Merge tag '1.24.0' into tetrate-release-1.24

Istio release 1.24.0
tetratelabs · Nov 8, 2024 · 430dbad · 430dbad
2 parents a46b948 + 8825a6b
commit 430dbad
Show file tree

Hide file tree

Showing 5,449 changed files with 833,635 additions and 20 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,33 @@
+{
+  "name": "istio build-tools",
+  "image": "gcr.io/istio-testing/build-tools:release-1.24-8036ecb4d2cc424846c9d8286ff447c15424185a",
+  "privileged": true,
+  "remoteEnv": {
+    "USE_GKE_GCLOUD_AUTH_PLUGIN": "True",
+    "BUILD_WITH_CONTAINER": "0",
+    "CARGO_HOME": "/home/.cargo",
+    "RUSTUP_HOME": "/home/.rustup"
+  },
+  "features": {
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
+    "ghcr.io/mpriscella/features/kind:1": {}
+  },
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "golang.go",
+        "rust-lang.rust-analyzer",
+        "eamodio.gitlens",
+        "zxh404.vscode-proto3",
+        "ms-azuretools.vscode-docker",
+        "redhat.vscode-yaml",
+        "IBM.output-colorizer"
+      ],
+      "settings": {
+        "files.eol": "\n",
+        "go.useLanguageServer": true,
+        "go.lintTool": "golangci-lint"
+      }
+    }
+  }
+}
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,16 @@
+*.descriptor      linguist-generated=true
+*.descriptor      -diff -merge
+*.descriptor_set  linguist-generated=true
+*.descriptor_set  -diff -merge
+*.pb.html linguist-generated=true
+*.pb.go linguist-generated=true
+*.gen.go linguist-generated=true
+*.gen.yaml linguist-generated=true
+*.gen.json linguist-generated=true
+*_pb2.py linguist-generated=true
+manifests/charts/**/profile*.yaml linguist-generated=true
+go.sum merge=union
+vendor/**  linguist-vendored
+common/**  linguist-vendored
+archive/**  linquist-vendored
+**/vmlinux.h  linquist-vendored
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -5,11 +5,25 @@ body:
     attributes:
       value: |
         Thanks for taking the time to fill out this bug report!
+  - type: checkboxes
+    id: security-check
+    attributes:
+      label: Is this the right place to submit this?
+      description: |-
+        This is used to report product bugs:
+        To report a security vulnerability, please visit <https://istio.io/about/security-vulnerabilities>.
+        Any crashes are potentially security vulnerabilities and should be treated as such.
+        To ask questions about how to use Istio, please visit <https://github.com/istio/istio/discussions>.
+      options:
+        - label: "This is not a security vulnerability or a crashing bug"
+          required: true
+        - label: "This is not a question about how to use Istio"
+          required: true
   - type: textarea
     id: bug-description
     attributes:
       label: Bug Description
-      description: Tell us what issues you ran into
+      description: Tell us what issues you ran into.
       placeholder: Include information about what you tried, what you expected to happen, and what actually happened. The more details, the better!
     validations:
       required: true
@@ -23,26 +37,29 @@ body:
         client version: 1.0.0
         control plane version: 1.0.0
         data plane version: 1.0.0 (100 proxies)
-        $ kubectl version --short
+        $ kubectl version
         Client Version: v1.0.0
+        Kustomize Version: v1.0.0
         Server Version: v1.0.0
-      render: prose
+      render: Text
     validations:
       required: true
   - type: textarea
     id: additional-info
     attributes:
       label: Additional Information
       description: |
-        Please include the output of [`istioctl bug-report`](http://istio.io/help/bugs/#generating-a-cluster-state-archive).
+        Please include the output of [`istioctl bug-report`](https://istio.io/help/bugs/#generating-a-cluster-state-archive).
         If you are unable to do so, please ensure you have collected the relevant debugging information manually and attached below;
         issue without enough information will not be resolvable.
   - type: checkboxes
     id: area
     attributes:
       label: Affected product area
       options:
+      - label: "Ambient"
       - label: "Docs"
+      - label: "Dual Stack"
       - label: "Installation"
       - label: "Networking"
       - label: "Performance and Scalability"
@@ -55,16 +72,3 @@ body:
       - label: "Multi Cluster"
       - label: "Virtual Machine"
       - label: "Control Plane Revisions"
-  - type: checkboxes
-    id: security-check
-    attributes:
-      label: Is this the right place to submit this?
-      description: |-
-        This is used to report product bugs:
-        To report a security vulnerability, please visit <https://istio.io/about/security-vulnerabilities>
-        To ask questions about how to use Istio, please visit <https://discuss.istio.io>
-      options:
-        - label: "This is not a security vulnerability"
-          required: true
-        - label: "This is not a question about how to use Istio"
-          required: true
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -3,15 +3,17 @@ name: Feature request
 about: Suggest an idea to improve Istio
 
 ---
-(This is used to request new product features, please visit <https://discuss.istio.io> for questions on using Istio)
+(This is used to request new product features, please visit <https://github.com/istio/istio/discussions> for questions on using Istio)
 
 **Describe the feature request**
 
 **Describe alternatives you've considered**
 
 **Affected product area (please put an X in all that apply)**
 
+[ ] Ambient
 [ ] Docs
+[ ] Dual Stack
 [ ] Installation
 [ ] Networking
 [ ] Performance and Scalability

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -8,7 +8,9 @@ Information about supported Istio versions can be found on the
 ## Reporting a Vulnerability
 
 Instructions for reporting a vulnerability can be found on the
-[Istio Security Vulnerabilities] page.
+[Istio Security Vulnerabilities] page. The Istio Product Security Working Group receives
+vulnerability and security issue reports, and the company affiliation of the members of
+the group can be found at [Early Disclosure Membership].
 
 ## Security Bulletins
 
@@ -18,3 +20,4 @@ Information about previous Istio vulnerabilities can be found on the
 [Support Announcements]: https://istio.io/news/support/
 [Istio Security Vulnerabilities]: https://istio.io/about/security-vulnerabilities/
 [Security Bulletins]: https://istio.io/news/security/
+[Early Disclosure Membership]: https://github.com/istio/community/blob/master/EARLY-DISCLOSURE.md#membership
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,14 @@
+# Configures Depdendabot to PR go security updates only
+
+version: 2
+updates:
+  # Go configuration for master branch
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # Limit number of open PRs to 0 so that we only get security updates
+    # See https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates
+    open-pull-requests-limit: 0
+    labels:
+      - "release-notes-none"
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -4,16 +4,22 @@
 
 **To help us figure out who should review this PR, please put an X in all the areas that this PR affects.**
 
+- [ ] Ambient
 - [ ] Configuration Infrastructure
 - [ ] Docs
+- [ ] Dual Stack
 - [ ] Installation
 - [ ] Networking
 - [ ] Performance and Scalability
-- [ ] Policies and Telemetry
+- [ ] Extensions and Telemetry
 - [ ] Security
 - [ ] Test and Release
 - [ ] User Experience
 - [ ] Developer Infrastructure
+- [ ] Upgrade
+- [ ] Multi Cluster
+- [ ] Virtual Machine
+- [ ] Control Plane Revisions
 
 **Please check any characteristics that apply to this pull request.**
 

diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,65 @@
+# git history files
+.history_rewritten_*
+# Eclipse artifacts
+.project
+.pydevproject
+#Vagrant
+tools/vagrant/.vagrant/
+# Intellij
+*.iml
+.idea/
+.run/
+# Visual Studio Code
+.vscode/
+# Bazel
+/bazel-*
+# vi swap files
+.*.swp
+# vi backups
+*.bak
+# common backups
+*~
+# python artifacts
+*.pyc
+# pilot
+pilot/pkg/kube/config
+pilot/pkg/proxy/envoy/envoy
+# lint
+lintconfig.gen.json
+.istiorc
+.istiorc.mk
+# codegen stuff
+bin/adapterlinter
+bin/protoc-gen-gogoslick*
+bin/protoc-min-version*
+bin/protoc-gen-docs*
+bin/testlinter
+bin/envvarlinter
+bin/istioctl
+*.orig
+# Avoid accidental istio.VERSION changes
+istio.VERSION
+LICENSES.txt
+# Proxy generated proxy config in integration test
+tests/integration/component/proxy/envoy.conf
+**/var/run/secrets/
+# Certs generated by testing
+security/cmd/node_agent/na/cert_file
+security/cmd/node_agent/na/pkey
+# istioctl bash completion file
+tools/istioctl.bash
+vendor
+# Contains the built artifacts
+out/
+etc/
+var/
+# Go compiled tests
+*.test
+# Profiles
+*.prof
+# MacOS extended attributes
+._*
+# MacOS Desktop Services Store
+.DS_Store
+/manifests/charts/**/charts/
+/manifests/charts/**/Chart.lock
diff --git a/BUGS-AND-FEATURE-REQUESTS.md b/BUGS-AND-FEATURE-REQUESTS.md
@@ -0,0 +1,10 @@
+# Bugs and Feature Requests
+
+You can report bugs and feature requests to the Istio team in one of three places:
+
+- [Product Bugs and Feature Requests](https://github.com/istio/istio/issues)
+- [Documentation Bugs and Feature Requests](https://github.com/istio/istio.io/issues)
+- [Community and Governance Issues](https://github.com/istio/community/issues)
+
+For security vulnerabilities, please don't report a bug (which is public) and instead follow
+[these procedures](https://istio.io/about/security-vulnerabilities/).
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1 @@
+* @istio/release-managers-1-24
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,5 @@
+# Contribution guidelines
+
+So you want to hack on Istio? Yay! Please refer to Istio's overall
+[contribution guidelines](https://github.com/istio/community/blob/master/CONTRIBUTING.md)
+to find out how you can help.