pilot/pkg/networking/core/v1alpha3/listener.go (10 lines): - line 81: // TODO: allow configuration through mesh config - line 502: // TODO: This is going to be bad for caching as the order of listeners in tcpListeners or httpListeners is not - line 564: // TODO: plugins for HTTP_PROXY mode, envoyfilter needs another listener match for SIDECAR_HTTP_PROXY - line 1172: // TODO: how to deal with ext-authz? It will be in the ordering twice - line 1179: // TODO: these feel like the wrong place to insert, but this retains backwards compatibility with the original implementation - line 1253: // TODO: For now we assume that only HTTP/3 is used over QUIC. Revisit this in the future - line 1335: // TODO: need to sanitize the opts.bind if its a UDS socket, as it could have colons, that envoy doesn't like - line 1352: // TODO: switch on TransportProtocolQUIC is in too many places now. Once this is a bit - line 1363: // TODO: Maybe we should add options in MeshConfig to - line 1418: // TODO: given how tightly tied listener.FilterChains, opts.filterChainOpts, and mutable.FilterChains pilot/pkg/config/kube/gateway/conversion.go (8 lines): - line 232: // TODO: implement rewrite, timeout, mirror, corspolicy, retries - line 471: // TODO: the spec actually has a label match, not a string match. That is, *.com does not match *.apple.com - line 640: // TODO we need to properly return not admitted here - line 783: // TODO: implement ReferencePolicy for cross namespace - line 830: // TODO in the future we should probably just make VirtualService support relative weights directly - line 1054: // TODO we can add any settings we need here needed for the controller - line 1281: // TODO: should we always report both? - line 1352: // TODO: For now we are using Addresses. There has been some discussion of allowing inline pilot/pkg/serviceregistry/serviceentry/conversion.go (8 lines): - line 104: // TODO: make the enum match, should be safe (as long as they're used as enum) - line 125: // TODO: target port - line 140: // TODO: WorkloadSelector - line 142: // TODO: preserve ServiceRegistry. The reverse conversion sets it to 'external' - line 143: // TODO: preserve UID ? It seems MCP didn't preserve it - but that code path was not used much. - line 145: // TODO: ClusterExternalPorts map - for NodePort services, with "traffic.istio.io/nodeSelector" ann - line 148: // TODO: ClusterExternalAddresses - for LB types, per cluster. Populated from K8S, missing - line 384: // TODO: we need a way to get the container port map from k8s pilot/pkg/status/distribution/reporter.go (7 lines): - line 120: // TODO: is the use of a cancelled context here a problem? Maybe set a short timeout context? - line 171: // TODO: this will leak when a resource never reaches 100% before it is replaced. - line 172: // TODO: do deletes propagate through this thing? - line 186: // TODO: handle cache miss - line 195: // TODO: cleanup completedResources - line 244: // TODO: short circuit this write in the leader - line 302: // TODO might need to batch this to prevent lock contention pilot/pkg/networking/apigen/apigen.go (7 lines): - line 44: // TODO: we can also add a special marker in the header) - line 56: // TODO: take 'updates' into account, don't send pushes for resources that haven't changed - line 57: // TODO: support WorkloadEntry - to generate endpoints (equivalent with EDS) - line 58: // TODO: based on lessons from MCP, we want to send 'chunked' responses, like apiserver does. - line 82: // TODO: extra validation may be needed - at least logging that a resource - line 97: // TODO: what is the proper way to handle errors ? - line 122: // TODO: MeshConfig, current dynamic ProxyConfig (for this proxy), Networks istioctl/cmd/describe.go (7 lines): - line 142: // TODO look for port collisions between services targeting this pod - line 168: // TODO find sidecar configs that select this workload and render them - line 339: // TODO Consider adding Headers, SourceLabels - line 405: // TODO Are users interested in seeing Scheme, Method, Authority? - line 422: // TODO QueryParams, maybe Gateways - line 809: // TODO simplify this by showing for each matching Destination the negation of the previous HttpMatchRequest - line 834: // TODO vsSpec.Tls if I can find examples in the wild istioctl/cmd/workload.go (6 lines): - line 62: // TODO refactor away from package vars and add more UTs - line 273: // TODO: add WorkloadGroup validation in pkg/config/validation - line 382: // TODO: Make the following accurate when using the Kubernetes certificate signer - line 521: // TODO the defaults should be controlled by meshConfig/proxyConfig; if flags not given to the command proxyCOnfig takes precedence - line 577: // TODO: add case where the load balancer is a DNS name - line 604: // TODO make port configurable pilot/pkg/model/network.go (6 lines): - line 448: // TTL expires, try to refresh TODO should this be < ttl? - line 489: // TODO figure out how to query only A + AAAA - line 501: // TODO may not always want ipv6t? - line 515: // TODO share code with pkg/dns - line 536: // TODO take search namespaces into account - line 537: // TODO what about /etc/hosts? pkg/config/validation/validation.go (6 lines): - line 1209: // TODO: prevent this invalid setting, maybe in 1.12+ - line 2850: // TODO: gRPC status validation - line 2853: // TODO: HTTP2 error validation - line 3029: // TODO: Validate port is part of Service Port - which is tricky to validate with out service entry. - line 3248: // TODO: prevent this invalid setting, maybe in 1.11+ - line 3488: // TODO validate using the same gateway on multiple networks? pilot/pkg/networking/grpcgen/lds.go (6 lines): - line 139: // TODO match_subject_alt_names field in validation context is not supported on the server - line 141: // TODO plain TLS support - line 151: // TODO gRPC's filter chain match is super limted - only effective transport_protocol match is "raw_buffer" - line 164: // TODO permissive builts both plaintext and mtls; when tlsContext is present add a match for protocol - line 243: // TODO: gRPC also supports 'per route override' - not yet clear how to use it, Istio uses path expressions instead and we don't generate - line 303: // TODO: for TCP listeners don't generate RDS, but some indication of cluster name. pilot/pkg/networking/core/v1alpha3/httproute.go (6 lines): - line 107: // TODO: trace decorators, inbound timeouts - line 157: // TODO: This is potentially one place where envoyFilter ADD operation can be helpful if the - line 188: // FIXME: This will ignore virtual services with hostnames that do not match any service in the registry - line 190: // productpage.ns1.svc.cluster.local). See the TODO in BuildSidecarOutboundVirtualHosts for the right solution - line 223: // TODO: merge with IstioEgressListenerWrapper.selectVirtualServices - line 236: // TODO: This is a bug. VirtualServices can have many hosts pkg/istio-agent/xds_proxy.go (5 lines): - line 84: // TODO: Right now, the workloadSDS server and gatewaySDS servers are still separate - line 86: // TODO: consolidate/use ADSC struct - a lot of duplication. - line 503: // TODO: separate upstream response handling from requests sending, which are both time costly - line 630: // TODO: Expose keepalive options to agent cmd line flags. - line 720: // TODO: if istiodSAN starts with spiffe://, use custom validation. pkg/adsc/adsc.go (5 lines): - line 97: // TODO: implement SecretManager for cert dir - line 129: // TODO: mirror Generator, allow adding handler per type - line 210: // TODO: also load at startup - so we can support warm up in init-container, and survive - line 583: // TODO: add hook to inject nacks - line 653: // TODO: extract VIP and RDS or cluster pilot/pkg/networking/grpcgen/cds.go (5 lines): - line 81: // TODO re-use the v1alpha3.ClusterBuilder: - line 216: // TODO status or log when unsupported features are included - line 230: // TODO for now, we leave mTLS *off* by default: - line 239: // TODO support this - line 241: // TODO support this pilot/pkg/serviceregistry/kube/controller/controller.go (5 lines): - line 179: // TODO: add other modes. Likely want a mode with Endpoints+EndpointSlices that are not controlled by - line 535: // TODO trigger push via handler - line 747: // TODO: sync same kind of objects in parallel - line 1039: // TODO: this code does not return k8s service instances when the proxy's IP is a workload entry - line 1084: // TODO: This could not happen, remove? pilot/pkg/networking/core/v1alpha3/cluster.go (5 lines): - line 351: // TODO enable cache - there is no blockers here, skipped to simplify the original caching implementation - line 651: // FIXME: there isn't a way to distinguish between unset values and zero values - line 708: // FIXME: we can't distinguish between it being unset or being explicitly set to 0 - line 835: // TODO MinimumRingSize is an int, and zero could potentially be a valid value - line 856: // TODO: enable failoverPriority for `STRICT_DNS` cluster type pkg/config/analysis/local/context.go (5 lines): - line 117: // TODO: demote this log before merging - line 121: // TODO: this needs to include file source as well - line 124: // TODO: demote this log before merging - line 146: // TODO: demote this log before merging - line 148: // TODO: is continuing the right thing here? pkg/istio-agent/agent.go (4 lines): - line 524: // TODO: extract the logic to detect expiration time, and use a simpler code to rotate to files. - line 541: // TODO: evaluate replacing the STS server with a file data source, to simplify Envoy config - line 848: // TODO: this should all be packaged in a plugin, possibly with optional compilation. - line 872: // TODO: may add extra cases or explicit settings - but this is a rare use cases, mostly debugging pilot/pkg/serviceregistry/kube/controller/multicluster.go (4 lines): - line 177: // TODO move instance cache out of registries - line 183: // TODO implement deduping in aggregate registry to allow multiple k8s registries to handle WorkloadEntry - line 188: // TODO only do this for non-remotes, can't guarantee CRDs in remotes (depends on https://github.com/istio/istio/pull/29824) - line 236: // TODO prevent istiods in primary clusters from trying to patch eachother. should we also leader-elect? pilot/pkg/networking/core/v1alpha3/tracing.go (4 lines): - line 109: // TODO: should this `return nil, nil` instead ? - line 112: // TODO: transition to configuring providers from proxy config here? - line 131: // TODO: follow-on work to enable bootstrapping of clusters for $(HOST_IP):PORT addresses. - line 402: // TODO: This should have been properly handled with the injector. pilot/pkg/networking/core/v1alpha3/cluster_builder.go (4 lines): - line 533: // TODO: This is not foolproof - if instance is part of multiple services listening on same port, - line 745: // TODO (mjog) - line 909: // FIXME: there isn't a way to distinguish between unset values and zero values - line 929: // FIXME: zero is a valid value if explicitly set, otherwise we want to use the default pilot/pkg/config/kube/ingressv1/controller.go (4 lines): - line 99: // TODO: move to features ( and remove in 1.2 ) - line 226: // TODO: we could be smarter here and only trigger when real changes were found - line 261: // TODO: add c.queue.HasSynced() once #36332 is ready, ensuring Run is called before HasSynced - line 267: // TODO: are these two config descriptors right? pilot/pkg/controller/workloadentry/workloadentry_controller.go (4 lines): - line 87: // TODO use status or another proper API instead of annotations - line 124: // TODO move WorkloadEntry related tasks into their own object and give InternalGen a reference. - line 574: // TODO move labels out of entry - line 615: // TODO status fields used for garbage collection pilot/pkg/config/kube/ingress/controller.go (4 lines): - line 101: // TODO: move to features ( and remove in 1.2 ) - line 273: // TODO: we could be smarter here and only trigger when real changes were found - line 310: // TODO: add c.queue.HasSynced() once #36332 is ready, ensuring Run is called before HasSynced - line 316: // TODO: are these two config descriptors right? pilot/pkg/bootstrap/istio_ca.go (4 lines): - line 138: // TODO: Likely to be removed and added to mesh config - line 143: // TODO: Likely to be removed and added to mesh config - line 186: // TODO: if not set, parse Istiod's own token (if present) and get the issuer. The same issuer is used - line 522: // TODO: provide an endpoint returning all the roots. SDS can only pull a single root in current impl. pkg/config/analysis/local/istiod_analyze.go (4 lines): - line 145: // TODO: analysis is run for all namespaces, even if they are requested to be filtered. - line 167: // TODO: there's gotta be a better way to convert v1meshconfig to config.Config... - line 198: // TODO: this could be parallel - line 273: // TODO: are either of these string constants intended to vary? pkg/dns/client/dns.go (4 lines): - line 85: // TODO: make it configurable - line 113: // TODO: we can also copy /etc/resolv.conf to /var/lib/istio/resolv.conf and - line 391: // TODO: Figure out how to send parallel queries to all nameservers - line 501: // TODO: handle PTR records for reverse dns lookups pkg/kube/mock_client.go (4 lines): - line 248: return nil, fmt.Errorf("TODO MockClient doesn't implement IstioPods") - line 252: return "", "", fmt.Errorf("TODO MockClient doesn't implement exec") - line 256: return "", "", fmt.Errorf("TODO MockClient doesn't implement exec") - line 260: return "", fmt.Errorf("TODO MockClient doesn't implement logs") pilot/pkg/model/config.go (4 lines): - line 237: // FIXME this is a gross hack to hardcode a service's domain name in kubernetes - line 319: // TODO: return closest match out of all non-exact matching hosts - line 327: // TODO: merge with MostSpecificHostMatch once go 1.18 is used - line 365: // TODO: return closest match out of all non-exact matching hosts pilot/pkg/serviceregistry/kube/controller/endpointslice.go (4 lines): - line 60: // TODO Endpoints has a special cache, to filter out irrelevant updates to kube-system - line 86: // TODO use this to automatically switch to EndpointSlice mode - line 137: // TODO: this code does not return k8s service instances when the proxy's IP is a workload entry - line 367: // TODO this isn't used now, but we may still want to extract locality from the v1 EnspointSlice instead of node pilot/pkg/bootstrap/certcontroller.go (3 lines): - line 61: // TODO: if the provider is set to Citadel, use that instead of k8s so the API is still preserved. - line 106: // TODO: If the discovery address in mesh.yaml is set to port 15012 (XDS-with-DNS-certs) and the name - line 236: // TODO: Setup watcher for root and restart server if it changes. pilot/pkg/status/manager.go (3 lines): - line 36: // TODO: is Resource the right abstraction? - line 48: // TODO: need better error handling - line 122: // TODO: buffer this with channel pkg/security/security.go (3 lines): - line 80: // TODO: change all the pilot one reference definition here instead. - line 105: // TODO: For 1.8, make sure MeshConfig is updated with those settings, - line 133: // TODO: ProxyConfig should have most of those, and be passed to all components pilot/pkg/serviceregistry/serviceentry/servicediscovery.go (3 lines): - line 237: // TODO: maybe cds? - line 777: // TODO implement mesh networks loading logic from kube controller if needed - line 835: // TODO: Rather than sequentially allocate IPs, switch to a hash based allocation mechanism so that pilot/pkg/config/kube/ingress/conversion.go (3 lines): - line 90: // TODO validation when multiple wildcard tls secrets are given - line 210: // TODO: default at the end - line 228: // TODO: default at the end pkg/istio-agent/grpcxds/grpc_bootstrap.go (3 lines): - line 49: // TODO use structs from gRPC lib if created/exported - line 167: // TODO direct to CP should use secure channel (most likely JWT + TLS, but possibly allow mTLS) - line 189: // TODO use a more appropriate interval pilot/pkg/simulation/traffic.go (3 lines): - line 114: // TODO: currently this does not verify TLS vs mTLS - line 440: // TODO this only handles path - we need to add headers, query params, etc to be complete. - line 667: // TODO - support inbound pilot/pkg/config/kube/ingressv1/conversion.go (3 lines): - line 89: // TODO validation when multiple wildcard tls secrets are given - line 211: // TODO: default at the end - line 229: // TODO: default at the end pilot/pkg/networking/core/v1alpha3/networkfilter.go (3 lines): - line 132: // TODO: Need to handle multiple cluster names for Redis - line 228: // TODO: add a watcher for /var/lib/istio/mongo/certs - line 233: // TODO enable faults in mongo tools/istio-iptables/pkg/capture/run.go (3 lines): - line 374: // TODO: change the default behavior to not intercept any output - user may use http_proxy or another - line 635: // TODO: add ip6 as well - line 685: // TODO: add ip6 as well pkg/kube/client.go (3 lines): - line 105: // TODO: stop embedding this, it will conflict with future additions. Use Kube() instead is preferred - line 276: // TODO: send PR to client-go to add Tracker() - line 935: // TODO once we drop Kubernetes 1.15 support we can drop all of this code in favor of Server Side Apply pilot/pkg/serviceregistry/kube/controller/network.go (3 lines): - line 199: // TODO ConfigUpdate via gateway handler - line 247: // TODO should we start checking if svc's Ports contain the gateway port? - line 250: // TODO label based gateways could support being the gateway for multiple networks pilot/pkg/xds/delta.go (3 lines): - line 329: // TODO: can we distinguish init and reconnect? Do we care? - line 342: // TODO: due to concurrent unsubscribe, this probably doesn't make sense. Do we need any logic here? - line 441: // TODO: send different version for incremental eds pilot/pkg/model/telemetry.go (2 lines): - line 281: // TODO: metrics overrides do a deep merge, but here we do a shallow merge. - line 622: // TODO: we always flatten ALL_METRICS into each metric mode. For some stats providers (prometheus), pilot/pkg/model/push_context.go (2 lines): - line 814: // TODO: include cluster from EnvoyFilter such as global ratelimit [demo](https://istio.io/latest/docs/tasks/policy-enforcement/rate-limit/#global-rate-limit) - line 958: // TODO: logic to merge multiple sidecar resources manifests/charts/base/templates/clusterrole.yaml (2 lines): - line 33: # TODO: should be on just */status but wildcard is not supported - line 106: resources: ["*"] # TODO: should be on just */status but wildcard is not supported pixiu/pkg/config/api_config.go (2 lines): - line 103: // TODO: init other setting which need fetch from remote - line 105: // TODO: watch other setting which need fetch from remote pilot/pkg/security/authn/v1beta1/policy_applier.go (2 lines): - line 244: // TODO: Implement the logic to auto-generate the cluster so that when the flag is enabled, - line 249: // TODO: Default port based on scheme ? pilot/pkg/xds/sds.go (2 lines): - line 106: // TODO: For the new gateway-api, we should always search the config namespace and stop reading across all clusters - line 409: // TODO: Currently we only have a single credentials controller (Kubernetes). In the future, we will need a mapping manifests/charts/istiod-remote/templates/clusterrole.yaml (2 lines): - line 30: # TODO: should be on just */status but wildcard is not supported - line 103: resources: ["*"] # TODO: should be on just */status but wildcard is not supported pixiu/pkg/filter/http/dubboproxy/dubbo.go (2 lines): - line 208: // TODO: will print many Error when failed to connect server - line 228: // TODO statusCode I don't know what dubbo returns when it times out, first use the string to judge pilot/pkg/xds/auth.go (2 lines): - line 58: // TODO: add a flag to prevent unauthenticated requests ( 15010 ) - line 83: // TODO: allow locking down, rejecting unauthenticated requests. pilot/pkg/xds/monitoring.go (2 lines): - line 98: // TODO: Update all the resource stats in separate routine - line 248: // TODO use a single metric with a type tag manifests/charts/base/files/gen-istio-cluster.yaml (2 lines): - line 6806: resources: ["*"] # TODO: should be on just */status but wildcard is not supported - line 6935: # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config security/pkg/nodeagent/caclient/credentials.go (2 lines): - line 48: // TODO add metrics - line 49: // TODO change package pilot/pkg/xds/simple.go (2 lines): - line 76: // TODO: refactor bootstrap code to use this server, and add more registries. - line 132: // TODO: fix the mess of store interfaces - most are too generic for their own good. pixiu/pkg/client/dubbo/dubbo.go (2 lines): - line 57: // TODO java class name elem - line 219: // TODO statusCode I don’t know what dubbo will return when it times out, so I will return it directly. I will judge it when I call it. pilot/pkg/config/kube/gateway/conditions.go (2 lines): - line 59: // TODO look into also reporting ResolvedRefs; we should be gracefully dropping invalid backends instead - line 102: // TODO: will we fight over other controllers doing similar (but not identical) ordering? operator/pkg/tpath/tree.go (2 lines): - line 100: // TODO: The case of deleting a list.list.node element is not currently supported. - line 416: // TODO `map[interface{}]interface{}` is used by tests in operator/cmd/mesh, we should add our own tests pilot/pkg/networking/core/v1alpha3/route/route.go (2 lines): - line 249: // TODO: This is a gross HACK. Fix me. Its a much bigger surgery though, due to the way - line 525: // TODO: eliminate this logic and use the total_weight option in envoy route pilot/pkg/xds/statusgen.go (2 lines): - line 53: // TODO: TypeURLReady - readiness events for endpoints, agent can propagate - line 60: // TODO: track last N Nacks and connection events, with 'version' based on timestamp. operator/pkg/name/name.go (2 lines): - line 87: // TODO: move this to a base definitions file when one is created. - line 217: // TODO: remove extra validations when comfort level is high enough. pilot/cmd/pilot-agent/main.go (2 lines): - line 57: // TODO: Move most of this to pkg options. - line 307: // TODO: get the config and bootstrap from istiod, by passing the env operator/pkg/apis/istio/v1alpha1/values_types.pb.go (2 lines): - line 4733: // TODO can this import the real mesh config API? - line 4932: // TODO: Rename to Int32OrString pilot/pkg/networking/core/v1alpha3/fake.go (2 lines): - line 132: // TODO allow passing in registry, for k8s, mem reigstry - line 194: // TODO allow passing event handlers for controller pilot/pkg/xds/xdsgen.go (2 lines): - line 85: // TODO move this to just directly using the resource TypeUrl - line 134: // TODO: send different version for incremental eds pilot/pkg/xds/debug.go (2 lines): - line 255: // TODO: Check that the identity contains dubbo-system namespace, else block or restrict to only info that - line 770: // TODO: we should split the inject template into smaller modules (separate one for dump core, etc), pilot/pkg/model/service.go (2 lines): - line 424: // TODO: Investigate removing ServiceInstance entirely. - line 543: // TODO: move the ServiceRegistry type from platform.go to model istioctl/pkg/multicluster/remote_secret.go (2 lines): - line 308: // TODO will the SA have any reference to secrets anymore, can we avoid this list? - line 322: // TODO ephemeral time-based tokens are preferred; we should re-think this pkg/config/analysis/diag/message.go (2 lines): - line 41: // TODO: Make this localizable - line 55: // TODO: Implement using Analysis message API pilot/pkg/serviceregistry/kube/controller/endpointcontroller.go (2 lines): - line 76: // TODO: extend and set service instance type, so no need to re-init push context - line 171: // TODO: this may be not correct because of the hostnetwork pods may have same ip address pixiu/pkg/common/router/router.go (2 lines): - line 95: // TODO: may consider implementing both prefix and header in the future - line 136: //TODO: lock move to trie node pilot/pkg/security/model/authentication.go (2 lines): - line 203: // TODO: if subjectAltName ends with *, create a prefix match as well. - line 204: // TODO: if user explicitly specifies SANs - should we alter his explicit config by adding all spifee aliases? security/pkg/server/ca/server.go (2 lines): - line 84: // TODO: Call authorizer. - line 167: // TODO: apply different authenticators in specific order / according to configuration. pilot/pkg/xds/ep_filters.go (2 lines): - line 106: // TODO BTS may allow us to work around this - line 151: // TODO: figure out a way to extract locality data from the gateway public endpoints in meshNetworks pkg/config/mesh/watcher.go (2 lines): - line 196: // TODO Need to recreate or reload initConfigController() - line 203: // TODO hack: the first handler added is the ConfigPush, other handlers affect what will be pushed, so reversing iteration istioctl/cmd/precheck.go (2 lines): - line 124: // TODO: add more checks - line 282: // TODO: add more checks pilot/pkg/networking/core/v1alpha3/listener_inbound.go (2 lines): - line 282: bind: "0.0.0.0", // TODO ipv6 - line 475: // TODO share logic with HTTP inspector operator/pkg/apis/istio/v1alpha1/values_types.proto (2 lines): - line 1145: // TODO can this import the real mesh config API? - line 1170: // TODO: Rename to Int32OrString pkg/config/mesh/mesh.go (2 lines): - line 42: // TODO: include revision based on REVISION env - line 43: // TODO: set default namespace based on POD_NAMESPACE env manifests/charts/istio-control/istio-discovery/files/gen-istio.yaml (2 lines): - line 1493: resources: ["*"] # TODO: should be on just */status but wildcard is not supported - line 1645: # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config pilot/pkg/networking/core/v1alpha3/gateway.go (2 lines): - line 802: // TODO: handle case 2 - line 810: // TODO: Bug..if there is a single virtual service with *.foo.com, and multiple TLS block manifests/charts/istio-control/istio-discovery/templates/clusterrole.yaml (2 lines): - line 29: # TODO: should be on just */status but wildcard is not supported - line 102: resources: ["*"] # TODO: should be on just */status but wildcard is not supported pilot/pkg/config/kube/crd/conversion.go (1 line): - line 160: // TODO - add special cases for type-to-kind and kind-to-type pilot/pkg/networking/core/v1alpha3/listener_builder.go (1 line): - line 241: // TODO: This code is still insufficient. Ideally we should be parsing all the virtual services pilot/pkg/config/kube/crdclient/cache_handler.go (1 line): - line 63: // TODO we may consider passing a pointer to handlers instead of the value. While spec is a pointer, the meta will be copied pkg/envoy/proxy.go (1 line): - line 47: // TODO: outlier log path configuration belongs to mesh ProxyConfig pilot/pkg/status/resource.go (1 line): - line 59: // TODO: maybe replace with a kubernetes resource identifier, if that's a thing operator/pkg/helm/urlfetcher.go (1 line): - line 38: // TODO: remove in 1.7. pkg/hbone/dialer.go (1 line): - line 86: // TODO: use context pilot/pkg/xds/deltatest.go (1 line): - line 58: // TODO: it suspicious full is never nil - are there case where we should be deleting everything? tools/docker-builder/builder/crane.go (1 line): - line 203: // TODO: cache the size of images, use exactish size pilot/pkg/config/kube/crdclient/types.gen.go (1 line): - line 430: // TODO support setting field manager operator/pkg/tpath/struct.go (1 line): - line 104: // TODO: move these out to a separate package (istio/istio#15494). tools/istio-clean-iptables/pkg/cmd/root.go (1 line): - line 73: // TODO: Make this more configurable, maybe with an allowlist of users to be captured for output instead of a denylist. security/pkg/server/ca/authenticate/kubeauth/kube_jwt.go (1 line): - line 138: // TODO: check the audience from token, no need to call pkg/wasm/cache.go (1 line): - line 228: // TODO: support imagePullSecret and pass it to ImageFetcherOption. pilot/pkg/networking/core/v1alpha3/route/retry/retry.go (1 line): - line 48: // TODO: allow this to be configured via API. pilot/pkg/serviceregistry/util/workloadinstances/util.go (1 line): - line 79: // TODO: take auto-registration group into account once it's included into workload instance pkg/config/analysis/incluster/controller.go (1 line): - line 100: // TODO: this creates a state destruction problem when istiod crashes pilot/pkg/xds/ecds.go (1 line): - line 152: // TODO: we get the WasmPlugins here to get the secrets reference in order to decide whether ECDS push is needed, istioctl/cmd/analyze.go (1 line): - line 460: // TODO: Refactor output writer so that it is smart enough to know when to output what. pkg/config/analysis/analyzers/gateway/gateway.go (1 line): - line 86: // TODO I want to match service.Namespace to pod.ObjectMeta.Namespace pkg/config/legacy/source/kube/origin.go (1 line): - line 90: // TODO: support json file position. tools/docker-builder/builder/tar.go (1 line): - line 71: // TODO: if we want reproducible builds we can fake the timestamps here pilot/pkg/model/sidecar.go (1 line): - line 379: // TODO: could we choose services more intelligently based on their ports? pilot/pkg/bootstrap/configcontroller.go (1 line): - line 282: // TODO: handle k8s:// scheme for remote cluster. Use same mechanism as service registry, pilot/pkg/bootstrap/server.go (1 line): - line 356: // TODO: don't run this if galley is started, one ctlz is enough pilot/pkg/networking/grpcgen/rds.go (1 line): - line 45: // TODO use route-style naming instead of cluster naming pilot/pkg/config/kube/crdclient/client.go (1 line): - line 313: // TODO we should be returning errors not logging pilot/pkg/networking/networking.go (1 line): - line 132: // TODO: do we need this now? pilot/pkg/status/resourcelock.go (1 line): - line 217: // TODO: this does not guarantee controller order. perhaps it should? pilot/pkg/networking/core/v1alpha3/envoyfilter/rc_patch.go (1 line): - line 284: // FIXME: Ports on a route can be 0. the API only takes uint32 for ports pilot/pkg/status/distribution/state.go (1 line): - line 272: // TODO: what do we do here? will these ever be deleted? pilot/pkg/config/file/store.go (1 line): - line 429: // TODO: populate tools/docker-builder/dockerfile/parse.go (1 line): - line 139: // TODO you can copy multiple. This also doesn't handle folder semantics well operator/pkg/translate/translate_common.go (1 line): - line 34: // TODO: remove extra validations when comfort level is high enough. pilot/pkg/xds/endpoint_builder.go (1 line): - line 412: // TODO this logic is probably done elsewhere in XDS, possible code-reuse + perf improvements pilot/cmd/pilot-agent/status/ready/probe.go (1 line): - line 62: // TODO some way to verify XDS proxy -> control plane works pilot/pkg/features/pilot.go (1 line): - line 86: // TODO enable by default once https://github.com/istio/istio/issues/28315 is resolved pixiu/pkg/filter/network/dubboproxy/filter/proxy/proxyfilter.go (1 line): - line 126: // TODO: will print many Error when failed to connect server pilot/pkg/model/jwks_resolver.go (1 line): - line 500: // TODO: may need to figure out the right place to call this function. pilot/pkg/xds/ads.go (1 line): - line 559: // TODO fix check in kubecontroller treat echo VMs like there isn't a pod pilot/cmd/pilot-agent/options/security.go (1 line): - line 133: // TODO extract this logic out to a plugin pilot/pkg/model/kstatus/helper.go (1 line): - line 66: // TODO: change this to be more efficient. Likely we allow modifications via WrappedStatus that pkg/config/conversion.go (1 line): - line 25: // TODO: define a proto matching Config - to avoid useless superficial conversions. pilot/pkg/leaderelection/k8sleaderelection/k8sresourcelock/configmaplock.go (1 line): - line 32: // TODO: This is almost a exact replica of Endpoints lock. pixiu/pkg/client/mq/facade.go (1 line): - line 37: // TODO: Add rocketmq params manifests/charts/istio-control/istio-discovery/values.yaml (1 line): - line 205: # TODO: the intent is to eventually have this enabled by default when security is used. pilot/pkg/xds/fake.go (1 line): - line 252: // TODO code re-use from server.go pilot/cmd/pilot-discovery/app/cmd.go (1 line): - line 121: // TODO replace with mesh config? manifests/charts/istiod-remote/values.yaml (1 line): - line 176: # TODO: the intent is to eventually have this enabled by default when security is used. cmd/pixiu/pixiu.go (1 line): - line 129: //TODO implement me pixiu/pkg/model/router.go (1 line): - line 46: // Regex string `yaml:"regex" json:"regex" mapstructure:"regex"` TODO: next version manifests/charts/base/templates/role.yaml (1 line): - line 24: # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config pilot/pkg/config/memory/store.go (1 line): - line 34: // TODO: can we make this compatible with kerror.IsConflict without imports the library? pkg/queue/delay.go (1 line): - line 169: // TODO warn and resize buffer operator/pkg/apis/istio/v1alpha1/common.go (1 line): - line 51: // TODO implement pilot/pkg/networking/core/v1alpha3/envoyfilter/cluster_patch.go (1 line): - line 193: // FIXME: Ports on a cluster can be 0. the API only takes uint32 for ports pkg/dns/server/name_table.go (1 line): - line 108: // TODO: should we skip the node's own IP like we do in listener? pkg/config/constants/constants.go (1 line): - line 75: // TODO we should derive this from IngressClass pilot/cmd/pilot-agent/status/grpcready/probe.go (1 line): - line 43: // TODO file watch? pilot/pkg/serviceregistry/memory/discovery.go (1 line): - line 133: // TODO: notify listeners security/pkg/nodeagent/caclient/providers/citadel/client.go (1 line): - line 158: // TODO: remove once istiod is stable and we have a way to validate JWTs locally pkg/istio-agent/metrics/metrics.go (1 line): - line 44: // TODO: Add type url as type for requeasts and responses if needed. pkg/istio-agent/xds_proxy_delta.go (1 line): - line 222: // TODO: separate upstream response handling from requests sending, which are both time costly pixiu/pkg/common/router/trie/trie.go (1 line): - line 89: // //TODO: log n.bizInfo for trouble shooting manifests/charts/istio-control/istio-discovery/templates/role.yaml (1 line): - line 19: # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config pilot/cmd/pilot-discovery/app/options.go (1 line): - line 62: // TODO: add validation for other flags tools/bug-report/pkg/bugreport/bugreport.go (1 line): - line 169: // TODO: sort by importance and discard any over the size limit. pkg/config/validation/extensionprovider.go (1 line): - line 263: // TODO: add exhaustiveness test istioctl/pkg/writer/pilot/status.go (1 line): - line 277: // FIXME: currently removing the deprecated code below may result in functions not working pilot/pkg/xds/discovery.go (1 line): - line 643: // TODO: additional filters can be added, for example namespace. pkg/bootstrap/config.go (1 line): - line 140: // TODO: allow reading a file with additional metadata (for example if created with pilot/pkg/xds/pcds.go (1 line): - line 66: // TODO: For now, only TrustBundle updates are pushed. Eventually, this should push entire Proxy Configuration istioctl/cmd/clusters.go (1 line): - line 34: // TODO move to multicluster package; requires exposing some private funcs/vars in this package tools/istio-iptables/pkg/cmd/root.go (1 line): - line 151: // TODO: Make this more configurable, maybe with an allowlist of users to be captured for output instead of a denylist. manifests/charts/istiod-remote/templates/role.yaml (1 line): - line 20: # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config pkg/hbone/server.go (1 line): - line 36: h2.ReadIdleTimeout = 10 * time.Minute // TODO: much larger to support long-lived connections pilot/pkg/networking/core/v1alpha3/envoyfilter/listener_patch.go (1 line): - line 609: // FIXME: Ports on a listener can be 0. the API only takes uint32 for ports pilot/pkg/serviceregistry/kube/conversion.go (1 line): - line 48: // TODO: move to API pilot/pkg/xds/proxy_dependencies.go (1 line): - line 69: // TODO We'll add the check for other proxy types later. pkg/kube/inject/inject.go (1 line): - line 376: // TODO allow overriding the values.global network in injection with the system namespace label security/pkg/pki/ra/k8s_ra.go (1 line): - line 166: // TODO: take care of spiffe bundle format as well pkg/kube/fakemirror.go (1 line): - line 45: // TODO go 1.18 generics may help avoid reflection tools/docker-builder/crane.go (1 line): - line 136: // TODO: this currently doesn't handle multi-arch pilot/pkg/model/context.go (1 line): - line 1092: // TODO use node metadata to indicate that this is a VM intstead of the TestVMLabel manifests/charts/gateways/istio-egress/values.yaml (1 line): - line 57: # TODO: convert to real options, env should not be exposed pilot/pkg/security/authz/builder/extauthz.go (1 line): - line 255: // TODO: Remove the IncludeHeadersInCheck field before promoting to beta.