feedback and cleanup

common/config/.golangci.yml

@@ -29,6 +29,75 @@ linters:
           deny:
             - pkg: github.com/gogo/protobuf
               desc: gogo/protobuf is deprecated, use golang/protobuf
+        AllGoFiles:
+          files:
+            - $all
+          deny:
+            - pkg: golang.org/x/net/http2/h2c
+              desc: h2c.NewHandler is unsafe; use wrapper istio.io/istio/pkg/h2c
+            - pkg: github.com/golang/protobuf/jsonpb
+              desc: don't use the jsonpb package directly; use util/protomarshal instead
+            - pkg: google.golang.org/protobuf/encoding/protojson
+              desc: don't use the protojson package directly; use util/protomarshal instead
+            - pkg: gomodules.xyz/jsonpatch/v3
+              desc: don't use v3; v2 is orders of magnitude higher performance
+            - pkg: k8s.io/apimachinery/pkg/util/sets
+              desc: use istio.io/istio/pkg/util/sets
+            - pkg: k8s.io/utils/set
+              desc: use istio.io/istio/pkg/util/sets
+            - pkg: k8s.io/utils/env
+              desc: use istio.io/istio/pkg/env
+            - pkg: k8s.io/utils/strings/slices
+              desc: use istio.io/istio/pkg/slices
+            - pkg: k8s.io/utils/pointer
+              desc: use istio.io/istio/pkg/ptr
+            - pkg: go.opencensus.io
+              desc: do not use OpenCensus; use OpenTelemetry instead
+            - pkg: golang.org/x/exp/maps
+              desc: do not use golang.org/x/exp/maps; use istio.io/istio/pkg/maps instead
+            - pkg: maps
+              desc: do not use maps; use istio.io/istio/pkg/maps instead
+            - pkg: golang.org/x/exp/slices
+              desc: do not use golang.org/x/exp/slices; use istio.io/istio/pkg/slices instead
+            - pkg: slices
+              desc: do not use slices; use istio.io/istio/pkg/slices instead
+            - pkg: gopkg.in/yaml.v2
+              desc: do not use gopkg.in/yaml.v2; use sigs.k8s.io/yaml instead
+            - pkg: gopkg.in/yaml.v3
+              desc: do not use gopkg.in/yaml.v3; use sigs.k8s.io/yaml instead
+            - pkg: github.com/ghodss/yaml
+              desc: do not use github.com/ghodss/yaml; use sigs.k8s.io/yaml instead
+        DenyOpenTelemetry:
+          files:
+            - $all
+            - '!**/pkg/monitoring/**'
+            - '!**/pkg/tracing/**'
+          deny:
+            - pkg: go.opentelemetry.io/otel
+              desc: do not use OpenTelemetry directly; use pkg/monitoring
+            - pkg: go.opentelemetry.io/otel/metric
+              desc: do not use OpenTelemetry directly; use pkg/monitoring
+        DenyOperatorAndIstioctl:
+          files:
+            - '!$test'
+            - '!**/operator/**'
+            - '!**/istioctl/**'
+            - '!**/tools/bug-report/**'
+            - '!**/pkg/kube/**'
+            - '!**/pkg/url/**'
+            - '!**/pkg/test/framework/**'
+            - '!**/tests/fuzz/**'
+          deny:
+            - pkg: istio.io/istio/operator
+              desc: operator should not be imported
+            - pkg: istio.io/istio/istioctl
+              desc: istioctl should not be imported
+        DenyProtobufV1:
+          files:
+            - $all
+          deny:
+            - pkg: github.com/golang/protobuf/ptypes
+              desc: do not use github.com/golang/protobuf/ptypes; use google.golang.org/protobuf/types/known instead
     errcheck:
       check-type-assertions: false
       check-blank: false
@@ -185,9 +254,9 @@ linters:
           - staticcheck
         text: 'S1007'
     paths:
-      - .*\.pb\.go
-      - .*\.gen\.go
-      - genfiles$
+      - third_party$
+      - builtin$
+      - examples$
       - vendor$
       - third_party$
       - builtin$
@@ -212,86 +281,10 @@ formatters:
   exclusions:
     generated: lax
     paths:
-      - .*\.pb\.go
-      - .*\.gen\.go
-      - genfiles$
+      - third_party$
+      - builtin$
+      - examples$
       - vendor$
       - third_party$
       - builtin$
       - examples$
-linters-settings:
-  depguard:
-    rules:
-      # deny for all go files
-      AllGoFiles:
-        files:
-          - $all
-        deny:
-          - pkg: golang.org/x/net/http2/h2c
-            desc: "h2c.NewHandler is unsafe; use wrapper istio.io/istio/pkg/h2c"
-          - pkg: github.com/golang/protobuf/jsonpb
-            desc: "don't use the jsonpb package directly; use util/protomarshal instead"
-          - pkg: google.golang.org/protobuf/encoding/protojson
-            desc: "don't use the protojson package directly; use util/protomarshal instead"
-          - pkg: gomodules.xyz/jsonpatch/v3
-            desc: "don't use v3; v2 is orders of magnitude higher performance"
-          - pkg: k8s.io/apimachinery/pkg/util/sets
-            desc: "use istio.io/istio/pkg/util/sets"
-          - pkg: k8s.io/utils/set
-            desc: "use istio.io/istio/pkg/util/sets"
-          - pkg: k8s.io/utils/env
-            desc: "use istio.io/istio/pkg/env"
-          - pkg: k8s.io/utils/strings/slices
-            desc: "use istio.io/istio/pkg/slices"
-          - pkg: k8s.io/utils/pointer
-            desc: "use istio.io/istio/pkg/ptr"
-          - pkg: go.opencensus.io
-            desc: "do not use OpenCensus; use OpenTelemetry instead"
-          - pkg: golang.org/x/exp/maps
-            desc: "do not use golang.org/x/exp/maps; use istio.io/istio/pkg/maps instead"
-          - pkg: maps
-            desc: "do not use maps; use istio.io/istio/pkg/maps instead"
-          - pkg: golang.org/x/exp/slices
-            desc: "do not use golang.org/x/exp/slices; use istio.io/istio/pkg/slices instead"
-          - pkg: slices
-            desc: "do not use slices; use istio.io/istio/pkg/slices instead"
-          - pkg: gopkg.in/yaml.v2
-            desc: "do not use gopkg.in/yaml.v2; use sigs.k8s.io/yaml instead"
-          - pkg: gopkg.in/yaml.v3
-            desc: "do not use gopkg.in/yaml.v3; use sigs.k8s.io/yaml instead"
-          - pkg: github.com/ghodss/yaml
-            desc: "do not use github.com/ghodss/yaml; use sigs.k8s.io/yaml instead"
-      DenyOperatorAndIstioctl:
-        files:
-          # Tests can do anything
-          - "!$test"
-          # Main code should only be used by appropriate binaries
-          - "!**/operator/**"
-          - "!**/istioctl/**"
-          - "!**/tools/bug-report/**"
-          # This should only really import operator API, but that is hard to express without a larger refactoring
-          - "!**/pkg/kube/**"
-          - "!**/pkg/url/**"
-          - "!**/pkg/test/framework/**"
-          - "!**/tests/fuzz/**"
-        deny:
-          - pkg: istio.io/istio/operator
-            desc: "operator should not be imported"
-          - pkg: istio.io/istio/istioctl
-            desc: "istioctl should not be imported"
-      DenyOpenTelemetry:
-        files:
-          - $all
-          - "!**/pkg/monitoring/**"
-          - "!**/pkg/tracing/**"
-        deny:
-          - pkg: go.opentelemetry.io/otel
-            desc: "do not use OpenTelemetry directly; use pkg/monitoring"
-          - pkg: go.opentelemetry.io/otel/metric
-            desc: "do not use OpenTelemetry directly; use pkg/monitoring"
-      DenyProtobufV1:
-        files:
-          - $all
-        deny:
-          - pkg: github.com/golang/protobuf/ptypes
-            desc: "do not use github.com/golang/protobuf/ptypes; use google.golang.org/protobuf/types/known instead"

pilot/pkg/config/kube/gateway/deploymentcontroller.go

@@ -546,16 +546,6 @@ func (d *DeploymentController) setLabelOverrides(gw gateway.Gateway, input Templ
 	if _, ok := gw.GetLabels()[label.TopologyNetwork.Name]; !ok && network != "" && (isWaypointGateway || isEastWestGateway) {
 		input.InfrastructureLabels[label.TopologyNetwork.Name] = d.injectConfig().Values.Struct().GetGlobal().GetNetwork()
 	}
-
-	// Set Inference ext proc label if not present as infrastructureLabel
-	// TODO(liorlieberman): should this label be part of istio/api?
-	enableInferenceExtProcOnGatewayLabelName := "istio.io/enable-inference-extproc"
-	if _, ok := input.InfrastructureLabels[enableInferenceExtProcOnGatewayLabelName]; ok {
-		return
-	}
-	if enabled, ok := gw.Labels[enableInferenceExtProcOnGatewayLabelName]; ok {
-		input.InfrastructureLabels[enableInferenceExtProcOnGatewayLabelName] = enabled
-	}
 }
 
 func extractInfrastructureLabels(gw gateway.Gateway) map[string]string {

pilot/pkg/config/kube/gateway/deploymentcontroller_test.go

@@ -410,26 +410,6 @@ func TestConfigureIstioGateway(t *testing.T) {
 			},
 			objects: defaultObjects,
 		},
-		{
-			name: "gateway-with-infrerencepool-extproc-infra-label",
-			gw: k8sbeta.Gateway{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "default",
-					Namespace: "default",
-					Labels: map[string]string{
-						"istio.io/enable-inference-extproc": "true", // should translate to infrastructure label
-					},
-				},
-				Spec: k8s.GatewaySpec{
-					GatewayClassName: k8s.ObjectName(features.GatewayAPIDefaultGatewayClass),
-					Infrastructure: &k8s.GatewayInfrastructure{
-						Labels:      map[k8s.LabelKey]k8s.LabelValue{"foo": "bar"}, // just to test compatibility with the labels on the gateway
-						Annotations: map[k8s.AnnotationKey]k8s.AnnotationValue{"fizz": "buzz"},
-					},
-				},
-			},
-			objects: defaultObjects,
-		},
 		{
 			name: "istio-upgrade-to-1.24",
 			gw: k8sbeta.Gateway{

pilot/pkg/xds/endpoints/endpoint_builder.go

@@ -666,6 +666,9 @@ func buildEnvoyLbEndpoint(b *EndpointBuilder, e *model.IstioEndpoint, mtlsEnable
 	} else {
 		meta = e.Metadata()
 	}
+
+	// detect if mTLS is possible for this endpoint, used later during ep filtering
+	// this must be done while converting IstioEndpoints because we still have workload labels
 	if !mtlsEnabled {
 		meta.TLSMode = ""
 	}

pkg/config/constants/constants.go

@@ -128,7 +128,7 @@ const (
 
 	// InternalParentNames declares the original resources of an internally-generated config.
 	// This is used by k8s gateway-api.
-	// It is a comma separated list. For example, "HTTPRoute/foo.
+	// It is a comma separated list. For example, "HTTPRoute/foo.default,HTTPRoute/bar.default"
 	InternalParentNames = "internal.istio.io/parents"
 	// InternalParentNamespace contains, for internally-generated resource, the namespace of the parent, if different then current.
 	InternalParentNamespace       = "internal.istio.io/parent-namespace"

releasenotes/notes/56845-inference-extension.yaml

@@ -7,4 +7,4 @@ issue:
 releaseNotes:
 - |
   **Added** support for Gateway API Inference Extension https://gateway-api-inference-extension.sigs.k8s.io/.
-  This feature is off by default and can be turned on with SUPPORT_GATEWAY_API_INFERENCE_EXTENSION env var.
+  This feature is off by default and can be turned on with the `SUPPORT_GATEWAY_API_INFERENCE_EXTENSION` environment variable.