertmanager 22 | baseURL: "http://localhost:9093" 23 | 24 | configFileName: alertmanager.yml 25 | resources: {} 26 | -------------------------------------------------------------------------------- /pkg/checker/README.md: -------------------------------------------------------------------------------- 1 | # Tools 2 | 3 | This repository contains tools useful in building Istio. 4 | 5 | ## Performance Testing 6 | 7 | See [perf](../../perf/README.md) for details on how to setup the performance and stability tests. 8 | -------------------------------------------------------------------------------- /pkg/checker/rule.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package checker 16 | 17 | import ( 18 | "go/ast" 19 | "go/token" 20 | "os" 21 | ) 22 | 23 | // Rule is interface for defining lint rules. 24 | type Rule interface { 25 | // GetID returns ID of the rule in string, ID is equal to the file name of that rule. 26 | GetID() string 27 | // Check verifies if aNode passes rule check. If verification fails lrp creates a report. 28 | Check(aNode ast.Node, fs *token.FileSet, lrp *Report) 29 | } 30 | 31 | // RulesFactory is interface to get Rules from a file path. 32 | type RulesFactory interface { 33 | // GetRules returns a list of rules used to check against the files. 34 | GetRules(absp string, info os.FileInfo) []Rule 35 | } 36 | -------------------------------------------------------------------------------- /pkg/markdown/md.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package markdown 16 | 17 | import ( 18 | "bytes" 19 | 20 | "github.com/yuin/goldmark" 21 | "github.com/yuin/goldmark/extension" 22 | "github.com/yuin/goldmark/parser" 23 | "github.com/yuin/goldmark/renderer/html" 24 | ) 25 | 26 | var md = goldmark.New( 27 | goldmark.WithExtensions(extension.GFM), 28 | goldmark.WithExtensions(extension.NewTypographer()), 29 | goldmark.WithParserOptions( 30 | parser.WithAutoHeadingID(), 31 | ), 32 | goldmark.WithRendererOptions( 33 | html.WithUnsafe(), 34 | ), 35 | ) 36 | 37 | func Run(input []byte) []byte { 38 | var result bytes.Buffer 39 | if err := md.Convert(input, &result); err != nil { 40 | panic(err) 41 | } 42 | return result.Bytes() 43 | } 44 | -------------------------------------------------------------------------------- /pkg/markdown/testdata/AnalysisMessageWeakSchema.input: -------------------------------------------------------------------------------- 1 | AnalysisMessageWeakSchema is the set of information that's needed to define a 2 | weakly-typed schema. The purpose of this proto is to provide a mechanism for 3 | validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make 4 | sure that we don't allow committing underspecified types. -------------------------------------------------------------------------------- /pkg/markdown/testdata/AnalysisMessageWeakSchema.output: -------------------------------------------------------------------------------- 1 |

AnalysisMessageWeakSchema is the set of information that’s needed to define a 2 | weakly-typed schema. The purpose of this proto is to provide a mechanism for 3 | validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make 4 | sure that we don’t allow committing underspecified types.

5 | -------------------------------------------------------------------------------- /pkg/markdown/testdata/links.input: -------------------------------------------------------------------------------- 1 | Current service state of pod. 2 | More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions -------------------------------------------------------------------------------- /pkg/markdown/testdata/links.output: -------------------------------------------------------------------------------- 1 |

Current service state of pod. 2 | More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions

3 | -------------------------------------------------------------------------------- /pkg/markdown/testdata/telemetry.input: -------------------------------------------------------------------------------- 1 | Telemetry defines how the telemetry is generated for workloads within a mesh. 2 | 3 | For mesh level configuration, put the resource in root configuration 4 | namespace for your Istio installation *without* a workload selector. -------------------------------------------------------------------------------- /pkg/markdown/testdata/telemetry.output: -------------------------------------------------------------------------------- 1 |

Telemetry defines how the telemetry is generated for workloads within a mesh.

2 |

For mesh level configuration, put the resource in root configuration 3 | namespace for your Istio installation without a workload selector.

4 | -------------------------------------------------------------------------------- /pkg/protomodel/locationDescriptor.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package protomodel 16 | 17 | import ( 18 | "github.com/golang/protobuf/protoc-gen-go/descriptor" 19 | ) 20 | 21 | type LocationDescriptor struct { 22 | *descriptor.SourceCodeInfo_Location 23 | File *FileDescriptor 24 | } 25 | 26 | func newLocationDescriptor(desc *descriptor.SourceCodeInfo_Location, file *FileDescriptor) LocationDescriptor { 27 | return LocationDescriptor{ 28 | SourceCodeInfo_Location: desc, 29 | File: file, 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /pkg/schemavalidation/validation.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package schemavalidation 16 | 17 | import ( 18 | "fmt" 19 | 20 | "github.com/xeipuuv/gojsonschema" 21 | "sigs.k8s.io/yaml" 22 | ) 23 | 24 | func Validate(document, schema []byte) error { 25 | documentAsYaml, err := yaml.YAMLToJSON(document) 26 | if err != nil { 27 | return fmt.Errorf("unable to parse YAML: %s", err.Error()) 28 | } 29 | documentLoader := gojsonschema.NewBytesLoader(documentAsYaml) 30 | schemaLoader := gojsonschema.NewBytesLoader(schema) 31 | result, err := gojsonschema.Validate(schemaLoader, documentLoader) 32 | if err != nil { 33 | return fmt.Errorf("unable to validate: %v", err) 34 | } 35 | if !result.Valid() { 36 | return fmt.Errorf("document is not valid: %v", result.Errors()) 37 | } 38 | return nil 39 | } 40 | -------------------------------------------------------------------------------- /vendors/google/README.md: -------------------------------------------------------------------------------- 1 | # Run release qualification test for Anthos Service Mesh 2 | 3 | run with ASM 1.6 or later on an existing cluster, set INSTALL_ASM=true and these prerequisite: PROJECT_ID, CLUSTER_NAME, CLUSTER_LOCATION 4 | 5 | `export RELEASE_URL=https://storage.googleapis.com/gke-release/asm/istio-1.6.5-asm.7-linux-amd64.tar.gz` 6 | `INSTALL_ASM=true RELEASE=release-1.6-asm PROJECT_ID=istio-test CLUSTER_NAME=cluster1 CLUSTER_LOCATION=us-central1-b NAMESPACE_NUM=15 ./long_running_asm.sh --set hub=gcr.io/asm-testing --set tag=1.6.5-asm.7` 7 | 8 | run with ASM 1.6 or later with two clusters(for simplicity, we assume two clusters in the same project and same location now) 9 | 10 | `export CTX1=cluster1_ctx` 11 | `export CTX2=cluster2_ctx` 12 | `CLUSTER1=cluster1_name` 13 | `CLUSTER1=cluster2_name` 14 | `export RELEASE_URL=https://storage.googleapis.com/gke-release/asm/istio-1.6.5-asm.7-linux-amd64.tar.gz` 15 | `INSTALL_ASM=true MULTI_CLUSTER=true RELEASE=release-1.6-asm PROJECT_ID=istio-test CLUSTER_LOCATION=us-central1-a NAMESPACE_NUM=15 ./long_running_asm.sh --set hub=gcr.io/asm-testing --set tag=1.6.5-asm.7` 16 | --------------------------------------------------------------------------------