Enable more linters on this repo. (#392)

- Fix linter warnings.

Author: geeknoid

Makefile

@@ -29,7 +29,7 @@
 export BUILD_WITH_CONTAINER ?= 0
 
 ifeq ($(BUILD_WITH_CONTAINER),1)
-IMG = gcr.io/istio-testing/build-tools:2019-09-04T21-28-42
+IMG = gcr.io/istio-testing/build-tools:2019-09-11T09-52-48
 UID = $(shell id -u)
 PWD = $(shell pwd)
 GOBIN_SOURCE ?= $(GOPATH)/bin
@@ -74,7 +74,6 @@ RUN = docker run -t -i --sig-proxy=true -u $(UID) --rm \
 	--mount type=bind,source="$(GOBIN_SOURCE)",destination="/go/out/bin" \
 	-w /work $(IMG)
 else
-export GOBIN ?= ./out/bin
 RUN =
 endif
 

Makefile.core.mk

@@ -329,7 +329,7 @@ ${TOP}/bin/dep:
 lint:
 	$(MAKE) kind-run TARGET="run-lint"
 
-lint_modern: lint-go lint-pyhton lint-copyright-banner
+lint_modern: lint-go lint-pyhton lint-copyright-banner lint-markdown lint-protos
 
 include test/install.mk
 include test/tests.mk

README.md

@@ -76,40 +76,38 @@ The new installer recommends isolating components in different namespaces with d
 Recommended mode:
 
 Singleton:
+
 - `istio-system`: root CA and cert provisioning components.
 - `istio-cni`: optional CNI (avoids requiring root/netadmin from workload pods)
 
 Multi-environment components:
+
 - `istio-control`: config, discovery, auto-inject. All impact the generated config including enforcement of policies
 and secure naming.
 - `istio-telemetry`: mixer, kiali, tracing providers, grafana, prometheus. Custom install of prometheus, grafana can
 be used instead in dedicated namespaces.
 - `istio-policy`
-- `istio-gateways` - production domains should be in a separate namespace, to restrict access. It is possible to
+- `istio-gateways`: production domains should be in a separate namespace, to restrict access. It is possible to
 segregate gateways by the team that control access to the domain. Access to the gateway namespace provides access
 to certificates and control over domain delegation. The optional egress gateway provides control over outbound
 traffic.
 
 In addition, it is recommended to have a second set of the multi-environment components to use
 for canary/testing new versions. In this doc we will use an environment based on the `istio-master` namespace:
+
 - `istio-master`: config, discovery, etc
 - `istio-telemetry-master`
 - `istio-gateway-master`
 - `istio-policy-master`
 ...
 
-
-# Installing
-
 For each component, there are 2 styles of installing, using 'helm + tiller' or '`helm template` + `kubectl apply --prune`'.
 
 Using `kubectl --prune` is recommended:
 
 ```bash
-
 helm template --namespace $NAMESPACE -n $COMPONENT $CONFIGDIR -f global.yaml | \
    kubectl apply -n $NAMESPACE --prune -l release=$COMPONENT -f -
-
 ```
 
 Using helm:
@@ -137,13 +135,13 @@ Istio has strong integration with certmanager.  Some operators may want to keep
 CRDs in place and not have Istio modify them.  In this case, it is necessary to apply CRD files individually.
 
 ```bash
- kubectl apply -k github.com/istio/installer/crds
+kubectl apply -k github.com/istio/installer/crds
 ```
 
 or
 
 ```bash
- kubectl apply -f crds/files
+kubectl apply -f crds/files
 ```
 
 ## Install Security
@@ -198,36 +196,34 @@ Galley provides config access and validation. Only one environment should enable
 currently supported in multiple namespaces.
 
 ```bash
-     iop istio-control istio-config $IBASE/istio-control/istio-config --set configValidation=true
+iop istio-control istio-config $IBASE/istio-control/istio-config --set configValidation=true
 
-    # Second Galley, using master version of istio
-    TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-master istio-config-master $IBASE/istio-control/istio-config
+# Second Galley, using master version of istio
+TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-master istio-config-master $IBASE/istio-control/istio-config
 ```
 
 Other MCP providers can be used - currently the address and credentials need to match what galley is using.
 
 Discovery, Policy and Telemetry components will need to be configured with the address of the config
 server - either in the local cluster or in a central cluster.
 
-
 ### Discovery (Pilot)
 
 This can run in any cluster. A mesh should have at least one cluster should run Pilot or equivalent XDS server,
 and it is recommended to have Pilot running in each region and in multiple availability zones for multi cluster.
 
 ```bash
-    iop istio-control istio-discovery $IBASE/istio-control/istio-discovery \
-                --set global.istioNamespace=istio-system \
-                --set global.configNamespace=istio-control \
-                --set global.telemetryNamespace=istio-telemetry \
-                --set global.policyNamespace=istio-policy
-    TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-master istio-discovery-master $IBASE/istio-control/istio-discovery \
-                --set policy.enable=false \
-                --set global.istioNamespace=istio-master \
-                --set global.configNamespace=istio-master \
-                --set global.telemetryNamespace=istio-telemetry-master \
-                --set global.policyNamespace=istio-policy-master
-
+iop istio-control istio-discovery $IBASE/istio-control/istio-discovery \
+            --set global.istioNamespace=istio-system \
+            --set global.configNamespace=istio-control \
+            --set global.telemetryNamespace=istio-telemetry \
+            --set global.policyNamespace=istio-policy
+TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-master istio-discovery-master $IBASE/istio-control/istio-discovery \
+            --set policy.enable=false \
+            --set global.istioNamespace=istio-master \
+            --set global.configNamespace=istio-master \
+            --set global.telemetryNamespace=istio-telemetry-master \
+            --set global.policyNamespace=istio-policy-master
 ```
 
 ### Auto-injection
@@ -243,17 +239,15 @@ If `istio-system` has set `enableNamespaceByDefault` you must set `istio-inject:
 istio-system from taking over. In this case, it is recommended to first install `istio-control` autoinject with
 the default disabled, test it, and move the default from `istio-system` to `istio-control`.
 
-
 ```bash
-    # ENABLE_CNI is set to true if istio-cni is installed
-    iop istio-control istio-autoinject $IBASE/istio-control/istio-autoinject --set sidecarInjectorWebhook.enableNamespacesByDefault=true --set global.configNamespace=istio-control \
-        --set istio_cni.enabled=${ENABLE_CNI}
-
-    # Second auto-inject using master version of istio
-    # Notice the different options
-    TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-master istio-autoinject-master $IBASE/istio-control/istio-autoinject \
-             --set global.configNamespace=istio-master
-
+# ENABLE_CNI is set to true if istio-cni is installed
+iop istio-control istio-autoinject $IBASE/istio-control/istio-autoinject --set sidecarInjectorWebhook.enableNamespacesByDefault=true --set global.configNamespace=istio-control \
+    --set istio_cni.enabled=${ENABLE_CNI}
+
+# Second auto-inject using master version of istio
+# Notice the different options
+TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-master istio-autoinject-master $IBASE/istio-control/istio-autoinject \
+         --set global.configNamespace=istio-master
 ```
 
 ## Gateways
@@ -265,7 +259,6 @@ gateway in a dedicated namespace and restrict access.
 
 For large-scale gateways it is optionally possible to use a dedicated pilot in the gateway namespace.
 
-
 ## K8S Ingress
 
 To support K8S ingress we currently use a separate namespace. In Istio 1.1, this requires using a dedicated
@@ -275,42 +268,27 @@ Note that running a dedicated Pilot for ingress/gateways is supported and recomm
 but in the case of K8S ingress it is currently required.
 
 ```bash
-    iop istio-ingress istio-ingress $IBASE/gateways/istio-ingress --set global.configNamespace=istio-control
-    TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-ingress-master istio-ingress $IBASE/gateways/istio-ingress \
-            --set global.configNamespace=istio-master\
-
+iop istio-ingress istio-ingress $IBASE/gateways/istio-ingress --set global.configNamespace=istio-control
+TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-ingress-master istio-ingress $IBASE/gateways/istio-ingress \
+        --set global.configNamespace=istio-master\
 ```
 
 ## Telemetry
 
 ```bash
-    iop istio-telemetry istio-grafana $IBASE/istio-telemetry/grafana/ --set global.configNamespace=istio-control
-    iop istio-telemetry istio-mixer $IBASE/istio-telemetry/mixer-telemetry/ --set global.configNamespace=istio-control
-    iop istio-telemetry istio-prometheus $IBASE/istio-telemetry/prometheus/ --set global.configNamespace=istio-control
-    
-    TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-telemetry-master istio-grafana $IBASE/istio-telemetry/grafana/ \
-            --set global.configNamespace=istio-master
-    TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-telemetry-master istio-mixer $IBASE/istio-telemetry/mixer-telemetry/ \
-            --set global.configNamespace=istio-master
-    TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-telemetry-master istio-prometheus $IBASE/istio-telemetry/prometheus/ \
-            --set global.configNamespace=istio-master
+iop istio-telemetry istio-grafana $IBASE/istio-telemetry/grafana/ --set global.configNamespace=istio-control
+iop istio-telemetry istio-mixer $IBASE/istio-telemetry/mixer-telemetry/ --set global.configNamespace=istio-control
+iop istio-telemetry istio-prometheus $IBASE/istio-telemetry/prometheus/ --set global.configNamespace=istio-control
+
+TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-telemetry-master istio-grafana $IBASE/istio-telemetry/grafana/ \
+        --set global.configNamespace=istio-master
+TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-telemetry-master istio-mixer $IBASE/istio-telemetry/mixer-telemetry/ \
+        --set global.configNamespace=istio-master
+TAG=master-latest-daily HUB=gcr.io/istio-release iop istio-telemetry-master istio-prometheus $IBASE/istio-telemetry/prometheus/ \
+        --set global.configNamespace=istio-master
 ```
 
-## Policy
-
-TODO - see example
-
-## Egress
-
-
-## Other components
-
-### Kiali
-
-###
-
 ## Additional test templates
 
 A number of helm test setups are general-purpose and should be installable in any cluster, to confirm
 Istio works properly and allow testing the specific install.
-

common/.commonfiles.sha

@@ -1 +1 @@
-26f9010dc0dd119451e2e32fb7f704121af55104
+0c08017c3bfe198f061322c98c36e4e3638a09ad

common/Makefile.common.mk

@@ -55,7 +55,7 @@ lint-typescript:
 	@${FINDFILES} -name '*.ts' -print0 | ${XARGS} tslint -c common/config/tslint.json
 
 lint-protos:
-	@$(FINDFILES) -name '*.proto' -print0 | $(XARGS) -L 1 prototool lint --protoc-bin-path=/usr/bin/protoc --protoc-wkt-path=common-protos
+	@if test -d common-protos; then $(FINDFILES) -name '*.proto' -print0 | $(XARGS) -L 1 prototool lint --protoc-bin-path=/usr/bin/protoc --protoc-wkt-path=common-protos; fi
 
 lint-all: lint-dockerfiles lint-scripts lint-yaml lint-helm lint-copyright-banner lint-go lint-python lint-markdown lint-sass lint-typescript lint-protos
 

docs/labels.md

@@ -5,33 +5,26 @@ The most frequent problem in Istio with 'upgrade in place' is the label missmatc
 This happens when the upgrade Deployment.template.metadata.labels object on the upgrade doesn't matches
 the previous version.
 
-
 Example error:
-```text
 
+```text
 for: "test/demo": Deployment.apps "egressgateway" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app":"istio-egressgateway", "istio":"egressgateway"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable
-
 ```
 
 For Istio 1.0, the label style was:
 
 ```yaml
-
-  
-    
-    ...
-      labels:
-          app: pilot
-          istio: pilot
-
+...
+  labels:
+      app: pilot
+      istio: pilot
 ```
 
 'matchLabels' is only used in prometheus, with 'app:prometheus'.
 
 In 1.1, we added 3 more labels:
 
 ```yaml
-
   template:
     metadata:
       labels:
@@ -41,11 +34,10 @@ In 1.1, we added 3 more labels:
         chart: pilot
         heritage: Tiller
         release: istio
-
 ```
 
-For 1.2, we want to stop adding 'chart'/'heritage'/release, to reduce the dependency on Helm/Tiller and avoid 
-similar problems in the future. 
+For 1.2, we want to stop adding 'chart'/'heritage'/release, to reduce the dependency on Helm/Tiller and avoid
+similar problems in the future.
 
 We also want to allow in-place update of istio-system, for demo or users who need this (as a backup
 plan).

istio-control/istio-config/README.md

@@ -7,29 +7,21 @@ The default implementation is Galley, using the K8S apiserver for storage - othe
 It is recommended to run only one production config server - it registers a validation webhook which will apply
 to all Istio configs. It is possible to run a second staging/canary config server in a different namespace.
 
-# Installation
+## Installation
 
-Galley relies on DNS certificates. Before installing it in a custom namespace you should update Citadel or 
+Galley relies on DNS certificates. Before installing it in a custom namespace you should update Citadel or
 create a custom certificate.
 
-# Validation
+## Validation
 
 A cluster should have a single galley with validation enabled - usually the prod environment.
 It is possible to enable validation on other environments as well - but each Galley will do its own
 validation, and a staging version may impact production validation.
 
-```bash
-
-
-```
-
 ```yamml
-
 security:
     ...
     dnsCerts:
         ...
         istio-galley-service-account.MY_NAMESPACE: istio-galley.MY_NAMESPACE.svc
-
-
 ```

kustomize/README.md

@@ -3,13 +3,13 @@
 Organization: each directory corresponds to a namespace ( 'environment' ).
 
 Inside each component will have a directory, named to match the name of the directory where the helm template is defined.
- 
-A 'kustomization.yaml' file inside the directory can apply the normal kustomize rules. It should expect a 'k8s.yaml' 
+
+A 'kustomization.yaml' file inside the directory can apply the normal kustomize rules. It should expect a 'k8s.yaml'
 resource.
 
-# Usage
+## Usage
 
-"helm template" will be used with the normal values/global/user settings, and generate a k8s.yaml file under 
+"helm template" will be used with the normal values/global/user settings, and generate a k8s.yaml file under
 $OUT/$NAMESPACE/$COMPONENT
 
 If the kustomize file exists, it will be applied before running "kubectl apply --prune".

test/buildkite/README.md

@@ -2,21 +2,21 @@
 
 ## Machine
 
-install-machine.sh script has a basic install, i.e. agent plus tools used to run Istio tests (cached so we don't 
+install-machine.sh script has a basic install, i.e. agent plus tools used to run Istio tests (cached so we don't
 download again).
 
 ## Kubernetes
 
-Runs priviledged, the container has access to the 'node' docker. Can run KIND, or could run tests 
+Runs privileged, the container has access to the 'node' docker. Can run KIND, or could run tests
 in a regular k8s container if we grant permissions to create pods.
 
 ## K8s - not privileged
 
-A variant would be to run a non-priv agent, with namespace permissions. 
+A variant would be to run a non-priv agent, with namespace permissions.
 The installer can add an option to not require cluster permissions, or only minimal cluster permissions granted
 to the agent service account.
 
 ## Docker
 
 Not clear if this is needed - but we can run the agent/builder inside a docker container. Since it has priv, no
-major benefit compared with machine. 
+major benefit compared with machine.