├── perf ├── stability │ ├── redis │ │ ├── values.yaml │ │ ├── Chart.yaml │ │ ├── README.md │ │ └── templates │ │ │ └── client.yaml │ ├── looper │ │ ├── values.yaml │ │ ├── README.md │ │ └── Chart.yaml │ ├── rabbitmq │ │ ├── values.yaml │ │ ├── Chart.yaml │ │ ├── README.md │ │ └── templates │ │ │ └── client.yaml │ ├── mysql │ │ ├── .gitignore │ │ ├── values.yaml │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── mtls.yaml │ │ │ └── client.yaml │ │ └── setup.sh │ ├── multicluster-vpn │ │ ├── values.yaml │ │ ├── Chart.yaml │ │ └── templates │ │ │ ├── default.yaml │ │ │ ├── locality-failover.yaml │ │ │ └── locality-distribute.yaml │ ├── intermediary │ │ ├── values.yaml │ │ ├── Chart.yaml │ │ └── templates │ │ │ ├── intermediary-virtualservice.yaml │ │ │ ├── client.yaml │ │ │ └── server.yaml │ ├── http10 │ │ ├── values.yaml │ │ ├── README.md │ │ ├── Chart.yaml │ │ └── templates │ │ │ ├── client.yaml │ │ │ └── server.yaml │ ├── canary-upgrader │ │ ├── values.yaml │ │ └── Chart.yaml │ ├── logs-checker │ │ ├── values.yaml │ │ └── Chart.yaml │ ├── istio-upgrader │ │ ├── values.yaml │ │ ├── Chart.yaml │ │ └── README.md │ ├── gateway-bouncer │ │ ├── templates │ │ │ └── namespace.yaml │ │ ├── Chart.yaml │ │ └── values.yaml │ ├── sds-certmanager │ │ ├── templates │ │ │ └── namespace.yaml │ │ ├── Chart.yaml │ │ └── values.yaml │ ├── graceful-shutdown │ │ ├── values.yaml │ │ ├── Chart.yaml │ │ ├── README.md │ │ └── templates │ │ │ ├── client.yaml │ │ │ └── server.yaml │ ├── istio-chaos-partial │ │ ├── values.yaml │ │ ├── Chart.yaml │ │ └── README.md │ ├── alertmanager │ │ ├── templates │ │ │ ├── alertmanagerconfig.yaml │ │ │ ├── alertmanager.yaml │ │ │ └── alertmanager-service.yaml │ │ ├── Chart.yaml │ │ └── Dockerfile │ ├── istio-chaos-total │ │ ├── Chart.yaml │ │ ├── values.yaml │ │ └── README.md │ └── stability.mk ├── load │ ├── auto-mtls │ │ ├── templates │ │ │ ├── policy-and-dr.yaml │ │ │ ├── config-map.yaml │ │ │ └── ingress.yaml │ │ ├── Chart.yaml │ │ ├── Dockerfile │ │ └── values.yaml │ ├── pilot │ │ ├── values.yaml │ │ ├── Chart.yaml │ │ └── templates │ │ │ ├── service-entries.yaml │ │ │ └── services.yaml │ ├── service-graph-diagram.png │ ├── templates │ │ ├── _rbac.yaml │ │ ├── strict.yaml │ │ ├── sidecar.yaml │ │ └── h2upgrade.yaml │ ├── loadclient │ │ ├── README.md │ │ └── Chart.yaml │ ├── rotate │ │ ├── Dockerfile │ │ └── README.md │ ├── Chart.yaml │ └── README.md ├── other │ └── multicluster-vpc │ │ ├── .gitignore │ │ ├── values-istio-multicluster-vpc.yaml │ │ └── README.md ├── .gitignore ├── security │ ├── workload-deployments │ │ ├── values.yaml │ │ └── Chart.yaml │ └── sds-tests │ │ ├── ingress-sds │ │ ├── templates │ │ │ └── deploy_gateway.yaml │ │ └── cleanup_ingress_secrets.sh │ │ └── workload-sds │ │ ├── values.yaml │ │ └── Chart.yaml ├── benchmark │ ├── flame │ │ └── .gitignore │ ├── linkerd │ │ ├── linkerd-p50.png │ │ ├── linkerd-p90.png │ │ └── example-comparison │ │ │ ├── istio_vs_linkerd.png │ │ │ └── telemetryv2_vs_linkerd.png │ ├── configs │ │ ├── istio │ │ │ ├── security_authz_ip │ │ │ │ ├── config.json │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ ├── cpu_mem.yaml │ │ │ │ └── postrun.sh │ │ │ ├── security_authz_path │ │ │ │ ├── config.json │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ ├── cpu_mem.yaml │ │ │ │ └── postrun.sh │ │ │ ├── security_peer_authn │ │ │ │ ├── config.json │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ ├── cpu_mem.yaml │ │ │ │ └── postrun.sh │ │ │ ├── none │ │ │ │ ├── installation.yaml │ │ │ │ ├── cpu_mem.yaml │ │ │ │ └── latency.yaml │ │ │ ├── none_tcp │ │ │ │ ├── installation.yaml │ │ │ │ ├── cpu_mem.yaml │ │ │ │ └── latency.yaml │ │ │ ├── plaintext │ │ │ │ ├── installation.yaml │ │ │ │ ├── cpu_mem.yaml │ │ │ │ └── latency.yaml │ │ │ ├── security_authz_jwt │ │ │ │ ├── installation.yaml │ │ │ │ ├── config.json │ │ │ │ ├── latency.yaml │ │ │ │ ├── cpu_mem.yaml │ │ │ │ └── postrun.sh │ │ │ ├── telemetryv2_stats │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ └── cpu_mem.yaml │ │ │ ├── telemetryv2_statswasm │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ └── cpu_mem.yaml │ │ │ ├── telemetryv2_sd_nologging │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ └── cpu_mem.yaml │ │ │ ├── telemetryv2_sd_full │ │ │ │ ├── installation.yaml │ │ │ │ ├── latency.yaml │ │ │ │ └── cpu_mem.yaml │ │ │ └── telemetryv2_sd_full_accesslogpolicy │ │ │ │ ├── installation.yaml │ │ │ │ ├── cpu_mem.yaml │ │ │ │ └── latency.yaml │ │ ├── trialrun.yaml │ │ ├── linkerd │ │ │ └── linkerd_latency.yaml │ │ └── run_perf_test.conf │ ├── graph_plotter │ │ └── example_plot │ │ │ └── plotter_output.png │ ├── Pipfile │ ├── Chart.yaml │ └── templates │ │ └── mtls.yaml ├── auto-qual-test │ ├── base │ │ ├── serviceaccount.yaml │ │ ├── qual-test-version.yaml │ │ ├── kustomization.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── deploy_updater.sh │ │ └── qual-test-update-job.yaml │ ├── overlays │ │ └── v1.2 │ │ │ ├── kustomization.yaml │ │ │ └── qual-test-version-1.2.yaml │ └── README.md ├── istio-install │ ├── gke_cluster_resources │ │ └── Kptfile │ ├── istioctl_profiles │ │ ├── automtls.yaml │ │ ├── sds-auth.yaml │ │ ├── istio-non-sds.yaml │ │ ├── multi-citadel-non-sds.yaml │ │ ├── long-running.yaml │ │ └── long-running-gateway.yaml │ └── base │ │ ├── Chart.yaml │ │ └── values.yaml ├── docker │ ├── Dockerfile.rabbitmq │ └── Dockerfile.redis └── README.md ├── metrics └── requirements.txt ├── perf_dashboard ├── .dockerignore ├── MVC_pattern.png ├── requirements.txt ├── static │ ├── img │ │ └── istio-logo.png │ ├── fonts │ │ ├── dashboard.eot │ │ ├── dashboard.ttf │ │ └── dashboard.woff │ └── js │ │ ├── utils.js │ │ ├── latency_qps.js │ │ ├── latency_conn.js │ │ └── overview.js ├── deploy │ └── perf-dashboard │ │ ├── requirements.yaml │ │ ├── charts │ │ └── metrics-server-2.10.1.tgz │ │ ├── templates │ │ ├── certificate.yaml │ │ ├── service.yaml │ │ ├── autoscale.yaml │ │ ├── ingress.yaml │ │ └── _helpers.tpl │ │ ├── Chart.lock │ │ ├── Chart.yaml │ │ └── values.yaml ├── docker-compose.yml ├── __init__.py ├── artifacts │ ├── __init__.py │ ├── migrations │ │ └── __init__.py │ ├── models.py │ ├── tests.py │ ├── admin.py │ ├── apps.py │ └── urls.py ├── helpers │ └── __init__.py ├── history │ ├── __init__.py │ ├── migrations │ │ └── __init__.py │ ├── models.py │ ├── admin.py │ ├── tests.py │ ├── apps.py │ ├── urls.py │ └── views.py ├── benchmarks │ ├── __init__.py │ ├── migrations │ │ └── __init__.py │ ├── models.py │ ├── tests.py │ ├── admin.py │ └── apps.py ├── perf_dashboard │ ├── __init__.py │ ├── views.py │ ├── asgi.py │ └── wsgi.py ├── regressions │ ├── __init__.py │ ├── migrations │ │ └── __init__.py │ ├── models.py │ ├── tests.py │ ├── admin.py │ ├── apps.py │ └── urls.py ├── analyze_perf_issues │ ├── __init__.py │ ├── migrations │ │ └── __init__.py │ ├── models.py │ ├── tests.py │ ├── admin.py │ ├── apps.py │ ├── urls.py │ └── views.py ├── docker-entrypoint.sh └── Makefile ├── docker ├── istio-dev │ └── .gitignore └── build-tools │ ├── bashrc │ └── install-python-3.8.sh ├── cmd ├── protoc-gen-docs │ ├── dictionaries │ │ └── custom.txt │ ├── testdata │ │ └── test2.proto │ └── Makefile ├── cue-gen │ ├── Makefile │ └── test │ │ ├── istio.io │ │ └── api │ │ │ ├── cue.mod │ │ │ ├── cue.yaml │ │ │ └── meta │ │ │ └── v1beta1 │ │ │ └── status.proto │ │ └── Makefile ├── protoc-gen-deepcopy │ ├── Makefile │ ├── test │ │ ├── Makefile │ │ └── types.proto │ └── main.go ├── protoc-gen-jsonshim │ ├── Makefile │ ├── test │ │ ├── Makefile │ │ └── external.proto │ └── main.go ├── protoc-gen-golang-deepcopy │ ├── Makefile │ └── test │ │ ├── Makefile │ │ └── types.proto ├── protoc-gen-golang-jsonshim │ ├── Makefile │ └── test │ │ ├── Makefile │ │ └── external.proto ├── kubetype-gen │ ├── boilerplate.go.txt │ └── testdata │ │ ├── test_input │ │ ├── negative │ │ │ └── defaults │ │ │ │ ├── emptygroup │ │ │ │ ├── type.go │ │ │ │ └── doc.go │ │ │ │ └── invalidgroupversion │ │ │ │ ├── type.go │ │ │ │ └── doc.go │ │ └── positive │ │ │ └── defaults │ │ │ ├── doc.go │ │ │ └── type.go │ │ └── test_output │ │ ├── types │ │ ├── group │ │ │ └── version │ │ │ │ └── doc.go │ │ └── group2 │ │ │ └── version │ │ │ └── doc.go │ │ └── defaults │ │ ├── group │ │ └── version │ │ │ └── doc.go │ │ └── group2 │ │ └── version2 │ │ └── doc.go ├── goc │ └── README.md ├── evaluate-docs │ ├── scorer.go │ └── README.md ├── mvpage │ └── README.md ├── gen-release-notes │ └── templates │ │ └── upgradeNotes.md ├── envvarlinter │ ├── README.md │ ├── testdata │ │ └── envuse.go │ └── allowlist.go └── testlinter │ └── allowlist.go ├── examples └── luacheck │ ├── values.yaml │ ├── Chart.yaml │ ├── templates │ ├── filter.yaml │ └── meshPolicy.yaml │ ├── README.md │ └── setup.sh ├── common ├── .commonfiles.sha ├── config │ ├── mdl.rb │ ├── .hadolint.yml │ ├── tslint.json │ └── .yamllint.yml └── scripts │ ├── copyright-banner-go.txt │ ├── check_clean_repo.sh │ ├── lint_go.sh │ └── format_go.sh ├── licenses └── github.com │ ├── xeipuuv │ ├── gojsonpointer │ │ └── NONE │ ├── gojsonschema │ │ └── NONE │ └── gojsonreference │ │ └── NONE │ ├── mailru │ └── easyjson │ │ └── LICENSE │ ├── dgrijalva │ └── jwt-go │ │ └── LICENSE │ ├── kr │ ├── text │ │ └── License │ └── pretty │ │ └── License │ └── beorn7 │ └── perks │ └── LICENSE ├── isotope ├── graph.png ├── example-topologies │ ├── 1-service.yaml │ ├── chain-3-services.yaml │ ├── chain-2-services.yaml │ ├── canonical.yaml │ ├── canonical-2-replicas.yaml │ ├── 10-svc_10-end.yaml │ ├── 10-svc_1000-end.yaml │ ├── 10-svc_10000-end.yaml │ ├── tree-13-services.yaml │ └── 10-svc_100-end.yaml ├── go.mod ├── service │ └── Dockerfile └── convert │ ├── README.md │ ├── main.go │ └── pkg │ └── graph │ ├── graph.go │ ├── size │ └── error.go │ └── script │ └── concurrent_command.go ├── bin └── requirements.txt ├── CODEOWNERS ├── pkg ├── checker │ └── README.md └── protomodel │ └── locationDescriptor.go ├── CONTRIBUTING.md ├── upgrade_downgrade └── templates │ ├── iop-gateways.yaml │ ├── iop-control-plane.yaml │ ├── fortio-cli.yaml │ └── gateway.yaml ├── .gitattributes ├── SUPPORT.md ├── README.md ├── BUGS-AND-FEATURE-REQUESTS.md ├── Makefile.overrides.mk ├── clang-toolchain ├── Dockerfile └── README.md └── setup └── stability-extra └── multicluster-vpn └── README.md /perf/stability/redis/values.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /metrics/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | -------------------------------------------------------------------------------- /perf/stability/looper/values.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /perf/stability/rabbitmq/values.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /perf_dashboard/.dockerignore: -------------------------------------------------------------------------------- 1 | /deploy -------------------------------------------------------------------------------- /docker/istio-dev/.gitignore: -------------------------------------------------------------------------------- 1 | image-built 2 | -------------------------------------------------------------------------------- /perf/load/auto-mtls/templates/policy-and-dr.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /perf/other/multicluster-vpc/.gitignore: -------------------------------------------------------------------------------- 1 | tmp/ 2 | -------------------------------------------------------------------------------- /perf/stability/mysql/.gitignore: -------------------------------------------------------------------------------- 1 | mysql.yaml 2 | -------------------------------------------------------------------------------- /perf/.gitignore: -------------------------------------------------------------------------------- 1 | tmp/* 2 | tmp 3 | *.csv 4 | *.lock -------------------------------------------------------------------------------- /cmd/protoc-gen-docs/dictionaries/custom.txt: -------------------------------------------------------------------------------- 1 | Istio 2 | 3 | -------------------------------------------------------------------------------- /examples/luacheck/values.yaml: -------------------------------------------------------------------------------- 1 | globalMeshPolicy: false 2 | -------------------------------------------------------------------------------- /perf/other/multicluster-vpc/values-istio-multicluster-vpc.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /perf/security/workload-deployments/values.yaml: -------------------------------------------------------------------------------- 1 | replicas: 1 2 | -------------------------------------------------------------------------------- /common/.commonfiles.sha: -------------------------------------------------------------------------------- 1 | 5f412cdaceaca78f62ca8776539bd24fe58b82b2 2 | -------------------------------------------------------------------------------- /licenses/github.com/xeipuuv/gojsonpointer/NONE: -------------------------------------------------------------------------------- 1 | NO LICENSE FOUND 2 | -------------------------------------------------------------------------------- /licenses/github.com/xeipuuv/gojsonschema/NONE: -------------------------------------------------------------------------------- 1 | NO LICENSE FOUND 2 | -------------------------------------------------------------------------------- /perf/benchmark/flame/.gitignore: -------------------------------------------------------------------------------- 1 | FlameGraph 2 | *.perf 3 | *.data 4 | -------------------------------------------------------------------------------- /perf/security/sds-tests/ingress-sds/templates/deploy_gateway.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /licenses/github.com/xeipuuv/gojsonreference/NONE: -------------------------------------------------------------------------------- 1 | NO LICENSE FOUND 2 | -------------------------------------------------------------------------------- /perf/load/pilot/values.yaml: -------------------------------------------------------------------------------- 1 | instances: 50 2 | ports: 1 3 | serviceEntries: 50 -------------------------------------------------------------------------------- /perf/stability/multicluster-vpn/values.yaml: -------------------------------------------------------------------------------- 1 | fortioImage: fortio/fortio:latest 2 | -------------------------------------------------------------------------------- /perf/stability/intermediary/values.yaml: -------------------------------------------------------------------------------- 1 | qps: 2 2 | fortioImage: fortio/fortio:latest 3 | -------------------------------------------------------------------------------- /isotope/graph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/isotope/graph.png -------------------------------------------------------------------------------- /cmd/cue-gen/Makefile: -------------------------------------------------------------------------------- 1 | test: build 2 | cd test && make clean test 3 | 4 | build: 5 | go install . -------------------------------------------------------------------------------- /perf/security/sds-tests/workload-sds/values.yaml: -------------------------------------------------------------------------------- 1 | Namespace: dynamic 2 | Num: 20 3 | WorkloadLife: 180 -------------------------------------------------------------------------------- /perf/stability/http10/values.yaml: -------------------------------------------------------------------------------- 1 | fortioImage: fortio/fortio:latest 2 | curlImage: tutum/curl:trusty 3 | -------------------------------------------------------------------------------- /cmd/protoc-gen-deepcopy/Makefile: -------------------------------------------------------------------------------- 1 | test: build 2 | cd test && make clean test 3 | 4 | build: 5 | go install . -------------------------------------------------------------------------------- /cmd/protoc-gen-jsonshim/Makefile: -------------------------------------------------------------------------------- 1 | test: build 2 | cd test && make clean test 3 | 4 | build: 5 | go install . -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-deepcopy/Makefile: -------------------------------------------------------------------------------- 1 | test: build 2 | cd test && make clean test 3 | 4 | build: 5 | go install . -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-jsonshim/Makefile: -------------------------------------------------------------------------------- 1 | test: build 2 | cd test && make clean test 3 | 4 | build: 5 | go install . -------------------------------------------------------------------------------- /perf_dashboard/MVC_pattern.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf_dashboard/MVC_pattern.png -------------------------------------------------------------------------------- /cmd/cue-gen/test/istio.io/api/cue.mod: -------------------------------------------------------------------------------- 1 | // cue.mod file for testing, so that istio module can be pointed at this test directory. -------------------------------------------------------------------------------- /perf/auto-qual-test/base/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: testrunner 5 | -------------------------------------------------------------------------------- /perf/load/service-graph-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf/load/service-graph-diagram.png -------------------------------------------------------------------------------- /perf_dashboard/requirements.txt: -------------------------------------------------------------------------------- 1 | Django==2.2.25 2 | beautifulsoup4==4.8.1 3 | pandas==0.25.3 4 | wget==3.2 5 | whitenoise==3.3.1 6 | -------------------------------------------------------------------------------- /bin/requirements.txt: -------------------------------------------------------------------------------- 1 | requests==2.20.0 2 | selenium==3.141.0 3 | schedule==0.6.0 4 | protobuf==3.8.0 5 | google-cloud-datastore==1.8.0 6 | -------------------------------------------------------------------------------- /perf/auto-qual-test/overlays/v1.2/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../../base 3 | patchesStrategicMerge: 4 | - qual-test-version-1.2.yaml -------------------------------------------------------------------------------- /perf/benchmark/linkerd/linkerd-p50.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf/benchmark/linkerd/linkerd-p50.png -------------------------------------------------------------------------------- /perf/benchmark/linkerd/linkerd-p90.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf/benchmark/linkerd/linkerd-p90.png -------------------------------------------------------------------------------- /perf_dashboard/static/img/istio-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf_dashboard/static/img/istio-logo.png -------------------------------------------------------------------------------- /perf/stability/canary-upgrader/values.yaml: -------------------------------------------------------------------------------- 1 | namespace: canary-upgrader 2 | redeployDays: 2 3 | kubectlImage: docker.io/bitnami/kubectl:1.18 4 | -------------------------------------------------------------------------------- /perf/stability/logs-checker/values.yaml: -------------------------------------------------------------------------------- 1 | namespace: logs-checker 2 | redeployDays: 1 3 | kubectlImage: gcr.io/istio-testing/kubectl:latest 4 | -------------------------------------------------------------------------------- /perf/stability/mysql/values.yaml: -------------------------------------------------------------------------------- 1 | # The deployment name, can be "mtls" or "plaintext" to denote different security settings. 2 | Name: "mtls" -------------------------------------------------------------------------------- /perf_dashboard/static/fonts/dashboard.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf_dashboard/static/fonts/dashboard.eot -------------------------------------------------------------------------------- /perf_dashboard/static/fonts/dashboard.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf_dashboard/static/fonts/dashboard.ttf -------------------------------------------------------------------------------- /perf_dashboard/static/fonts/dashboard.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf_dashboard/static/fonts/dashboard.woff -------------------------------------------------------------------------------- /perf/load/templates/_rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "rbac.istio.io/v1alpha1" 2 | kind: RbacConfig 3 | metadata: 4 | name: default 5 | spec: 6 | mode: "ON" 7 | -------------------------------------------------------------------------------- /isotope/example-topologies/1-service.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | requestSize: 1 KB 3 | responseSize: 1 KB 4 | services: 5 | - name: a 6 | isEntrypoint: true 7 | -------------------------------------------------------------------------------- /perf/load/loadclient/README.md: -------------------------------------------------------------------------------- 1 | This chart creates fortio client and points it at ingress. 2 | It sets hostname to {svcprefix}0 and starts continuous traffic 3 | -------------------------------------------------------------------------------- /perf/stability/istio-upgrader/values.yaml: -------------------------------------------------------------------------------- 1 | namespace: istio-upgrader 2 | redployMinutes: 30 3 | kubectlImage: gcr.io/istio-release/kubectl:master-latest-daily 4 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "authZ": 3 | { 4 | "numPolicies": 1, 5 | "numSourceIP":1000 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "authZ": 3 | { 4 | "numPolicies": 1, 5 | "numPaths":1000 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "peerAuthN": 3 | { 4 | "numPolicies": 2000, 5 | "mtlsMode":"STRICT" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /perf/benchmark/graph_plotter/example_plot/plotter_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf/benchmark/graph_plotter/example_plot/plotter_output.png -------------------------------------------------------------------------------- /perf/benchmark/linkerd/example-comparison/istio_vs_linkerd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf/benchmark/linkerd/example-comparison/istio_vs_linkerd.png -------------------------------------------------------------------------------- /perf/load/auto-mtls/templates/config-map.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: script 5 | data: 6 | scale.py: | 7 | {{ .Files.Get "scale.py" | indent 4 }} -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @istio/wg-test-and-release-maintainers 2 | cmd/gen-release-notes/templates @istio/wg-test-and-release-maintainers @istio/wg-docs-maintainers @istio/release-managers 3 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf_dashboard/deploy/perf-dashboard/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: metrics-server 3 | version: ^2.0.3 4 | repository: https://kubernetes-charts.storage.googleapis.com/ -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none_tcp/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/plaintext/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/stability/gateway-bouncer/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: {{ .Values.namespace }} 5 | labels: 6 | istio-injection: enabled 7 | -------------------------------------------------------------------------------- /perf/stability/sds-certmanager/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: {{ .Values.namespace }} 5 | labels: 6 | istio-injection: disabled 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/linkerd/example-comparison/telemetryv2_vs_linkerd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf/benchmark/linkerd/example-comparison/telemetryv2_vs_linkerd.png -------------------------------------------------------------------------------- /perf_dashboard/deploy/perf-dashboard/charts/metrics-server-2.10.1.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tetratelabs/istio-zana/main/perf_dashboard/deploy/perf-dashboard/charts/metrics-server-2.10.1.tgz -------------------------------------------------------------------------------- /isotope/example-topologies/chain-3-services.yaml: -------------------------------------------------------------------------------- 1 | services: 2 | - isEntrypoint: true 3 | name: a 4 | script: 5 | - call: b 6 | - name: b 7 | script: 8 | - call: c 9 | - name: c 10 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_jwt/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /perf/load/rotate/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gcr.io/google-containers/hyperkube:v1.12.1 2 | # istio.io/istio$ bin/gobuild.sh ./generate_cert ./security/tools/generate_cert 3 | COPY generate_cert /usr/local/bin/ 4 | -------------------------------------------------------------------------------- /perf/auto-qual-test/base/qual-test-version.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | TARGET_VERSION: release-1.1 4 | DNS_DOMAIN: v11.qualistio.org 5 | kind: ConfigMap 6 | metadata: 7 | name: qual-test-version -------------------------------------------------------------------------------- /isotope/example-topologies/chain-2-services.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | requestSize: 1 KB 3 | responseSize: 1 KB 4 | services: 5 | - isEntrypoint: true 6 | name: a 7 | script: 8 | - call: b 9 | - name: b 10 | -------------------------------------------------------------------------------- /perf/auto-qual-test/overlays/v1.2/qual-test-version-1.2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | TARGET_VERSION: release-1.2 4 | DNS_DOMAIN: v12.qualistio.org 5 | kind: ConfigMap 6 | metadata: 7 | name: qual-test-version -------------------------------------------------------------------------------- /perf/load/templates/strict.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.mtls }} 2 | apiVersion: "security.istio.io/v1beta1" 3 | kind: "PeerAuthentication" 4 | metadata: 5 | name: "default" 6 | spec: 7 | mtls: 8 | mode: STRICT 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /perf/stability/looper/README.md: -------------------------------------------------------------------------------- 1 | # Loop testing 2 | 3 | This tests that Envoy will not trigger infinite loops on inbound traffic to pod IPs. 4 | 5 | This is a regression test for . 6 | 7 | -------------------------------------------------------------------------------- /pkg/checker/README.md: -------------------------------------------------------------------------------- 1 | # Tools 2 | 3 | This repository contains tools useful in building Istio. 4 | 5 | ## Performance Testing 6 | 7 | See [perf](../../perf/README.md) for details on how to setup the performance and stability tests. 8 | -------------------------------------------------------------------------------- /perf/istio-install/gke_cluster_resources/Kptfile: -------------------------------------------------------------------------------- 1 | apiVersion: kpt.dev/v1alpha1 2 | kind: Kptfile 3 | metadata: 4 | name: gke_cluster_resources 5 | packageMetadata: 6 | shortDescription: used for setup gke cluster with create_cluster.sh 7 | -------------------------------------------------------------------------------- /examples/luacheck/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for installing lua filter 3 | name: luacheck 4 | version: 1.1.0 5 | appVersion: 1.1.0 6 | tillerVersion: ">=2.7.2" 7 | icon: https://istio.io/favicons/android-192x192.png 8 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribution guidelines 2 | 3 | So you want to hack on Istio? Yay! Please refer to Istio's overall 4 | [contribution guidelines](https://github.com/istio/community/blob/master/CONTRIBUTING.md) 5 | to find out how you can help. 6 | -------------------------------------------------------------------------------- /perf/benchmark/Pipfile: -------------------------------------------------------------------------------- 1 | [[source]] 2 | name = "pypi" 3 | url = "https://pypi.org/simple" 4 | verify_ssl = true 5 | 6 | [dev-packages] 7 | 8 | [packages] 9 | pandas = "*" 10 | matplotlib = "*" 11 | PyYAML = "*" 12 | requests = "*" 13 | 14 | -------------------------------------------------------------------------------- /perf_dashboard/deploy/perf-dashboard/templates/certificate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.gke.io/v1beta1 2 | kind: ManagedCertificate 3 | metadata: 4 | name: {{ include "perf-dashboard.fullname" . }} 5 | spec: 6 | domains: 7 | - {{ .Values.domain }} -------------------------------------------------------------------------------- /perf/stability/graceful-shutdown/values.yaml: -------------------------------------------------------------------------------- 1 | # Should be set slightly below TERMINATION_DRAIN_DURATION_SECONDS 2 | # maximum supported by httpbin is 10s 3 | connectionDuration: 4 # 4 | 5 | qps: 10 6 | fortioImage: fortio/fortio:latest 7 | httpbinRedployMinutes: 1 8 | -------------------------------------------------------------------------------- /perf/stability/istio-chaos-partial/values.yaml: -------------------------------------------------------------------------------- 1 | namespace: istio-chaos-partial 2 | chaosIntervalMinutes: 1 3 | components: istio-pilot istio-citadel istio-galley istio-policy istio-telemetry istio-tracing 4 | kubectlImage: gcr.io/istio-release/kubectl:master-latest-daily 5 | -------------------------------------------------------------------------------- /perf/load/templates/sidecar.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Sidecar 3 | metadata: 4 | name: default 5 | spec: 6 | egress: 7 | - hosts: 8 | - "./*" 9 | - "istio-system/*" 10 | - "istio-telemetry/*" 11 | - "istio-policy/*" 12 | -------------------------------------------------------------------------------- /perf/stability/http10/README.md: -------------------------------------------------------------------------------- 1 | # HTTP 1.0 Testing 2 | 3 | This test the Envoy proxies will accept. 4 | 5 | This is tested by sending http 1.0 requests repeatedly. 6 | 7 | HTTP 1.0 needs to be enabled in pilot for this to work. This can be done by setting `pilot.env.PILOT_HTTP10=1`. -------------------------------------------------------------------------------- /upgrade_downgrade/templates/iop-gateways.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | metadata: 4 | name: gateways 5 | spec: 6 | profile: empty 7 | components: 8 | ingressGateways: 9 | - name: istio-ingressgateway 10 | enabled: true -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_jwt/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "authZ": 3 | { 4 | "numPolicies": 1, 5 | "numRequestPrincipals":1000 6 | }, 7 | "requestAuthN": 8 | { 9 | "numPolicies": 1, 10 | "NumJwks":1 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /perf/auto-qual-test/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | configMapGenerator: 2 | - name: qual-test-deployer 3 | files: 4 | - deploy_latest_daily.sh 5 | - redeploy.sh 6 | resources: 7 | - clusterrolebinding.yaml 8 | - qual-test-update-job.yaml 9 | - serviceaccount.yaml 10 | - qual-test-version.yaml -------------------------------------------------------------------------------- /upgrade_downgrade/templates/iop-control-plane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | metadata: 4 | name: control-plane 5 | spec: 6 | profile: default 7 | components: 8 | ingressGateways: 9 | - name: istio-ingressgateway 10 | enabled: false 11 | -------------------------------------------------------------------------------- /perf/benchmark/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: benchmark 3 | version: '1.0' 4 | description: Helm chart for istio twoPodTest 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/stability/alertmanager/templates/alertmanagerconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: {} 3 | kind: Secret 4 | metadata: 5 | name: alertmanager-main 6 | namespace: istio-prometheus 7 | stringData: 8 | alertmanager.yaml: 9 | {{ toYaml .Values.config | quote }} 10 | 11 | type: Opaque 12 | --- 13 | -------------------------------------------------------------------------------- /perf_dashboard/deploy/perf-dashboard/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: metrics-server 3 | repository: https://kubernetes-charts.storage.googleapis.com/ 4 | version: 2.10.1 5 | digest: sha256:c75279e9b6d88f0a07c058a7f9d91cb60dad44360f84bc908c5e82fa12bb4abc 6 | generated: "2020-03-21T03:55:25.569795-07:00" 7 | -------------------------------------------------------------------------------- /perf/benchmark/configs/trialrun.yaml: -------------------------------------------------------------------------------- 1 | telemetry_mode: "dryrun" 2 | conn: 3 | - 8 4 | qps: 5 | - 10 6 | duration: 100 7 | metrics: 8 | - p50 9 | - p90 10 | - p99 11 | perf_record: false 12 | run_bothsidecar: true 13 | run_serversidecar: false 14 | run_clientsidecar: false 15 | run_baseline: false 16 | -------------------------------------------------------------------------------- /perf/stability/mysql/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: mysql 3 | version: '1.0' 4 | description: Helm chart for testing MySQL with Istio. 5 | keywords: 6 | - istio 7 | - mysql 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/automtls.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | global: 6 | mtls: 7 | enabled: false 8 | auto: true 9 | # Requiring grafana to show the perf dashboard. 10 | grafana: 11 | enabled: true -------------------------------------------------------------------------------- /perf/load/rotate/README.md: -------------------------------------------------------------------------------- 1 | Config-changer has a rotate script that does the following 2 | 3 | 1. Fetch cert and key from citadel 4 | 1. Generate short lived certificate 5 | 1. Rotate cert 6 | 7 | The script requires `generate_cert` tool from the security repository. 8 | The Dockerfile contained here builds the image. 9 | -------------------------------------------------------------------------------- /perf/stability/http10/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: http10 3 | version: '1.0' 4 | description: Helm chart for istio http 1.0 testing 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/stability/redis/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: redis 3 | version: '1.0' 4 | description: Example Helm chart for Redis on Istio 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/load/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: load 3 | version: '1.0' 4 | description: Helm chart for servicegraph test 5 | keywords: 6 | - istio 7 | - performance 8 | - qualification 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /perf/load/auto-mtls/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: auto-mtls 3 | version: '1.0' 4 | description: Istio Auto MTLS Testing 5 | keywords: 6 | - istio 7 | - mtls 8 | - qualification 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /perf/stability/logs-checker/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: logs-checker 3 | version: '1.0' 4 | description: Helm chart for logs checker 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/load/pilot/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: pilot 3 | version: '1.0' 4 | description: Helm chart for pilot-loadtest 5 | keywords: 6 | - istio 7 | - performance 8 | - qualification 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /perf/stability/alertmanager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: alertmanager 3 | version: '1.0' 4 | description: Helm chart for configuring alertmanager 5 | keywords: 6 | - istio 7 | - alertmanager 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png -------------------------------------------------------------------------------- /perf/stability/intermediary/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: intermediary 3 | version: '1.0' 4 | description: Helm chart for intermediary proxy. 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/stability/rabbitmq/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: rabbitmq 3 | version: '1.0' 4 | description: Helm chart for testing rabbitmq on Istio 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/stability/istio-chaos-total/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-chaos-total 3 | version: '1.0' 4 | description: Helm chart for istio chaos test 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/stability/istio-upgrader/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-upgrader 3 | version: '1.0' 4 | description: Helm chart for istio upgrader test 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/benchmark/configs/linkerd/linkerd_latency.yaml: -------------------------------------------------------------------------------- 1 | mesh: "linkerd" 2 | conn: 3 | - 2 4 | - 4 5 | - 8 6 | - 16 7 | - 32 8 | - 64 9 | qps: 10 | - 1000 11 | duration: 240 12 | metrics: 13 | - p50 14 | - p90 15 | - p99 16 | perf_record: false 17 | run_serversidecar: true 18 | run_baseline: true 19 | -------------------------------------------------------------------------------- /perf/docker/Dockerfile.rabbitmq: -------------------------------------------------------------------------------- 1 | FROM python:alpine 2 | 3 | # hadolint ignore=DL3013 4 | RUN pip3 install --no-cache-dir -q pika prometheus_client 5 | 6 | ENV ADDRESS rabbitmq 7 | ENV USERNAME istio 8 | 9 | COPY rabbitmq/client.py /client.py 10 | COPY prom_client.py /prom_client.py 11 | 12 | CMD ["python3", "-u", "/client.py"] 13 | -------------------------------------------------------------------------------- /perf/stability/canary-upgrader/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: canary-upgrader 3 | version: '1.0' 4 | description: Helm chart for istio canary upgrader 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/stability/istio-chaos-partial/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: istio-chaos-partial 3 | version: '1.0' 4 | description: Helm chart for istio chaos test 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/stability/looper/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: looper 3 | version: '1.0' 4 | description: Helm chart for istio testing of envoy infinite loop cases 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf/load/loadclient/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: loadclient 3 | version: '1.0' 4 | description: Helm chart for loading thru ingress 5 | keywords: 6 | - istio 7 | - performance 8 | - qualification 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /perf/stability/graceful-shutdown/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: graceful-shutdown 3 | version: '1.0' 4 | description: Helm chart for istio graceful-shutdown 5 | keywords: 6 | - istio 7 | - performance 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /perf_dashboard/deploy/perf-dashboard/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: perf-dashboard 3 | description: A Helm chart for Istio perf-dashboard 4 | version: 0.1.0 5 | keywords: 6 | - istio 7 | - perf 8 | - perf-dashboard 9 | sources: 10 | - https://github.com/istio/tools/perf_dashboard 11 | icon: https://istio.io/favicons/android-192x192.png -------------------------------------------------------------------------------- /isotope/example-topologies/canonical.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | requestSize: 1 KB 3 | responseSize: 1 KB 4 | numRbacPolicies: 3 5 | services: 6 | - name: a 7 | - name: b 8 | - name: c 9 | script: 10 | - call: a 11 | - call: b 12 | - name: d 13 | isEntrypoint: true 14 | script: 15 | - - call: a 16 | - call: c 17 | - call: b 18 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_stats/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | prometheus: 10 | enabled: true 11 | stackdriver: 12 | enabled: false 13 | -------------------------------------------------------------------------------- /perf/stability/gateway-bouncer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: gateway-bouncer 3 | version: 1.1.0 4 | description: Helm chart of the 'Gateway Bouncer' scenario. 5 | keywords: 6 | - istio 7 | - ingressgateway 8 | sources: 9 | - http://github.com/istio/istio 10 | engine: gotpl 11 | icon: https://istio.io/favicons/android-192x192.png 12 | -------------------------------------------------------------------------------- /cmd/cue-gen/test/istio.io/api/cue.yaml: -------------------------------------------------------------------------------- 1 | module: istio.io/api 2 | 3 | openapi: 4 | selfContained: true 5 | fieldFilter: "min.*|max.*" 6 | 7 | directories: 8 | foo/v1alpha3: 9 | - mode: perFile 10 | foo/v1beta1: 11 | - mode: perFile 12 | meta/v1beta1: 13 | - mode: perFile 14 | 15 | crd: 16 | dir: ../../generated/kubernetes/ 17 | -------------------------------------------------------------------------------- /isotope/example-topologies/canonical-2-replicas.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | requestSize: 1 KB 3 | responseSize: 1 KB 4 | numReplicas: 2 5 | services: 6 | - name: a 7 | - name: b 8 | - name: c 9 | script: 10 | - call: a 11 | - call: b 12 | - name: d 13 | isEntrypoint: true 14 | script: 15 | - - call: a 16 | - call: c 17 | - call: b 18 | -------------------------------------------------------------------------------- /perf/stability/istio-upgrader/README.md: -------------------------------------------------------------------------------- 1 | # Istio Redeployment Test 2 | 3 | This test periodically triggers a redeployment of Istio. 4 | 5 | ImagePullPolicy should be set to Always to get the most impact from this test, as this will pull down new updates if you are using an image like `latest-daily`. This is set already if Istio is installed with the perf test setup. -------------------------------------------------------------------------------- /perf/auto-qual-test/base/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: testrunner-cluster-admin 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - kind: ServiceAccount 11 | name: testrunner 12 | namespace: default 13 | -------------------------------------------------------------------------------- /perf/istio-install/base/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: base 3 | version: 0.5.0 4 | description: Helm chart for istio integration test 5 | keywords: 6 | - istio 7 | - security 8 | - sidecar-injector 9 | - mixer 10 | - pilot 11 | sources: 12 | - http://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /perf/benchmark/configs/run_perf_test.conf: -------------------------------------------------------------------------------- 1 | none=true 2 | none_tcp=true 3 | plaintext=false 4 | telemetryv2_sd_full=true 5 | telemetryv2_sd_full_accesslogpolicy=false 6 | telemetryv2_sd_nologging=true 7 | telemetryv2_stats=true 8 | telemetryv2_statswasm=true 9 | security_authz_ip=true 10 | security_authz_path=true 11 | security_peer_authn=true 12 | security_authz_jwt=true 13 | -------------------------------------------------------------------------------- /perf/security/sds-tests/workload-sds/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: workload-sds 3 | version: '1.0' 4 | description: Helm chart for workload sds tests 5 | keywords: 6 | - istio 7 | - citadel 8 | - sds 9 | - performance 10 | - qualification 11 | sources: 12 | - http://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/favicons/android-192x192.png -------------------------------------------------------------------------------- /common/config/mdl.rb: -------------------------------------------------------------------------------- 1 | all 2 | rule 'MD002', :level => 1 3 | rule 'MD007', :indent => 4 4 | rule 'MD013', :line_length => 160, :code_blocks => false, :tables => false 5 | rule 'MD026', :punctuation => ".,;:!" 6 | exclude_rule 'MD013' 7 | exclude_rule 'MD014' 8 | exclude_rule 'MD030' 9 | exclude_rule 'MD032' 10 | exclude_rule 'MD033' 11 | exclude_rule 'MD041' 12 | exclude_rule 'MD046' 13 | -------------------------------------------------------------------------------- /examples/luacheck/templates/filter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: EnvoyFilter 3 | metadata: 4 | name: jwt-reject-lua-filter 5 | spec: 6 | filters: 7 | - listenerMatch: 8 | listenerType: GATEWAY 9 | filterName: envoy.lua 10 | filterType: HTTP 11 | filterConfig: 12 | inlineCode: |- 13 | {{ .Files.Get "jwt.lua" | nindent 10 }} 14 | -------------------------------------------------------------------------------- /isotope/go.mod: -------------------------------------------------------------------------------- 1 | module istio.io/tools/isotope 2 | 3 | go 1.14 4 | 5 | require ( 6 | github.com/docker/go-units v0.4.0 7 | github.com/google/uuid v1.1.1 8 | github.com/prometheus/client_golang v1.5.1 9 | github.com/spf13/cobra v0.0.7 10 | istio.io/pkg v0.0.0-20200327214633-ce134a9bd104 11 | k8s.io/api v0.18.0 12 | k8s.io/apimachinery v0.18.0 13 | sigs.k8s.io/yaml v1.2.0 14 | ) 15 | -------------------------------------------------------------------------------- /perf/security/workload-deployments/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: workload-deployments 3 | version: '1.0' 4 | description: Helm chart for sds citadel tests 5 | keywords: 6 | - istio 7 | - citadel 8 | - sds 9 | - performance 10 | - qualification 11 | sources: 12 | - http://github.com/istio/istio 13 | engine: gotpl 14 | icon: https://istio.io/favicons/android-192x192.png 15 | -------------------------------------------------------------------------------- /perf/stability/multicluster-vpn/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: multicluster-vpn 3 | version: '1.0' 4 | description: Istio Multicluster (VPN-mode) stability test setup (primary cluster side) 5 | keywords: 6 | - istio 7 | - stability 8 | - multicluster 9 | sources: 10 | - http://github.com/istio/istio 11 | engine: gotpl 12 | icon: https://istio.io/favicons/android-192x192.png 13 | -------------------------------------------------------------------------------- /perf_dashboard/deploy/perf-dashboard/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "perf-dashboard.fullname" . }} 5 | labels: 6 | app: {{ include "perf-dashboard.name" . }} 7 | spec: 8 | type: NodePort 9 | selector: 10 | app: {{ include "perf-dashboard.name" . }} 11 | ports: 12 | - protocol: TCP 13 | port: {{ .Values.port }} -------------------------------------------------------------------------------- /perf/docker/Dockerfile.redis: -------------------------------------------------------------------------------- 1 | FROM python:alpine 2 | 3 | # hadolint ignore=DL3013 4 | RUN pip3 install --no-cache-dir -q redis prometheus_client 5 | 6 | ENV PORT 6379 7 | ENV ADDRESS redis-master 8 | 9 | ENV SLAVE_PORT 6379 10 | ENV SLAVE_ADDRESS redis-slave 11 | 12 | COPY redis/client.py /client.py 13 | COPY prom_client.py /prom_client.py 14 | 15 | CMD ["python3", "-u", "/client.py"] 16 | -------------------------------------------------------------------------------- /perf/stability/sds-certmanager/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: sds-certmanager 3 | version: 1.1.0 4 | description: Helm chart of the 'K8S Ingress + SDS + CertManager' scenario. 5 | keywords: 6 | - istio 7 | - ingressgateway 8 | - certmanager 9 | - sds 10 | sources: 11 | - http://github.com/istio/istio 12 | engine: gotpl 13 | icon: https://istio.io/favicons/android-192x192.png 14 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.descriptor linguist-generated=true 2 | *.descriptor -diff -merge 3 | *.descriptor_set linguist-generated=true 4 | *.descriptor_set -diff -merge 5 | *.pb.html linguist-generated=true 6 | *.pb.go linguist-generated=true 7 | *.gen.go linguist-generated=true 8 | *.gen.yaml linguist-generated=true 9 | *.gen.json linguist-generated=true 10 | *_pb2.py linguist-generated=true 11 | -------------------------------------------------------------------------------- /perf/istio-install/base/values.yaml: -------------------------------------------------------------------------------- 1 | prometheus: 2 | enabled: true 3 | deploy: true 4 | memory: 32Gi 5 | storage: 500Gi 6 | 7 | storageclass: 8 | deploy: true 9 | 10 | domain: v103.qualistio.org 11 | 12 | certManager: 13 | enabled: false 14 | # Can be prod/staging 15 | server: prod 16 | email: "" 17 | 18 | als: 19 | enabled: false 20 | Image: gcr.io/mixologist-142215/als:v002 21 | -------------------------------------------------------------------------------- /SUPPORT.md: -------------------------------------------------------------------------------- 1 | # Support 2 | 3 | Here are some resources to help you understand and use Istio: 4 | 5 | - For in-depth information about how to use Istio, visit [istio.io](https://istio.io) 6 | - To ask questions and get assistance from our community, visit [discuss.istio.io](https://discuss.istio.io) 7 | - To learn how to participate in our overall community, visit [our community page](https://istio.io/about/community) 8 | -------------------------------------------------------------------------------- /perf_dashboard/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | web: 5 | build: . 6 | command: bash -c "python manage.py makemigrations && python manage.py migrate && python manage.py runserver localhost:8000" 7 | container_name: perf_dashboard 8 | volumes: 9 | - .:/perf_dashboard 10 | environment: 11 | - CUR_RELEASE=release-1.11 12 | ports: 13 | - "8000:8000" 14 | -------------------------------------------------------------------------------- /examples/luacheck/templates/meshPolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.globalMeshPolicy }} 2 | apiVersion: authentication.istio.io/v1alpha1 3 | kind: MeshPolicy 4 | metadata: 5 | name: default 6 | spec: 7 | origins: 8 | - jwt: 9 | issuer: testing@secure.istio.io 10 | jwksUri: https://raw.githubusercontent.com/istio/istio/master/security/tools/jwt/samples/jwks.json 11 | peers: 12 | - mtls: {} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /perf/load/pilot/templates/service-entries.yaml: -------------------------------------------------------------------------------- 1 | {{ range until (int .Values.serviceEntries) }} 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: ServiceEntry 4 | metadata: 5 | name: ext-svc-{{.}} 6 | spec: 7 | hosts: 8 | - {{.}}.example.com 9 | ports: 10 | - number: 80 11 | name: http 12 | protocol: HTTP 13 | - number: 443 14 | name: https 15 | protocol: HTTPS 16 | --- 17 | {{ end }} -------------------------------------------------------------------------------- /perf/stability/istio-chaos-partial/README.md: -------------------------------------------------------------------------------- 1 | # Istio Chaos Partial Test 2 | 3 | This test creates a cronjob that runs every `chaosIntervalMinutes` and does the following: 4 | 5 | 1. Selects a component to kill instances of. 6 | 1. Kills all but one instance of the chosen component (or the single instance if there is only one). 7 | 8 | This is designed to test partial failure of the different control plane components on the data plane. 9 | -------------------------------------------------------------------------------- /examples/luacheck/README.md: -------------------------------------------------------------------------------- 1 | The Lua filter is injected before the Istio `jwt-auth` filter. If a JWT token is presented on an HTTP request, the Lua filter will check if the JWT token header contains `alg:ES256`, and if so, reject the request. 2 | 3 | To install the Lua filter, please invoke the following commands: 4 | 5 | ```bash 6 | $ git clone git@github.com:istio/tools.git 7 | $ cd tools/examples/luacheck/ 8 | $ ./setup.sh 9 | ``` 10 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_statswasm/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | metadataExchange: 10 | wasmEnabled: true 11 | prometheus: 12 | enabled: true 13 | wasmEnabled: true 14 | stackdriver: 15 | enabled: false 16 | -------------------------------------------------------------------------------- /perf/stability/redis/README.md: -------------------------------------------------------------------------------- 1 | # Redis 2 | 3 | This test installs an instance of Redis using the [stable/redis](https://github.com/helm/charts/tree/master/stable/redis) Helm chart. 4 | 5 | The Redis install is generated using `helm template stable/redis --set password=istio --name redis` 6 | 7 | Additionally, a simple redis client is created that repeatedly writes to the master instance, then tries to read that value from the master and slave instance. 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Go Report Card](https://goreportcard.com/badge/github.com/istio/tools)](https://goreportcard.com/report/github.com/istio/tools) 2 | [![GoDoc](https://godoc.org/github.com/istio/tools?status.svg)](https://godoc.org/github.com/istio/tools) 3 | 4 | # Tools 5 | 6 | This repository contains tools useful in building Istio. 7 | 8 | ## Performance Testing 9 | 10 | See [perf](./perf/README.md) for details on how to setup the performance and stability tests. 11 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Config: No telemetry 3 | telemetry_mode: "none" 4 | conn: 5 | - 16 6 | qps: 7 | - 10 8 | - 100 9 | - 200 10 | - 400 11 | - 800 12 | - 1000 13 | duration: 240 14 | perf_record: true 15 | run_bothsidecar: true 16 | run_serversidecar: false 17 | run_clientsidecar: false 18 | run_baseline: true 19 | 20 | extra_labels: "mtls" 21 | 22 | jitter: true 23 | protocol_mode: tcp 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/plaintext/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Config: plaintext 3 | telemetry_mode: "none" 4 | conn: 5 | - 16 6 | qps: 7 | - 10 8 | - 100 9 | - 200 10 | - 400 11 | - 800 12 | - 1000 13 | duration: 240 14 | size: 1024 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "plaintext" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_nologging/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | prometheus: 10 | enabled: false 11 | stackdriver: 12 | enabled: true 13 | topology: true 14 | inboundAccessLogging: "NONE" 15 | outboundAccessLogging: "NONE" 16 | -------------------------------------------------------------------------------- /perf/stability/istio-chaos-total/values.yaml: -------------------------------------------------------------------------------- 1 | namespace: istio-chaos-total 2 | chaosIntervalMinutes: 2 # Must be greater than duration to avoid race conditions... Unless you want chaos^2! 3 | chaosDurationMinutes: 1 4 | chaosLevel: 3 # The maximum number of components to kill simultaneously, selected at random. 5 | components: istio-pilot istio-citadel istio-galley istio-policy istio-telemetry istio-tracing 6 | kubectlImage: gcr.io/istio-release/kubectl:master-latest-daily 7 | -------------------------------------------------------------------------------- /perf/stability/mysql/README.md: -------------------------------------------------------------------------------- 1 | # MySQL Testing 2 | 3 | This tests ensures Istio working with MySQL, with or without mTLS enabled. 4 | 5 | The setup consists of two parts 6 | 7 | - A MySQL server. 8 | - A MySQL command line client. 9 | 10 | Both of them have Istio sidecar injected. We test the connectivity from client to server by sending 11 | a few commands from the cli to the server. 12 | 13 | ## How To Run The Test 14 | 15 | ```bash 16 | make mysql 17 | ``` 18 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | prometheus: 10 | enabled: false 11 | stackdriver: 12 | enabled: true 13 | topology: true 14 | inboundAccessLogging: "FULL" 15 | outboundAccessLogging: "ERRORS_ONLY" 16 | -------------------------------------------------------------------------------- /perf/load/auto-mtls/Dockerfile: -------------------------------------------------------------------------------- 1 | # Docker image for config changer. 2 | FROM gcr.io/google-containers/hyperkube:v1.12.1 3 | RUN apt-get update \ 4 | && apt-get install -y curl=7.52.1-5+deb9u9\ 5 | python3-pip=9.0.1-2+deb9u1 \ 6 | python3-dev=3.5.3-1 \ 7 | --no-install-recommends \ 8 | && ln -s /usr/bin/python3 /usr/local/bin/python \ 9 | && pip3 install --no-cache-dir --upgrade pip==19.2.3 \ 10 | && apt-get clean \ 11 | && rm -rf /var/lib/apt/lists/* 12 | -------------------------------------------------------------------------------- /perf/stability/gateway-bouncer/values.yaml: -------------------------------------------------------------------------------- 1 | fortioImage: fortio/fortio:latest 2 | pilotImage: gcr.io/istio-release/pilot:release-1.1-latest-daily 3 | kubectlImage: gcr.io/istio-release/kubectl:release-1.1-latest-daily 4 | proxyImage: gcr.io/istio-release/proxyv2:release-1.1-latest-daily 5 | 6 | ingressRestartFrequencyMins: 5 7 | pilotDowntimeDurationSec: 60s 8 | numOfClientConns: 10 9 | numOfClientQps: 100 10 | clientConnTimeoutDuration: 15s 11 | 12 | namespace: test 13 | -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-deepcopy/test/Makefile: -------------------------------------------------------------------------------- 1 | 2 | go_package = istio.io/tools/cmd/protoc-gen-deepcopy/test/generated 3 | 4 | all: clean test 5 | 6 | clean: 7 | if [ -d "generated" ]; then rm -rf generated; fi 8 | 9 | test: generate gobuild gotest 10 | 11 | generate: 12 | if [ ! -d "generated" ]; then mkdir generated; fi 13 | protoc --go_out=./generated --deepcopy_out=:./generated types.proto 14 | 15 | gobuild: 16 | go build ./... 17 | 18 | gotest: 19 | go test . 20 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: No telemetry 3 | telemetry_mode: "none" 4 | conn: 5 | - 2 6 | - 4 7 | - 8 8 | - 16 9 | - 32 10 | - 64 11 | qps: 12 | - 1000 13 | duration: 240 14 | size: 1024 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: true 20 | 21 | extra_labels: "mtls" 22 | 23 | jitter: true 24 | protocol_mode: tcp 25 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none_tcp/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Config: No telemetry 3 | telemetry_mode: "none_tcp" 4 | conn: 5 | - 16 6 | qps: 7 | - 10 8 | - 100 9 | - 200 10 | - 400 11 | - 800 12 | - 1000 13 | duration: 240 14 | perf_record: true 15 | run_bothsidecar: true 16 | run_serversidecar: false 17 | run_clientsidecar: false 18 | run_baseline: true 19 | 20 | extra_labels: "mtls" 21 | 22 | jitter: true 23 | protocol_mode: tcp 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_stats/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-stats-nullvm" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_statswasm/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: wasm 4 | telemetry_mode: "v2-stats-wasm" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_stats/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-stats-nullvm" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: false 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_statswasm/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: wasm 4 | telemetry_mode: "v2-stats-wasm" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/none_tcp/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: No telemetry 3 | telemetry_mode: "none_tcp" 4 | conn: 5 | - 2 6 | - 4 7 | - 8 8 | - 16 9 | - 32 10 | - 64 11 | qps: 12 | - 1000 13 | duration: 240 14 | size: 1024 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: true 20 | 21 | extra_labels: "mtls" 22 | 23 | jitter: true 24 | protocol_mode: tcp 25 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: metadata-exchange and stackdriver filters 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-full-nullvm" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/stability/intermediary/templates/intermediary-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: httpbin 5 | spec: 6 | hosts: 7 | - httpbin 8 | http: 9 | - match: 10 | - sourceLabels: 11 | app: intermediary 12 | route: 13 | - destination: 14 | host: httpbin 15 | - route: # default destination for httpbin is the intermediary 16 | - destination: 17 | host: intermediary 18 | -------------------------------------------------------------------------------- /perf_dashboard/deploy/perf-dashboard/templates/autoscale.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: {{ include "perf-dashboard.fullname" . }} 5 | spec: 6 | scaleTargetRef: 7 | name: {{ include "perf-dashboard.fullname" . }} 8 | kind: Deployment 9 | apiVersion: apps/v1 10 | maxReplicas: {{ .Values.maxReplicas }} 11 | minReplicas: {{ .Values.minReplicas }} 12 | targetCPUUtilizationPercentage: {{ .Values.CPUUtilization }} -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-jsonshim/test/Makefile: -------------------------------------------------------------------------------- 1 | 2 | go_package = istio.io/tools/cmd/protoc-gen-jsonshim/test/generated 3 | 4 | all: clean test 5 | 6 | clean: 7 | if [ -d "generated" ]; then rm -rf generated; fi 8 | 9 | test: generate gobuild gotest 10 | 11 | generate: 12 | if [ ! -d "generated" ]; then mkdir generated; fi 13 | protoc --go_out=./generated --jsonshim_out=:./generated types.proto external.proto 14 | 15 | gobuild: 16 | go build ./... 17 | 18 | gotest: 19 | go test . 20 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: security_authz_ip 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_ip" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stackdriver filters 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-full-nullvm" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/stability/rabbitmq/README.md: -------------------------------------------------------------------------------- 1 | # RabbitMq 2 | 3 | This test runs an instance of RabbitMQ, as well as a client that sends messages and later tries to read them. 4 | 5 | ## Creating the template 6 | 7 | The base template was generated with: 8 | 9 | ```bash 10 | helm template stable/rabbitmq --name rabbitmq --set rabbitmq.password=istio --set rabbitmq.username=istio 11 | ``` 12 | 13 | Then, the `securityContext` was shifted to the container level rather than the pod level on line 281. 14 | -------------------------------------------------------------------------------- /perf_dashboard/deploy/perf-dashboard/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: {{ include "perf-dashboard.fullname" . }} 5 | annotations: 6 | kubernetes.io/ingress.global-static-ip-name: {{ .Values.ipName }} 7 | networking.gke.io/managed-certificates: {{ include "perf-dashboard.fullname" . }} 8 | spec: 9 | backend: 10 | serviceName: {{ include "perf-dashboard.fullname" . }} 11 | servicePort: {{ .Values.port }} -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: security_authz_path 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_path" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: security_peer_authn 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_peer_authn" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/stability/istio-chaos-total/README.md: -------------------------------------------------------------------------------- 1 | # Istio Chaos Total Test 2 | 3 | This test creates a cronjob that runs every `chaosIntervalMinutes` and does the following: 4 | 5 | 1. Selects a number (between 1 and `chaosLevel`) of components to simultaneously scale to zero. 6 | 1. Scales those components to zero 7 | 1. Sleeps for `chaosDurationMinutes` 8 | 1. Scales those components to one 9 | 10 | This is designed to test total failure of the different control plane components on the data plane. 11 | -------------------------------------------------------------------------------- /perf/stability/graceful-shutdown/README.md: -------------------------------------------------------------------------------- 1 | # Graceful Shutdown Test 2 | 3 | This test ensures that proxies will be shutdown gracefully. 4 | 5 | This is measured by sending many long lasting requests. 6 | 7 | When the server is redeployed, traffic should gracefully transition to the new deployment - connections should not be dropped. 8 | 9 | It is recommended to also run the `istio-upgrader` test or the `istio-chaos`, to ensure connections are able to handle Istio control plane upgrades and downtime. 10 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_nologging/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: metadata-exchange and stackdriver filters with logging off 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-nologging-nullvm" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_ip" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_path" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_peer_authn" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_nologging/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stackdriver filters with logging off 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-nologging-nullvm" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | jitter: true 22 | -------------------------------------------------------------------------------- /cmd/cue-gen/test/Makefile: -------------------------------------------------------------------------------- 1 | 2 | go_package = istio.io/tools/cmd/cue-gen/test/generated 3 | import_map = Mtypes.proto=$(go_package),Mexternal.proto=$(go_package) 4 | 5 | all: clean test 6 | 7 | clean: 8 | if [ -d "generated" ]; then rm -rf generated; fi 9 | 10 | test: generate gobuild gotest 11 | 12 | generate: 13 | if [ ! -d "generated" ]; then mkdir generated; fi 14 | ../cue-gen -f=istio.io/api/cue.yaml -crd=true -status=istio.meta.v1beta1.Status 15 | 16 | gobuild: 17 | go build ./... 18 | 19 | gotest: 20 | go test . 21 | -------------------------------------------------------------------------------- /common/config/.hadolint.yml: -------------------------------------------------------------------------------- 1 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 2 | # 3 | # The original version of this file is located in the https://github.com/istio/common-files repo. 4 | # If you're looking at this file in a different repo and want to make a change, please go to the 5 | # common-files repo, make the change there and check it in. Then come back to this repo and run 6 | # "make update-common". 7 | 8 | ignored: 9 | - DL3008 10 | - DL3059 11 | 12 | trustedRegistries: 13 | - gcr.io 14 | - docker.io 15 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/plaintext/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: plaintext 3 | telemetry_mode: "none" 4 | conn: 5 | - 2 6 | - 4 7 | - 8 8 | - 16 9 | - 32 10 | - 64 11 | qps: 12 | - 1000 13 | duration: 240 14 | perf_record: true 15 | # we only care about both sidecar mode, which is the base line for mTLs overhead comparison. 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "plaintext" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_jwt/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Config: security_authz_jwt 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_jwt" 22 | 23 | jitter: true 24 | 25 | header: $SECURITY_REQUEST_AUTHN_TOKEN 26 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full_accesslogpolicy/installation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | values: 5 | telemetry: 6 | enabled: true 7 | v2: 8 | enabled: true 9 | prometheus: 10 | enabled: false 11 | stackdriver: 12 | enabled: true 13 | topology: true 14 | inboundAccessLogging: "FULL" 15 | outboundAccessLogging: "ERRORS_ONLY" 16 | accessLogPolicy: 17 | enabled: true 18 | -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/sds-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | nodeAgent: 6 | enabled: true 7 | 8 | values: 9 | global: 10 | # Default is 10s second 11 | refreshInterval: 1s 12 | mtls: 13 | enabled: true 14 | sds: 15 | enabled: true 16 | udsPath: "unix:/var/run/sds/uds_path" 17 | useNormalJwt: true 18 | gateways: 19 | istio-ingressgateway: 20 | sds: 21 | enabled: false -------------------------------------------------------------------------------- /isotope/example-topologies/10-svc_10-end.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | numReplicas: 1 3 | services: 4 | - isEntrypoint: true 5 | name: svc-0 6 | script: 7 | - - call: svc-0-0 8 | - call: svc-0-1 9 | - call: svc-0-2 10 | - call: svc-0-3 11 | - call: svc-0-4 12 | - call: svc-0-5 13 | - call: svc-0-6 14 | - call: svc-0-7 15 | - call: svc-0-8 16 | - name: svc-0-0 17 | - name: svc-0-1 18 | - name: svc-0-2 19 | - name: svc-0-3 20 | - name: svc-0-4 21 | - name: svc-0-5 22 | - name: svc-0-6 23 | - name: svc-0-7 24 | - name: svc-0-8 25 | -------------------------------------------------------------------------------- /cmd/protoc-gen-deepcopy/test/Makefile: -------------------------------------------------------------------------------- 1 | 2 | go_package = istio.io/tools/cmd/protoc-gen-deepcopy/test/generated 3 | import_map = Mtypes.proto=$(go_package),Mexternal.proto=$(go_package) 4 | 5 | all: clean test 6 | 7 | clean: 8 | if [ -d "generated" ]; then rm -rf generated; fi 9 | 10 | test: generate gobuild gotest 11 | 12 | generate: 13 | if [ ! -d "generated" ]; then mkdir generated; fi 14 | protoc --gogofast_out=plugins=grpc:./generated --deepcopy_out=:./generated types.proto 15 | 16 | gobuild: 17 | go build ./... 18 | 19 | gotest: 20 | go test . 21 | -------------------------------------------------------------------------------- /isotope/example-topologies/10-svc_1000-end.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | numReplicas: 100 3 | services: 4 | - isEntrypoint: true 5 | name: svc-0 6 | script: 7 | - - call: svc-0-0 8 | - call: svc-0-1 9 | - call: svc-0-2 10 | - call: svc-0-3 11 | - call: svc-0-4 12 | - call: svc-0-5 13 | - call: svc-0-6 14 | - call: svc-0-7 15 | - call: svc-0-8 16 | - name: svc-0-0 17 | - name: svc-0-1 18 | - name: svc-0-2 19 | - name: svc-0-3 20 | - name: svc-0-4 21 | - name: svc-0-5 22 | - name: svc-0-6 23 | - name: svc-0-7 24 | - name: svc-0-8 25 | -------------------------------------------------------------------------------- /isotope/example-topologies/10-svc_10000-end.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | numReplicas: 1000 3 | services: 4 | - isEntrypoint: true 5 | name: svc-0 6 | script: 7 | - - call: svc-0-0 8 | - call: svc-0-1 9 | - call: svc-0-2 10 | - call: svc-0-3 11 | - call: svc-0-4 12 | - call: svc-0-5 13 | - call: svc-0-6 14 | - call: svc-0-7 15 | - call: svc-0-8 16 | - name: svc-0-0 17 | - name: svc-0-1 18 | - name: svc-0-2 19 | - name: svc-0-3 20 | - name: svc-0-4 21 | - name: svc-0-5 22 | - name: svc-0-6 23 | - name: svc-0-7 24 | - name: svc-0-8 25 | -------------------------------------------------------------------------------- /perf/stability/alertmanager/templates/alertmanager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: Alertmanager 3 | metadata: 4 | labels: 5 | alertmanager: main 6 | name: main 7 | namespace: istio-prometheus 8 | spec: 9 | image: {{ .Values.image.hub }}:{{ .Values.image.tag }} 10 | nodeSelector: 11 | kubernetes.io/os: linux 12 | replicas: {{ .Values.replicaCount }} 13 | securityContext: 14 | fsGroup: 2000 15 | runAsNonRoot: true 16 | runAsUser: 1000 17 | serviceAccountName: alertmanager-main 18 | version: v0.20.0 19 | --- -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_jwt/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stats filters 3 | # VM mode: nullvm 4 | telemetry_mode: "none" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "security_authz_jwt" 22 | 23 | jitter: true 24 | 25 | header: $SECURITY_REQUEST_AUTHN_TOKEN 26 | -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/istio-non-sds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | nodeAgent: 6 | enabled: false 7 | 8 | values: 9 | global: 10 | mtls: 11 | enabled: true 12 | sds: 13 | enabled: false 14 | udsPath: "" 15 | useNormalJwt: false 16 | gateways: 17 | istio-ingressgateway: 18 | sds: 19 | enabled: false 20 | security: 21 | # Short lived cert to test rotation. 22 | workloadCertTtl: 300m -------------------------------------------------------------------------------- /perf/stability/sds-certmanager/values.yaml: -------------------------------------------------------------------------------- 1 | fortioImage: fortio/fortio:latest 2 | pilotImage: gcr.io/istio-release/pilot:release-1.1-latest-daily 3 | kubectlImage: gcr.io/istio-release/kubectl:release-1.1-latest-daily 4 | proxyImage: gcr.io/istio-release/proxyv2:release-1.1-latest-daily 5 | nodeAgentImage: gcr.io/istio-release/node-agent-k8s:release-1.1-latest-daily 6 | certManagerImage: quay.io/jetstack/cert-manager-controller:v0.6.2 7 | 8 | numOfClientConns: 10 9 | numOfClientQps: 100 10 | clientConnTimeoutDuration: 15s 11 | 12 | namespace: test 13 | ingressDomain: "" -------------------------------------------------------------------------------- /cmd/protoc-gen-jsonshim/test/Makefile: -------------------------------------------------------------------------------- 1 | 2 | go_package = istio.io/tools/cmd/protoc-gen-jsonshim/test/generated 3 | import_map = Mtypes.proto=$(go_package),Mexternal.proto=$(go_package) 4 | 5 | all: clean test 6 | 7 | clean: 8 | if [ -d "generated" ]; then rm -rf generated; fi 9 | 10 | test: generate gobuild gotest 11 | 12 | generate: 13 | if [ ! -d "generated" ]; then mkdir generated; fi 14 | protoc --gogofast_out=plugins=grpc:./generated --jsonshim_out=:./generated types.proto external.proto 15 | 16 | gobuild: 17 | go build ./... 18 | 19 | gotest: 20 | go test . 21 | -------------------------------------------------------------------------------- /BUGS-AND-FEATURE-REQUESTS.md: -------------------------------------------------------------------------------- 1 | # Bugs and Feature Requests 2 | 3 | You can report bugs and feature requests to the Istio team in one of three places: 4 | 5 | - [Product Bugs and Feature Requests](https://github.com/istio/istio/issues) 6 | - [Documentation Bugs and Feature Requests](https://github.com/istio/istio.io/issues) 7 | - [Community and Governance Issues](https://github.com/istio/community/issues) 8 | 9 | For security vulnerabilities, please don't report a bug (which is public) and instead follow 10 | [these procedures](https://istio.io/about/security-vulnerabilities/). 11 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full_accesslogpolicy/cpu_mem.yaml: -------------------------------------------------------------------------------- 1 | # Data: cpu/mem 2 | # Filter: metadata-exchange and stackdriver filters and enable access log policy 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-full-nullvm-accesslog" 5 | conn: 6 | - 16 7 | qps: 8 | - 10 9 | - 100 10 | - 200 11 | - 400 12 | - 800 13 | - 1000 14 | duration: 240 15 | perf_record: true 16 | run_bothsidecar: true 17 | run_serversidecar: false 18 | run_clientsidecar: false 19 | run_baseline: false 20 | 21 | extra_labels: "mtls" 22 | 23 | jitter: true 24 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/telemetryv2_sd_full_accesslogpolicy/latency.yaml: -------------------------------------------------------------------------------- 1 | # Data: latency 2 | # Filter: metadata-exchange and stackdriver filters and enable access log policy 3 | # VM mode: nullvm 4 | telemetry_mode: "v2-sd-full-nullvm-accesslog" 5 | conn: 6 | - 2 7 | - 4 8 | - 8 9 | - 16 10 | - 32 11 | - 64 12 | qps: 13 | - 1000 14 | duration: 240 15 | size: 1024 16 | perf_record: true 17 | run_bothsidecar: true 18 | run_serversidecar: false 19 | run_clientsidecar: false 20 | run_baseline: false 21 | 22 | extra_labels: "mtls" 23 | 24 | jitter: true 25 | -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/multi-citadel-non-sds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | components: 5 | citadel: 6 | k8s: 7 | replicaCount: 3 8 | nodeAgent: 9 | enabled: false 10 | 11 | values: 12 | global: 13 | mtls: 14 | enabled: true 15 | sds: 16 | enabled: false 17 | udsPath: "" 18 | useNormalJwt: false 19 | security: 20 | workloadCertTtl: 30m 21 | gateways: 22 | istio-ingressgateway: 23 | sds: 24 | enabled: false -------------------------------------------------------------------------------- /perf_dashboard/static/js/utils.js: -------------------------------------------------------------------------------- 1 | function convertData(data) { 2 | var newData = {}; 3 | 4 | newData.datasets = data.datasets.map((dataset) => { 5 | return { 6 | label: dataset.label, 7 | backgroundColor: dataset.backgroundColor, 8 | borderColor: dataset.borderColor, 9 | hidden: dataset.hidden, 10 | fill: dataset.fill, 11 | data: 12 | dataset.data.map((d, i) => { 13 | return { 14 | x: data.labels[i], 15 | y: d, 16 | } 17 | }) 18 | }; 19 | }); 20 | 21 | return newData; 22 | } 23 | -------------------------------------------------------------------------------- /perf/stability/alertmanager/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.14 as builder 2 | WORKDIR /webhook 3 | COPY webhook.go . 4 | RUN go get github.com/prometheus/alertmanager/template 5 | RUN go get cloud.google.com/go/spanner 6 | RUN go get github.com/prometheus/client_golang/api 7 | RUN go get github.com/prometheus/client_golang/api/prometheus/v1 8 | RUN go get github.com/hashicorp/go-multierror 9 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo webhook.go 10 | 11 | FROM alpine:3.7 12 | WORKDIR /bin/ 13 | COPY --from=builder /webhook/webhook . 14 | CMD ["./webhook"] 15 | EXPOSE 5001 16 | -------------------------------------------------------------------------------- /isotope/service/Dockerfile: -------------------------------------------------------------------------------- 1 | # Note: this image must be built from the root of the repository for access to 2 | # the vendor folder. 3 | 4 | FROM golang:1.16.0 AS builder 5 | 6 | RUN mkdir /build 7 | 8 | COPY . /build/ 9 | 10 | WORKDIR /build 11 | 12 | RUN --mount=type=cache,target=/go/pkg/mod \ 13 | --mount=type=cache,target=/root/.cache/go-build \ 14 | GOARCH=amd64 CGO_ENABLED=0 GOOS=linux go build -o isotope_service ./service 15 | 16 | FROM alpine:3.12 17 | 18 | COPY --from=builder /build/isotope_service /usr/local/bin/isotope_service 19 | 20 | EXPOSE 8080 21 | 22 | ENTRYPOINT ["/usr/local/bin/isotope_service"] 23 | -------------------------------------------------------------------------------- /perf_dashboard/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf_dashboard/artifacts/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf_dashboard/helpers/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf_dashboard/history/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf/benchmark/templates/mtls.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: PeerAuthentication 3 | metadata: 4 | name: default 5 | namespace: {{ $.Values.namespace }} 6 | spec: 7 | mtls: 8 | mode: PERMISSIVE 9 | --- 10 | apiVersion: networking.istio.io/v1alpha3 11 | kind: DestinationRule 12 | metadata: 13 | name: fortioserver 14 | namespace: {{ $.Values.namespace }} 15 | spec: 16 | host: fortioserver 17 | trafficPolicy: 18 | portLevelSettings: 19 | - port: 20 | number: 8080 21 | tls: 22 | mode: ISTIO_MUTUAL 23 | - port: 24 | number: 8077 25 | tls: 26 | mode: DISABLE 27 | 28 | -------------------------------------------------------------------------------- /perf_dashboard/benchmarks/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf_dashboard/perf_dashboard/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf_dashboard/regressions/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf_dashboard/analyze_perf_issues/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf_dashboard/history/migrations/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf_dashboard/artifacts/migrations/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf_dashboard/benchmarks/migrations/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf_dashboard/deploy/perf-dashboard/values.yaml: -------------------------------------------------------------------------------- 1 | maxReplicas: 5 2 | replicas: 3 3 | minReplicas: 1 4 | CPUUtilization: 80 5 | 6 | nameOverride: "" 7 | fullnameOverride: "" 8 | 9 | ipName: perf-dashboard 10 | domain: perf.dashboard.istio.io 11 | 12 | env: 13 | - name: SECURE_SSL_REDIRECT 14 | value: "True" 15 | - name: NODE_IP 16 | valueFrom: 17 | fieldRef: 18 | fieldPath: status.hostIP 19 | 20 | image: gcr.io/istio-testing/perf-dashboard 21 | version: latest 22 | imagePullPolicy: Always 23 | 24 | port: 8000 25 | 26 | metrics-server: 27 | nameOverride: "" 28 | fullnameOverride: "" 29 | priorityClassName: "" 30 | serviceAccount: 31 | name: "" -------------------------------------------------------------------------------- /perf_dashboard/regressions/migrations/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /common/scripts/copyright-banner-go.txt: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /perf_dashboard/analyze_perf_issues/migrations/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /perf/stability/redis/templates/client.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: redis-client 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: redis-client 10 | template: 11 | metadata: 12 | labels: 13 | app: redis-client 14 | annotations: 15 | prometheus.io/scrape: "true" 16 | prometheus.io/port: "8080" 17 | prometheus.io/scheme: "http" 18 | spec: 19 | containers: 20 | - name: redis 21 | image: howardjohn/redis-perf-client 22 | imagePullPolicy: Always 23 | env: 24 | - name: PASSWORD 25 | value: istio 26 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | -------------------------------------------------------------------------------- /perf/stability/mysql/templates/mtls.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "authentication.istio.io/v1alpha1" 2 | kind: "Policy" 3 | metadata: 4 | name: mysql-server-plaintext-authn 5 | spec: 6 | targets: 7 | - name: mysql-server-plaintext 8 | --- 9 | apiVersion: "authentication.istio.io/v1alpha1" 10 | kind: "Policy" 11 | metadata: 12 | name: mysql-server-mtls-authn 13 | spec: 14 | targets: 15 | - name: mysql-server-mtls 16 | peers: 17 | - mtls: 18 | mode: STRICT 19 | --- 20 | apiVersion: networking.istio.io/v1alpha3 21 | kind: DestinationRule 22 | metadata: 23 | name: mysql-mtls-dr 24 | spec: 25 | host: "mysql-server-mtls" 26 | trafficPolicy: 27 | tls: 28 | mode: ISTIO_MUTUAL -------------------------------------------------------------------------------- /perf/stability/rabbitmq/templates/client.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: rabbitmq-client 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: rabbitmq-client 10 | template: 11 | metadata: 12 | labels: 13 | app: rabbitmq-client 14 | annotations: 15 | prometheus.io/scrape: "true" 16 | prometheus.io/port: "8080" 17 | prometheus.io/scheme: "http" 18 | spec: 19 | containers: 20 | - name: rabbitmq 21 | image: howardjohn/rabbitmq-perf-client 22 | imagePullPolicy: Always 23 | env: 24 | - name: PASSWORD 25 | value: istio 26 | -------------------------------------------------------------------------------- /cmd/goc/README.md: -------------------------------------------------------------------------------- 1 | # goc 2 | 3 | `goc` is a `go` command-line tool wrapper that injects code-coverage instrumentation into generated code. 4 | It instruments the compiled code using the standard Go toolchain command, and adds boilerplate code that allows 5 | collection of the coverage data through Ctrlz. 6 | 7 | `goc` mimics `go` and is meant to be a transparent utility. For all commands, except `build`, it will silently 8 | call `go` internally, as-is, passing all the command-line parameters and environment variables. For `build` command, 9 | it will copy and create and instrumented version of the code, before using the supplied command-line parametes and 10 | environment variables to invoke `go build` on the instrumented code. -------------------------------------------------------------------------------- /isotope/convert/README.md: -------------------------------------------------------------------------------- 1 | # Converter 2 | 3 | This subdirectory contains the Go command which converts topology YAML to 4 | various formats. 5 | 6 | The root main.go outputs a [Cobra](https://github.com/spf13/cobra) CLI for 7 | controlling the behavior of the program. 8 | 9 | ## Conversion Outputs 10 | 11 | - __Graphviz__ (`go run main.go graphviz `): 12 | Generates [Graphviz](https://www.graphviz.org) [DOT 13 | language](https://www.graphviz.org/doc/info/lang.html) 14 | - __Kubernetes__ (`go run main.go kubernetes ...`): 15 | Generates services and deployments for all topology services and the 16 | [Fortio](https://github.com/istio/fortio) client to load test against them. 17 | -------------------------------------------------------------------------------- /perf_dashboard/history/models.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.db import models 16 | 17 | # Create your models here. 18 | -------------------------------------------------------------------------------- /upgrade_downgrade/templates/fortio-cli.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: cli-fortio 6 | spec: 7 | backoffLimit: 5 8 | template: 9 | metadata: 10 | labels: 11 | app: cli-fortio 12 | annotations: 13 | sidecar.istio.io/inject: "false" 14 | spec: 15 | restartPolicy: "OnFailure" 16 | containers: 17 | - name: echosrv 18 | image: istio/fortio:latest 19 | imagePullPolicy: Always 20 | args: 21 | - load 22 | - -c 23 | - "32" 24 | - -t 25 | - "500s" 26 | - -qps 27 | - "10" 28 | - http://echosrv.test.svc.cluster.local:8080/echo?size=200 29 | -------------------------------------------------------------------------------- /Makefile.overrides.mk: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # this repo is on the container plan by default 16 | BUILD_WITH_CONTAINER ?= 1 17 | -------------------------------------------------------------------------------- /perf_dashboard/artifacts/models.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.db import models 16 | 17 | # Create your models here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/artifacts/tests.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.test import TestCase 16 | 17 | # Create your tests here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/benchmarks/models.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.db import models 16 | 17 | # Create your models here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/benchmarks/tests.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.test import TestCase 16 | 17 | # Create your tests here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/history/admin.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.contrib import admin 16 | 17 | # Register your models here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/history/tests.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.test import TestCase 16 | 17 | # Create your tests here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/regressions/models.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.db import models 16 | 17 | # Create your models here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/regressions/tests.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.test import TestCase 16 | 17 | # Create your tests here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/artifacts/admin.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.contrib import admin 16 | 17 | # Register your models here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/benchmarks/admin.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.contrib import admin 16 | 17 | # Register your models here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/regressions/admin.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.contrib import admin 16 | 17 | # Register your models here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/static/js/latency_qps.js: -------------------------------------------------------------------------------- 1 | /* Latency Charts */ 2 | // labels along the x-axis 3 | var qpsNum = ["10", "100", "200", "400", "800", "1000"]; 4 | // x-axis and y-axis labels 5 | var options = { 6 | scales: { 7 | yAxes: [{ 8 | scaleLabel: { 9 | display: true, 10 | labelString: "Latency in milliseconds" 11 | } 12 | }], 13 | xAxes: [{ 14 | type: "linear", 15 | scaleLabel: { 16 | display: true, 17 | labelString: "QPS" 18 | } 19 | }] 20 | } 21 | }; 22 | 23 | window.onload = function () { 24 | generateLatencyChart(qpsNum, options) 25 | }; 26 | -------------------------------------------------------------------------------- /perf_dashboard/analyze_perf_issues/models.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.db import models 16 | 17 | # Create your models here. 18 | -------------------------------------------------------------------------------- /perf_dashboard/analyze_perf_issues/tests.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.test import TestCase 16 | 17 | # Create your tests here. 18 | -------------------------------------------------------------------------------- /perf/stability/graceful-shutdown/templates/client.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: client 5 | labels: 6 | app: client 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: client 11 | replicas: 2 12 | template: 13 | metadata: 14 | labels: 15 | app: client 16 | spec: 17 | containers: 18 | - name: client 19 | image: {{ .Values.fortioImage }} 20 | args: 21 | - load 22 | - -qps 23 | - "{{ .Values.qps }}" 24 | - -t 25 | - "0" 26 | - http://httpbin:8000/delay/{{ .Values.connectionDuration }} 27 | resources: 28 | requests: 29 | cpu: 50m 30 | memory: 128Mi 31 | -------------------------------------------------------------------------------- /perf_dashboard/analyze_perf_issues/admin.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.contrib import admin 16 | 17 | # Register your models here. 18 | -------------------------------------------------------------------------------- /perf/load/README.md: -------------------------------------------------------------------------------- 1 | # Load Testing 2 | 3 | This directory contains tools to generate large services to test Istio under heavy load. 4 | 5 | ## Service Graph 6 | 7 | Service Graph provides a large tree of 20 services that will call each other, generated by [isotope](../../isotope): 8 | ![service-graph-diagram.png](service-graph-diagram.png) 9 | 10 | It will also set up an instance of [Fortio](https://github.com/fortio/fortio#fortio) to generate load. 11 | 12 | ## Setup 13 | 14 | To setup a service graph, run `./setup_large_test.sh NUM`, where num is the number of instances to run. 15 | 16 | Each instance will be created in a namespace `service-graph##`. 17 | 18 | Each instance requests roughly 6 vCPUs and 6Gi of memory with Istio defaults. 19 | -------------------------------------------------------------------------------- /perf_dashboard/static/js/latency_conn.js: -------------------------------------------------------------------------------- 1 | /* Latency Charts */ 2 | 3 | // labels along the x-axis 4 | var connNum = ["2", "4", "8", "16", "32", "64"]; 5 | // x-axis and y-axis labels 6 | var options = { 7 | scales: { 8 | yAxes: [{ 9 | scaleLabel: { 10 | display: true, 11 | labelString: "Latency in milliseconds" 12 | } 13 | }], 14 | xAxes: [{ 15 | type: "linear", 16 | scaleLabel: { 17 | display: true, 18 | labelString: "Connections" 19 | } 20 | }] 21 | } 22 | }; 23 | 24 | window.onload = function () { 25 | generateLatencyChart(connNum, options) 26 | }; 27 | 28 | -------------------------------------------------------------------------------- /common/config/tslint.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultSeverity": "error", 3 | "extends": [ 4 | "tslint:recommended" 5 | ], 6 | "rules": { 7 | "max-line-length": { 8 | "options": [160] 9 | }, 10 | "arrow-parens": false, 11 | "new-parens": true, 12 | "no-arg": true, 13 | "no-bitwise": true, 14 | "no-conditional-assignment": true, 15 | "no-consecutive-blank-lines": true, 16 | "no-console": { 17 | "severity": "warning", 18 | "options": ["debug", "info", "log", "time", "timeEnd", "trace"] 19 | }, 20 | "no-shadowed-variable": false, 21 | "eofline": false 22 | }, 23 | "jsRules": {}, 24 | "rulesDirectory": [] 25 | } -------------------------------------------------------------------------------- /perf_dashboard/history/apps.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.apps import AppConfig 16 | 17 | 18 | class HistoryConfig(AppConfig): 19 | name = 'history' 20 | -------------------------------------------------------------------------------- /isotope/example-topologies/tree-13-services.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | numReplicas: 6 3 | services: 4 | - isEntrypoint: true 5 | name: d 6 | script: 7 | - - call: svc-0-0 8 | - call: svc-0-1 9 | - call: svc-0-2 10 | - name: svc-0-0 11 | script: 12 | - - call: svc-0-0-0 13 | - call: svc-0-0-1 14 | - call: svc-0-0-2 15 | - name: svc-0-1 16 | script: 17 | - - call: svc-0-1-0 18 | - call: svc-0-1-1 19 | - call: svc-0-1-2 20 | - name: svc-0-2 21 | script: 22 | - - call: svc-0-2-0 23 | - call: svc-0-2-1 24 | - call: svc-0-2-2 25 | - name: svc-0-0-0 26 | - name: svc-0-0-1 27 | - name: svc-0-0-2 28 | - name: svc-0-1-0 29 | - name: svc-0-1-1 30 | - name: svc-0-1-2 31 | - name: svc-0-2-0 32 | - name: svc-0-2-1 33 | - name: svc-0-2-2 34 | -------------------------------------------------------------------------------- /perf_dashboard/artifacts/apps.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.apps import AppConfig 16 | 17 | 18 | class ArtifactsConfig(AppConfig): 19 | name = 'artifacts' 20 | -------------------------------------------------------------------------------- /cmd/evaluate-docs/scorer.go: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | type scorer interface { 18 | Score(filenames []FileEntry) []FileEntry 19 | } 20 | -------------------------------------------------------------------------------- /perf_dashboard/benchmarks/apps.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.apps import AppConfig 16 | 17 | 18 | class BenchmarksConfig(AppConfig): 19 | name = 'benchmarks' 20 | -------------------------------------------------------------------------------- /cmd/mvpage/README.md: -------------------------------------------------------------------------------- 1 | # mvpage 2 | 3 | This tool simplifies the task of moving markdown pages within istio.io. You run the tool with 4 | 5 | ```bash 6 | mvpage 7 | ``` 8 | 9 | When the original and new markdown files are located in one of Hugo's content directory 10 | within the repo. The command will: 11 | 12 | - Move the original file to the new location (creating any necessary directories along the way). 13 | 14 | - Update all links to the moved page within the web site to point to the page's new location. 15 | 16 | - Add an alias entry to the page's front-matter such that any bookmarks set to the old page's 17 | address will continue working and be redirected to the new address automatically. 18 | -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/long-running.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | spec: 4 | meshConfig: 5 | defaultConfig: 6 | proxyMetadata: 7 | ISTIO_META_DNS_CAPTURE: "true" 8 | components: 9 | ingressGateways: 10 | - name: istio-ingressgateway 11 | enabled: false 12 | pilot: 13 | enabled: true 14 | k8s: 15 | resources: 16 | limits: 17 | cpu: 4800m 18 | memory: 6G 19 | requests: 20 | cpu: 1000m 21 | memory: 2G 22 | values: 23 | global: 24 | proxy: 25 | enableCoreDump: true 26 | resources: 27 | requests: 28 | cpu: 250m 29 | memory: 256Mi 30 | 31 | 32 | -------------------------------------------------------------------------------- /perf_dashboard/regressions/apps.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.apps import AppConfig 16 | 17 | 18 | class RegressionsConfig(AppConfig): 19 | name = 'regression_alerts' 20 | -------------------------------------------------------------------------------- /perf/other/multicluster-vpc/README.md: -------------------------------------------------------------------------------- 1 | Multi Cluster VPC Suite tests Istio Multi Cluster feature with shared VPC. 2 | 3 | To setup the environment and deploy BookInfo app to two cluters. 4 | 5 | ```plain 6 | RELEASE="release-1.1-20190209-09-16" proj="your-gcp-project" \ 7 | zone="us-central1-a" cluster1="cluster1" cluster2="cluster2" \ 8 | ./setup.sh setup 9 | ``` 10 | 11 | This will create two GKE clusters with IP aliasing enabled and install Istio 12 | accordingly in each cluster. And finally deploy BookInfo app in two clusters. 13 | 14 | To tear down the clusters and clean up the resources 15 | 16 | ```plain 17 | RELEASE="release-1.1-20190209-09-16" proj="your-gcp-project" \ 18 | zone="us-central1-a" cluster1="cluster1" cluster2="cluster2" \ 19 | ./setup.sh cleanup 20 | ``` 21 | -------------------------------------------------------------------------------- /perf_dashboard/static/js/overview.js: -------------------------------------------------------------------------------- 1 | var brandPrimary = 'rgba(52, 168, 85,1)'; 2 | 3 | new Chart(document.getElementById('pieChart'), { 4 | type: 'doughnut', 5 | data: { 6 | labels: [ 7 | "Success", 8 | "Failure", 9 | "Others" 10 | ], 11 | datasets: [ 12 | { 13 | data: [450, 50, 80], 14 | borderWidth: [1, 1, 1], 15 | backgroundColor: [ 16 | brandPrimary, 17 | "rgba(236, 66, 53,1)", 18 | "rgba(259, 188, 5,1)" 19 | ], 20 | hoverBackgroundColor: [ 21 | brandPrimary, 22 | "rgba(236, 66, 53,1)", 23 | "rgba(259, 188, 5,1)" 24 | ] 25 | }] 26 | } 27 | }); -------------------------------------------------------------------------------- /perf_dashboard/analyze_perf_issues/apps.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.apps import AppConfig 16 | 17 | 18 | class AnalyzePerfIssuesConfig(AppConfig): 19 | name = 'analyze_perf_issues' 20 | -------------------------------------------------------------------------------- /perf_dashboard/artifacts/urls.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.conf.urls import url 16 | from . import views 17 | 18 | urlpatterns = [ 19 | url(r'^$', views.artifact, name="artifact"), 20 | ] 21 | -------------------------------------------------------------------------------- /perf_dashboard/history/urls.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.conf.urls import url 16 | from . import views 17 | 18 | urlpatterns = [ 19 | url(r'^$', views.history_releases, name="history"), 20 | ] 21 | -------------------------------------------------------------------------------- /isotope/convert/main.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | import "github.com/tetratelabs/istio-zana/isotope/convert/cmd" 18 | 19 | func main() { 20 | cmd.Execute() 21 | } 22 | -------------------------------------------------------------------------------- /perf_dashboard/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright Istio Authors 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | python manage.py makemigrations 17 | python manage.py migrate 18 | python manage.py collectstatic 19 | python manage.py runserver 0.0.0.0:8000 20 | -------------------------------------------------------------------------------- /perf_dashboard/history/views.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.shortcuts import render 16 | 17 | 18 | # Create your views here. 19 | def history_releases(request): 20 | return render(request, "history.html") 21 | -------------------------------------------------------------------------------- /cmd/gen-release-notes/templates/upgradeNotes.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Upgrade Notes 3 | description: Important changes to consider when upgrading to Istio . 4 | weight: 20 5 | --- 6 | 7 | {{< warning >}} 8 | This is an automatically generated rough draft of the release notes and has not yet been reviewed. 9 | {{< /warning >}} 10 | 11 | When you upgrade from Istio to Istio , you need to consider the changes on this page. 12 | These notes detail the changes which purposefully break backwards compatibility with Istio . 13 | The notes also mention changes which preserve backwards compatibility while introducing new behavior. 14 | Changes are only included if the new behavior would be unexpected to a user of Istio . 15 | 16 | 17 | -------------------------------------------------------------------------------- /perf/stability/intermediary/templates/client.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: client 5 | labels: 6 | app: client 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: client 11 | replicas: 2 12 | template: 13 | metadata: 14 | labels: 15 | app: client 16 | spec: 17 | containers: 18 | - name: client 19 | image: {{ .Values.fortioImage }} 20 | args: 21 | - load 22 | - -qps 23 | - "{{ .Values.qps }}" 24 | - -t 25 | - "0" 26 | - http://httpbin:8080/200 # /200 to httpbin results in a 404. 27 | # The intermediary will prepend /status to it. 28 | resources: 29 | requests: 30 | cpu: 50m 31 | memory: 128Mi 32 | -------------------------------------------------------------------------------- /perf_dashboard/analyze_perf_issues/urls.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.conf.urls import url 16 | from . import views 17 | 18 | urlpatterns = [ 19 | url(r'^$', views.analyze_issues, name="analyze_issues"), 20 | ] 21 | -------------------------------------------------------------------------------- /perf/stability/http10/templates/client.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: http10-client 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: http10-client 9 | template: 10 | metadata: 11 | annotations: 12 | HTTP10: "1" 13 | labels: 14 | app: http10-client 15 | spec: 16 | containers: 17 | - name: http10-client 18 | image: {{ .Values.curlImage }} 19 | args: 20 | - bash 21 | - -c 22 | - |- 23 | while true; do 24 | curl -sS -o /dev/null -w "%{http_code}\n" fortio-server:8080/echo --http1.0 25 | sleep .1 26 | done 27 | resources: 28 | requests: 29 | cpu: 100m 30 | memory: 128Mi -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/negative/defaults/emptygroup/type.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package emptygroup 16 | 17 | // Test is for test 18 | // +kubetype-gen 19 | type Test struct { 20 | Field string 21 | } 22 | -------------------------------------------------------------------------------- /cmd/envvarlinter/README.md: -------------------------------------------------------------------------------- 1 | # envvarlinter 2 | 3 | envvarlinter ensures that non-test files don't use os.Getenv and os.LookupEnv and instead use the functions from pkg/env. 4 | 5 | ## Allowlist 6 | 7 | If, for some reason, you want to disable lint rule for a file, you can add the file path and rule ID in 8 | [allowlist.go](allowlist.go). Rule ID is the name of that rule file without `.go` extension. 9 | You could also specify file path in regex. 10 | 11 | If you want to disable all rules for a file path, you can specify `*` as the ID. 12 | 13 | Example: 14 | 15 | ```go 16 | var Allowlist = map[string][]string{ 17 | "/istio/mixer/pkg/*": {"skip_issue", "short_skip"}, 18 | "/istio/pilot/pkg/simply_test.go": {"*"}, 19 | } 20 | ``` 21 | 22 | ## Running envvarlinter 23 | 24 | ```bash 25 | go run envvarlinter 26 | ``` 27 | -------------------------------------------------------------------------------- /perf/load/auto-mtls/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: {{ .Values.serviceNamePrefix }}0-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway # use Istio default gateway implementation 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - {{ .Values.serviceNamePrefix }}0.local 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: VirtualService 18 | metadata: 19 | name: automtls 20 | spec: 21 | hosts: 22 | - {{ .Values.serviceNamePrefix }}0.local 23 | gateways: 24 | - {{ .Values.serviceNamePrefix }}0-gateway 25 | http: 26 | - route: 27 | - destination: 28 | port: 29 | number: 8080 30 | host: {{ .Values.serviceNamePrefix }}0 31 | --- 32 | -------------------------------------------------------------------------------- /perf/stability/http10/templates/server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: fortio-server 5 | labels: 6 | app: fortio-server 7 | spec: 8 | ports: 9 | - name: http 10 | port: 8080 11 | selector: 12 | app: fortio-server 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | name: fortio-server 18 | spec: 19 | selector: 20 | matchLabels: 21 | app: fortio-server 22 | template: 23 | metadata: 24 | labels: 25 | app: fortio-server 26 | spec: 27 | containers: 28 | - image: {{ .Values.fortioImage }} 29 | imagePullPolicy: IfNotPresent 30 | name: fortio-server 31 | ports: 32 | - containerPort: 8080 33 | resources: 34 | requests: 35 | cpu: 50m 36 | memory: 128Mi 37 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/positive/defaults/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Package defaults is for test 16 | // +kubetype-gen:package=success/defaults 17 | // +kubetype-gen:groupVersion=group/version 18 | package defaults 19 | -------------------------------------------------------------------------------- /examples/luacheck/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # shellcheck disable=SC2086 18 | WD=$(dirname $0) 19 | WD=$(cd "${WD}"; pwd) 20 | cd "${WD}" 21 | 22 | set -ex 23 | 24 | helm template . | kubectl -n istio-system apply -f - 25 | -------------------------------------------------------------------------------- /clang-toolchain/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Tetrate 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | FROM centos:7 AS builder 16 | 17 | COPY ./install_build_deps.sh /root 18 | RUN /root/install_build_deps.sh 19 | 20 | COPY ./build_clang_llvm.sh /home/build 21 | CMD ["/home/build/build_clang_llvm.sh"] 22 | -------------------------------------------------------------------------------- /cmd/envvarlinter/testdata/envuse.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package testdata 16 | 17 | import "os" 18 | 19 | func Envuse() { 20 | _ = os.Getenv("DONTDOIT") 21 | _, _ = os.LookupEnv("ANDDONTDOTHISEITHER") 22 | } 23 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/negative/defaults/invalidgroupversion/type.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package invalidgroupversion 16 | 17 | // Test is for test 18 | // +kubetype-gen 19 | type Test struct { 20 | Field string 21 | } 22 | -------------------------------------------------------------------------------- /perf/stability/intermediary/templates/server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: httpbin 5 | labels: 6 | app: httpbin 7 | spec: 8 | ports: 9 | - name: http 10 | port: 8080 11 | targetPort: 80 12 | selector: 13 | app: httpbin 14 | --- 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | metadata: 18 | name: httpbin 19 | spec: 20 | selector: 21 | matchLabels: 22 | app: httpbin 23 | replicas: 2 24 | template: 25 | metadata: 26 | labels: 27 | app: httpbin 28 | spec: 29 | containers: 30 | - image: docker.io/kennethreitz/httpbin 31 | imagePullPolicy: IfNotPresent 32 | name: httpbin 33 | ports: 34 | - containerPort: 80 35 | resources: 36 | requests: 37 | cpu: 50m 38 | memory: 128Mi 39 | -------------------------------------------------------------------------------- /perf/stability/graceful-shutdown/templates/server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: httpbin 5 | labels: 6 | app: httpbin 7 | spec: 8 | ports: 9 | - name: http 10 | port: 8000 11 | targetPort: 80 12 | selector: 13 | app: httpbin 14 | --- 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | metadata: 18 | name: httpbin 19 | spec: 20 | selector: 21 | matchLabels: 22 | app: httpbin 23 | replicas: 2 24 | template: 25 | metadata: 26 | labels: 27 | app: httpbin 28 | spec: 29 | containers: 30 | - image: docker.io/kennethreitz/httpbin 31 | imagePullPolicy: IfNotPresent 32 | name: httpbin 33 | ports: 34 | - containerPort: 80 35 | resources: 36 | requests: 37 | cpu: 50m 38 | memory: 128Mi 39 | -------------------------------------------------------------------------------- /upgrade_downgrade/templates/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: fortio-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - echosrv.test.svc.cluster.local 15 | --- 16 | 17 | apiVersion: networking.istio.io/v1alpha3 18 | kind: VirtualService 19 | metadata: 20 | name: echosrv 21 | spec: 22 | hosts: 23 | - echosrv.test.svc.cluster.local 24 | gateways: 25 | - fortio-gateway 26 | http: 27 | - match: 28 | - uri: 29 | prefix: /echo 30 | route: 31 | - destination: 32 | host: echosrv.test.svc.cluster.local 33 | port: 34 | number: 8080 35 | retries: 36 | attempts: 5 37 | perTryTimeout: 5s 38 | --- 39 | 40 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/negative/defaults/emptygroup/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Package emptygroup is for test 16 | // test should fail because the group in group/version is missing 17 | // +kubetype-gen:groupVersion=groupversion 18 | package emptygroup 19 | -------------------------------------------------------------------------------- /perf/stability/alertmanager/templates/alertmanager-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: alertmanager-main 5 | namespace: istio-prometheus 6 | --- 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | labels: 11 | alertmanager: main 12 | name: alertmanager-main 13 | namespace: istio-prometheus 14 | spec: 15 | ports: 16 | - name: web 17 | port: 9093 18 | targetPort: web 19 | selector: 20 | alertmanager: main 21 | app: alertmanager 22 | sessionAffinity: ClientIP 23 | --- 24 | apiVersion: monitoring.coreos.com/v1 25 | kind: ServiceMonitor 26 | metadata: 27 | labels: 28 | k8s-app: alertmanager 29 | name: alertmanager 30 | namespace: istio-prometheus 31 | spec: 32 | endpoints: 33 | - interval: 30s 34 | port: web 35 | selector: 36 | matchLabels: 37 | alertmanager: main 38 | --- -------------------------------------------------------------------------------- /perf_dashboard/perf_dashboard/views.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.http import HttpResponse 16 | from django.shortcuts import render 17 | 18 | 19 | def index(request): 20 | return render(request, 'index.html') 21 | 22 | 23 | def healthz(request): 24 | return HttpResponse("OK", status=200) 25 | -------------------------------------------------------------------------------- /common/scripts/check_clean_repo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2019 Istio Authors 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | if [[ -n $(git status --porcelain) ]]; then 18 | git status 19 | git diff 20 | echo "ERROR: Some files need to be updated, please run 'make gen' and include any changed files in your PR" 21 | exit 1 22 | fi 23 | -------------------------------------------------------------------------------- /perf/auto-qual-test/base/deploy_updater.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # this will look much better once we have kubectl 1.14 with kustomize support 18 | kubectl create configmap qual-test-deployer --from-file=deploy_latest_daily.sh,../../bin/redeploy.sh --dry-run -o yaml | kubectl apply -f - 19 | kubectl apply -f . -------------------------------------------------------------------------------- /perf/README.md: -------------------------------------------------------------------------------- 1 | # Istio Performance/Stability Testing 2 | 3 | This folder contains tests for performance and stability. There are different types of test under each subdirectory. For more details, see each directories README. 4 | 5 | 1. [/istio-install](./istio-install) provides scripts and Helm values to setup Istio for performance testing. 6 | 7 | This setup is designed for very large clusters to test Istio's limits. Most tests can run on a standard Istio install. 8 | 1. [/stability](./stability) provides tests that exercise various Istio features to ensure stability. 9 | 10 | The intent of these tests is to be run continuously for extend periods of time, which differentiates them from integration tests. 11 | 1. [/benchmark](./benchmark) provides a test to measure the latency and metrics of traffic between pods in various setups. 12 | 1. [/load](./load) provides tools to generate large services to test Istio under heavy load. 13 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_ip/postrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Delete the Security Policies related config..." 18 | kubectl delete -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzIPPolicy.yaml" 19 | 20 | rm "${LOCAL_OUTPUT_DIR}/generator" 21 | rm "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzIPPolicy.yaml" 22 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_peer_authn/postrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Delete the Security Policies related config..." 18 | kubectl delete -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthnPolicy.yaml" 19 | 20 | rm "${LOCAL_OUTPUT_DIR}/generator" 21 | rm "${LOCAL_OUTPUT_DIR}/largeSecurityAuthnPolicy.yaml" 22 | -------------------------------------------------------------------------------- /perf/stability/multicluster-vpn/templates/default.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: srv-default 5 | spec: 6 | ports: 7 | - port: 8080 8 | name: http-echo 9 | - port: 8079 10 | name: grpc-ping 11 | selector: 12 | app: srv-default 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | name: srv-default 18 | spec: 19 | replicas: 4 20 | selector: 21 | matchLabels: 22 | app: srv-default 23 | template: 24 | metadata: 25 | labels: 26 | app: srv-default 27 | spec: 28 | containers: 29 | - name: fortio-server 30 | image: {{ .Values.fortioImage }} 31 | imagePullPolicy: Always 32 | ports: 33 | - containerPort: 8080 34 | - containerPort: 8079 35 | args: 36 | - server 37 | resources: 38 | requests: 39 | cpu: 250m 40 | memory: 256m 41 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/negative/defaults/invalidgroupversion/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Package invalidgroupversion is for test 16 | // test should fail because the group/version is invalid (schema.ParseGroupVersion() error) 17 | // +kubetype-gen:groupVersion=group/version/version 18 | package invalidgroupversion 19 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_path/postrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Delete the Security Policies related config..." 18 | kubectl delete -f "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzPathPolicy.yaml" 19 | 20 | rm "${LOCAL_OUTPUT_DIR}/generator" 21 | rm "${LOCAL_OUTPUT_DIR}/largeSecurityAuthzPathPolicy.yaml" 22 | -------------------------------------------------------------------------------- /perf/load/auto-mtls/values.yaml: -------------------------------------------------------------------------------- 1 | Namespace: automtls 2 | clientCount: 1 3 | 4 | # Copied from root/perf/load/values.yaml 5 | livenessProbe: false 6 | serviceGraphImage: tahler/isotope-service:1 7 | serviceNamePrefix: svc- 8 | requestSize: 128B 9 | responseSize: 1KiB 10 | replicas: 2 11 | resources: 12 | requests: 13 | cpu: 500m 14 | readinessProbe: 15 | httpGet: 16 | path: /metrics 17 | port: 8080 18 | initialDelaySeconds: 5 19 | periodSeconds: 5 20 | 21 | automtls: 22 | # true or false help us determine the effect of auto mTLS itself 23 | enable: true 24 | # The number of the replicas set for the backend service. 25 | backendReplicas: 100 26 | 27 | prometheus_scrape: false 28 | 29 | # time between config changes 30 | configSleep: 120 31 | 32 | # time between replicas changes 33 | replicasSleep: 10 34 | 35 | # ingress should be set correctly 36 | ingress: 127.0.0.1 37 | https: false 38 | domain: "incfly.local" 39 | -------------------------------------------------------------------------------- /perf/load/pilot/templates/services.yaml: -------------------------------------------------------------------------------- 1 | {{ range until (int .Values.instances) }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: svc-{{ . }} 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: svc-{{ . }} 10 | template: 11 | metadata: 12 | annotations: 13 | sidecar.istio.io/proxyCPU: 5m 14 | sidecar.istio.io/proxyMemory: 128M 15 | labels: 16 | app: svc-{{ . }} 17 | spec: 18 | containers: 19 | # Kubernetes requires a container 20 | # Injector will replace this, giving us a pod with just the proxy 21 | - name: istio-proxy 22 | image: ignored 23 | 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: svc-{{ . }} 29 | spec: 30 | selector: 31 | app: svc-{{ . }} 32 | ports: 33 | {{ range until (int $.Values.ports) }} 34 | - port: 89{{.}} 35 | name: http-{{.}} 36 | {{ end }} 37 | --- 38 | {{ end }} -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_output/types/group/version/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Code generated by kubetype-gen. DO NOT EDIT. 16 | 17 | // Package has auto-generated kube type wrappers for raw types. 18 | // +k8s:openapi-gen=true 19 | // +k8s:deepcopy-gen=package 20 | // +groupName=group 21 | package version 22 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_output/defaults/group/version/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Code generated by kubetype-gen. DO NOT EDIT. 16 | 17 | // Package has auto-generated kube type wrappers for raw types. 18 | // +k8s:openapi-gen=true 19 | // +k8s:deepcopy-gen=package 20 | // +groupName=group 21 | package version 22 | -------------------------------------------------------------------------------- /perf_dashboard/analyze_perf_issues/views.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | from django.shortcuts import render 15 | import pandas as pd 16 | from helpers import download 17 | import os 18 | 19 | current_release = [os.getenv('CUR_RELEASE')] 20 | 21 | 22 | # Create your views here. 23 | def analyze_issues(request): 24 | return render(request, "analyze_perf_issues.html") 25 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_output/defaults/group2/version2/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Code generated by kubetype-gen. DO NOT EDIT. 16 | 17 | // Package has auto-generated kube type wrappers for raw types. 18 | // +k8s:openapi-gen=true 19 | // +k8s:deepcopy-gen=package 20 | // +groupName=group2 21 | package version2 22 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_output/types/group2/version/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Code generated by kubetype-gen. DO NOT EDIT. 16 | 17 | // Package has auto-generated kube type wrappers for raw types. 18 | // +k8s:openapi-gen=true 19 | // +k8s:deepcopy-gen=package 20 | // +groupName=group2.test.io 21 | package version 22 | -------------------------------------------------------------------------------- /isotope/convert/pkg/graph/graph.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package graph 16 | 17 | import "github.com/tetratelabs/istio-zana/isotope/convert/pkg/graph/svc" 18 | 19 | // ServiceGraph describes a set of services which mock a service-oriented 20 | // architecture. 21 | type ServiceGraph struct { 22 | Services []svc.Service `json:"services"` 23 | } 24 | -------------------------------------------------------------------------------- /perf/stability/stability.mk: -------------------------------------------------------------------------------- 1 | WD = ./perf/stability 2 | STABILITY = $(WD)/setup_test.sh 3 | 4 | # Standard set of stability tests to run 5 | stable_tests = http10 graceful-shutdown gateway-bouncer mysql redis rabbitmq looper 6 | 7 | # Tests that need no special setup 8 | standard_tests = http10 graceful-shutdown redis rabbitmq istio-chaos-total istio-chaos-partial multicluster-vpn looper 9 | 10 | # Tests that have a special ./setup script in their folder 11 | extra_setup_tests = mysql sds-certmanager gateway-bouncer allconfig 12 | 13 | $(standard_tests): 14 | $(STABILITY) $@ 15 | 16 | $(extra_setup_tests): 17 | $(WD)/$@/setup.sh 18 | 19 | stability: $(stable_tests) 20 | 21 | # Extra tests that may be unstable or require additional configuration 22 | stability_all: stability sds-certmanager allconfig istio-chaos-total istio-chaos-partial multicluster-vpn 23 | 24 | clean-stability: 25 | kubectl get namespaces -oname | grep "istio-stability-" | xargs kubectl delete 26 | -------------------------------------------------------------------------------- /cmd/protoc-gen-jsonshim/test/external.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package istio.tools.test; 18 | 19 | option go_package = "generated"; 20 | 21 | message ExternalSimple { 22 | uint32 fieldC = 1; 23 | message ExternalNested { 24 | map fieldA = 1; 25 | } 26 | ExternalNested fieldD = 2; 27 | } 28 | -------------------------------------------------------------------------------- /isotope/convert/pkg/graph/size/error.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package size 16 | 17 | import "fmt" 18 | 19 | // NegativeSizeError is returned when parsing a negative size. 20 | type NegativeSizeError struct { 21 | Size int64 22 | } 23 | 24 | func (e NegativeSizeError) Error() string { 25 | return fmt.Sprintf("%v must be non-negative", e.Size) 26 | } 27 | -------------------------------------------------------------------------------- /perf/stability/mysql/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -ex 18 | 19 | # shellcheck disable=SC2086 20 | WD=$(dirname $0) 21 | # shellcheck disable=SC2086 22 | WD=$(cd $WD; pwd) 23 | 24 | # shellcheck disable=SC2086 25 | ${WD}/../setup_test.sh "mysql" "--set Name=mtls" 26 | # shellcheck disable=SC2086 27 | ${WD}/../setup_test.sh "mysql" "--set Name=plaintext" -------------------------------------------------------------------------------- /perf/istio-install/istioctl_profiles/long-running-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: install.istio.io/v1alpha1 2 | kind: IstioOperator 3 | metadata: 4 | name: ingress 5 | spec: 6 | profile: empty # Do not install CRDs or the control plane 7 | components: 8 | ingressGateways: 9 | - name: istio-ingressgateway 10 | enabled: true 11 | k8s: 12 | hpaSpec: 13 | maxReplicas: 5 14 | minReplicas: 3 15 | scaleTargetRef: 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | name: istio-ingressgateway 19 | resources: 20 | limits: 21 | cpu: 4800m 22 | memory: 1G 23 | requests: 24 | cpu: 1000m 25 | memory: 512Mi 26 | values: 27 | gateways: 28 | istio-ingressgateway: 29 | # Enable gateway injection 30 | injectionTemplate: gateway 31 | global: 32 | proxy: 33 | enableCoreDump: true 34 | 35 | 36 | -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-jsonshim/test/external.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package istio.tools.test; 18 | 19 | option go_package = ".;generated"; 20 | 21 | message ExternalSimple { 22 | uint32 fieldC = 1; 23 | message ExternalNested { 24 | map fieldA = 1; 25 | } 26 | ExternalNested fieldD = 2; 27 | } 28 | -------------------------------------------------------------------------------- /perf/stability/mysql/templates/client.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: client-{{ .Values.Name }} 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: client-{{ .Values.Name }} 9 | template: 10 | metadata: 11 | labels: 12 | app: client-{{ .Values.Name }} 13 | spec: 14 | containers: 15 | # We sleep first and will execute mysql cli later. This ensures the cli command will 16 | # send traffic to mysql server after iptable sidecar traffic injection finishes. 17 | - args: 18 | - bash 19 | - -c 20 | - |- 21 | sleep 10 22 | while : 23 | do 24 | echo "attempt to connect to server, $i" 25 | mysql -uroot -proot -h server-{{ .Values.Name}} -P3306 --connect-timeout 3 -e 'show databases;' 26 | sleep 3 27 | done 28 | image: mysql 29 | imagePullPolicy: IfNotPresent 30 | name: client 31 | -------------------------------------------------------------------------------- /perf/stability/multicluster-vpn/templates/locality-failover.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: srv-locality-failover 5 | spec: 6 | ports: 7 | - port: 8080 8 | name: http-echo 9 | - port: 8079 10 | name: grpc-ping 11 | selector: 12 | app: srv-locality-failover 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | name: srv-locality-failover 18 | spec: 19 | replicas: 4 20 | selector: 21 | matchLabels: 22 | app: srv-locality-failover 23 | template: 24 | metadata: 25 | labels: 26 | app: srv-locality-failover 27 | spec: 28 | containers: 29 | - name: fortio-server 30 | image: {{ .Values.fortioImage }} 31 | imagePullPolicy: Always 32 | ports: 33 | - containerPort: 8080 34 | - containerPort: 8079 35 | args: 36 | - server 37 | resources: 38 | requests: 39 | cpu: 250m 40 | memory: 256m 41 | -------------------------------------------------------------------------------- /common/config/.yamllint.yml: -------------------------------------------------------------------------------- 1 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 2 | # 3 | # The original version of this file is located in the https://github.com/istio/common-files repo. 4 | # If you're looking at this file in a different repo and want to make a change, please go to the 5 | # common-files repo, make the change there and check it in. Then come back to this repo and run 6 | # "make update-common". 7 | 8 | rules: 9 | braces: disable 10 | brackets: disable 11 | colons: enable 12 | commas: disable 13 | comments: disable 14 | comments-indentation: disable 15 | document-end: disable 16 | document-start: disable 17 | empty-lines: disable 18 | empty-values: disable 19 | hyphens: enable 20 | indentation: disable 21 | key-duplicates: enable 22 | key-ordering: disable 23 | line-length: disable 24 | new-line-at-end-of-file: disable 25 | new-lines: enable 26 | octal-values: disable 27 | quoted-strings: disable 28 | trailing-spaces: disable 29 | truthy: disable 30 | -------------------------------------------------------------------------------- /perf/stability/multicluster-vpn/templates/locality-distribute.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: srv-locality-distribute 5 | spec: 6 | ports: 7 | - port: 8080 8 | name: http-echo 9 | - port: 8079 10 | name: grpc-ping 11 | selector: 12 | app: srv-locality-distribute 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | name: srv-locality-distribute 18 | spec: 19 | replicas: 4 20 | selector: 21 | matchLabels: 22 | app: srv-locality-distribute 23 | template: 24 | metadata: 25 | labels: 26 | app: srv-locality-distribute 27 | spec: 28 | containers: 29 | - name: fortio-server 30 | image: {{ .Values.fortioImage }} 31 | imagePullPolicy: Always 32 | ports: 33 | - containerPort: 8080 34 | - containerPort: 8079 35 | args: 36 | - server 37 | resources: 38 | requests: 39 | cpu: 250m 40 | memory: 256m 41 | -------------------------------------------------------------------------------- /perf_dashboard/deploy/perf-dashboard/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "perf-dashboard.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "perf-dashboard.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | -------------------------------------------------------------------------------- /perf_dashboard/regressions/urls.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | from django.conf.urls import url 16 | from . import views 17 | 18 | 19 | urlpatterns = [ 20 | url('monitoring_overview', views.monitoring_overview, name="monitoring_overview"), 21 | url('cur_regression', views.cur_regression, name="cur_regression"), 22 | url('master_regression', views.master_regression, name="master_regression"), 23 | ] 24 | -------------------------------------------------------------------------------- /cmd/cue-gen/test/istio.io/api/meta/v1beta1/status.proto: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package istio.meta.v1beta1; 18 | 19 | option go_package = "istio.io/api/meta/v1beta1"; 20 | 21 | // Status is the test status field. 22 | message Status { 23 | // Current state. 24 | string condition = 1; 25 | 26 | // Analysis message. 27 | string analysis = 2; 28 | } 29 | -------------------------------------------------------------------------------- /cmd/evaluate-docs/README.md: -------------------------------------------------------------------------------- 1 | # Istio documentation evaluation 2 | 3 | The tooling in this directory is used to evaluate documentation on the Istio.io 4 | website, looking for documentation without tests and evaluating it based on 5 | Google analytics results. Pages are divided into different priorities based on 6 | thresholds for P0, P1, and P2 and a CSV file is generated with the results. This 7 | can then be imported into a Google docs spreadsheet in order to create the 8 | testing day spreadsheet. 9 | 10 | ## Usage 11 | 12 | First, export a CSV containing the Istio.io analytics. In this case, it's called 13 | istio.csv. 14 | 15 | ```bash 16 | go build . 17 | ./evaluate-docs --analyticspath istio.csv --docspath ~/code/istio/istio.io/istio.io/content/ --outpath out.csv 18 | ``` 19 | 20 | * analyticspath represents the path to the analytics CSV 21 | * docspath represents the path to a cloned, up to date copy of the Istio.io docs repo 22 | * outpath represents the file to store the evaluation results in 23 | 24 | 25 | -------------------------------------------------------------------------------- /cmd/testlinter/allowlist.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | // Allowlist contains pairs of file and rule IDs. Each file maps to an array of rules which 18 | // should not apply to that file. Each rule is represented by its unique rule ID, which is the 19 | // file name of that rule without ".go" extension in the rules package. 20 | var Allowlist = map[string][]string{} 21 | -------------------------------------------------------------------------------- /perf_dashboard/Makefile: -------------------------------------------------------------------------------- 1 | VERSION := $(shell date +v%Y%m%d)-$(shell git rev-parse --short HEAD) 2 | 3 | HUB ?= gcr.io/istio-testing/perf-dashboard 4 | 5 | IMG_LATEST := $(HUB):latest 6 | IMG_VERSION := $(HUB):$(VERSION) 7 | 8 | PROJECT ?= istio-testing 9 | CLUSTER ?= perf-dashboard 10 | ZONE ?= us-central1-c 11 | 12 | export KUBECONFIG := $(shell mktemp) 13 | 14 | get-cluster-credentials: 15 | gcloud container clusters get-credentials "$(CLUSTER)" --project="$(PROJECT)" --zone="$(ZONE)" 16 | 17 | build: 18 | @docker build --no-cache --tag "$(IMG_LATEST)" --tag "$(IMG_VERSION)" . 19 | 20 | push: 21 | @docker push "$(IMG_LATEST)" 22 | @docker push "$(IMG_VERSION)" 23 | 24 | deploy_only: get-cluster-credentials 25 | @helm template "perf-dashboard" deploy/perf-dashboard --set version="$(VERSION)" | kubectl apply -f - 26 | @echo "Deployed perf-dashboard:$(VERSION) to project:$(PROJECT) cluster:$(CLUSTER)" 27 | 28 | deploy: build push deploy_only 29 | 30 | .PHONY: get-cluster-credentials build push deploy_only deploy -------------------------------------------------------------------------------- /cmd/envvarlinter/allowlist.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors. All Rights Reserved. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | // Allowlist contains pairs of file and rule IDs. Each file maps to an array of rules which 18 | // should not apply to that file. Each rule is represented by its unique rule ID, which is the 19 | // file name of that rule without ".go" extension in the rules package. 20 | var Allowlist = map[string][]string{} 21 | -------------------------------------------------------------------------------- /docker/build-tools/bashrc: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Override prompt to avoid the annoying "I have no name!" in the default prompt 16 | PS1="build-tools:\w\\$ \[$(tput sgr0)\]" 17 | export PS1 18 | 19 | # Tab completion for make that works with istio's unique setup 20 | make_options=$(find /work/ -iname "Makefile*" | xargs -I {} grep -hoE '^[a-zA-Z0-9_.-]+:([^=]|$)' {} | sed 's/[^a-zA-Z0-9_.-]*$//' | sort -u) 21 | complete -W "$make_options" make 22 | -------------------------------------------------------------------------------- /cmd/protoc-gen-docs/testdata/test2.proto: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | syntax = "proto3"; 15 | 16 | package testpkg; 17 | 18 | message Test2 { 19 | // field1 is a field 20 | int32 field1 = 1; 21 | 22 | // an array of strings 23 | repeated string str = 2; 24 | 25 | double field3 = 3; 26 | float field4 = 4; 27 | fixed32 field5 = 5; 28 | sfixed32 field6 = 6; 29 | sint32 field7 = 7; 30 | uint32 field8 = 8; 31 | } 32 | -------------------------------------------------------------------------------- /perf/load/templates/h2upgrade.yaml: -------------------------------------------------------------------------------- 1 | {{- define "h2upgrade" }} 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: EnvoyFilter 4 | metadata: 5 | name: {{ .serviceNamePrefix }}{{ .serviceName }}-h2upgrade 6 | spec: 7 | configPatches: 8 | - applyTo: CLUSTER 9 | match: 10 | context: {{ .ctx }} 11 | cluster: 12 | service: {{ .serviceNamePrefix }}{{ .serviceName }}.{{ .Namespace }}.svc.cluster.local 13 | patch: 14 | operation: MERGE 15 | value: # cluster specification 16 | http2_protocol_options: { max_concurrent_streams: 47707 } 17 | --- 18 | {{- end }} 19 | 20 | {{- if .Values.h2upgrade }} 21 | 22 | {{- range $i, $svcName := $.Values.services }} 23 | 24 | {{- $svc := dict "serviceName" $svcName "serviceNamePrefix" $.Values.serviceNamePrefix "Namespace" $.Values.Namespace }} 25 | 26 | {{- $_ := set $svc "ctx" "GATEWAY" }} 27 | {{- template "h2upgrade" $svc }} 28 | 29 | {{- $_ := set $svc "ctx" "SIDECAR_OUTBOUND" }} 30 | {{- template "h2upgrade" $svc }} 31 | 32 | {{- end }} 33 | 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /cmd/protoc-gen-deepcopy/test/types.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package istio.tools.test; 18 | 19 | option go_package = "generated"; 20 | 21 | // ensure DeepCopyInto function is created 22 | message TagType { 23 | uint32 fieldA = 1; 24 | string fieldB = 2; 25 | } 26 | 27 | // ensure repeated field in an API is not copied twice. 28 | message RepeatedFieldType { 29 | repeated string ns = 1; 30 | } 31 | -------------------------------------------------------------------------------- /perf/auto-qual-test/README.md: -------------------------------------------------------------------------------- 1 | This directory uses kustomize to deploy a weekly job to pull the latest daily build of a given version of istio to one of our release qualification clusters. The job runs every Friday night at 8PM Pacific. To use kustomize embedded in kubectl, you will need kubeclt v 1.14+. If you are unable to run on a recent kubectl, you can install kustomize separately and replace the `kubectl apply -k ` commands below with `kustomize build | kubectl apply -f -`. 2 | 3 | The base kustomization deploys a job targeting the latest daily v1.1 build of Istio. To deploy this job, run `kubectl apply -k base`. 4 | 5 | To target version 1.2 of istio, run `kubectl apply -k overlays/v1.2` 6 | 7 | Other target versions can be added using new overlay folders. 8 | 9 | To run the generated job immediately, rather than waiting for the next scheduled run, use `kubectl create job --from=cronjob/qual-test-update qual-test-manual`, and track progress with `kubectl logs $(kubectl get po -l app=qual-test-update -o jsonpath='{.items[0].metadata.name}') -f` -------------------------------------------------------------------------------- /cmd/protoc-gen-golang-deepcopy/test/types.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package istio.tools.test; 18 | 19 | option go_package = ".;generated"; 20 | 21 | // ensure DeepCopyInto function is created 22 | message TagType { 23 | uint32 fieldA = 1; 24 | string fieldB = 2; 25 | } 26 | 27 | // ensure repeated field in an API is not copied twice. 28 | message RepeatedFieldType { 29 | repeated string ns = 1; 30 | } 31 | -------------------------------------------------------------------------------- /perf/security/sds-tests/ingress-sds/cleanup_ingress_secrets.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -ex 18 | 19 | NUM=${NUM:?"specify the number of gateway"} 20 | CLUSTER=${CLUSTER:?"specify the cluster for running the test"} 21 | 22 | kubectl -n istio-system delete secret ingress-root 23 | # shellcheck disable=SC2022 24 | for s in $(kubectl -n istio-system get secrets -oname | grep "httpbin-credential*") 25 | do 26 | kubectl -n istio-system delete "${s}" 27 | done -------------------------------------------------------------------------------- /cmd/protoc-gen-deepcopy/main.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | import ( 18 | "github.com/gogo/protobuf/vanity/command" 19 | 20 | "github.com/tetratelabs/istio-zana/cmd/protoc-gen-deepcopy/deepcopy" 21 | ) 22 | 23 | func main() { 24 | request := command.Read() 25 | 26 | plugin := deepcopy.NewPlugin() 27 | 28 | response := command.GeneratePlugin(request, plugin, deepcopy.FileNameSuffix) 29 | 30 | command.Write(response) 31 | } 32 | -------------------------------------------------------------------------------- /cmd/protoc-gen-jsonshim/main.go: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | import ( 18 | "github.com/gogo/protobuf/vanity/command" 19 | 20 | "github.com/tetratelabs/istio-zana/cmd/protoc-gen-jsonshim/jsonshim" 21 | ) 22 | 23 | func main() { 24 | request := command.Read() 25 | 26 | plugin := jsonshim.NewPlugin() 27 | 28 | response := command.GeneratePlugin(request, plugin, jsonshim.FileNameSuffix) 29 | 30 | command.Write(response) 31 | } 32 | -------------------------------------------------------------------------------- /licenses/github.com/mailru/easyjson/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016 Mail.Ru Group 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 8 | -------------------------------------------------------------------------------- /licenses/github.com/dgrijalva/jwt-go/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012 Dave Grijalva 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 8 | 9 | -------------------------------------------------------------------------------- /common/scripts/lint_go.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | golangci-lint run -v -c ./common/config/.golangci.yml 25 | -------------------------------------------------------------------------------- /perf/auto-qual-test/base/qual-test-update-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1beta1 2 | kind: CronJob 3 | metadata: 4 | name: qual-test-update 5 | spec: 6 | schedule: "0 20 * * 5" 7 | jobTemplate: 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - command: 13 | - bash 14 | - "/etc/scripts/deploy_latest_daily.sh" 15 | envFrom: 16 | - configMapRef: 17 | name: qual-test-version 18 | image: dtzar/helm-kubectl:2.13.1 19 | imagePullPolicy: IfNotPresent 20 | name: kubectl 21 | resources: {} 22 | terminationMessagePath: /dev/termination-log 23 | terminationMessagePolicy: File 24 | volumeMounts: 25 | - mountPath: /etc/scripts 26 | name: scripts 27 | readOnly: true 28 | volumes: 29 | - configMap: 30 | name: qual-test-deployer 31 | defaultMode: 0777 32 | name: scripts 33 | restartPolicy: Never 34 | serviceAccountName: testrunner 35 | -------------------------------------------------------------------------------- /isotope/example-topologies/10-svc_100-end.yaml: -------------------------------------------------------------------------------- 1 | defaults: 2 | numReplicas: 10 3 | services: 4 | - isEntrypoint: true 5 | name: svc-0 6 | script: 7 | - - call: svc-0-0 8 | - call: svc-0-1 9 | - call: svc-0-2 10 | - call: svc-0-3 11 | - call: svc-0-4 12 | - call: svc-0-5 13 | - call: svc-0-6 14 | - call: svc-0-7 15 | - call: svc-0-8 16 | - name: svc-0-0 17 | script: 18 | - - call: svc-0-0-0 19 | - name: svc-0-1 20 | script: 21 | - - call: svc-0-1-0 22 | - name: svc-0-2 23 | script: 24 | - - call: svc-0-2-0 25 | - name: svc-0-3 26 | script: 27 | - - call: svc-0-3-0 28 | - name: svc-0-4 29 | script: 30 | - - call: svc-0-4-0 31 | - name: svc-0-5 32 | script: 33 | - - call: svc-0-5-0 34 | - name: svc-0-6 35 | script: 36 | - - call: svc-0-6-0 37 | - name: svc-0-7 38 | script: 39 | - - call: svc-0-7-0 40 | - name: svc-0-8 41 | script: 42 | - - call: svc-0-8-0 43 | - name: svc-0-0-0 44 | - name: svc-0-1-0 45 | - name: svc-0-2-0 46 | - name: svc-0-3-0 47 | - name: svc-0-4-0 48 | - name: svc-0-5-0 49 | - name: svc-0-6-0 50 | - name: svc-0-7-0 51 | - name: svc-0-8-0 52 | -------------------------------------------------------------------------------- /common/scripts/format_go.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | golangci-lint run --fix -c ./common/config/.golangci-format.yml 25 | -------------------------------------------------------------------------------- /perf_dashboard/perf_dashboard/asgi.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """ 16 | ASGI config for perf_dashboard project. 17 | 18 | It exposes the ASGI callable as a module-level variable named ``application``. 19 | 20 | For more information on this file, see 21 | https://docs.djangoproject.com/en/3.0/howto/deployment/asgi/ 22 | """ 23 | 24 | import os 25 | 26 | from django.core.asgi import get_asgi_application 27 | 28 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'perf_dashboard.settings') 29 | 30 | application = get_asgi_application() 31 | -------------------------------------------------------------------------------- /perf_dashboard/perf_dashboard/wsgi.py: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """ 16 | WSGI config for perf_dashboard project. 17 | 18 | It exposes the WSGI callable as a module-level variable named ``application``. 19 | 20 | For more information on this file, see 21 | https://docs.djangoproject.com/en/3.0/howto/deployment/wsgi/ 22 | """ 23 | 24 | import os 25 | 26 | from django.core.wsgi import get_wsgi_application 27 | 28 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'perf_dashboard.settings') 29 | 30 | application = get_wsgi_application() 31 | -------------------------------------------------------------------------------- /perf/benchmark/configs/istio/security_authz_jwt/postrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | echo "Delete the Security Policies related config..." 18 | kubectl delete -f "${LOCAL_OUTPUT_DIR}/largeSecurityRequestAuthzJwtPolicy.yaml" 19 | 20 | cp "${LOCAL_OUTPUT_DIR}/latency.yaml" "${CONFIG_DIR}/security_authz_jwt/latency.yaml" 21 | cp "${LOCAL_OUTPUT_DIR}/cpu_mem.yaml" "${CONFIG_DIR}/security_authz_jwt/cpu_mem.yaml" 22 | 23 | rm "${LOCAL_OUTPUT_DIR}/generator" 24 | rm "${LOCAL_OUTPUT_DIR}/largeSecurityRequestAuthzJwtPolicy.yaml" 25 | -------------------------------------------------------------------------------- /cmd/kubetype-gen/testdata/test_input/positive/defaults/type.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package defaults 16 | 17 | // AllOverridden is for test 18 | // +kubetype-gen 19 | // +kubetype-gen:groupVersion=group2/version2 20 | // +kubetype-gen:package=success/defaults/override 21 | type AllOverridden struct { 22 | Field string 23 | } 24 | 25 | // Defaulted is for test 26 | // +kubetype-gen 27 | type Defaulted struct { 28 | Field string 29 | } 30 | 31 | // NotGenerated is for test 32 | type NotGenerated struct { 33 | Field string 34 | } 35 | -------------------------------------------------------------------------------- /cmd/protoc-gen-docs/Makefile: -------------------------------------------------------------------------------- 1 | 2 | all: build run 3 | 4 | build: 5 | go build -o protoc-gen-docs *.go 6 | 7 | run: 8 | rm -fr fm page fragment pf sp 9 | mkdir fm page fragment pf sp 10 | protoc -Iprotos -I. --plugin=./protoc-gen-docs --docs_out=warnings=false,emit_yaml=true,mode=html_page:page/. testdata/test1.proto testdata/test2.proto testdata/test3.proto 11 | protoc -Iprotos -I. --plugin=./protoc-gen-docs --docs_out=warnings=false,mode=html_fragment_with_front_matter:fm/. testdata/test1.proto testdata/test2.proto testdata/test3.proto 12 | protoc -Iprotos -I. --plugin=./protoc-gen-docs --docs_out=warnings=false,mode=html_fragment:fragment/. testdata/test1.proto testdata/test2.proto testdata/test3.proto 13 | protoc -Iprotos -I. --plugin=./protoc-gen-docs --docs_out=warnings=true,per_file=true,mode=html_fragment_with_front_matter:pf/. testdata/test1.proto 14 | protoc -Iprotos -I. --plugin=./protoc-gen-docs --docs_out=warnings=true,dictionary=dictionaries/en-US,custom_word_list=dictionaries/custom.txt,mode=html_fragment_with_front_matter:sp/. testdata/test6.proto 15 | 16 | clean: 17 | @rm -fr fm page fragment pf sp sp2 protoc-gen-docs 18 | -------------------------------------------------------------------------------- /licenses/github.com/kr/text/License: -------------------------------------------------------------------------------- 1 | Copyright 2012 Keith Rarick 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /pkg/protomodel/locationDescriptor.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package protomodel 16 | 17 | import ( 18 | "github.com/golang/protobuf/protoc-gen-go/descriptor" 19 | ) 20 | 21 | type LocationDescriptor struct { 22 | *descriptor.SourceCodeInfo_Location 23 | File *FileDescriptor 24 | } 25 | 26 | func newLocationDescriptor(desc *descriptor.SourceCodeInfo_Location, file *FileDescriptor) LocationDescriptor { 27 | return LocationDescriptor{ 28 | SourceCodeInfo_Location: desc, 29 | File: file, 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /licenses/github.com/kr/pretty/License: -------------------------------------------------------------------------------- 1 | Copyright 2012 Keith Rarick 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /clang-toolchain/README.md: -------------------------------------------------------------------------------- 1 | # clang-toolchain 2 | 3 | Because [llvm+clang](https://github.com/llvm/llvm-project/releases) doesn't ship binaries for CentOS 7, 4 | we need to build them ourselves. Previously these artifacts were published by [getenvoy-package](https://github.com/tetratelabs-attic/getenvoy-package/) 5 | (which is where these scripts are from). 6 | 7 | To run this build in your own cloudbuild environment: 8 | 9 | 1. Fork this repository, you'll need to be the repo owner to set up cloud build triggers. 10 | 1. Create a [GCP project](https://cloud.google.com/) if you don't already have one. You'll also need to enable 11 | [Cloud Build](https://cloud.google.com/build) and [Cloud Storage](https://cloud.google.com/storage) 12 | 1. Create a Cloud Storage bucket to store the resulting artifacts. 13 | 1. Modify `cloudbuild.yaml` in your fork to point to your bucket. 14 | 1. Create a Cloud Build trigger pointing to your fork. The path to the configuration file is 15 | `clang-toolchain/cloudbuild.yaml`. The trigger type can be "Manual Trigger". 16 | 1. Trigger a build and after about 2 hours, you should have the artifacts pushed to your GCS bucket. 17 | -------------------------------------------------------------------------------- /docker/build-tools/install-python-3.8.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright Istio Authors 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -eux 18 | 19 | apt-get install -y make build-essential libssl-dev zlib1g-dev \ 20 | libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm \ 21 | libncurses5-dev libncursesw5-dev xz-utils tk-dev 22 | wget https://www.python.org/ftp/python/3.8.10/Python-3.8.10.tgz 23 | tar zxvf Python-3.8.10.tgz 24 | cd Python-3.8.10 && ./configure --with-ensurepip=install && make -j 16 && make install 25 | cd .. && rm -rf ./Python-3.8.10 && rm -rf ./Python-3.8.10.tgz 26 | -------------------------------------------------------------------------------- /licenses/github.com/beorn7/perks/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (C) 2013 Blake Mizerany 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining 4 | a copy of this software and associated documentation files (the 5 | "Software"), to deal in the Software without restriction, including 6 | without limitation the rights to use, copy, modify, merge, publish, 7 | distribute, sublicense, and/or sell copies of the Software, and to 8 | permit persons to whom the Software is furnished to do so, subject to 9 | the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be 12 | included in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /setup/stability-extra/multicluster-vpn/README.md: -------------------------------------------------------------------------------- 1 | # Istio Multicluster (VPN-mode) 2 | 3 | A set of external cluster install configurations for Multicluster (VPN-mode) test scenarios. 4 | 5 | For each template file under `perf/stability/multicluster-vpn/templates/` there is a corresponding directory under 6 | `setup/stability-extra/multicluster-vpn/` containing a set of test apps and load generators along with installation script that spins up an isolated Istio control plane with multicluster configuration pointing to the primary stability cluster. This allows to test various multicluster configuration options within the same cluster. 7 | 8 | In order to install all scenarios into an external cluster and configure multicluster connectivity with the primary stability cluster, use the `setup.sh` script in the current directory. Point script to the primary stability cluster (as the first cluster) and to the newly provisioned external cluster (as the second cluster). Make sure that the two clusters reside in different regions so that locality-aware load balancing can be exercised. 9 | 10 | See the `setup.sh` script (header) for the arguments reference and usage example. 11 | -------------------------------------------------------------------------------- /isotope/convert/pkg/graph/script/concurrent_command.go: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this currentFile except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package script 16 | 17 | // ConcurrentCommand describes a set of commands that should be executed 18 | // simultaneously. 19 | type ConcurrentCommand []Command 20 | 21 | // UnmarshalJSON converts b to a ConcurrentCommand. b must be a JSON array of 22 | // commands. 23 | func (c *ConcurrentCommand) UnmarshalJSON(b []byte) (err error) { 24 | cmds, err := parseJSONCommands(b) 25 | if err != nil { 26 | return 27 | } 28 | *c = ConcurrentCommand(cmds) 29 | return 30 | } 31 | --------------------------------------------------------------------------------