diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 6300aebd8d4..8dc586ce114 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,12 +1,18 @@ **What type of PR is this?** + + **What this PR does / why we need it**: diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml new file mode 100644 index 00000000000..9f87ca4cbc3 --- /dev/null +++ b/.github/workflows/benchmark.yaml @@ -0,0 +1,56 @@ +name: Benchmarking Tests at Scale +on: + pull_request: + branches: + - "main" + - "release/v*" + workflow_dispatch: + inputs: + rps: + description: "The target requests-per-second rate. Default: 10000" + default: '10000' + type: string + required: false + connections: + description: "The maximum allowed number of concurrent connections per event loop. HTTP/1 only. Default: 100." + default: '100' + type: string + required: false + duration: + description: "The number of seconds that the test should run. Default: 90." + default: '90' + type: string + required: false + cpu_limits: + description: "The CPU resource limits for the envoy gateway, in unit 'm'. Default: 1000." + default: '1000' + type: string + required: false + memory_limits: + description: "The memory resource limits for the envoy gateway, in unit 'Mi'. Default: 1024." + default: '1024' + type: string + required: false + +jobs: + benchmark-test: + name: Benchmark Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: ./tools/github-actions/setup-deps + + - name: Run Benchmark tests + env: + KIND_NODE_TAG: v1.28.0 + IMAGE_PULL_POLICY: IfNotPresent + BENCHMARK_RPS: ${{ github.event.inputs.rps || 10000 }} + BENCHMARK_CONNECTIONS: ${{ github.event.inputs.connections || 100 }} + BENCHMARK_DURATION: ${{ github.event.inputs.duration || 90 }} + BENCHMARK_CPU_LIMITS: ${{ github.event.inputs.cpu_limits || 1000 }} + BENCHMARK_MEMORY_LIMITS: ${{ github.event.inputs.memory_limits || 2048 }} + run: make benchmark + + - name: Read Benchmark report + run: cat test/benchmark/benchmark_report.md diff --git a/.github/workflows/latest_release.yaml b/.github/workflows/latest_release.yaml index e6e45463a2b..66ebc5def70 100644 --- a/.github/workflows/latest_release.yaml +++ b/.github/workflows/latest_release.yaml @@ -62,7 +62,7 @@ jobs: GITHUB_REPOSITORY: ${{ github.repository_owner }}/${{ github.event.repository.name }} - name: Recreate the Latest Release and Tag - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v0.1.15 + uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v0.1.15 with: draft: false prerelease: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 088bd2a614f..679c6184e39 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -40,7 +40,7 @@ jobs: run: IMAGE_PULL_POLICY=IfNotPresent OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=${{ env.release_tag }} IMAGE=docker.io/envoyproxy/gateway TAG=${{ env.release_tag }} make helm-package helm-push - name: Upload Release Manifests - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v0.1.15 + uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v0.1.15 with: files: | release-artifacts/install.yaml diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 11775e85eda..e86341238ac 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -25,7 +25,7 @@ jobs: IMAGE=envoy-proxy/gateway-dev TAG=${{ github.sha }} make image - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 + uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0 with: image-ref: envoy-proxy/gateway-dev:${{ github.sha }} exit-code: '1' diff --git a/api/v1alpha1/accesslogging_types.go b/api/v1alpha1/accesslogging_types.go index d1f60203138..51ecf0be811 100644 --- a/api/v1alpha1/accesslogging_types.go +++ b/api/v1alpha1/accesslogging_types.go @@ -19,6 +19,11 @@ type ProxyAccessLog struct { type ProxyAccessLogSetting struct { // Format defines the format of accesslog. Format ProxyAccessLogFormat `json:"format"` + // Matches defines the match conditions for accesslog in CEL expression. + // An accesslog will be emitted only when one or more match conditions are evaluated to true. + // Invalid [CEL](https://www.envoyproxy.io/docs/envoy/latest/xds/type/v3/cel.proto.html#common-expression-language-cel-proto) expressions will be ignored. + // +notImplementedHide + Matches []string `json:"matches,omitempty"` // Sinks defines the sinks of accesslog. // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=50 diff --git a/api/v1alpha1/authorization_types.go b/api/v1alpha1/authorization_types.go index e02ba4dafed..3a589daef9f 100644 --- a/api/v1alpha1/authorization_types.go +++ b/api/v1alpha1/authorization_types.go @@ -27,7 +27,8 @@ type Authorization struct { // AuthorizationRule defines a single authorization rule. type AuthorizationRule struct { - // Name is a user-friendly name for the rule. It's just for display purposes. + // Name is a user-friendly name for the rule. + // If not specified, Envoy Gateway will generate a unique name for the rule.n // +optional Name *string `json:"name,omitempty"` diff --git a/api/v1alpha1/backendtrafficpolicy_types.go b/api/v1alpha1/backendtrafficpolicy_types.go index 38773cf70a1..8c23b133231 100644 --- a/api/v1alpha1/backendtrafficpolicy_types.go +++ b/api/v1alpha1/backendtrafficpolicy_types.go @@ -109,7 +109,7 @@ type BackendTrafficPolicySpec struct { // Connection includes backend connection settings. // // +optional - Connection *BackendTrafficPolicyConnection `json:"connection,omitempty"` + Connection *BackendConnection `json:"connection,omitempty"` } // +kubebuilder:object:root=true diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go index 740e03e0e2b..20953b1960b 100644 --- a/api/v1alpha1/clienttrafficpolicy_types.go +++ b/api/v1alpha1/clienttrafficpolicy_types.go @@ -81,7 +81,7 @@ type ClientTrafficPolicySpec struct { // Connection includes client connection settings. // // +optional - Connection *Connection `json:"connection,omitempty"` + Connection *ClientConnection `json:"connection,omitempty"` // HTTP1 provides HTTP/1 configuration on the listener. // // +optional diff --git a/api/v1alpha1/connection_types.go b/api/v1alpha1/connection_types.go index 999cfcc4144..758a22fddc7 100644 --- a/api/v1alpha1/connection_types.go +++ b/api/v1alpha1/connection_types.go @@ -10,8 +10,8 @@ import ( gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" ) -// Connection allows users to configure connection-level settings -type Connection struct { +// ClientConnection allows users to configure connection-level settings of client +type ClientConnection struct { // ConnectionLimit defines limits related to connections // // +optional @@ -26,6 +26,18 @@ type Connection struct { BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"` } +// BackendConnection allows users to configure connection-level settings of backend +type BackendConnection struct { + // BufferLimit Soft limit on size of the cluster’s connections read and write buffers. + // If unspecified, an implementation defined default is applied (32768 bytes). + // For example, 20Mi, 1Gi, 256Ki etc. + // Note: that when the suffix is not provided, the value is interpreted as bytes. + // + // +kubebuilder:validation:XValidation:rule="type(self) == string ? self.matches(r\"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\") : type(self) == int",message="BufferLimit must be of the format \"^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$\"" + // +optional + BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"` +} + type ConnectionLimit struct { // Value of the maximum concurrent connections limit. // When the limit is reached, incoming connections will be closed after the CloseDelay duration. diff --git a/api/v1alpha1/tracing_types.go b/api/v1alpha1/tracing_types.go index 1b8b55edc47..b7be478de15 100644 --- a/api/v1alpha1/tracing_types.go +++ b/api/v1alpha1/tracing_types.go @@ -18,7 +18,6 @@ type ProxyTracing struct { // If provider is kubernetes, pod name and namespace are added by default. CustomTags map[string]CustomTag `json:"customTags,omitempty"` // Provider defines the tracing provider. - // Only OpenTelemetry is supported currently. Provider TracingProvider `json:"provider"` } @@ -26,6 +25,7 @@ type TracingProviderType string const ( TracingProviderTypeOpenTelemetry TracingProviderType = "OpenTelemetry" + TracingProviderTypeZipkin TracingProviderType = "Zipkin" ) // TracingProvider defines the tracing provider configuration. @@ -33,8 +33,7 @@ const ( // +kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0" type TracingProvider struct { // Type defines the tracing provider type. - // EG currently only supports OpenTelemetry. - // +kubebuilder:validation:Enum=OpenTelemetry + // +kubebuilder:validation:Enum=OpenTelemetry;Zipkin // +kubebuilder:default=OpenTelemetry Type TracingProviderType `json:"type"` // Host define the provider service hostname. @@ -58,6 +57,9 @@ type TracingProvider struct { // +kubebuilder:validation:XValidation:message="only support Service kind.",rule="self.all(f, f.kind == 'Service')" // +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="self.all(f, f.group == '')" BackendRefs []BackendRef `json:"backendRefs,omitempty"` + // Zipkin defines the Zipkin tracing provider configuration + // +optional + Zipkin *ZipkinTracingProvider `json:"zipkin,omitempty"` } type CustomTagType string @@ -114,3 +116,16 @@ type RequestHeaderCustomTag struct { // +optional DefaultValue *string `json:"defaultValue,omitempty"` } + +// ZipkinTracingProvider defines the Zipkin tracing provider configuration. +type ZipkinTracingProvider struct { + // Enable128BitTraceID determines whether a 128bit trace id will be used + // when creating a new trace instance. If set to false, a 64bit trace + // id will be used. + // +optional + Enable128BitTraceID *bool `json:"enable128BitTraceId,omitempty"` + // DisableSharedSpanContext determines whether the default Envoy behaviour of + // client and server spans sharing the same span context should be disabled. + // +optional + DisableSharedSpanContext *bool `json:"disableSharedSpanContext,omitempty"` +} diff --git a/api/v1alpha1/wasm_types.go b/api/v1alpha1/wasm_types.go index 425c8e45892..1c41513f941 100644 --- a/api/v1alpha1/wasm_types.go +++ b/api/v1alpha1/wasm_types.go @@ -10,7 +10,7 @@ import ( gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) -// Wasm defines a wasm extension. +// Wasm defines a Wasm extension. // // Note: at the moment, Envoy Gateway does not support configuring Wasm runtime. // v8 is used as the VM runtime for the Wasm extensions. @@ -18,23 +18,19 @@ type Wasm struct { // Name is a unique name for this Wasm extension. It is used to identify the // Wasm extension if multiple extensions are handled by the same vm_id and root_id. // It's also used for logging/debugging. - Name string `json:"name"` - - // VMID is an ID that will be used along with a hash of the wasm code to - // determine which VM will be used to load the Wasm extension. All extensions - // that have the same vm_id and code will use the same VM. + // If not specified, EG will generate a unique name for the Wasm extension. // - // Note that sharing a VM between plugins can reduce memory utilization and - // make sharing of data easier, but it may have security implications. - // VMID *string `json:"vmID,omitempty"` + // +optional + Name *string `json:"name,omitempty"` // RootID is a unique ID for a set of extensions in a VM which will share a // RootContext and Contexts if applicable (e.g., an Wasm HttpFilter and an Wasm AccessLog). // If left blank, all extensions with a blank root_id with the same vm_id will share Context(s). - // RootID must match the root_id parameter used to register the Context in the Wasm code. + // + // Note: RootID must match the root_id parameter used to register the Context in the Wasm code. RootID *string `json:"rootID,omitempty"` - // Code is the wasm code for the extension. + // Code is the Wasm code for the extension. Code WasmCodeSource `json:"code"` // Config is the configuration for the Wasm extension. @@ -58,73 +54,100 @@ type Wasm struct { // Priority *uint32 `json:"priority,omitempty"` } -// WasmCodeSource defines the source of the wasm code. +// WasmCodeSource defines the source of the Wasm code. +// +union +// +// +kubebuilder:validation:XValidation:rule="self.type == 'HTTP' ? has(self.http) : !has(self.http)",message="If type is HTTP, http field needs to be set." +// +kubebuilder:validation:XValidation:rule="self.type == 'Image' ? has(self.image) : !has(self.image)",message="If type is Image, image field needs to be set." type WasmCodeSource struct { - // Type is the type of the source of the wasm code. + // Type is the type of the source of the Wasm code. // Valid WasmCodeSourceType values are "HTTP" or "Image". // // +kubebuilder:validation:Enum=HTTP;Image;ConfigMap // +unionDiscriminator Type WasmCodeSourceType `json:"type"` - // HTTP is the HTTP URL containing the wasm code. + // HTTP is the HTTP URL containing the Wasm code. // // Note that the HTTP server must be accessible from the Envoy proxy. // +optional HTTP *HTTPWasmCodeSource `json:"http,omitempty"` - // Image is the OCI image containing the wasm code. + // Image is the OCI image containing the Wasm code. // // Note that the image must be accessible from the Envoy Gateway. // +optional Image *ImageWasmCodeSource `json:"image,omitempty"` - // SHA256 checksum that will be used to verify the wasm code. + // PullPolicy is the policy to use when pulling the Wasm module by either the HTTP or Image source. + // This field is only applicable when the SHA256 field is not set. // - // kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` - SHA256 string `json:"sha256"` + // If not specified, the default policy is IfNotPresent except for OCI images whose tag is latest. + // + // Note: EG does not update the Wasm module every time an Envoy proxy requests + // the Wasm module even if the pull policy is set to Always. + // It only updates the Wasm module when the EnvoyExtension resource version changes. + // +optional + PullPolicy *ImagePullPolicy `json:"pullPolicy,omitempty"` } -// WasmCodeSourceType specifies the types of sources for the wasm code. +// WasmCodeSourceType specifies the types of sources for the Wasm code. // +kubebuilder:validation:Enum=HTTP;Image type WasmCodeSourceType string const ( - // HTTPWasmCodeSourceType allows the user to specify the wasm code in an HTTP URL. + // HTTPWasmCodeSourceType allows the user to specify the Wasm code in an HTTP URL. HTTPWasmCodeSourceType WasmCodeSourceType = "HTTP" - // ImageWasmCodeSourceType allows the user to specify the wasm code in an OCI image. + // ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image. ImageWasmCodeSourceType WasmCodeSourceType = "Image" ) -// HTTPWasmCodeSource defines the HTTP URL containing the wasm code. +// HTTPWasmCodeSource defines the HTTP URL containing the Wasm code. type HTTPWasmCodeSource struct { - // URL is the URL containing the wasm code. + // URL is the URL containing the Wasm code. + // +kubebuilder:validation:Pattern=`^((https?:)(\/\/\/?)([\w]*(?::[\w]*)?@)?([\d\w\.-]+)(?::(\d+))?)?([\/\\\w\.()-]*)?(?:([?][^#]*)?(#.*)?)*` URL string `json:"url"` + + // SHA256 checksum that will be used to verify the Wasm code. + // + // If not specified, Envoy Gateway will not verify the downloaded Wasm code. + // kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` + // +optional + SHA256 *string `json:"sha256"` } -// ImageWasmCodeSource defines the OCI image containing the wasm code. +// ImageWasmCodeSource defines the OCI image containing the Wasm code. type ImageWasmCodeSource struct { // URL is the URL of the OCI image. + // URL can be in the format of `registry/image:tag` or `registry/image@sha256:digest`. URL string `json:"url"` - // PullSecretRef is a reference to the secret containing the credentials to pull the image. - PullSecretRef gwapiv1b1.SecretObjectReference `json:"pullSecret"` + // SHA256 checksum that will be used to verify the OCI image. + // + // It must match the digest of the OCI image. + // + // If not specified, Envoy Gateway will not verify the downloaded OCI image. + // kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` + // +optional + SHA256 *string `json:"sha256"` - // PullPolicy is the policy to use when pulling the image. - // If not specified, the default policy is IfNotPresent for images whose tag is not latest, - // and Always for images whose tag is latest. + // PullSecretRef is a reference to the secret containing the credentials to pull the image. + // Only support Kubernetes Secret resource from the same namespace. + // +kubebuilder:validation:XValidation:message="only support Secret kind.",rule="self.kind == 'Secret'" // +optional - // PullPolicy *PullPolicy `json:"pullPolicy,omitempty"` + PullSecretRef *gwapiv1b1.SecretObjectReference `json:"pullSecretRef,omitempty"` } -// PullPolicy defines the policy to use when pulling an OIC image. -/* type PullPolicy string +// ImagePullPolicy defines the policy to use when pulling an OIC image. +// +kubebuilder:validation:Enum=IfNotPresent;Always +type ImagePullPolicy string const ( - // PullPolicyIfNotPresent will only pull the image if it does not already exist. - PullPolicyIfNotPresent PullPolicy = "IfNotPresent" + // ImagePullPolicyIfNotPresent will only pull the image if it does not already exist in the EG cache. + ImagePullPolicyIfNotPresent ImagePullPolicy = "IfNotPresent" - // PullPolicyAlways will always pull the image. - PullPolicyAlways PullPolicy = "Always" -)*/ + // ImagePullPolicyAlways will pull the image when the EnvoyExtension resource version changes. + // Note: EG does not update the Wasm module every time an Envoy proxy requests the Wasm module. + ImagePullPolicyAlways ImagePullPolicy = "Always" +) diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 1c3ae25c430..56a090358ab 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -252,6 +252,26 @@ func (in *Backend) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackendConnection) DeepCopyInto(out *BackendConnection) { + *out = *in + if in.BufferLimit != nil { + in, out := &in.BufferLimit, &out.BufferLimit + x := (*in).DeepCopy() + *out = &x + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendConnection. +func (in *BackendConnection) DeepCopy() *BackendConnection { + if in == nil { + return nil + } + out := new(BackendConnection) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BackendEndpoint) DeepCopyInto(out *BackendEndpoint) { *out = *in @@ -546,7 +566,7 @@ func (in *BackendTrafficPolicySpec) DeepCopyInto(out *BackendTrafficPolicySpec) } if in.Connection != nil { in, out := &in.Connection, &out.Connection - *out = new(BackendTrafficPolicyConnection) + *out = new(BackendConnection) (*in).DeepCopyInto(*out) } } @@ -677,6 +697,31 @@ func (in *ClaimToHeader) DeepCopy() *ClaimToHeader { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientConnection) DeepCopyInto(out *ClientConnection) { + *out = *in + if in.ConnectionLimit != nil { + in, out := &in.ConnectionLimit, &out.ConnectionLimit + *out = new(ConnectionLimit) + (*in).DeepCopyInto(*out) + } + if in.BufferLimit != nil { + in, out := &in.BufferLimit, &out.BufferLimit + x := (*in).DeepCopy() + *out = &x + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnection. +func (in *ClientConnection) DeepCopy() *ClientConnection { + if in == nil { + return nil + } + out := new(ClientConnection) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClientIPDetectionSettings) DeepCopyInto(out *ClientIPDetectionSettings) { *out = *in @@ -848,7 +893,7 @@ func (in *ClientTrafficPolicySpec) DeepCopyInto(out *ClientTrafficPolicySpec) { } if in.Connection != nil { in, out := &in.Connection, &out.Connection - *out = new(Connection) + *out = new(ClientConnection) (*in).DeepCopyInto(*out) } if in.HTTP1 != nil { @@ -925,31 +970,6 @@ func (in *Compression) DeepCopy() *Compression { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Connection) DeepCopyInto(out *Connection) { - *out = *in - if in.ConnectionLimit != nil { - in, out := &in.ConnectionLimit, &out.ConnectionLimit - *out = new(ConnectionLimit) - (*in).DeepCopyInto(*out) - } - if in.BufferLimit != nil { - in, out := &in.BufferLimit, &out.BufferLimit - x := (*in).DeepCopy() - *out = &x - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Connection. -func (in *Connection) DeepCopy() *Connection { - if in == nil { - return nil - } - out := new(Connection) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConnectionLimit) DeepCopyInto(out *ConnectionLimit) { *out = *in @@ -2545,6 +2565,11 @@ func (in *HTTPTimeout) DeepCopy() *HTTPTimeout { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HTTPWasmCodeSource) DeepCopyInto(out *HTTPWasmCodeSource) { *out = *in + if in.SHA256 != nil { + in, out := &in.SHA256, &out.SHA256 + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPWasmCodeSource. @@ -2695,7 +2720,16 @@ func (in *IPEndpoint) DeepCopy() *IPEndpoint { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImageWasmCodeSource) DeepCopyInto(out *ImageWasmCodeSource) { *out = *in - in.PullSecretRef.DeepCopyInto(&out.PullSecretRef) + if in.SHA256 != nil { + in, out := &in.SHA256, &out.SHA256 + *out = new(string) + **out = **in + } + if in.PullSecretRef != nil { + in, out := &in.PullSecretRef, &out.PullSecretRef + *out = new(apisv1.SecretObjectReference) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageWasmCodeSource. @@ -3699,6 +3733,11 @@ func (in *ProxyAccessLogFormat) DeepCopy() *ProxyAccessLogFormat { func (in *ProxyAccessLogSetting) DeepCopyInto(out *ProxyAccessLogSetting) { *out = *in in.Format.DeepCopyInto(&out.Format) + if in.Matches != nil { + in, out := &in.Matches, &out.Matches + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.Sinks != nil { in, out := &in.Sinks, &out.Sinks *out = make([]ProxyAccessLogSink, len(*in)) @@ -4725,6 +4764,11 @@ func (in *TracingProvider) DeepCopyInto(out *TracingProvider) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Zipkin != nil { + in, out := &in.Zipkin, &out.Zipkin + *out = new(ZipkinTracingProvider) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingProvider. @@ -4755,6 +4799,11 @@ func (in *UnixSocket) DeepCopy() *UnixSocket { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Wasm) DeepCopyInto(out *Wasm) { *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } if in.RootID != nil { in, out := &in.RootID, &out.RootID *out = new(string) @@ -4789,13 +4838,18 @@ func (in *WasmCodeSource) DeepCopyInto(out *WasmCodeSource) { if in.HTTP != nil { in, out := &in.HTTP, &out.HTTP *out = new(HTTPWasmCodeSource) - **out = **in + (*in).DeepCopyInto(*out) } if in.Image != nil { in, out := &in.Image, &out.Image *out = new(ImageWasmCodeSource) (*in).DeepCopyInto(*out) } + if in.PullPolicy != nil { + in, out := &in.PullPolicy, &out.PullPolicy + *out = new(ImagePullPolicy) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WasmCodeSource. @@ -4877,3 +4931,28 @@ func (in *XForwardedForSettings) DeepCopy() *XForwardedForSettings { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ZipkinTracingProvider) DeepCopyInto(out *ZipkinTracingProvider) { + *out = *in + if in.Enable128BitTraceID != nil { + in, out := &in.Enable128BitTraceID, &out.Enable128BitTraceID + *out = new(bool) + **out = **in + } + if in.DisableSharedSpanContext != nil { + in, out := &in.DisableSharedSpanContext, &out.DisableSharedSpanContext + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZipkinTracingProvider. +func (in *ZipkinTracingProvider) DeepCopy() *ZipkinTracingProvider { + if in == nil { + return nil + } + out := new(ZipkinTracingProvider) + in.DeepCopyInto(out) + return out +} diff --git a/charts/gateway-addons-helm/Chart.lock b/charts/gateway-addons-helm/Chart.lock index 297e11c9610..4b6f92ac77c 100644 --- a/charts/gateway-addons-helm/Chart.lock +++ b/charts/gateway-addons-helm/Chart.lock @@ -16,6 +16,6 @@ dependencies: version: 1.3.1 - name: opentelemetry-collector repository: https://open-telemetry.github.io/opentelemetry-helm-charts - version: 0.60.0 -digest: sha256:52aabfaf2c568f7b77da5cf5a771e936e052df2c66afdfd53a2c892452f06d6b -generated: "2024-06-11T22:19:54.569241+08:00" + version: 0.73.1 +digest: sha256:4c16df8d7efc27aff566fa5dfd2eba6527adbf3fc8e94e7e3ccfc0cee7836f1c +generated: "2024-06-20T11:46:59.148579+08:00" diff --git a/charts/gateway-addons-helm/Chart.yaml b/charts/gateway-addons-helm/Chart.yaml index 3d40fbf7d2d..84ac6228f62 100644 --- a/charts/gateway-addons-helm/Chart.yaml +++ b/charts/gateway-addons-helm/Chart.yaml @@ -29,35 +29,23 @@ dependencies: version: 25.21.0 repository: https://prometheus-community.github.io/helm-charts condition: prometheus.enabled - tags: - - metrics - name: grafana repository: https://grafana.github.io/helm-charts version: 8.0.0 condition: grafana.enabled - tags: - - metrics - name: fluent-bit repository: https://fluent.github.io/helm-charts version: 0.30.4 condition: fluent-bit.enabled - tags: - - logging - name: loki version: 4.8.0 repository: https://grafana.github.io/helm-charts condition: loki.enabled - tags: - - logging - name: tempo repository: https://grafana.github.io/helm-charts version: 1.3.1 condition: tempo.enabled - tags: - - tracing - name: opentelemetry-collector repository: https://open-telemetry.github.io/opentelemetry-helm-charts - version: 0.60.0 + version: 0.73.1 condition: opentelemetry-collector.enabled - tags: - - metrics diff --git a/charts/gateway-addons-helm/README.md b/charts/gateway-addons-helm/README.md index b5d9388d9dc..ff47a1e4797 100644 --- a/charts/gateway-addons-helm/README.md +++ b/charts/gateway-addons-helm/README.md @@ -25,7 +25,7 @@ An Add-ons Helm chart for Envoy Gateway | https://grafana.github.io/helm-charts | grafana | 8.0.0 | | https://grafana.github.io/helm-charts | loki | 4.8.0 | | https://grafana.github.io/helm-charts | tempo | 1.3.1 | -| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.60.0 | +| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.73.1 | | https://prometheus-community.github.io/helm-charts | prometheus | 25.21.0 | ## Usage @@ -79,7 +79,7 @@ To uninstall the chart: | grafana.datasources."datasources.yaml".apiVersion | int | `1` | | | grafana.datasources."datasources.yaml".datasources[0].name | string | `"Prometheus"` | | | grafana.datasources."datasources.yaml".datasources[0].type | string | `"prometheus"` | | -| grafana.datasources."datasources.yaml".datasources[0].url | string | `"http://prometheus-server"` | | +| grafana.datasources."datasources.yaml".datasources[0].url | string | `"http://prometheus"` | | | grafana.enabled | bool | `true` | | | grafana.fullnameOverride | string | `"grafana"` | | | grafana.service.type | string | `"LoadBalancer"` | | @@ -94,9 +94,12 @@ To uninstall the chart: | loki.loki.memberlist | string | `"loki-memberlist"` | | | loki.loki.rulerConfig.storage.type | string | `"local"` | | | loki.loki.storage.type | string | `"filesystem"` | | -| loki.monitoring.selfMonitoring.grafanaAgent.installOperator | bool | `true` | | +| loki.monitoring.lokiCanary.enabled | bool | `false` | | +| loki.monitoring.selfMonitoring.enabled | bool | `false` | | +| loki.monitoring.selfMonitoring.grafanaAgent.installOperator | bool | `false` | | | loki.read.replicas | int | `0` | | | loki.singleBinary.replicas | int | `1` | | +| loki.test.enabled | bool | `false` | | | loki.write.replicas | int | `0` | | | opentelemetry-collector.config.exporters.logging.verbosity | string | `"detailed"` | | | opentelemetry-collector.config.exporters.loki.endpoint | string | `"http://loki.monitoring.svc:3100/loki/api/v1/push"` | | @@ -125,16 +128,13 @@ To uninstall the chart: | prometheus.kube-state-metrics.enabled | bool | `false` | | | prometheus.prometheus-node-exporter.enabled | bool | `false` | | | prometheus.prometheus-pushgateway.enabled | bool | `false` | | -| prometheus.server.fullnameOverride | string | `"prometheus-server"` | | +| prometheus.server.fullnameOverride | string | `"prometheus"` | | | prometheus.server.global.scrape_interval | string | `"15s"` | | | prometheus.server.image.repository | string | `"prom/prometheus"` | | | prometheus.server.persistentVolume.enabled | bool | `false` | | | prometheus.server.readinessProbeInitialDelay | int | `0` | | | prometheus.server.securityContext | object | `{}` | | | prometheus.server.service.type | string | `"LoadBalancer"` | | -| tags.logging | bool | `false` | | -| tags.metrics | bool | `true` | | -| tags.tracing | bool | `false` | | | tempo.enabled | bool | `true` | | | tempo.fullnameOverride | string | `"tempo"` | | | tempo.service.type | string | `"LoadBalancer"` | | diff --git a/charts/gateway-addons-helm/dashboards/envoy-gateway-resource.json b/charts/gateway-addons-helm/dashboards/envoy-gateway-resource.json new file mode 100644 index 00000000000..0dada1c06ef --- /dev/null +++ b/charts/gateway-addons-helm/dashboards/envoy-gateway-resource.json @@ -0,0 +1,263 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy Gateway Memory and CPU Usage", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 6, + "links": [], + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(container_cpu_usage_seconds_total{container=\"envoy-gateway\"}[5m]))", + "fullMetaSearch": false, + "includeNullMetadata": false, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Envoy Gateway CPU Usage (m)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(namespace) (container_memory_working_set_bytes{container=\"envoy-gateway\"}/1024/1024)", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Envoy Gateway Memory Usage (MiB)", + "type": "timeseries" + } + ], + "schemaVersion": 39, + "tags": [ + "Control Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": {}, + "timezone": "", + "title": "Envoy Gateway Resources", + "uid": "edq1b2tldspa8d", + "version": 2, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/gateway-addons-helm/values.yaml b/charts/gateway-addons-helm/values.yaml index e810eaf0a03..cc17ef52398 100644 --- a/charts/gateway-addons-helm/values.yaml +++ b/charts/gateway-addons-helm/values.yaml @@ -1,9 +1,3 @@ -tags: - metrics: true - logging: false - tracing: false - - # Values for Grafana dependency grafana: enabled: true @@ -14,7 +8,7 @@ grafana: datasources: - name: Prometheus type: prometheus - url: http://prometheus-server + url: http://prometheus adminPassword: admin service: type: LoadBalancer @@ -47,7 +41,7 @@ prometheus: prometheus-node-exporter: enabled: false server: - fullnameOverride: prometheus-server + fullnameOverride: prometheus persistentVolume: enabled: false readinessProbeInitialDelay: 0 @@ -148,6 +142,8 @@ loki: rulerConfig: storage: type: "local" + test: + enabled: false singleBinary: replicas: 1 read: @@ -157,9 +153,12 @@ loki: write: replicas: 0 monitoring: + lokiCanary: + enabled: false selfMonitoring: + enabled: false grafanaAgent: - installOperator: true + installOperator: false # Disable gateway. gateway: enabled: false diff --git a/charts/gateway-helm/README.md b/charts/gateway-helm/README.md index 3e034e83519..da3f7572bd1 100644 --- a/charts/gateway-helm/README.md +++ b/charts/gateway-helm/README.md @@ -84,9 +84,12 @@ To uninstall the chart: | deployment.ports[1].name | string | `"ratelimit"` | | | deployment.ports[1].port | int | `18001` | | | deployment.ports[1].targetPort | int | `18001` | | -| deployment.ports[2].name | string | `"metrics"` | | -| deployment.ports[2].port | int | `19001` | | -| deployment.ports[2].targetPort | int | `19001` | | +| deployment.ports[2].name | string | `"wasm"` | | +| deployment.ports[2].port | int | `18002` | | +| deployment.ports[2].targetPort | int | `18002` | | +| deployment.ports[3].name | string | `"metrics"` | | +| deployment.ports[3].port | int | `19001` | | +| deployment.ports[3].targetPort | int | `19001` | | | deployment.replicas | int | `1` | | | global.images.envoyGateway.image | string | `nil` | | | global.images.envoyGateway.pullPolicy | string | `nil` | | diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml index 8c5d032d496..92a0c9defba 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml @@ -308,38 +308,48 @@ spec: defined in this list. items: description: |- - Wasm defines a wasm extension. + Wasm defines a Wasm extension. Note: at the moment, Envoy Gateway does not support configuring Wasm runtime. v8 is used as the VM runtime for the Wasm extensions. properties: code: - description: Code is the wasm code for the extension. + description: Code is the Wasm code for the extension. properties: http: description: |- - HTTP is the HTTP URL containing the wasm code. + HTTP is the HTTP URL containing the Wasm code. Note that the HTTP server must be accessible from the Envoy proxy. properties: + sha256: + description: |- + SHA256 checksum that will be used to verify the Wasm code. + + + If not specified, Envoy Gateway will not verify the downloaded Wasm code. + kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` + type: string url: - description: URL is the URL containing the wasm code. + description: URL is the URL containing the Wasm code. + pattern: ^((https?:)(\/\/\/?)([\w]*(?::[\w]*)?@)?([\d\w\.-]+)(?::(\d+))?)?([\/\\\w\.()-]*)?(?:([?][^#]*)?(#.*)?)* type: string required: - url type: object image: description: |- - Image is the OCI image containing the wasm code. + Image is the OCI image containing the Wasm code. Note that the image must be accessible from the Envoy Gateway. properties: - pullSecret: - description: PullSecretRef is a reference to the secret - containing the credentials to pull the image. + pullSecretRef: + description: |- + PullSecretRef is a reference to the secret containing the credentials to pull the image. + Only support Kubernetes Secret resource from the same namespace. properties: group: default: "" @@ -382,19 +392,43 @@ spec: required: - name type: object + x-kubernetes-validations: + - message: only support Secret kind. + rule: self.kind == 'Secret' + sha256: + description: |- + SHA256 checksum that will be used to verify the OCI image. + + + It must match the digest of the OCI image. + + + If not specified, Envoy Gateway will not verify the downloaded OCI image. + kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` + type: string url: - description: URL is the URL of the OCI image. + description: |- + URL is the URL of the OCI image. + URL can be in the format of `registry/image:tag` or `registry/image@sha256:digest`. type: string required: - - pullSecret - url type: object - sha256: + pullPolicy: description: |- - SHA256 checksum that will be used to verify the wasm code. + PullPolicy is the policy to use when pulling the Wasm module by either the HTTP or Image source. + This field is only applicable when the SHA256 field is not set. + + If not specified, the default policy is IfNotPresent except for OCI images whose tag is latest. - kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` + + Note: EG does not update the Wasm module every time an Envoy proxy requests + the Wasm module even if the pull policy is set to Always. + It only updates the Wasm module when the EnvoyExtension resource version changes. + enum: + - IfNotPresent + - Always type: string type: allOf: @@ -406,13 +440,17 @@ spec: - Image - ConfigMap description: |- - Type is the type of the source of the wasm code. + Type is the type of the source of the Wasm code. Valid WasmCodeSourceType values are "HTTP" or "Image". type: string required: - - sha256 - type type: object + x-kubernetes-validations: + - message: If type is HTTP, http field needs to be set. + rule: 'self.type == ''HTTP'' ? has(self.http) : !has(self.http)' + - message: If type is Image, image field needs to be set. + rule: 'self.type == ''Image'' ? has(self.image) : !has(self.image)' config: description: |- Config is the configuration for the Wasm extension. @@ -433,17 +471,19 @@ spec: Name is a unique name for this Wasm extension. It is used to identify the Wasm extension if multiple extensions are handled by the same vm_id and root_id. It's also used for logging/debugging. + If not specified, EG will generate a unique name for the Wasm extension. type: string rootID: description: |- RootID is a unique ID for a set of extensions in a VM which will share a RootContext and Contexts if applicable (e.g., an Wasm HttpFilter and an Wasm AccessLog). If left blank, all extensions with a blank root_id with the same vm_id will share Context(s). - RootID must match the root_id parameter used to register the Context in the Wasm code. + + + Note: RootID must match the root_id parameter used to register the Context in the Wasm code. type: string required: - code - - name type: object maxItems: 16 type: array diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml index 2da9760560f..31f954ac8ec 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -10274,6 +10274,14 @@ spec: - message: If AccessLogFormat type is JSON, json field needs to be set. rule: 'self.type == ''JSON'' ? has(self.json) : !has(self.json)' + matches: + description: |- + Matches defines the match conditions for accesslog in CEL expression. + An accesslog will be emitted only when one or more match conditions are evaluated to true. + Invalid [CEL](https://www.envoyproxy.io/docs/envoy/latest/xds/type/v3/cel.proto.html#common-expression-language-cel-proto) expressions will be ignored. + items: + type: string + type: array sinks: description: Sinks defines the sinks of accesslog. items: @@ -10864,9 +10872,7 @@ spec: If provider is kubernetes, pod name and namespace are added by default. type: object provider: - description: |- - Provider defines the tracing provider. - Only OpenTelemetry is supported currently. + description: Provider defines the tracing provider. properties: backendRefs: description: |- @@ -10972,12 +10978,27 @@ spec: type: integer type: default: OpenTelemetry - description: |- - Type defines the tracing provider type. - EG currently only supports OpenTelemetry. + description: Type defines the tracing provider type. enum: - OpenTelemetry + - Zipkin type: string + zipkin: + description: Zipkin defines the Zipkin tracing provider + configuration + properties: + disableSharedSpanContext: + description: |- + DisableSharedSpanContext determines whether the default Envoy behaviour of + client and server spans sharing the same span context should be disabled. + type: boolean + enable128BitTraceId: + description: |- + Enable128BitTraceID determines whether a 128bit trace id will be used + when creating a new trace instance. If set to false, a 64bit trace + id will be used. + type: boolean + type: object required: - type type: object diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml index 28bb861f56c..29c2cb1352a 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml @@ -81,8 +81,9 @@ spec: - Deny type: string name: - description: Name is a user-friendly name for the rule. - It's just for display purposes. + description: |- + Name is a user-friendly name for the rule. + If not specified, Envoy Gateway will generate a unique name for the rule.n type: string principal: description: Principal specifies the client identity of diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml index 497c136a80b..9240c4c2c13 100644 --- a/charts/gateway-helm/values.tmpl.yaml +++ b/charts/gateway-helm/values.tmpl.yaml @@ -41,6 +41,9 @@ deployment: - name: ratelimit port: 18001 targetPort: 18001 + - name: wasm + port: 18002 + targetPort: 18002 - name: metrics port: 19001 targetPort: 19001 @@ -76,4 +79,4 @@ certgen: ttlSecondsAfterFinished: 30 rbac: annotations: {} - labels: {} \ No newline at end of file + labels: {} diff --git a/examples/fluent-bit/README.md b/examples/fluent-bit/README.md deleted file mode 100644 index e6221742d6d..00000000000 --- a/examples/fluent-bit/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Fluent-bit - - -``` -helm repo add fluent https://fluent.github.io/helm-charts -helm repo update -helm upgrade --install fluent-bit fluent/fluent-bit -f examples/fluent-bit/helm-values.yaml -n monitoring --create-namespace --version 0.30.4 -``` \ No newline at end of file diff --git a/examples/fluent-bit/helm-values.yaml b/examples/fluent-bit/helm-values.yaml deleted file mode 100644 index 8e6edf6c50e..00000000000 --- a/examples/fluent-bit/helm-values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -testFramework: - enabled: false -podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "2020" - prometheus.io/path: /api/v1/metrics/prometheus - fluentbit.io/exclude: "true" -## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/configuration-file -config: - service: | - [SERVICE] - Daemon Off - Flush {{ .Values.flush }} - Log_Level {{ .Values.logLevel }} - Parsers_File parsers.conf - Parsers_File custom_parsers.conf - HTTP_Server On - HTTP_Listen 0.0.0.0 - HTTP_Port {{ .Values.metricsPort }} - Health_Check On - - ## https://docs.fluentbit.io/manual/pipeline/inputs - inputs: | - [INPUT] - Name tail - Path /var/log/containers/*.log - multiline.parser docker, cri - Tag kube.* - Mem_Buf_Limit 5MB - Skip_Long_Lines On - - ## https://docs.fluentbit.io/manual/pipeline/filters - filters: | - [FILTER] - Name kubernetes - Match kube.* - Merge_Log On - Keep_Log Off - K8S-Logging.Parser On - K8S-Logging.Exclude On - - [FILTER] - Name grep - Match kube.* - Regex $kubernetes['container_name'] ^envoy$ - - [FILTER] - Name parser - Match kube.* - Key_Name log - Parser envoy - Reserve_Data True - - ## https://docs.fluentbit.io/manual/pipeline/outputs - outputs: | - [OUTPUT] - Name loki - Match kube.* - Host loki.monitoring.svc.cluster.local - Port 3100 - Labels job=fluentbit, app=$kubernetes['labels']['app'], k8s_namespace_name=$kubernetes['namespace_name'], k8s_pod_name=$kubernetes['pod_name'], k8s_container_name=$kubernetes['container_name'] diff --git a/examples/grafana/helm-values.yaml b/examples/grafana/helm-values.yaml deleted file mode 100644 index 49000b76798..00000000000 --- a/examples/grafana/helm-values.yaml +++ /dev/null @@ -1,12 +0,0 @@ -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - url: http://prometheus-server - -adminPassword: admin - -service: - type: LoadBalancer diff --git a/examples/kubernetes/tracing/zipkin.yaml b/examples/kubernetes/tracing/zipkin.yaml new file mode 100644 index 00000000000..6a2b99f637d --- /dev/null +++ b/examples/kubernetes/tracing/zipkin.yaml @@ -0,0 +1,47 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: eg +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: zipkin-tracing + namespace: envoy-gateway-system +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: EnvoyProxy +metadata: + name: zipkin-tracing + namespace: envoy-gateway-system +spec: + telemetry: + tracing: + # sample 100% of requests + samplingRate: 100 + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 9411 + type: Zipkin + # zipkin specific configuration + zipkin: + enable128BitTraceId: true + customTags: + # This is an example of using a literal as a tag value + key1: + type: Literal + literal: + value: "val1" + # This is an example of using an environment variable as a tag value + env1: + type: Environment + environment: + name: ENV1 + defaultValue: "-" + # This is an example of using a header value as a tag value + header1: + type: RequestHeader + requestHeader: + name: X-Header-1 + defaultValue: "-" diff --git a/examples/loki/loki.yaml b/examples/loki/loki.yaml deleted file mode 100644 index 3f15a75b45e..00000000000 --- a/examples/loki/loki.yaml +++ /dev/null @@ -1,282 +0,0 @@ ---- -# Source: loki/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: loki - labels: - helm.sh/chart: loki-4.8.0 - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/version: "2.7.3" - app.kubernetes.io/managed-by: Helm -automountServiceAccountToken: true ---- -# Source: loki/templates/configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: loki - labels: - helm.sh/chart: loki-4.8.0 - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/version: "2.7.3" - app.kubernetes.io/managed-by: Helm -data: - config.yaml: | - auth_enabled: false - common: - compactor_address: 'loki' - path_prefix: /var/loki - replication_factor: 1 - storage: - filesystem: - chunks_directory: /var/loki/chunks - rules_directory: /var/loki/rules - limits_config: - enforce_metric_name: false - max_cache_freshness_per_query: 10m - reject_old_samples: true - reject_old_samples_max_age: 168h - split_queries_by_interval: 15m - memberlist: - join_members: - - loki-memberlist - query_range: - align_queries_with_step: true - ruler: - storage: - type: local - runtime_config: - file: /etc/loki/runtime-config/runtime-config.yaml - schema_config: - configs: - - from: "2022-01-11" - index: - period: 24h - prefix: loki_index_ - object_store: filesystem - schema: v12 - store: boltdb-shipper - server: - grpc_listen_port: 9095 - http_listen_port: 3100 - storage_config: - hedging: - at: 250ms - max_per_second: 20 - up_to: 3 - table_manager: - retention_deletes_enabled: false - retention_period: 0 ---- -# Source: loki/templates/runtime-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: loki-runtime - labels: - helm.sh/chart: loki-4.8.0 - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/version: "2.7.3" - app.kubernetes.io/managed-by: Helm -data: - runtime-config.yaml: | - - {} ---- -# Source: loki/templates/service-memberlist.yaml -apiVersion: v1 -kind: Service -metadata: - name: loki-memberlist - labels: - helm.sh/chart: loki-4.8.0 - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/version: "2.7.3" - app.kubernetes.io/managed-by: Helm -spec: - type: ClusterIP - clusterIP: None - ports: - - name: tcp - port: 7946 - targetPort: http-memberlist - protocol: TCP - selector: - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/part-of: memberlist ---- -# Source: loki/templates/single-binary/service-headless.yaml -apiVersion: v1 -kind: Service -metadata: - name: loki-headless - labels: - helm.sh/chart: loki-4.8.0 - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/version: "2.7.3" - app.kubernetes.io/managed-by: Helm - variant: headless - prometheus.io/service-monitor: "false" -spec: - clusterIP: None - ports: - - name: http-metrics - port: 3100 - targetPort: http-metrics - protocol: TCP - selector: - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki ---- -# Source: loki/templates/single-binary/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: loki - labels: - helm.sh/chart: loki-4.8.0 - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/version: "2.7.3" - app.kubernetes.io/managed-by: Helm -spec: - type: LoadBalancer - ports: - - name: http-metrics - port: 3100 - targetPort: http-metrics - protocol: TCP - - name: grpc - port: 9095 - targetPort: grpc - protocol: TCP - selector: - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/component: single-binary ---- -# Source: loki/templates/single-binary/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: loki - labels: - helm.sh/chart: loki-4.8.0 - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/version: "2.7.3" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: single-binary - app.kubernetes.io/part-of: memberlist -spec: - replicas: 1 - podManagementPolicy: Parallel - updateStrategy: - rollingUpdate: - partition: 0 - serviceName: loki-headless - revisionHistoryLimit: 10 - - persistentVolumeClaimRetentionPolicy: - whenDeleted: Delete - whenScaled: Delete - selector: - matchLabels: - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/component: single-binary - template: - metadata: - annotations: - checksum/config: a9239b6352e34bbfc748669ed46cb24211fc3491ee7f2c6381af805f8f08fe29 - labels: - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/component: single-binary - app.kubernetes.io/part-of: memberlist - spec: - serviceAccountName: loki - automountServiceAccountToken: true - enableServiceLinks: true - - securityContext: - fsGroup: 10001 - runAsGroup: 10001 - runAsNonRoot: true - runAsUser: 10001 - terminationGracePeriodSeconds: 30 - containers: - - name: loki - image: docker.io/grafana/loki:2.7.3 - imagePullPolicy: IfNotPresent - args: - - -config.file=/etc/loki/config/config.yaml - - -target=all - ports: - - name: http-metrics - containerPort: 3100 - protocol: TCP - - name: grpc - containerPort: 9095 - protocol: TCP - - name: http-memberlist - containerPort: 7946 - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - readinessProbe: - httpGet: - path: /ready - port: http-metrics - initialDelaySeconds: 30 - timeoutSeconds: 1 - volumeMounts: - - name: tmp - mountPath: /tmp - - name: config - mountPath: /etc/loki/config - - name: runtime-config - mountPath: /etc/loki/runtime-config - - name: storage - mountPath: /var/loki - resources: - {} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: loki - app.kubernetes.io/instance: loki - app.kubernetes.io/component: single-binary - topologyKey: kubernetes.io/hostname - - volumes: - - name: tmp - emptyDir: {} - - name: config - configMap: - name: loki - - name: runtime-config - configMap: - name: loki-runtime - volumeClaimTemplates: - - metadata: - name: storage - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: "10Gi" diff --git a/examples/otel-collector/helm-values.yaml b/examples/otel-collector/helm-values.yaml deleted file mode 100644 index 465005bdedf..00000000000 --- a/examples/otel-collector/helm-values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -fullnameOverride: otel-collector -mode: deployment -config: - exporters: - prometheus: - endpoint: 0.0.0.0:19001 - logging: - verbosity: detailed - loki: - endpoint: "http://loki.monitoring.svc:3100/loki/api/v1/push" - otlp: - endpoint: tempo.monitoring.svc:4317 - tls: - insecure: true - extensions: - # The health_check extension is mandatory for this chart. - # Without the health_check extension the collector will fail the readiness and liveliness probes. - # The health_check extension can be modified, but should never be removed. - health_check: {} - processors: - attributes: - actions: - - action: insert - key: loki.attribute.labels - # k8s.pod.name is OpenTelemetry format for Kubernetes Pod name, - # Loki will convert this to k8s_pod_name label. - value: k8s.pod.name, k8s.namespace.name - receivers: - otlp: - protocols: - grpc: - endpoint: ${env:MY_POD_IP}:4317 - http: - endpoint: ${env:MY_POD_IP}:4318 - service: - extensions: - - health_check - pipelines: - metrics: - exporters: - - prometheus - receivers: - - otlp - logs: - exporters: - - loki - processors: - - attributes - receivers: - - otlp - traces: - exporters: - - otlp - receivers: - - otlp diff --git a/examples/prometheus/helm-values.yaml b/examples/prometheus/helm-values.yaml deleted file mode 100644 index 7cee4e7bcee..00000000000 --- a/examples/prometheus/helm-values.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# To simplify the deployment, disable non-essential components -alertmanager: - enabled: false -prometheus-pushgateway: - enabled: false -kube-state-metrics: - enabled: false -prometheus-node-exporter: - enabled: false -server: - fullnameOverride: prometheus - persistentVolume: - enabled: false - readinessProbeInitialDelay: 0 - global: - # Speed up scraping a bit from the default - scrape_interval: 15s - service: - # use LoadBalancer to expose prometheus - type: LoadBalancer - # use dockerhub - image: - repository: prom/prometheus - securityContext: null diff --git a/examples/tempo/helm-values.yaml b/examples/tempo/helm-values.yaml deleted file mode 100644 index 42838b76e43..00000000000 --- a/examples/tempo/helm-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: LoadBalancer diff --git a/go.mod b/go.mod index 7c5f91613c0..b65d907503d 100644 --- a/go.mod +++ b/go.mod @@ -2,12 +2,15 @@ module github.com/envoyproxy/gateway go 1.22.4 +replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.16 + require ( - fortio.org/fortio v1.63.10 + fortio.org/fortio v1.65.0 fortio.org/log v1.12.2 github.com/Masterminds/semver/v3 v3.2.1 github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b - github.com/davecgh/go-spew v1.1.1 + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc + github.com/docker/cli v26.1.3+incompatible github.com/dominikbraun/graph v0.23.0 github.com/envoyproxy/go-control-plane v0.12.1-0.20240612043845-c54ec4ce422d github.com/envoyproxy/ratelimit v1.4.1-0.20230427142404-e2a87f41d3a7 @@ -18,8 +21,11 @@ require ( github.com/go-logr/zapr v1.3.0 github.com/gogo/protobuf v1.3.2 github.com/golang/protobuf v1.5.4 + github.com/google/cel-go v0.20.1 github.com/google/go-cmp v0.6.0 + github.com/google/go-containerregistry v0.19.1 github.com/grafana/tempo v1.5.0 + github.com/hashicorp/go-multierror v1.1.1 github.com/miekg/dns v1.1.61 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/common v0.54.0 @@ -37,60 +43,64 @@ require ( go.opentelemetry.io/otel/sdk/metric v1.27.0 go.opentelemetry.io/proto/otlp v1.3.1 go.uber.org/zap v1.27.0 - golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 + golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 golang.org/x/sys v0.21.0 google.golang.org/grpc v1.64.0 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 - helm.sh/helm/v3 v3.15.1 + helm.sh/helm/v3 v3.15.2 k8s.io/api v0.30.2 k8s.io/apiextensions-apiserver v0.30.2 k8s.io/apimachinery v0.30.2 k8s.io/cli-runtime v0.30.2 k8s.io/client-go v0.30.2 k8s.io/kubectl v0.30.2 - k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/gateway-api v1.1.0 sigs.k8s.io/mcs-api v0.1.0 sigs.k8s.io/yaml v1.4.0 ) +require github.com/docker/docker v26.1.3+incompatible + require ( cel.dev/expr v0.15.0 // indirect - fortio.org/cli v1.5.2 // indirect + fortio.org/cli v1.6.0 // indirect fortio.org/dflag v1.7.2 // indirect - fortio.org/scli v1.14.3 // indirect + fortio.org/scli v1.15.0 // indirect fortio.org/sets v1.1.1 // indirect - fortio.org/struct2env v0.4.0 // indirect + fortio.org/struct2env v0.4.1 // indirect fortio.org/version v1.0.4 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/BurntSushi/toml v1.3.2 // indirect + github.com/BurntSushi/toml v1.4.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect - github.com/Microsoft/hcsshim v0.11.4 // indirect - github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect - github.com/containerd/containerd v1.7.12 // indirect + github.com/Microsoft/go-winio v0.6.2 // indirect + github.com/Microsoft/hcsshim v0.12.3 // indirect + github.com/antlr4-go/antlr/v4 v4.13.0 // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect + github.com/containerd/containerd v1.7.17 // indirect github.com/containerd/log v0.1.0 // indirect - github.com/cyphar/filepath-securejoin v0.2.4 // indirect - github.com/docker/cli v24.0.6+incompatible // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v24.0.9+incompatible // indirect - github.com/docker/docker-credential-helpers v0.7.0 // indirect - github.com/docker/go-connections v0.4.0 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect + github.com/cyphar/filepath-securejoin v0.2.5 // indirect + github.com/distribution/reference v0.6.0 // indirect + github.com/docker/distribution v2.8.3+incompatible // indirect + github.com/docker/docker-credential-helpers v0.8.2 // indirect + github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/felixge/httpsnoop v1.0.3 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/gosuri/uitable v0.0.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect - github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/huandu/xstrings v1.4.0 // indirect github.com/jmoiron/sqlx v1.3.5 // indirect - github.com/klauspost/compress v1.16.0 // indirect + github.com/klauspost/compress v1.17.2 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/lib/pq v1.10.9 // indirect @@ -98,60 +108,68 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect + github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect - github.com/morikuni/aec v1.0.0 // indirect + github.com/moby/patternmatcher v0.6.0 // indirect + github.com/moby/sys/sequential v0.5.0 // indirect + github.com/moby/sys/user v0.1.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc5 // indirect + github.com/opencontainers/image-spec v1.1.0 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect - github.com/rivo/uniseg v0.2.0 // indirect - github.com/rubenv/sql-migrate v1.5.2 // indirect - github.com/shopspring/decimal v1.3.1 // indirect - github.com/spf13/cast v1.5.0 // indirect + github.com/rivo/uniseg v0.4.7 // indirect + github.com/rubenv/sql-migrate v1.6.1 // indirect + github.com/shopspring/decimal v1.4.0 // indirect + github.com/spf13/cast v1.6.0 // indirect + github.com/stoewer/go-strcase v1.2.0 // indirect + github.com/vbatts/tar-split v0.11.5 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect golang.org/x/crypto v0.24.0 // indirect + golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect k8s.io/apiserver v0.30.2 // indirect - oras.land/oras-go v1.2.4 // indirect + oras.land/oras-go v1.2.5 // indirect ) require ( - github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect + github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/emicklei/go-restful/v3 v3.12.0 // indirect + github.com/chai2010/gettext-go v1.0.3 // indirect + github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect github.com/evanphx/json-patch v5.9.0+incompatible - github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect + github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect - github.com/go-errors/errors v1.4.2 // indirect + github.com/go-errors/errors v1.5.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/google/btree v1.0.1 // indirect + github.com/google/btree v1.1.2 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.1 // indirect - github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect + github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect - github.com/imdario/mergo v0.3.16 // indirect + github.com/imdario/mergo v1.0.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kelseyhightower/envconfig v1.4.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect - github.com/lyft/gostats v0.4.1 // indirect + github.com/lyft/gostats v0.4.14 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/moby/spdystream v0.2.0 // indirect @@ -163,35 +181,35 @@ require ( github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 - github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.1 - github.com/prometheus/procfs v0.15.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/tsaarni/x500dn v1.0.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect go.opentelemetry.io/otel/sdk v1.27.0 go.opentelemetry.io/otel/trace v1.27.0 // indirect - go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect + go.starlark.net v0.0.0-20240520160348-046347dcd104 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/mod v0.18.0 // indirect golang.org/x/net v0.26.0 - golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/term v0.21.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.22.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/component-base v0.30.2 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 // indirect + k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect - sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/api v0.17.2 // indirect + sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index 3fac7625e21..8bc7d41c370 100644 --- a/go.sum +++ b/go.sum @@ -5,27 +5,27 @@ cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= fortio.org/assert v1.2.1 h1:48I39urpeDj65RP1KguF7akCjILNeu6vICiYMEysR7Q= fortio.org/assert v1.2.1/go.mod h1:039mG+/iYDPO8Ibx8TrNuJCm2T2SuhwRI3uL9nHTTls= -fortio.org/cli v1.5.2 h1:MfEcHAhYyIkwG04/K1YJL946Y8/jyAjmF9WeR5ZG/5E= -fortio.org/cli v1.5.2/go.mod h1:SdQufh5PLd6oX2EtvtzLFw++gw8zVoejD1WlwGXAvYw= +fortio.org/cli v1.6.0 h1:EX9zf+BLzgE+yrq2a3XFZz2F8CK1g9ecJj9ZXVOfoww= +fortio.org/cli v1.6.0/go.mod h1:QSCd+8OD3MrFKo2XwAHVJJu5gz/U0Jg1Vhse/4nHn3I= fortio.org/dflag v1.7.2 h1:lUhXFvDlw4CJj/q7hPv/TC+n/wVoQylzQO6bUg5GQa0= fortio.org/dflag v1.7.2/go.mod h1:6yO/NIgrWfQH195WbHJ3Y45SCx11ffivQjfx2C/FS1U= -fortio.org/fortio v1.63.10 h1:8LoN24Dr2ktNbvuUjvCBNwWGBJpeR3gzOsq4NXnQX4c= -fortio.org/fortio v1.63.10/go.mod h1:ruHDZPCFdh8+Q8y8VCVl30LYNADDwq6IIa69/ISx62I= +fortio.org/fortio v1.65.0 h1:HQVyJrxYT4GXmwQe9vHJN9evmbqVPqKxhQac7qWQ+QA= +fortio.org/fortio v1.65.0/go.mod h1:R9jL6u4zKkQHO8HvuJxdWGmDg02w+2kouXKza/R3eaU= fortio.org/log v1.12.2 h1:JwLDFvEUKGfqA09fcf+mOn8kxsvwhjXV92xghxNnnwA= fortio.org/log v1.12.2/go.mod h1:1tMBG/Elr6YqjmJCWiejJp2FPvXg7/9UAN0Rfpkyt1o= -fortio.org/scli v1.14.3 h1:iYEmpr2wcRFLmWd4DsN/8HQr3YVlR4VeEDf1mLDIIXE= -fortio.org/scli v1.14.3/go.mod h1:yS8UTD/JXrDY0GfXerp5LFZrMUuNwN5iFR28b6oVXVc= +fortio.org/scli v1.15.0 h1:2LSnphdc3NGLHRD236/yINgrTTqvaPRmVhaK55V7wKo= +fortio.org/scli v1.15.0/go.mod h1:dFpj7h+mpMmsMYm9Bf/buVDGkpDysugl9gVemLDEsAo= fortio.org/sets v1.1.1 h1:Q7Z1Ft2lpUc1N7bfI8HofIK0QskrOflfYRyKT2LzBng= fortio.org/sets v1.1.1/go.mod h1:J2BwIxNOLWsSU7IMZUg541kh3Au4JEKHrghVwXs68tE= -fortio.org/struct2env v0.4.0 h1:k5alSOTf3YHiB3MuacjDHQ3YhVWvNZ95ZP/a6MqvyLo= -fortio.org/struct2env v0.4.0/go.mod h1:lENUe70UwA1zDUCX+8AsO663QCFqYaprk5lnPhjD410= +fortio.org/struct2env v0.4.1 h1:rJludAMO5eBvpWplWEQNqoVDFZr4RWMQX7RUapgZyc0= +fortio.org/struct2env v0.4.1/go.mod h1:lENUe70UwA1zDUCX+8AsO663QCFqYaprk5lnPhjD410= fortio.org/version v1.0.4 h1:FWUMpJ+hVTNc4RhvvOJzb0xesrlRmG/a+D6bjbQ4+5U= fortio.org/version v1.0.4/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= @@ -34,8 +34,8 @@ github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxB github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -49,10 +49,10 @@ github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= -github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= +github.com/Microsoft/hcsshim v0.12.3 h1:LS9NXqXhMoqNCplK1ApmVSfB4UnVLRDWRapB6EIlxE0= +github.com/Microsoft/hcsshim v0.12.3/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -67,19 +67,23 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alessio/shellescape v1.2.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= +github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= +github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY= -github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng= @@ -96,23 +100,25 @@ github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= -github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80= +github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b h1:ga8SEFjZ60pxLcmhnThWgvH2wg8376yUJmPhEH4H3kw= github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= -github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= -github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= +github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= +github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= +github.com/containerd/containerd v1.7.17 h1:KjNnn0+tAVQHAoaWRjmdak9WlvnFR/8rU1CHHy8Rm2A= +github.com/containerd/containerd v1.7.17/go.mod h1:vK+hhT4TIv2uejlcDlbVIc8+h/BqtKLIyNrtCZol8lI= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= +github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= +github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= @@ -130,28 +136,31 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= +github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/datawire/dlib v1.3.0 h1:KkmyXU1kwm3oPBk1ypR70YbcOlEXWzEbx5RE0iRXTGk= github.com/datawire/dlib v1.3.0/go.mod h1:NiGDmetmbkBvtznpWSx6C0vA0s0LK9aHna3LJDqjruk= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= -github.com/docker/cli v24.0.6+incompatible h1:fF+XCQCgJjjQNIMjzaSmiKJSCcfcXb3TWTcc7GAneOY= -github.com/docker/cli v24.0.6+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/docker/cli v26.1.3+incompatible h1:bUpXT/N0kDE3VUHI2r5VMsYQgi38kYuoC0oL9yt3lqc= +github.com/docker/cli v26.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= +github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= -github.com/docker/docker v24.0.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= -github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/docker v26.1.3+incompatible h1:lLCzRbrVZrljpVNobJu1J2FHk8V0s4BawoZippkc+xo= +github.com/docker/docker v26.1.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= +github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= +github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= +github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= @@ -171,8 +180,8 @@ github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25Kn github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= -github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= +github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.12.1-0.20240612043845-c54ec4ce422d h1:RopQsG28t61pLLZRkwzwBsi60yDsOP8RvW47A3eAcGo= github.com/envoyproxy/go-control-plane v0.12.1-0.20240612043845-c54ec4ce422d/go.mod h1:5Wkq+JduFtdAXihLmeTJf+tRYIT4KBc2vPXDhwVo1pA= @@ -188,17 +197,17 @@ github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi github.com/evanphx/json-patch/v5 v5.0.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= -github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= +github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= +github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= -github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= -github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= -github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= -github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= @@ -209,8 +218,8 @@ github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0 github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA= github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= -github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= +github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= +github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= @@ -280,14 +289,9 @@ github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfC github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= -github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= -github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs= -github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0= -github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY= -github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XEWlY= -github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -311,7 +315,6 @@ github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:x github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= @@ -319,27 +322,29 @@ github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= +github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84= +github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= +github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -364,8 +369,9 @@ github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= github.com/grafana/tempo v1.5.0 h1:JSwulLVtXvUw2MyuUPcvRg3MJiwTUs5XWnbG6fOKatc= github.com/grafana/tempo v1.5.0/go.mod h1:IB52YU6zkGL+3t0eNrY8kAExx0lLa4LH20wGu3c4wD8= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= @@ -387,9 +393,6 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -411,16 +414,14 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw= -github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8= github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= -github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4= +github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -440,8 +441,8 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/lyft/gostats v0.4.1 h1:oR6p4HRCGxt0nUntmZIWmYMgyothBi3eZH2A71vRjsc= -github.com/lyft/gostats v0.4.1/go.mod h1:Tpx2xRzz4t+T2Tx0xdVgIoBdR2UMVz+dKnE3X01XSd8= +github.com/lyft/gostats v0.4.14 h1:xmP4yMfDvEKtlNZEcS2sYz0cvnps1ri337ZEEbw3ab8= +github.com/lyft/gostats v0.4.14/go.mod h1:cJWqEVL8JIewIJz/olUIios2F1q06Nc51hXejPQmBH0= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -451,12 +452,6 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= -github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc= -github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY= -github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI= -github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI= -github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -471,14 +466,15 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= -github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI= -github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= +github.com/mattn/go-sqlite3 v1.14.19 h1:fhGleo2h1p8tVChob4I9HpmVFIAkKGpiukdrgQbWfGI= +github.com/mattn/go-sqlite3 v1.14.19/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs= github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= @@ -486,12 +482,20 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= +github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= +github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= +github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= +github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= +github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= +github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -522,19 +526,19 @@ github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= -github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= -github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= @@ -548,8 +552,9 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= @@ -576,26 +581,27 @@ github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7z github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.0.11/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= -github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0= -github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is= +github.com/rubenv/sql-migrate v1.6.1 h1:bo6/sjsan9HaXAsNxYP/jCEDUGibHp8JmOBw7NTGRos= +github.com/rubenv/sql-migrate v1.6.1/go.mod h1:tPzespupJS0jacLfhbwto/UjSX+8h2FdWB7ar+QlHa0= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= +github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= -github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= @@ -607,8 +613,8 @@ github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= -github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= +github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= +github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= @@ -622,6 +628,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= +github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= +github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= @@ -631,6 +639,7 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= @@ -648,6 +657,8 @@ github.com/tsaarni/x500dn v1.0.0/go.mod h1:QaHa3EcUKC4dfCAZmj8+ZRGLKukWgpGv9H3oO github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts= +github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= @@ -686,6 +697,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0 h1:bFg go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0/go.mod h1:xJntEd2KL6Qdg5lwp97HMLQDVeAhrYxmzFseAMDPQ8I= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0 h1:CIHWikMsN3wO+wq1Tp5VGdVRTcON+DmOJSfDjXypKOc= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0/go.mod h1:TNupZ6cxqyFEpLXAZW7On+mLFL0/g0TE3unIYL91xWc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= go.opentelemetry.io/otel/exporters/prometheus v0.49.0 h1:Er5I1g/YhfYv9Affk9nJLfH/+qCCVVg1f2R9AbJfqDQ= go.opentelemetry.io/otel/exporters/prometheus v0.49.0/go.mod h1:KfQ1wpjf3zsHjzP149P4LyAwWRupc6c7t1ZJ9eXpKQM= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.27.0 h1:/jlt1Y8gXWiHG9FBx6cJaIC5hYx5Fe64nC8w5Cylt/0= @@ -700,8 +715,8 @@ go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5 go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= -go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= -go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= +go.starlark.net v0.0.0-20240520160348-046347dcd104 h1:3qhteRISupnJvaWshOmeqEUs2y9oc/+/ePPvDh3Eygg= +go.starlark.net v0.0.0-20240520160348-046347dcd104/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -726,9 +741,11 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8 h1:+kWDWI3Eb5cPIOr4cP+R2RLDwK3/dXppL+7XmSOh2LA= +golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= +golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -767,8 +784,8 @@ golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -817,7 +834,6 @@ golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= @@ -869,17 +885,15 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 h1:P8OJ/WCl/Xo4E4zoe4/bifHpSmmKwARqyqE4nW6J2GQ= -google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= @@ -887,10 +901,7 @@ google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -900,6 +911,8 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= @@ -924,8 +937,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.15.1 h1:22ztacHz4gMqhXNqCQ9NAg6BFWoRUryNLvnkz6OVyw0= -helm.sh/helm/v3 v3.15.1/go.mod h1:fvfoRcB8UKRUV5jrIfOTaN/pG1TPhuqSb56fjYdTKXg= +helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw= +helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -967,16 +980,16 @@ k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= -k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 h1:Q8Z7VlGhcJgBHJHYugJ/K/7iB8a2eSxCyxdVjJp+lLY= -k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= +k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8= k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20200603063816-c1c6865ac451/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ= -k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY= -oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= +oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gEORz0efEja7A= sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= @@ -987,10 +1000,10 @@ sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWU sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kind v0.8.1/go.mod h1:oNKTxUVPYkV9lWzY6CVMNluVq8cBsyq+UgPJdvA3uu4= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag= +sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= +sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= +sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= +sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= sigs.k8s.io/mcs-api v0.1.0 h1:edDbg0oRGfXw8TmZjKYep06LcJLv/qcYLidejnUp0PM= sigs.k8s.io/mcs-api v0.1.0/go.mod h1:gGiAryeFNB4GBsq2LBmVqSgKoobLxt+p7ii/WG5QYYw= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index 1ef7ecd9163..f1bc3b8eb15 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -130,6 +130,44 @@ envoyProxyForGatewayClass: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: @@ -600,6 +638,44 @@ xds: connectionKeepalive: interval: 30s timeout: 5s + - connectTimeout: 10s + loadAssignment: + clusterName: wasm_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-gateway + portValue: 18002 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + name: wasm_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} listeners: - address: socketAddress: diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json index 34264fa6150..a68fdc77509 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json @@ -163,6 +163,71 @@ } } } + }, + { + "connectTimeout": "10s", + "loadAssignment": { + "clusterName": "wasm_cluster", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "envoy-gateway", + "portValue": 18002 + } + } + }, + "loadBalancingWeight": 1 + } + ], + "loadBalancingWeight": 1 + } + ] + }, + "name": "wasm_cluster", + "transportSocket": { + "name": "envoy.transport_sockets.tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsCertificateSdsSecretConfigs": [ + { + "name": "xds_certificate", + "sdsConfig": { + "pathConfigSource": { + "path": "/sds/xds-certificate.json" + }, + "resourceApiVersion": "V3" + } + } + ], + "tlsParams": { + "tlsMaximumProtocolVersion": "TLSv1_3" + }, + "validationContextSdsSecretConfig": { + "name": "xds_trusted_ca", + "sdsConfig": { + "pathConfigSource": { + "path": "/sds/xds-trusted-ca.json" + }, + "resourceApiVersion": "V3" + } + } + } + } + }, + "type": "STRICT_DNS", + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": {} + } + } + } } ], "listeners": [ diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml index 5ac91ed8e45..48d1bfad14a 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml @@ -96,6 +96,44 @@ xds: connectionKeepalive: interval: 30s timeout: 5s + - connectTimeout: 10s + loadAssignment: + clusterName: wasm_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-gateway + portValue: 18002 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + name: wasm_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} listeners: - address: socketAddress: diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml index 61174308058..b378fdc17b5 100644 --- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml +++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.bootstrap.yaml @@ -95,6 +95,44 @@ xds: connectionKeepalive: interval: 30s timeout: 5s + - connectTimeout: 10s + loadAssignment: + clusterName: wasm_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-gateway + portValue: 18002 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + name: wasm_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} listeners: - address: socketAddress: diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json index 640bc9977b7..dd447633e32 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json @@ -163,6 +163,71 @@ } } } + }, + { + "connectTimeout": "10s", + "loadAssignment": { + "clusterName": "wasm_cluster", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "envoy-gateway", + "portValue": 18002 + } + } + }, + "loadBalancingWeight": 1 + } + ], + "loadBalancingWeight": 1 + } + ] + }, + "name": "wasm_cluster", + "transportSocket": { + "name": "envoy.transport_sockets.tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsCertificateSdsSecretConfigs": [ + { + "name": "xds_certificate", + "sdsConfig": { + "pathConfigSource": { + "path": "/sds/xds-certificate.json" + }, + "resourceApiVersion": "V3" + } + } + ], + "tlsParams": { + "tlsMaximumProtocolVersion": "TLSv1_3" + }, + "validationContextSdsSecretConfig": { + "name": "xds_trusted_ca", + "sdsConfig": { + "pathConfigSource": { + "path": "/sds/xds-trusted-ca.json" + }, + "resourceApiVersion": "V3" + } + } + } + } + }, + "type": "STRICT_DNS", + "typedExtensionProtocolOptions": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicitHttpConfig": { + "http2ProtocolOptions": {} + } + } + } } ], "listeners": [ diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml index 0786edce3ea..545eba1cf63 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml @@ -96,6 +96,44 @@ xds: connectionKeepalive: interval: 30s timeout: 5s + - connectTimeout: 10s + loadAssignment: + clusterName: wasm_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-gateway + portValue: 18002 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + name: wasm_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} listeners: - address: socketAddress: diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.bootstrap.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.bootstrap.yaml index 98710133fc5..f2838d95bc9 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.bootstrap.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.bootstrap.yaml @@ -95,6 +95,44 @@ xds: connectionKeepalive: interval: 30s timeout: 5s + - connectTimeout: 10s + loadAssignment: + clusterName: wasm_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-gateway + portValue: 18002 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + name: wasm_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} listeners: - address: socketAddress: diff --git a/internal/gatewayapi/backendtrafficpolicy.go b/internal/gatewayapi/backendtrafficpolicy.go index bd536b8443f..bcc6a5507c2 100644 --- a/internal/gatewayapi/backendtrafficpolicy.go +++ b/internal/gatewayapi/backendtrafficpolicy.go @@ -1164,7 +1164,7 @@ func int64ToUint32(in int64) (uint32, bool) { func (t *Translator) buildBackendConnection(policy *egv1a1.BackendTrafficPolicy) (*ir.BackendConnection, error) { var ( bcIR = &ir.BackendConnection{} - bc = &egv1a1.BackendTrafficPolicyConnection{} + bc = &egv1a1.BackendConnection{} ) if policy.Spec.Connection != nil { diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go index b8faaef5bc9..cde236dbc96 100644 --- a/internal/gatewayapi/clienttrafficpolicy.go +++ b/internal/gatewayapi/clienttrafficpolicy.go @@ -406,7 +406,7 @@ func (t *Translator) translateClientTrafficPolicyForListener(policy *egv1a1.Clie // HTTP and TCP listeners can both be configured by common fields below. var ( keepalive *ir.TCPKeepalive - connection *ir.Connection + connection *ir.ClientConnection tlsConfig *ir.TLSConfig enableProxyProtocol bool timeout *ir.ClientTimeout @@ -852,12 +852,12 @@ func (t *Translator) buildListenerTLSParameters(policy *egv1a1.ClientTrafficPoli return irTLSConfig, nil } -func buildConnection(connection *egv1a1.Connection) (*ir.Connection, error) { +func buildConnection(connection *egv1a1.ClientConnection) (*ir.ClientConnection, error) { if connection == nil { return nil, nil } - irConnection := &ir.Connection{} + irConnection := &ir.ClientConnection{} if connection.ConnectionLimit != nil { irConnectionLimit := &ir.ConnectionLimit{} diff --git a/internal/gatewayapi/contexts.go b/internal/gatewayapi/contexts.go index 414386c973d..6ecb2cf7318 100644 --- a/internal/gatewayapi/contexts.go +++ b/internal/gatewayapi/contexts.go @@ -206,9 +206,6 @@ func GetRouteType(route RouteContext) gwapiv1.Kind { return gwapiv1.Kind(rv.FieldByName("Kind").String()) } -// TODO: [v1alpha2-gwapiv1] This should not be required once all Route -// objects being implemented are of type gwapiv1. - // GetHostnames returns the hosts targeted by the Route object. func GetHostnames(route RouteContext) []string { rv := reflect.ValueOf(route).Elem() @@ -225,8 +222,6 @@ func GetHostnames(route RouteContext) []string { return hostnames } -// TODO: [v1alpha2-gwapiv1] This should not be required once all Route -// objects being implemented are of type gwapiv1. // GetParentReferences returns the ParentReference of the Route object. func GetParentReferences(route RouteContext) []gwapiv1.ParentReference { rv := reflect.ValueOf(route).Elem() @@ -256,11 +251,6 @@ func GetRouteParentContext(route RouteContext, forParentRef gwapiv1.ParentRefere return ctx } - isHTTPRoute := false - if rv.FieldByName("Kind").String() == KindHTTPRoute { - isHTTPRoute = true - } - var parentRef *gwapiv1.ParentReference specParentRefs := rv.FieldByName("Spec").FieldByName("ParentRefs") for i := 0; i < specParentRefs.Len(); i++ { @@ -275,32 +265,28 @@ func GetRouteParentContext(route RouteContext, forParentRef gwapiv1.ParentRefere } routeParentStatusIdx := -1 + defaultNamespace := gwapiv1.Namespace(metav1.NamespaceDefault) statusParents := rv.FieldByName("Status").FieldByName("Parents") for i := 0; i < statusParents.Len(); i++ { p := statusParents.Index(i).FieldByName("ParentRef").Interface().(gwapiv1.ParentReference) - if !isHTTPRoute { - p = UpgradeParentReference(p) - defaultNamespace := gwapiv1.Namespace(metav1.NamespaceDefault) - if forParentRef.Namespace == nil { - forParentRef.Namespace = &defaultNamespace - } - if p.Namespace == nil { - p.Namespace = &defaultNamespace - } + // For those non-v1 routes, their underlying type of `ParentReference` is v1 as well. + // So we can skip upgrading these routes for simplicity. + if forParentRef.Namespace == nil { + forParentRef.Namespace = &defaultNamespace + } + if p.Namespace == nil { + p.Namespace = &defaultNamespace } if reflect.DeepEqual(p, forParentRef) { routeParentStatusIdx = i break } } + if routeParentStatusIdx == -1 { - tmpPR := forParentRef - if !isHTTPRoute { - tmpPR = DowngradeParentReference(tmpPR) - } rParentStatus := gwapiv1a2.RouteParentStatus{ ControllerName: gwapiv1a2.GatewayController(rv.FieldByName("GatewayControllerName").String()), - ParentRef: tmpPR, + ParentRef: forParentRef, } statusParents.Set(reflect.Append(statusParents, reflect.ValueOf(rParentStatus))) routeParentStatusIdx = statusParents.Len() - 1 @@ -372,8 +358,8 @@ func GetBackendRef(b BackendRefContext) *gwapiv1.BackendRef { if br.IsValid() { backendRef := br.Interface().(gwapiv1.BackendRef) return &backendRef - } + backendRef := b.(gwapiv1.BackendRef) return &backendRef } diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index 69dd7b10887..af7904ec3bf 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -9,22 +9,29 @@ import ( "errors" "fmt" "sort" + "strconv" "strings" "time" perr "github.com/pkg/errors" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/utils/ptr" + "sigs.k8s.io/controller-runtime/pkg/client" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/gatewayapi/status" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils" + "github.com/envoyproxy/gateway/internal/wasm" ) +// oci URL prefix +const ociURLPrefix = "oci://" + func (t *Translator) ProcessEnvoyExtensionPolicies(envoyExtensionPolicies []*egv1a1.EnvoyExtensionPolicy, gateways []*GatewayContext, routes []RouteContext, @@ -302,16 +309,19 @@ func resolveEEPolicyRouteTargetRef(policy *egv1a1.EnvoyExtensionPolicy, target g return route.RouteContext, nil } -func (t *Translator) translateEnvoyExtensionPolicyForRoute(policy *egv1a1.EnvoyExtensionPolicy, route RouteContext, - xdsIR XdsIRMap, resources *Resources, +func (t *Translator) translateEnvoyExtensionPolicyForRoute( + policy *egv1a1.EnvoyExtensionPolicy, + route RouteContext, + xdsIR XdsIRMap, + resources *Resources, ) error { var ( wasms []ir.Wasm err, errs error ) - if wasms, err = t.buildWasms(policy); err != nil { - err = perr.WithMessage(err, "WASMs") + if wasms, err = t.buildWasms(policy, resources); err != nil { + err = perr.WithMessage(err, "WASM") errs = errors.Join(errs, err) } @@ -332,7 +342,7 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute(policy *egv1a1.EnvoyE var extProcs []ir.ExtProc if extProcs, err = t.buildExtProcs(policy, resources, gtwCtx.envoyProxy); err != nil { - err = perr.WithMessage(err, "ExtProcs") + err = perr.WithMessage(err, "ExtProc") errs = errors.Join(errs, err) } irKey := t.getIRKey(gtwCtx.Gateway) @@ -366,11 +376,11 @@ func (t *Translator) translateEnvoyExtensionPolicyForGateway( ) if extProcs, err = t.buildExtProcs(policy, resources, gateway.envoyProxy); err != nil { - err = perr.WithMessage(err, "ExtProcs") + err = perr.WithMessage(err, "ExtProc") errs = errors.Join(errs, err) } - if wasms, err = t.buildWasms(policy); err != nil { - err = perr.WithMessage(err, "WASMs") + if wasms, err = t.buildWasms(policy, resources); err != nil { + err = perr.WithMessage(err, "WASM") errs = errors.Join(errs, err) } @@ -532,7 +542,14 @@ func irConfigNameForEEP(policy *egv1a1.EnvoyExtensionPolicy, idx int) string { idx) } -func (t *Translator) buildWasms(policy *egv1a1.EnvoyExtensionPolicy) ([]ir.Wasm, error) { +func (t *Translator) buildWasms( + policy *egv1a1.EnvoyExtensionPolicy, + resources *Resources, +) ([]ir.Wasm, error) { + if t.WasmCache == nil { + return nil, fmt.Errorf("wasm cache is not initialized") + } + var wasmIRList []ir.Wasm if policy == nil { @@ -540,8 +557,8 @@ func (t *Translator) buildWasms(policy *egv1a1.EnvoyExtensionPolicy) ([]ir.Wasm, } for idx, wasm := range policy.Spec.Wasm { - name := irConfigNameForEEP(policy, idx) - wasmIR, err := t.buildWasm(name, wasm) + name := irConfigNameForWasm(policy, idx) + wasmIR, err := t.buildWasm(name, wasm, policy, idx, resources) if err != nil { return nil, err } @@ -550,37 +567,169 @@ func (t *Translator) buildWasms(policy *egv1a1.EnvoyExtensionPolicy) ([]ir.Wasm, return wasmIRList, nil } -func (t *Translator) buildWasm(name string, wasm egv1a1.Wasm) (*ir.Wasm, error) { +func (t *Translator) buildWasm( + name string, + config egv1a1.Wasm, + policy *egv1a1.EnvoyExtensionPolicy, + idx int, + resources *Resources, +) (*ir.Wasm, error) { var ( - failOpen = false - httpWasmCode *ir.HTTPWasmCode + failOpen = false + code *ir.HTTPWasmCode + pullPolicy wasm.PullPolicy + // the checksum provided by the user, it's used to validate the wasm module + // downloaded from the original HTTP server or the OCI registry + originalChecksum string + servingURL string // the wasm module download URL from the EG HTTP server + err error ) - if wasm.FailOpen != nil { - failOpen = *wasm.FailOpen + if config.FailOpen != nil { + failOpen = *config.FailOpen } - switch wasm.Code.Type { + if config.Code.PullPolicy != nil { + switch *config.Code.PullPolicy { + case egv1a1.ImagePullPolicyAlways: + pullPolicy = wasm.Always + case egv1a1.ImagePullPolicyIfNotPresent: + pullPolicy = wasm.IfNotPresent + default: + pullPolicy = wasm.Unspecified + } + } + + switch config.Code.Type { case egv1a1.HTTPWasmCodeSourceType: - httpWasmCode = &ir.HTTPWasmCode{ - URL: wasm.Code.HTTP.URL, - SHA256: wasm.Code.SHA256, + // This is a sanity check, the validation should have caught this + if config.Code.HTTP == nil { + return nil, fmt.Errorf("missing HTTP field in Wasm code source") + } + + if config.Code.HTTP.SHA256 != nil { + originalChecksum = *config.Code.HTTP.SHA256 + } + + http := config.Code.HTTP + + if servingURL, _, err = t.WasmCache.Get(http.URL, wasm.GetOptions{ + Checksum: originalChecksum, + PullPolicy: pullPolicy, + ResourceName: irConfigNameForWasm(policy, idx), + ResourceVersion: policy.ResourceVersion, + }); err != nil { + return nil, err } + + code = &ir.HTTPWasmCode{ + ServingURL: servingURL, + OriginalURL: http.URL, + SHA256: originalChecksum, + } + case egv1a1.ImageWasmCodeSourceType: - return nil, fmt.Errorf("OCI image Wasm code source is not supported yet") + var ( + image = config.Code.Image + secret *corev1.Secret + pullSecret []byte + // the checksum of the wasm module extracted from the OCI image + // it's different from the checksum for the OCI image + checksum string + ) + + // This is a sanity check, the validation should have caught this + if image == nil { + return nil, fmt.Errorf("missing Image field in Wasm code source") + } + + if image.PullSecretRef != nil { + from := crossNamespaceFrom{ + group: egv1a1.GroupName, + kind: KindEnvoyExtensionPolicy, + namespace: policy.Namespace, + } + + if secret, err = t.validateSecretRef( + false, from, *image.PullSecretRef, resources); err != nil { + return nil, err + } + + if data, ok := secret.Data[corev1.DockerConfigJsonKey]; ok { + pullSecret = data + } else { + return nil, fmt.Errorf("missing %s key in secret %s/%s", corev1.DockerConfigJsonKey, secret.Namespace, secret.Name) + } + } + + // Wasm Cache requires the URL to be in the format "scheme://" + imageURL := image.URL + if !strings.HasPrefix(image.URL, ociURLPrefix) { + imageURL = fmt.Sprintf("%s%s", ociURLPrefix, image.URL) + } + + // If the url is an OCI image, and neither digest nor tag is provided, use the latest tag. + if !hasDigest(imageURL) && !hasTag(imageURL) { + imageURL += ":latest" + } + + if config.Code.Image.SHA256 != nil { + originalChecksum = *config.Code.Image.SHA256 + } + + // The wasm checksum is different from the OCI image digest. + // The original checksum in the EEP is used to match the digest of OCI image. + // The returned checksum from the cache is the checksum of the wasm file + // extracted from the OCI image, which is used by the envoy to verify the wasm file. + if servingURL, checksum, err = t.WasmCache.Get(imageURL, wasm.GetOptions{ + Checksum: originalChecksum, + PullSecret: pullSecret, + PullPolicy: pullPolicy, + ResourceName: irConfigNameForWasm(policy, idx), + ResourceVersion: policy.ResourceVersion, + }); err != nil { + return nil, err + } + + code = &ir.HTTPWasmCode{ + ServingURL: servingURL, + SHA256: checksum, + OriginalURL: imageURL, + } default: // should never happen because of kubebuilder validation, just a sanity check - return nil, fmt.Errorf("unsupported Wasm code source type %q", wasm.Code.Type) + return nil, fmt.Errorf("unsupported Wasm code source type %q", config.Code.Type) } + wasmName := name + if config.Name != nil { + wasmName = *config.Name + } wasmIR := &ir.Wasm{ - Name: name, - RootID: wasm.RootID, - WasmName: wasm.Name, - Config: wasm.Config, - FailOpen: failOpen, - HTTPWasmCode: httpWasmCode, + Name: name, + RootID: config.RootID, + WasmName: wasmName, + Config: config.Config, + FailOpen: failOpen, + Code: code, } return wasmIR, nil } + +func hasDigest(imageURL string) bool { + return strings.Contains(imageURL, "@") +} + +func hasTag(imageURL string) bool { + parts := strings.Split(imageURL[len(ociURLPrefix):], ":") + // Verify that we aren't confusing a tag for a hostname with port. + return len(parts) > 1 && !strings.Contains(parts[len(parts)-1], "/") +} + +func irConfigNameForWasm(policy client.Object, index int) string { + return fmt.Sprintf( + "%s/wasm/%s", + irConfigName(policy), + strconv.Itoa(index)) +} diff --git a/internal/gatewayapi/envoyextensionpolicy_test.go b/internal/gatewayapi/envoyextensionpolicy_test.go new file mode 100644 index 00000000000..5c611163fca --- /dev/null +++ b/internal/gatewayapi/envoyextensionpolicy_test.go @@ -0,0 +1,66 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package gatewayapi + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_hasTag(t *testing.T) { + tests := []struct { + name string + imageURL string + want bool + }{ + { + name: "image with scheme and tag", + imageURL: "oci://www.example.com/wasm:v1.0.0", + want: true, + }, + { + name: "image with scheme, host port and tag", + imageURL: "oci://www.example.com:8080/wasm:v1.0.0", + want: true, + }, + { + name: "image with scheme without tag", + imageURL: "oci://www.example.com/wasm", + want: false, + }, + { + name: "image with scheme, host port without tag", + imageURL: "oci://www.example.com:8080/wasm", + want: false, + }, + { + name: "image without scheme with tag", + imageURL: "www.example.com/wasm:v1.0.0", + want: true, + }, + { + name: "image without scheme with host port and tag", + imageURL: "www.example.com:8080/wasm:v1.0.0", + want: true, + }, + { + name: "image without scheme without tag", + imageURL: "www.example.com/wasm", + want: false, + }, + { + name: "image without scheme with host port without tag", + imageURL: "www.example.com:8080/wasm", + want: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equalf(t, tt.want, hasTag(tt.imageURL), "hasTag(%v)", tt.imageURL) + }) + } +} diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index ed35961ca0f..408a40ab0a4 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -15,6 +15,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "k8s.io/utils/ptr" + "sigs.k8s.io/controller-runtime/pkg/client" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -487,3 +488,10 @@ func parseCIDR(cidr string) (*ir.CIDRMatch, error) { IsIPv6: ip.To4() == nil, }, nil } + +func irConfigName(policy client.Object) string { + return fmt.Sprintf( + "%s/%s", + strings.ToLower(policy.GetObjectKind().GroupVersionKind().Kind), + utils.NamespacedName(policy).String()) +} diff --git a/internal/gatewayapi/helpers_v1alpha2.go b/internal/gatewayapi/helpers_v1alpha2.go index afa80413175..3b1dffde66f 100644 --- a/internal/gatewayapi/helpers_v1alpha2.go +++ b/internal/gatewayapi/helpers_v1alpha2.go @@ -17,125 +17,7 @@ import ( ) // TODO: [gwapiv1a2-gwapiv1] -// This file can be removed once TLSRoute graduates to gwapiv1. - -func GroupPtrV1Alpha2(group string) *gwapiv1a2.Group { - gwGroup := gwapiv1a2.Group(group) - return &gwGroup -} - -func KindPtrV1Alpha2(kind string) *gwapiv1a2.Kind { - gwKind := gwapiv1a2.Kind(kind) - return &gwKind -} - -func NamespacePtrV1Alpha2(namespace string) *gwapiv1a2.Namespace { - gwNamespace := gwapiv1a2.Namespace(namespace) - return &gwNamespace -} - -func SectionNamePtrV1Alpha2(sectionName string) *gwapiv1a2.SectionName { - gwSectionName := gwapiv1a2.SectionName(sectionName) - return &gwSectionName -} - -func PortNumPtrV1Alpha2(port int) *gwapiv1a2.PortNumber { - pn := gwapiv1a2.PortNumber(port) - return &pn -} - -func UpgradeParentReferences(old []gwapiv1a2.ParentReference) []gwapiv1.ParentReference { - newParentReferences := make([]gwapiv1.ParentReference, len(old)) - for i, o := range old { - newParentReferences[i] = UpgradeParentReference(o) - } - return newParentReferences -} - -// UpgradeParentReference converts gwapiv1a2.ParentReference to gwapiv1.ParentReference -func UpgradeParentReference(old gwapiv1a2.ParentReference) gwapiv1.ParentReference { - upgraded := gwapiv1.ParentReference{} - - if old.Group != nil { - upgraded.Group = GroupPtr(string(*old.Group)) - } - - if old.Kind != nil { - upgraded.Kind = KindPtr(string(*old.Kind)) - } - - if old.Namespace != nil { - upgraded.Namespace = NamespacePtr(string(*old.Namespace)) - } - - upgraded.Name = old.Name - - if old.SectionName != nil { - upgraded.SectionName = SectionNamePtr(string(*old.SectionName)) - } - - if old.Port != nil { - upgraded.Port = PortNumPtr(int32(*old.Port)) - } - - return upgraded -} - -func DowngradeParentReference(old gwapiv1.ParentReference) gwapiv1a2.ParentReference { - downgraded := gwapiv1a2.ParentReference{} - - if old.Group != nil { - downgraded.Group = GroupPtrV1Alpha2(string(*old.Group)) - } - - if old.Kind != nil { - downgraded.Kind = KindPtrV1Alpha2(string(*old.Kind)) - } - - if old.Namespace != nil { - downgraded.Namespace = NamespacePtrV1Alpha2(string(*old.Namespace)) - } - - downgraded.Name = old.Name - - if old.SectionName != nil { - downgraded.SectionName = SectionNamePtrV1Alpha2(string(*old.SectionName)) - } - - if old.Port != nil { - downgraded.Port = PortNumPtrV1Alpha2(int(*old.Port)) - } - - return downgraded -} - -func UpgradeRouteParentStatuses(routeParentStatuses []gwapiv1a2.RouteParentStatus) []gwapiv1.RouteParentStatus { - var res []gwapiv1.RouteParentStatus - - for _, rps := range routeParentStatuses { - res = append(res, gwapiv1.RouteParentStatus{ - ParentRef: UpgradeParentReference(rps.ParentRef), - ControllerName: rps.ControllerName, - Conditions: rps.Conditions, - }) - } - - return res -} - -func DowngradeRouteParentStatuses(routeParentStatuses []gwapiv1.RouteParentStatus) []gwapiv1a2.RouteParentStatus { - var res []gwapiv1a2.RouteParentStatus - - for _, rps := range routeParentStatuses { - res = append(res, gwapiv1a2.RouteParentStatus{ - ParentRef: DowngradeParentReference(rps.ParentRef), - ControllerName: rps.ControllerName, - Conditions: rps.Conditions, - }) - } - - return res -} +// This file can be removed once all routes graduates to gwapiv1. // UpgradeBackendRef converts gwapiv1a2.BackendRef to gwapiv1.BackendRef func UpgradeBackendRef(old gwapiv1a2.BackendRef) gwapiv1.BackendRef { @@ -161,34 +43,3 @@ func UpgradeBackendRef(old gwapiv1a2.BackendRef) gwapiv1.BackendRef { return upgraded } - -func DowngradeBackendRef(old gwapiv1.BackendRef) gwapiv1a2.BackendRef { - downgraded := gwapiv1a2.BackendRef{} - - if old.Group != nil { - downgraded.Group = GroupPtrV1Alpha2(string(*old.Group)) - } - - if old.Kind != nil { - downgraded.Kind = KindPtrV1Alpha2(string(*old.Kind)) - } - - if old.Namespace != nil { - downgraded.Namespace = NamespacePtrV1Alpha2(string(*old.Namespace)) - } - - downgraded.Name = old.Name - - if old.Port != nil { - downgraded.Port = PortNumPtrV1Alpha2(int(*old.Port)) - } - - return downgraded -} - -func NamespaceDerefOrAlpha(namespace *gwapiv1a2.Namespace, defaultNamespace string) string { - if namespace != nil && *namespace != "" { - return string(*namespace) - } - return defaultNamespace -} diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go index 5f151b32007..778caa6f1bc 100644 --- a/internal/gatewayapi/listener.go +++ b/internal/gatewayapi/listener.go @@ -9,8 +9,10 @@ import ( "errors" "fmt" + "github.com/google/cel-go/cel" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/utils/ptr" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -345,6 +347,22 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources * irAccessLog.OpenTelemetry = append(irAccessLog.OpenTelemetry, al) } } + + var ( + validExprs []string + errs []error + ) + for _, expr := range accessLog.Matches { + if !validCELExpression(expr) { + errs = append(errs, fmt.Errorf("invalid CEL expression: %s", expr)) + continue + } + validExprs = append(validExprs, expr) + } + if len(errs) > 0 { + return nil, utilerrors.NewAggregate(errs) + } + irAccessLog.CELMatches = validExprs } return irAccessLog, nil @@ -397,6 +415,7 @@ func (t *Translator) processTracing(gw *gwapiv1.Gateway, envoyproxy *egv1a1.Envo Name: "tracing", // TODO: rename this, so that we can share backend with accesslog? Settings: ds, }, + Provider: tracing.Provider, }, nil } @@ -454,3 +473,10 @@ func destinationSettingFromHostAndPort(host string, port uint32) []*ir.Destinati }, } } + +var celEnv, _ = cel.NewEnv() + +func validCELExpression(expr string) bool { + _, issue := celEnv.Parse(expr) + return issue.Err() == nil +} diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index db59bf551e2..ebebab2356d 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -228,7 +228,7 @@ func (t *Translator) processHTTPRouteRules(httpRoute *HTTPRouteContext, parentRe httpRoute.GetGeneration(), gwapiv1.RouteConditionResolvedRefs, metav1.ConditionFalse, - gwapiv1a2.RouteReasonResolvedRefs, + gwapiv1.RouteReasonResolvedRefs, "Mixed endpointslice address type between backendRefs is not supported") } @@ -1236,7 +1236,7 @@ func (t *Translator) processDestination(backendRefContext BackendRefContext, route.GetGeneration(), gwapiv1.RouteConditionResolvedRefs, metav1.ConditionFalse, - gwapiv1a2.RouteReasonResolvedRefs, + gwapiv1.RouteReasonResolvedRefs, err.Error()) } diff --git a/internal/gatewayapi/runner/runner.go b/internal/gatewayapi/runner/runner.go index b4419aff63b..8b9b57fc839 100644 --- a/internal/gatewayapi/runner/runner.go +++ b/internal/gatewayapi/runner/runner.go @@ -7,12 +7,22 @@ package runner import ( "context" + "crypto/tls" + "crypto/x509" "encoding/json" + "errors" + "fmt" + "os" "reflect" + "github.com/docker/docker/pkg/fileutils" + kerrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/client-go/kubernetes" + ctrl "sigs.k8s.io/controller-runtime" gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -22,6 +32,14 @@ import ( "github.com/envoyproxy/gateway/internal/gatewayapi" "github.com/envoyproxy/gateway/internal/message" "github.com/envoyproxy/gateway/internal/utils" + "github.com/envoyproxy/gateway/internal/wasm" +) + +const ( + wasmCacheDir = "/var/lib/eg/wasm" + serveTLSCertFilename = "/certs/tls.crt" + serveTLSKeyFilename = "/certs/tls.key" + serveTLSCaFilename = "/certs/ca.crt" ) type Config struct { @@ -34,12 +52,21 @@ type Config struct { type Runner struct { Config + wasmCache wasm.Cache } func New(cfg *Config) *Runner { - return &Runner{Config: *cfg} + return &Runner{ + Config: *cfg, + } } +const ( + // nolint: gosec + hmacSecretName = "envoy-oidc-hmac" + hmacSecretKey = "hmac-secret" +) + func (r *Runner) Name() string { return string(egv1a1.LogComponentGatewayAPIRunner) } @@ -47,11 +74,45 @@ func (r *Runner) Name() string { // Start starts the gateway-api translator runner func (r *Runner) Start(ctx context.Context) (err error) { r.Logger = r.Logger.WithName(r.Name()).WithValues("runner", r.Name()) + + go r.startWasmCache(ctx) go r.subscribeAndTranslate(ctx) r.Logger.Info("started") return } +func (r *Runner) startWasmCache(ctx context.Context) { + // Start the wasm cache server + // EG reuse the OIDC HMAC secret as a hash salt to generate an unguessable + // downloading path for the Wasm module. + salt, err := hmac(ctx, r.Namespace) + if err != nil { + r.Logger.Error(err, "failed to get hmac secret") + return + } + tlsConfig, err := r.tlsConfig() + if err != nil { + r.Logger.Error(err, "failed to create tls config") + return + } + // Create the file directory if it does not exist. + if err = fileutils.CreateIfNotExists(wasmCacheDir, true); err != nil { + r.Logger.Error(err, "Failed to create Wasm cache directory") + return + } + r.wasmCache = wasm.NewHTTPServerWithFileCache( + // HTTP server options + wasm.SeverOptions{ + Salt: salt, + TLSConfig: tlsConfig, + }, + // Wasm cache options + wasm.CacheOptions{ + CacheDir: wasmCacheDir, + }, r.Logger) + r.wasmCache.Start(ctx) +} + func (r *Runner) subscribeAndTranslate(ctx context.Context) { message.HandleSubscription(message.Metadata{Runner: string(egv1a1.LogComponentGatewayAPIRunner), Message: "provider-resources"}, r.ProviderResources.GatewayAPIResources.Subscribe(ctx), func(update message.Update[string, *gatewayapi.ControllerResources], errChan chan error) { @@ -88,6 +149,7 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) { BackendEnabled: r.EnvoyGateway.ExtensionAPIs != nil && r.EnvoyGateway.ExtensionAPIs.EnableBackend, Namespace: r.Namespace, MergeGateways: gatewayapi.IsMergeGatewaysEnabled(resources), + WasmCache: r.wasmCache, } // If an extension is loaded, pass its supported groups/kinds to the translator @@ -427,3 +489,63 @@ func getIRKeysToDelete(curKeys, newKeys []string) []string { return delSet.List() } + +// hmac returns the HMAC secret generated by the CertGen job. +// hmac will be used as a hash salt to generate unguessable downloading paths for Wasm modules. +func hmac(ctx context.Context, namespace string) (hmac []byte, err error) { + // Get the HMAC secret. + // HMAC secret is generated by the CertGen job and stored in a secret + cfg, err := ctrl.GetConfig() + if err != nil { + return nil, err + } + client, err := kubernetes.NewForConfig(cfg) + if err != nil { + return nil, err + } + secret, err := client.CoreV1().Secrets(namespace).Get(ctx, hmacSecretName, metav1.GetOptions{}) + if err != nil { + if kerrors.IsNotFound(err) { + return nil, fmt.Errorf("HMAC secret %s/%s not found", namespace, hmacSecretName) + } + return nil, err + } + hmac, ok := secret.Data[hmacSecretKey] + if !ok || len(hmac) == 0 { + return nil, fmt.Errorf( + "HMAC secret not found in secret %s/%s", namespace, hmacSecretName) + } + return +} + +func (r *Runner) tlsConfig() (*tls.Config, error) { + var ( + serverCert tls.Certificate // server's certificate and private key + caCert []byte // the CA certificate for client verification + caCertPool *x509.CertPool + err error + ) + + // Load server's certificate and private key + if serverCert, err = tls.LoadX509KeyPair(serveTLSCertFilename, serveTLSKeyFilename); err != nil { + return nil, err + } + + // Load client's CA certificate + if caCert, err = os.ReadFile(serveTLSCaFilename); err != nil { + return nil, err + } + + caCertPool = x509.NewCertPool() + if !caCertPool.AppendCertsFromPEM(caCert) { + return nil, errors.New("failed to parse CA certificate") + } + + // Configure the server to require client certificates + return &tls.Config{ + Certificates: []tls.Certificate{serverCert}, + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: caCertPool, + MinVersion: tls.VersionTLS13, + }, nil +} diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index 34e2410ae55..470113b60e0 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -914,13 +914,6 @@ func irExtServiceDestinationName(policy *egv1a1.SecurityPolicy, backendRef *gwap nn.String())) } -func irConfigName(policy *egv1a1.SecurityPolicy) string { - return fmt.Sprintf( - "%s/%s", - strings.ToLower(KindSecurityPolicy), - utils.NamespacedName(policy).String()) -} - func (t *Translator) buildAuthorization(policy *egv1a1.SecurityPolicy) (*ir.Authorization, error) { var ( authorization = policy.Spec.Authorization diff --git a/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml b/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml index 6b95feb0a07..a825b0a6e2b 100644 --- a/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml +++ b/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml @@ -45,7 +45,7 @@ envoyExtensionPolicies: sectionName: http conditions: - lastTransitionTime: null - message: 'ExtProcs: resource backend-ip of type Backend cannot be used since + message: 'ExtProc: resource backend-ip of type Backend cannot be used since Backend is disabled in Envoy Gateway configuration.' reason: Invalid status: "False" diff --git a/internal/gatewayapi/testdata/custom-filter-order.in.yaml b/internal/gatewayapi/testdata/custom-filter-order.in.yaml index d3e931aed52..99b46e6de82 100644 --- a/internal/gatewayapi/testdata/custom-filter-order.in.yaml +++ b/internal/gatewayapi/testdata/custom-filter-order.in.yaml @@ -111,7 +111,7 @@ envoyextensionpolicies: type: HTTP http: url: https://www.example.com/wasm-filter-1.wasm - sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 + sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 config: parameter1: key1: value1 @@ -122,7 +122,7 @@ envoyextensionpolicies: type: HTTP http: url: https://www.example.com/wasm-filter-2.wasm - sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 + sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 config: parameter1: value1 parameter2: value2 diff --git a/internal/gatewayapi/testdata/custom-filter-order.out.yaml b/internal/gatewayapi/testdata/custom-filter-order.out.yaml index 5a520a9a9da..be53fc5c2ec 100644 --- a/internal/gatewayapi/testdata/custom-filter-order.out.yaml +++ b/internal/gatewayapi/testdata/custom-filter-order.out.yaml @@ -13,8 +13,8 @@ envoyExtensionPolicies: wasm: - code: http: + sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 url: https://www.example.com/wasm-filter-1.wasm - sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 type: HTTP config: parameter1: @@ -24,8 +24,8 @@ envoyExtensionPolicies: name: wasm-filter-1 - code: http: + sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 url: https://www.example.com/wasm-filter-2.wasm - sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 type: HTTP config: parameter1: value1 @@ -291,16 +291,18 @@ xdsIR: parameter2: value3 failOpen: false httpWasmCode: + originalDownloadingURL: https://www.example.com/wasm-filter-1.wasm + servingURL: https://envoy-gateway:18002/5c90b9a82642ce00a7753923fabead306b9d9a54a7c0bd2463a1af3efcfb110b.wasm sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 - url: https://www.example.com/wasm-filter-1.wasm - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/0 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0 wasmName: wasm-filter-1 - config: parameter1: value1 parameter2: value2 failOpen: false httpWasmCode: + originalDownloadingURL: https://www.example.com/wasm-filter-2.wasm + servingURL: https://envoy-gateway:18002/593e4cc60a7e0fa4d4f86531a5e20e785213a52000f056a7a8b5c5afcb908052.wasm sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 - url: https://www.example.com/wasm-filter-2.wasm - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/1 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/1 wasmName: wasm-filter-2 diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml index 76ce25c20f6..835a92ba92b 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml @@ -23,7 +23,7 @@ envoyExtensionPolicies: namespace: default conditions: - lastTransitionTime: null - message: 'ExtProcs: TCP Port 4000 not found on service default/grpc-backend.' + message: 'ExtProc: TCP Port 4000 not found on service default/grpc-backend.' reason: Invalid status: "False" type: Accepted diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml index c8d26813c85..80c04f0c71e 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml @@ -22,7 +22,7 @@ envoyExtensionPolicies: namespace: default conditions: - lastTransitionTime: null - message: 'ExtProcs: a valid port number corresponding to a port on the Service + message: 'ExtProc: a valid port number corresponding to a port on the Service must be specified.' reason: Invalid status: "False" diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml index 50148ea73d0..75e70c1cc01 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml @@ -24,8 +24,8 @@ envoyExtensionPolicies: namespace: default conditions: - lastTransitionTime: null - message: 'ExtProcs: backend ref to Service envoy-gateway/grpc-backend not - permitted by any ReferenceGrant.' + message: 'ExtProc: backend ref to Service envoy-gateway/grpc-backend not permitted + by any ReferenceGrant.' reason: Invalid status: "False" type: Accepted diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml index 7e5e5aba4b5..1f90e0a26fb 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml @@ -24,7 +24,7 @@ envoyExtensionPolicies: namespace: default conditions: - lastTransitionTime: null - message: 'ExtProcs: service envoy-gateway/grpc-backend not found.' + message: 'ExtProc: service envoy-gateway/grpc-backend not found.' reason: Invalid status: "False" type: Accepted diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.in.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.in.yaml index 2ff19ac2a6e..106267da645 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.in.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.in.yaml @@ -72,7 +72,7 @@ envoyextensionpolicies: type: HTTP http: url: https://www.example.com/wasm-filter-1.wasm - sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 + sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 config: parameter1: key1: value1 @@ -83,8 +83,7 @@ envoyextensionpolicies: type: HTTP http: url: https://www.example.com/wasm-filter-2.wasm - sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 + sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 config: parameter1: value1 parameter2: value2 - diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml index 463f604c21a..47ab4e6d799 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml @@ -16,8 +16,8 @@ envoyExtensionPolicies: wasm: - code: http: + sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 url: https://www.example.com/wasm-filter-1.wasm - sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 type: HTTP config: parameter1: @@ -27,8 +27,8 @@ envoyExtensionPolicies: name: wasm-filter-1 - code: http: + sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 url: https://www.example.com/wasm-filter-2.wasm - sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 type: HTTP config: parameter1: value1 @@ -238,18 +238,20 @@ xdsIR: parameter2: value3 failOpen: false httpWasmCode: + originalDownloadingURL: https://www.example.com/wasm-filter-1.wasm + servingURL: https://envoy-gateway:18002/5c90b9a82642ce00a7753923fabead306b9d9a54a7c0bd2463a1af3efcfb110b.wasm sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 - url: https://www.example.com/wasm-filter-1.wasm - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/0 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0 wasmName: wasm-filter-1 - config: parameter1: value1 parameter2: value2 failOpen: false httpWasmCode: + originalDownloadingURL: https://www.example.com/wasm-filter-2.wasm + servingURL: https://envoy-gateway:18002/593e4cc60a7e0fa4d4f86531a5e20e785213a52000f056a7a8b5c5afcb908052.wasm sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 - url: https://www.example.com/wasm-filter-2.wasm - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/1 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/1 wasmName: wasm-filter-2 - destination: name: httproute/envoy-gateway/httproute-2/rule/0 @@ -272,16 +274,18 @@ xdsIR: parameter2: value3 failOpen: false httpWasmCode: + originalDownloadingURL: https://www.example.com/wasm-filter-1.wasm + servingURL: https://envoy-gateway:18002/5c90b9a82642ce00a7753923fabead306b9d9a54a7c0bd2463a1af3efcfb110b.wasm sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 - url: https://www.example.com/wasm-filter-1.wasm - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/0 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0 wasmName: wasm-filter-1 - config: parameter1: value1 parameter2: value2 failOpen: false httpWasmCode: + originalDownloadingURL: https://www.example.com/wasm-filter-2.wasm + servingURL: https://envoy-gateway:18002/593e4cc60a7e0fa4d4f86531a5e20e785213a52000f056a7a8b5c5afcb908052.wasm sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 - url: https://www.example.com/wasm-filter-2.wasm - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/1 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/1 wasmName: wasm-filter-2 diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.in.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.in.yaml index 4d3e39cf48a..5cb2b192553 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.in.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.in.yaml @@ -1,3 +1,11 @@ +secrets: +- apiVersion: v1 + kind: Secret + metadata: + namespace: envoy-gateway + name: my-pull-secret + data: + .dockerconfigjson: VGhpc0lzTm90QVJlYWxEb2NrZXJDb25maWdKc29u gateways: - apiVersion: gateway.networking.k8s.io/v1 kind: Gateway @@ -69,21 +77,28 @@ envoyextensionpolicies: type: HTTP http: url: https://www.example.com/wasm-filter-1.wasm - sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 + sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 config: parameter1: key1: value1 key2: value2 parameter2: value3 - name: wasm-filter-2 + rootID: "my-root-id" code: - type: HTTP - http: - url: https://www.example.com/wasm-filter-2.wasm - sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 + type: Image + image: + url: oci://www.example.com/wasm-filter-2:v1.0.0 + pullSecretRef: + name: my-pull-secret + sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 config: parameter1: value1 parameter2: value2 + - code: + type: Image + image: + url: www.example.com:8080/wasm-filter-3 - apiVersion: gateway.envoyproxy.io/v1alpha1 kind: EnvoyExtensionPolicy metadata: @@ -95,12 +110,12 @@ envoyextensionpolicies: kind: HTTPRoute name: httproute-1 wasm: - - name: wasm-filter-3 + - name: wasm-filter-4 code: type: HTTP http: - url: https://www.test.com/wasm-filter-3.wasm - sha256: a1f0b78b8c1320690327800e3a5de10e7dbba7b6c752e702193a395a52c727b6 + url: https://www.test.com/wasm-filter-4.wasm + sha256: a1f0b78b8c1320690327800e3a5de10e7dbba7b6c752e702193a395a52c727b6 config: parameter1: key1: value1 diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml index 30bda358c18..f4e00c241bc 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml @@ -13,8 +13,8 @@ envoyExtensionPolicies: wasm: - code: http: - url: https://www.test.com/wasm-filter-3.wasm - sha256: a1f0b78b8c1320690327800e3a5de10e7dbba7b6c752e702193a395a52c727b6 + sha256: a1f0b78b8c1320690327800e3a5de10e7dbba7b6c752e702193a395a52c727b6 + url: https://www.test.com/wasm-filter-4.wasm type: HTTP config: parameter1: @@ -23,7 +23,7 @@ envoyExtensionPolicies: key2: key3: value3 failOpen: true - name: wasm-filter-3 + name: wasm-filter-4 status: ancestors: - ancestorRef: @@ -53,8 +53,8 @@ envoyExtensionPolicies: wasm: - code: http: + sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 url: https://www.example.com/wasm-filter-1.wasm - sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 type: HTTP config: parameter1: @@ -63,14 +63,24 @@ envoyExtensionPolicies: parameter2: value3 name: wasm-filter-1 - code: - http: - url: https://www.example.com/wasm-filter-2.wasm - sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 - type: HTTP + image: + pullSecretRef: + group: null + kind: null + name: my-pull-secret + sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 + url: oci://www.example.com/wasm-filter-2:v1.0.0 + type: Image config: parameter1: value1 parameter2: value2 name: wasm-filter-2 + rootID: my-root-id + - code: + image: + sha256: null + url: www.example.com:8080/wasm-filter-3 + type: Image status: ancestors: - ancestorRef: @@ -266,10 +276,11 @@ xdsIR: key3: value3 failOpen: true httpWasmCode: + originalDownloadingURL: https://www.test.com/wasm-filter-4.wasm + servingURL: https://envoy-gateway:18002/fe571e7b1ef5dc626ceb2c2c86782a134a92989a2643485238951696ae4334c3.wasm sha256: a1f0b78b8c1320690327800e3a5de10e7dbba7b6c752e702193a395a52c727b6 - url: https://www.test.com/wasm-filter-3.wasm - name: envoyextensionpolicy/default/policy-for-http-route/0 - wasmName: wasm-filter-3 + name: envoyextensionpolicy/default/policy-for-http-route/wasm/0 + wasmName: wasm-filter-4 - destination: name: httproute/default/httproute-2/rule/0 settings: @@ -294,16 +305,27 @@ xdsIR: parameter2: value3 failOpen: false httpWasmCode: + originalDownloadingURL: https://www.example.com/wasm-filter-1.wasm + servingURL: https://envoy-gateway:18002/5c90b9a82642ce00a7753923fabead306b9d9a54a7c0bd2463a1af3efcfb110b.wasm sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 - url: https://www.example.com/wasm-filter-1.wasm - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/0 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0 wasmName: wasm-filter-1 - config: parameter1: value1 parameter2: value2 failOpen: false httpWasmCode: - sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 - url: https://www.example.com/wasm-filter-2.wasm - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/1 + originalDownloadingURL: oci://www.example.com/wasm-filter-2:v1.0.0 + servingURL: https://envoy-gateway:18002/7abf116e5cd5a20389604a5ba0f3bd04fdf76f92181fe67506b42c2ee596d3fd.wasm + sha256: 314100af781b98a8ca175d5bf90a8bf76576e20a2f397a88223404edc6ebfd46 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/1 + rootID: my-root-id wasmName: wasm-filter-2 + - config: null + failOpen: false + httpWasmCode: + originalDownloadingURL: oci://www.example.com:8080/wasm-filter-3:latest + servingURL: https://envoy-gateway:18002/42d30b4a4cc631415e6e48c02d244700da327201eb273f752cacf745715b31d9.wasm + sha256: 2a19e4f337e5223d7287e7fccd933fb01905deaff804292e5257f8c681b82bee + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 + wasmName: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml new file mode 100644 index 00000000000..dd96ed4b01e --- /dev/null +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml @@ -0,0 +1,90 @@ +envoyProxyForGatewayClass: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + namespace: envoy-gateway-system + name: test + spec: + telemetry: + accessLog: + settings: + - matches: + - "response.code >= 400" + - ")++++" # invalid CEL expression will be ignored + format: + type: Text + text: | + [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n + sinks: + - type: File + file: + path: /dev/stdout + - type: OpenTelemetry + openTelemetry: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + resources: + k8s.cluster.name: "cluster-1" + provider: + type: Kubernetes + kubernetes: + envoyService: + type: LoadBalancer + envoyDeployment: + replicas: 2 + container: + env: + - name: env_a + value: env_a_value + - name: env_b + value: env_b_name + image: "envoyproxy/envoy:distroless-dev" + resources: + requests: + cpu: 100m + memory: 512Mi + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + pod: + annotations: + key1: val1 + key2: val2 + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: cloud.google.com/gke-nodepool + operator: In + values: + - router-node + tolerations: + - effect: NoSchedule + key: node-type + operator: Exists + value: "router" + securityContext: + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + volumes: + - name: certs + secret: + secretName: envoy-cert +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: Same diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml new file mode 100644 index 00000000000..e23a524604d --- /dev/null +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml @@ -0,0 +1,153 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: Same + name: http + port: 80 + protocol: HTTP + status: + conditions: + - lastTransitionTime: null + message: 'Invalid access log backendRefs: invalid CEL expression: )++++' + reason: Invalid + status: "False" + type: ListenersNotValid + listeners: + - attachedRoutes: 0 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +infraIR: + envoy-gateway/gateway-1: + proxy: + config: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + creationTimestamp: null + name: test + namespace: envoy-gateway-system + spec: + logging: {} + provider: + kubernetes: + envoyDeployment: + container: + env: + - name: env_a + value: env_a_value + - name: env_b + value: env_b_name + image: envoyproxy/envoy:distroless-dev + resources: + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 2000 + pod: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: cloud.google.com/gke-nodepool + operator: In + values: + - router-node + annotations: + key1: val1 + key2: val2 + securityContext: + fsGroup: 2000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 3000 + runAsUser: 1000 + tolerations: + - effect: NoSchedule + key: node-type + operator: Exists + value: router + volumes: + - name: certs + secret: + secretName: envoy-cert + replicas: 2 + envoyService: + type: LoadBalancer + type: Kubernetes + telemetry: + accessLog: + settings: + - format: + text: | + [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n + type: Text + matches: + - response.code >= 400 + - )++++ + sinks: + - file: + path: /dev/stdout + type: File + - openTelemetry: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + resources: + k8s.cluster.name: cluster-1 + type: OpenTelemetry + status: {} + listeners: + - address: null + name: envoy-gateway/gateway-1/http + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-1/http + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.in.yaml new file mode 100644 index 00000000000..3d9f52018dc --- /dev/null +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.in.yaml @@ -0,0 +1,89 @@ +envoyProxyForGatewayClass: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + namespace: envoy-gateway-system + name: test + spec: + telemetry: + accessLog: + settings: + - matches: + - "response.code >= 400" + format: + type: Text + text: | + [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n + sinks: + - type: File + file: + path: /dev/stdout + - type: OpenTelemetry + openTelemetry: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + resources: + k8s.cluster.name: "cluster-1" + provider: + type: Kubernetes + kubernetes: + envoyService: + type: LoadBalancer + envoyDeployment: + replicas: 2 + container: + env: + - name: env_a + value: env_a_value + - name: env_b + value: env_b_name + image: "envoyproxy/envoy:distroless-dev" + resources: + requests: + cpu: 100m + memory: 512Mi + securityContext: + runAsUser: 2000 + allowPrivilegeEscalation: false + pod: + annotations: + key1: val1 + key2: val2 + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: cloud.google.com/gke-nodepool + operator: In + values: + - router-node + tolerations: + - effect: NoSchedule + key: node-type + operator: Exists + value: "router" + securityContext: + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 + fsGroupChangePolicy: "OnRootMismatch" + volumes: + - name: certs + secret: + secretName: envoy-cert +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: Same diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml new file mode 100644 index 00000000000..3d0c0ae526d --- /dev/null +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml @@ -0,0 +1,167 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: Same + name: http + port: 80 + protocol: HTTP + status: + listeners: + - attachedRoutes: 0 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: http + supportedKinds: + - group: gateway.networking.k8s.io + kind: HTTPRoute + - group: gateway.networking.k8s.io + kind: GRPCRoute +infraIR: + envoy-gateway/gateway-1: + proxy: + config: + apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: EnvoyProxy + metadata: + creationTimestamp: null + name: test + namespace: envoy-gateway-system + spec: + logging: {} + provider: + kubernetes: + envoyDeployment: + container: + env: + - name: env_a + value: env_a_value + - name: env_b + value: env_b_name + image: envoyproxy/envoy:distroless-dev + resources: + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + runAsUser: 2000 + pod: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: cloud.google.com/gke-nodepool + operator: In + values: + - router-node + annotations: + key1: val1 + key2: val2 + securityContext: + fsGroup: 2000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 3000 + runAsUser: 1000 + tolerations: + - effect: NoSchedule + key: node-type + operator: Exists + value: router + volumes: + - name: certs + secret: + secretName: envoy-cert + replicas: 2 + envoyService: + type: LoadBalancer + type: Kubernetes + telemetry: + accessLog: + settings: + - format: + text: | + [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n + type: Text + matches: + - response.code >= 400 + sinks: + - file: + path: /dev/stdout + type: File + - openTelemetry: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + resources: + k8s.cluster.name: cluster-1 + type: OpenTelemetry + status: {} + listeners: + - address: null + name: envoy-gateway/gateway-1/http + ports: + - containerPort: 10080 + name: http-80 + protocol: HTTP + servicePort: 80 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +xdsIR: + envoy-gateway/gateway-1: + accessLog: + celMatches: + - response.code >= 400 + openTelemetry: + - authority: otel-collector.monitoring.svc.cluster.local + destination: + name: accesslog-0 + settings: + - endpoints: + - host: otel-collector.monitoring.svc.cluster.local + port: 4317 + protocol: GRPC + weight: 1 + resources: + k8s.cluster.name: cluster-1 + text: | + [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n + text: + - format: | + [%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n + path: /dev/stdout + http: + - address: 0.0.0.0 + hostnames: + - '*' + isHTTP2: false + name: envoy-gateway/gateway-1/http + path: + escapedSlashesAction: UnescapeAndRedirect + mergeSlashes: true + port: 10080 diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml index 8393d9c4ff8..f413abe8655 100644 --- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml @@ -146,5 +146,11 @@ xdsIR: - host: 8.7.6.5 port: 4317 protocol: GRPC + provider: + backendRefs: + - name: otel-collector + namespace: monitoring + port: 4317 + type: OpenTelemetry samplingRate: 100 serviceName: gateway-1.envoy-gateway diff --git a/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml index 1e47494ffed..56d7485639d 100644 --- a/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml @@ -159,5 +159,9 @@ xdsIR: port: 4317 protocol: GRPC weight: 1 + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry samplingRate: 100 serviceName: gateway-1.envoy-gateway diff --git a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml index 8a477792a8f..554b6189380 100644 --- a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml @@ -159,5 +159,9 @@ xdsIR: port: 4317 protocol: GRPC weight: 1 + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry samplingRate: 100 serviceName: gateway-1.envoy-gateway diff --git a/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml b/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml index 9fd0cc12b2d..0a230d17d1c 100644 --- a/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml +++ b/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml @@ -301,5 +301,9 @@ xdsIR: port: 4317 protocol: GRPC weight: 1 + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry samplingRate: 100 serviceName: envoy-gateway-class diff --git a/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml b/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml index 90f8dc6a27d..6e848009bb5 100644 --- a/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml +++ b/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml @@ -291,6 +291,10 @@ xdsIR: port: 4317 protocol: GRPC weight: 1 + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry samplingRate: 100 serviceName: gateway-1.envoy-gateway envoy-gateway/gateway-2: @@ -343,5 +347,9 @@ xdsIR: port: 4317 protocol: GRPC weight: 1 + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry samplingRate: 100 serviceName: gateway-2.envoy-gateway diff --git a/internal/gatewayapi/translator.go b/internal/gatewayapi/translator.go index 191a75d460f..1be3f59f229 100644 --- a/internal/gatewayapi/translator.go +++ b/internal/gatewayapi/translator.go @@ -17,6 +17,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" + "github.com/envoyproxy/gateway/internal/wasm" ) const ( @@ -106,6 +107,9 @@ type Translator struct { // Namespace is the namespace that Envoy Gateway runs in. Namespace string + + // WasmCache is the cache for Wasm modules. + WasmCache wasm.Cache } type TranslateResult struct { diff --git a/internal/gatewayapi/translator_test.go b/internal/gatewayapi/translator_test.go index 1f5c43b1762..062808af580 100644 --- a/internal/gatewayapi/translator_test.go +++ b/internal/gatewayapi/translator_test.go @@ -7,6 +7,9 @@ package gatewayapi import ( "bufio" + "context" + "crypto/sha256" + "encoding/hex" "flag" "fmt" "os" @@ -32,6 +35,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/utils/field" "github.com/envoyproxy/gateway/internal/utils/file" + "github.com/envoyproxy/gateway/internal/wasm" ) var overrideTestData = flag.Bool("override-testdata", false, "if override the test output data.") @@ -85,6 +89,7 @@ func TestTranslate(t *testing.T) { BackendEnabled: backendEnabled, Namespace: "envoy-gateway-system", MergeGateways: IsMergeGatewaysEnabled(resources), + WasmCache: &mockWasmCache{}, } // Add common test fixtures @@ -812,3 +817,22 @@ func TestServicePortToContainerPort(t *testing.T) { assert.Equal(t, tc.containerPort, got) } } + +var _ wasm.Cache = &mockWasmCache{} + +type mockWasmCache struct{} + +func (m *mockWasmCache) Start(_ context.Context) {} + +func (m *mockWasmCache) Get(downloadURL string, _ wasm.GetOptions) (url string, checksum string, err error) { + // This is a mock implementation of the wasm.Cache.Get method. + sha := sha256.Sum256([]byte(downloadURL)) + hashedName := hex.EncodeToString(sha[:]) + salt := []byte("salt") + salt = append(salt, hashedName...) + sha = sha256.Sum256(salt) + checksum = hex.EncodeToString(sha[:]) + return fmt.Sprintf("https://envoy-gateway:18002/%s.wasm", hashedName), checksum, nil +} + +func (m *mockWasmCache) Cleanup() {} diff --git a/internal/gatewayapi/validate.go b/internal/gatewayapi/validate.go index f2172f2726c..5c442812d8b 100644 --- a/internal/gatewayapi/validate.go +++ b/internal/gatewayapi/validate.go @@ -895,6 +895,8 @@ func (t *Translator) validateHostname(hostname string) error { // 2. If the secret reference is a cross-namespace reference, // is it permitted by any ReferenceGrant // 3. Does the secret exist +// +// nolint:unparam func (t *Translator) validateSecretRef( allowCrossNamespace bool, from crossNamespaceFrom, diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml index 8c49a94297c..b116a942356 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml @@ -163,6 +163,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml index ac875d88b8e..9b374a2f59c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml index b27d515a915..88a041e64c2 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml index 842407c32c7..9fe8dfd69e8 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml @@ -135,6 +135,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml index 97a00431c75..d2049910591 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml index 5a19dc72f0d..d294b0b680a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml @@ -172,6 +172,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml index 4728969d70b..c49c85dd504 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml index a5a5e85e728..ed8c1ab331b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml index 8553fda9705..9f1b54d5f14 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml index bd8b749a1d3..f59049a6776 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml @@ -166,6 +166,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml index 8e7a529ce1c..93b5b6ed312 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml index 1469fb21616..f1619138643 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml index 3820ca17ead..9623f718755 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml index d0618604cf5..c41878beee9 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml index 0986faca79a..1152f25816a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml @@ -161,6 +161,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml index be6b2d5d225..7b6dbacf6c1 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml @@ -168,6 +168,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml index d340fce372d..fc4f7d4db4a 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml @@ -168,6 +168,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml index ea0fa6907a0..ae5de51bab0 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml @@ -166,6 +166,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml index 3fd0948f2ee..6d7c6736dff 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml @@ -165,6 +165,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml index 14342f83286..07ba78e2f6c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml @@ -139,6 +139,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml index 2c371d90811..4afb4a82326 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml @@ -166,6 +166,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml index 1e65cc299ec..f856c4231a6 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml @@ -176,6 +176,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml index 72757a325b7..636b505295b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml @@ -165,6 +165,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml index 12c9ad5766f..ba51e4461c6 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml @@ -165,6 +165,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml index 2fecd59712f..e91cc8f9fbd 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml @@ -166,6 +166,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml index 65cea34a8d9..81186f66df5 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml @@ -170,6 +170,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml index f60fec2e8eb..7a02bcef713 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml @@ -165,6 +165,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml index 2085acacc0e..4db28471d1b 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml @@ -165,6 +165,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml index e1e2b22b957..b4e9d58e882 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml @@ -165,6 +165,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml index 91b38ecbd3d..2e2844be152 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml @@ -165,6 +165,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml index 08f9e6a0b85..9b29ce09f59 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml @@ -165,6 +165,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml index 1b734654109..6daf8140b3c 100644 --- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml +++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml @@ -165,6 +165,44 @@ spec: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/ir/xds.go b/internal/ir/xds.go index 7d52e0243e6..6b418f50ee7 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -267,7 +267,7 @@ type HTTPListener struct { // ClientTimeout sets the timeout configuration for downstream connections Timeout *ClientTimeout `json:"timeout,omitempty" yaml:"clientTimeout,omitempty"` // Connection settings - Connection *Connection `json:"connection,omitempty" yaml:"connection,omitempty"` + Connection *ClientConnection `json:"connection,omitempty" yaml:"connection,omitempty"` } // Validate the fields within the HTTPListener structure @@ -1351,7 +1351,7 @@ type TCPListener struct { // ClientTimeout sets the timeout configuration for downstream connections. Timeout *ClientTimeout `json:"timeout,omitempty" yaml:"clientTimeout,omitempty"` // Connection settings for clients - Connection *Connection `json:"connection,omitempty" yaml:"connection,omitempty"` + Connection *ClientConnection `json:"connection,omitempty" yaml:"connection,omitempty"` // Routes associated with TCP traffic to the listener. Routes []*TCPRoute `json:"routes,omitempty" yaml:"routes,omitempty"` } @@ -1599,6 +1599,7 @@ type RateLimitValue struct { // AccessLog holds the access logging configuration. // +k8s:deepcopy-gen=true type AccessLog struct { + CELMatches []string `json:"celMatches,omitempty" yaml:"celMatches,omitempty"` Text []*TextAccessLog `json:"text,omitempty" yaml:"text,omitempty"` JSON []*JSONAccessLog `json:"json,omitempty" yaml:"json,omitempty"` ALS []*ALSAccessLog `json:"als,omitempty" yaml:"als,omitempty"` @@ -1704,6 +1705,7 @@ type Tracing struct { SamplingRate float64 `json:"samplingRate,omitempty"` CustomTags map[string]egv1a1.CustomTag `json:"customTags,omitempty"` Destination RouteDestination `json:"destination,omitempty"` + Provider egv1a1.TracingProvider `json:"provider"` } // Metrics defines the configuration for metrics generated by Envoy @@ -2156,9 +2158,9 @@ type BackendConnection struct { BufferLimitBytes *uint32 `json:"bufferLimit,omitempty" yaml:"bufferLimit,omitempty"` } -// Connection settings for downstream connections +// ClientConnection settings for downstream connections // +k8s:deepcopy-gen=true -type Connection struct { +type ClientConnection struct { // ConnectionLimit is the limit of number of connections ConnectionLimit *ConnectionLimit `json:"limit,omitempty" yaml:"limit,omitempty"` // BufferLimitBytes is the maximum number of bytes that can be buffered for a connection. @@ -2225,7 +2227,7 @@ type ExtProc struct { // +k8s:deepcopy-gen=true type Wasm struct { // Name is a unique name for an Wasm configuration. - // The xds translator only generates one ExtProc filter for each unique name. + // The xds translator only generates one Wasm filter for each unique name. Name string `json:"name"` // RootID is a unique ID for a set of extensions in a VM which will share a @@ -2246,17 +2248,26 @@ type Wasm struct { // during the initialization or the execution of the Wasm extension. FailOpen bool `json:"failOpen"` - // HTTPWasmCode is the HTTP Wasm code source. - HTTPWasmCode *HTTPWasmCode `json:"httpWasmCode,omitempty"` + // Code is the HTTP Wasm code source. + // Envoy only supports HTTP Wasm code source. EG downloads the Wasm code from the + // original URL(either an HTTP URL or an OCI image) and serves it through the + // local HTTP server. + Code *HTTPWasmCode `json:"httpWasmCode,omitempty"` } // HTTPWasmCode holds the information associated with the HTTP Wasm code source. +// +k8s:deepcopy-gen=true type HTTPWasmCode struct { - // URL is the URL of the Wasm code. - URL string `json:"url"` + // ServingURL is the URL of the Wasm code served by the local EG HTTP server. + ServingURL string `json:"servingURL"` - // SHA256 checksum that will be used to verify the wasm code. + // SHA256 checksum that will be used by the Envoy to verify the Wasm code. + // It's different from the digest of the OCI image. SHA256 string `json:"sha256"` + + // OriginalURL is the original downloading URL of the Wasm code. + // Note: This field is just used for testing. It's not used to generate the Envoy configuration. + OriginalURL string `json:"originalDownloadingURL"` } // DestinationFilters contains HTTP filters that will be used with the DestinationSetting. diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index ef6477f22f0..30bd585a369 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -82,6 +82,11 @@ func (in *ALSAccessLogHTTP) DeepCopy() *ALSAccessLogHTTP { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessLog) DeepCopyInto(out *AccessLog) { *out = *in + if in.CELMatches != nil { + in, out := &in.CELMatches, &out.CELMatches + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.Text != nil { in, out := &in.Text, &out.Text *out = make([]*TextAccessLog, len(*in)) @@ -391,6 +396,31 @@ func (in *CircuitBreaker) DeepCopy() *CircuitBreaker { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientConnection) DeepCopyInto(out *ClientConnection) { + *out = *in + if in.ConnectionLimit != nil { + in, out := &in.ConnectionLimit, &out.ConnectionLimit + *out = new(ConnectionLimit) + (*in).DeepCopyInto(*out) + } + if in.BufferLimitBytes != nil { + in, out := &in.BufferLimitBytes, &out.BufferLimitBytes + *out = new(uint32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnection. +func (in *ClientConnection) DeepCopy() *ClientConnection { + if in == nil { + return nil + } + out := new(ClientConnection) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClientIPDetectionSettings) DeepCopyInto(out *ClientIPDetectionSettings) { *out = *in @@ -441,31 +471,6 @@ func (in *ClientTimeout) DeepCopy() *ClientTimeout { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Connection) DeepCopyInto(out *Connection) { - *out = *in - if in.ConnectionLimit != nil { - in, out := &in.ConnectionLimit, &out.ConnectionLimit - *out = new(ConnectionLimit) - (*in).DeepCopyInto(*out) - } - if in.BufferLimitBytes != nil { - in, out := &in.BufferLimitBytes, &out.BufferLimitBytes - *out = new(uint32) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Connection. -func (in *Connection) DeepCopy() *Connection { - if in == nil { - return nil - } - out := new(Connection) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConnectionLimit) DeepCopyInto(out *ConnectionLimit) { *out = *in @@ -1122,7 +1127,7 @@ func (in *HTTPListener) DeepCopyInto(out *HTTPListener) { } if in.Connection != nil { in, out := &in.Connection, &out.Connection - *out = new(Connection) + *out = new(ClientConnection) (*in).DeepCopyInto(*out) } } @@ -1325,6 +1330,21 @@ func (in *HTTPTimeout) DeepCopy() *HTTPTimeout { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPWasmCode) DeepCopyInto(out *HTTPWasmCode) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPWasmCode. +func (in *HTTPWasmCode) DeepCopy() *HTTPWasmCode { + if in == nil { + return nil + } + out := new(HTTPWasmCode) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HeaderSettings) DeepCopyInto(out *HeaderSettings) { *out = *in @@ -2368,7 +2388,7 @@ func (in *TCPListener) DeepCopyInto(out *TCPListener) { } if in.Connection != nil { in, out := &in.Connection, &out.Connection - *out = new(Connection) + *out = new(ClientConnection) (*in).DeepCopyInto(*out) } if in.Routes != nil { @@ -2705,6 +2725,7 @@ func (in *Tracing) DeepCopyInto(out *Tracing) { } } in.Destination.DeepCopyInto(&out.Destination) + in.Provider.DeepCopyInto(&out.Provider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tracing. @@ -2895,8 +2916,8 @@ func (in *Wasm) DeepCopyInto(out *Wasm) { *out = new(apiextensionsv1.JSON) (*in).DeepCopyInto(*out) } - if in.HTTPWasmCode != nil { - in, out := &in.HTTPWasmCode, &out.HTTPWasmCode + if in.Code != nil { + in, out := &in.Code, &out.Code *out = new(HTTPWasmCode) **out = **in } diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go index 078061d2ee4..f7e88da222d 100644 --- a/internal/provider/kubernetes/controller.go +++ b/internal/provider/kubernetes/controller.go @@ -519,7 +519,7 @@ func (r *gatewayAPIReconciler) processSecurityPolicyObjectRefs( resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ Group: backendRef.Group, Kind: backendRef.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Namespace: gatewayapi.NamespacePtr(backendNamespace), Name: backendRef.Name, }) @@ -1661,11 +1661,11 @@ func (r *gatewayAPIReconciler) processEnvoyProxy(ep *egv1a1.EnvoyProxy, resource } for _, backendRef := range backendRefs { - backendNamespace := gatewayapi.NamespaceDerefOrAlpha(backendRef.Namespace, ep.Namespace) + backendNamespace := gatewayapi.NamespaceDerefOr(backendRef.Namespace, ep.Namespace) resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ Group: backendRef.BackendObjectReference.Group, Kind: backendRef.BackendObjectReference.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Namespace: gatewayapi.NamespacePtr(backendNamespace), Name: backendRef.Name, }) } @@ -1818,6 +1818,7 @@ func (r *gatewayAPIReconciler) processExtensionServerPolicies( // processEnvoyExtensionPolicyObjectRefs adds the referenced resources in EnvoyExtensionPolicies // to the resourceTree // - BackendRefs for ExtProcs +// - SecretRefs for Wasms func (r *gatewayAPIReconciler) processEnvoyExtensionPolicyObjectRefs( ctx context.Context, resourceTree *gatewayapi.Resources, resourceMap *resourceMappings, ) { @@ -1838,7 +1839,7 @@ func (r *gatewayAPIReconciler) processEnvoyExtensionPolicyObjectRefs( resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ Group: backendRef.Group, Kind: backendRef.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Namespace: gatewayapi.NamespacePtr(backendNamespace), Name: backendRef.Name, }) @@ -1868,5 +1869,23 @@ func (r *gatewayAPIReconciler) processEnvoyExtensionPolicyObjectRefs( } } } + + // Add the referenced SecretRefs in EnvoyExtensionPolicies to the resourceTree + for _, wasm := range policy.Spec.Wasm { + if wasm.Code.Image != nil && wasm.Code.Image.PullSecretRef != nil { + if err := r.processSecretRef( + ctx, + resourceMap, + resourceTree, + gatewayapi.KindSecurityPolicy, + policy.Namespace, + policy.Name, + *wasm.Code.Image.PullSecretRef); err != nil { + r.log.Error(err, + "failed to process Wasm Image PullSecretRef for EnvoyExtensionPolicy", + "policy", policy, "secretRef", wasm.Code.Image.PullSecretRef) + } + } + } } } diff --git a/internal/provider/kubernetes/indexers.go b/internal/provider/kubernetes/indexers.go index 2e17239032f..443c667e349 100644 --- a/internal/provider/kubernetes/indexers.go +++ b/internal/provider/kubernetes/indexers.go @@ -43,6 +43,7 @@ const ( backendEnvoyExtensionPolicyIndex = "backendEnvoyExtensionPolicyIndex" backendEnvoyProxyTelemetryIndex = "backendEnvoyProxyTelemetryIndex" secretEnvoyProxyIndex = "secretEnvoyProxyIndex" + secretEnvoyExtensionPolicyIndex = "secretEnvoyExtensionPolicyIndex" ) func addReferenceGrantIndexers(ctx context.Context, mgr manager.Manager) error { @@ -298,7 +299,7 @@ func addTLSRouteIndexers(ctx context.Context, mgr manager.Manager) error { // lookup the provided Gateway Name. gateways = append(gateways, types.NamespacedName{ - Namespace: gatewayapi.NamespaceDerefOrAlpha(parent.Namespace, tlsRoute.Namespace), + Namespace: gatewayapi.NamespaceDerefOr(parent.Namespace, tlsRoute.Namespace), Name: string(parent.Name), }.String(), ) @@ -325,7 +326,7 @@ func backendTLSRouteIndexFunc(rawObj client.Object) []string { // lookup the provided Gateway Name. backendRefs = append(backendRefs, types.NamespacedName{ - Namespace: gatewayapi.NamespaceDerefOrAlpha(backend.Namespace, tlsroute.Namespace), + Namespace: gatewayapi.NamespaceDerefOr(backend.Namespace, tlsroute.Namespace), Name: string(backend.Name), }.String(), ) @@ -348,7 +349,7 @@ func addTCPRouteIndexers(ctx context.Context, mgr manager.Manager) error { // lookup the provided Gateway Name. gateways = append(gateways, types.NamespacedName{ - Namespace: gatewayapi.NamespaceDerefOrAlpha(parent.Namespace, tcpRoute.Namespace), + Namespace: gatewayapi.NamespaceDerefOr(parent.Namespace, tcpRoute.Namespace), Name: string(parent.Name), }.String(), ) @@ -375,7 +376,7 @@ func backendTCPRouteIndexFunc(rawObj client.Object) []string { // lookup the provided Gateway Name. backendRefs = append(backendRefs, types.NamespacedName{ - Namespace: gatewayapi.NamespaceDerefOrAlpha(backend.Namespace, tcpRoute.Namespace), + Namespace: gatewayapi.NamespaceDerefOr(backend.Namespace, tcpRoute.Namespace), Name: string(backend.Name), }.String(), ) @@ -400,7 +401,7 @@ func addUDPRouteIndexers(ctx context.Context, mgr manager.Manager) error { // lookup the provided Gateway Name. gateways = append(gateways, types.NamespacedName{ - Namespace: gatewayapi.NamespaceDerefOrAlpha(parent.Namespace, udpRoute.Namespace), + Namespace: gatewayapi.NamespaceDerefOr(parent.Namespace, udpRoute.Namespace), Name: string(parent.Name), }.String(), ) @@ -427,7 +428,7 @@ func backendUDPRouteIndexFunc(rawObj client.Object) []string { // lookup the provided Gateway Name. backendRefs = append(backendRefs, types.NamespacedName{ - Namespace: gatewayapi.NamespaceDerefOrAlpha(backend.Namespace, udproute.Namespace), + Namespace: gatewayapi.NamespaceDerefOr(backend.Namespace, udproute.Namespace), Name: string(backend.Name), }.String(), ) @@ -658,6 +659,12 @@ func addEnvoyExtensionPolicyIndexers(ctx context.Context, mgr manager.Manager) e return err } + if err = mgr.GetFieldIndexer().IndexField( + ctx, &egv1a1.EnvoyExtensionPolicy{}, secretEnvoyExtensionPolicyIndex, + secretEnvoyExtensionPolicyIndexFunc); err != nil { + return err + } + return nil } @@ -679,3 +686,22 @@ func backendEnvoyExtensionPolicyIndexFunc(rawObj client.Object) []string { return ret } + +func secretEnvoyExtensionPolicyIndexFunc(rawObj client.Object) []string { + envoyExtensionPolicy := rawObj.(*egv1a1.EnvoyExtensionPolicy) + + var ret []string + + for _, wasm := range envoyExtensionPolicy.Spec.Wasm { + if wasm.Code.Image != nil && wasm.Code.Image.PullSecretRef != nil { + secretRef := wasm.Code.Image.PullSecretRef + ret = append(ret, + types.NamespacedName{ + Namespace: gatewayapi.NamespaceDerefOr(secretRef.Namespace, envoyExtensionPolicy.Namespace), + Name: string(secretRef.Name), + }.String()) + } + } + + return ret +} diff --git a/internal/provider/kubernetes/predicates.go b/internal/provider/kubernetes/predicates.go index a2d456c72ac..0e0f984c69c 100644 --- a/internal/provider/kubernetes/predicates.go +++ b/internal/provider/kubernetes/predicates.go @@ -158,6 +158,10 @@ func (r *gatewayAPIReconciler) validateSecretForReconcile(obj client.Object) boo return true } + if r.isExtensionPolicyReferencingSecret(&nsName) { + return true + } + return false } @@ -186,6 +190,7 @@ func (r *gatewayAPIReconciler) isEnvoyProxyReferencingSecret(nsName *types.Names } } } + return false } @@ -623,3 +628,15 @@ func (r *gatewayAPIReconciler) isEnvoyProxyReferencingBackend(nn *types.Namespac return len(proxyList.Items) > 0 } + +func (r *gatewayAPIReconciler) isExtensionPolicyReferencingSecret(nsName *types.NamespacedName) bool { + eepList := &egv1a1.EnvoyExtensionPolicyList{} + if err := r.client.List(context.Background(), eepList, &client.ListOptions{ + FieldSelector: fields.OneTermEqualSelector(secretEnvoyExtensionPolicyIndex, nsName.String()), + }); err != nil { + r.log.Error(err, "unable to find associated ExtensionPolicies") + return false + } + + return len(eepList.Items) > 0 +} diff --git a/internal/provider/kubernetes/predicates_test.go b/internal/provider/kubernetes/predicates_test.go index 41f829fe821..6379263bdb0 100644 --- a/internal/provider/kubernetes/predicates_test.go +++ b/internal/provider/kubernetes/predicates_test.go @@ -316,6 +316,47 @@ func TestValidateSecretForReconcile(t *testing.T) { secret: test.GetSecret(types.NamespacedName{Name: "secret"}), expect: false, }, + { + name: "references EnvoyExtensionPolicy Wasm OCI Image", + configs: []client.Object{ + test.GetGatewayClass("test-gc", egv1a1.GatewayControllerName, nil), + test.GetGateway(types.NamespacedName{Name: "scheduled-status-test"}, "test-gc", 8080), + &egv1a1.EnvoyExtensionPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "wasm-oci", + }, + Spec: egv1a1.EnvoyExtensionPolicySpec{ + PolicyTargetReferences: egv1a1.PolicyTargetReferences{ + TargetRefs: []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{ + { + LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{ + Kind: "Gateway", + Name: "scheduled-status-test", + }, + }, + }, + }, + Wasm: []egv1a1.Wasm{ + { + Name: ptr.To("wasm-filter"), + RootID: ptr.To("my_root_id"), + Code: egv1a1.WasmCodeSource{ + Type: egv1a1.ImageWasmCodeSourceType, + Image: &egv1a1.ImageWasmCodeSource{ + URL: "https://example.com/testwasm:v1.0.0", + PullSecretRef: &gwapiv1b1.SecretObjectReference{ + Name: "secret", + }, + }, + }, + }, + }, + }, + }, + }, + secret: test.GetSecret(types.NamespacedName{Name: "secret"}), + expect: true, + }, } // Create the reconciler. @@ -334,6 +375,7 @@ func TestValidateSecretForReconcile(t *testing.T) { WithIndex(&gwapiv1.Gateway{}, secretGatewayIndex, secretGatewayIndexFunc). WithIndex(&egv1a1.SecurityPolicy{}, secretSecurityPolicyIndex, secretSecurityPolicyIndexFunc). WithIndex(&egv1a1.EnvoyProxy{}, secretEnvoyProxyIndex, secretEnvoyProxyIndexFunc). + WithIndex(&egv1a1.EnvoyExtensionPolicy{}, secretEnvoyExtensionPolicyIndex, secretEnvoyExtensionPolicyIndexFunc). Build() t.Run(tc.name, func(t *testing.T) { res := r.validateSecretForReconcile(tc.secret) diff --git a/internal/provider/kubernetes/routes.go b/internal/provider/kubernetes/routes.go index 32e2f470382..ad2638684cd 100644 --- a/internal/provider/kubernetes/routes.go +++ b/internal/provider/kubernetes/routes.go @@ -61,11 +61,11 @@ func (r *gatewayAPIReconciler) processTLSRoutes(ctx context.Context, gatewayName continue } - backendNamespace := gatewayapi.NamespaceDerefOrAlpha(backendRef.Namespace, tlsRoute.Namespace) + backendNamespace := gatewayapi.NamespaceDerefOr(backendRef.Namespace, tlsRoute.Namespace) resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ Group: backendRef.BackendObjectReference.Group, Kind: backendRef.BackendObjectReference.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Namespace: gatewayapi.NamespacePtr(backendNamespace), Name: backendRef.Name, }) @@ -144,7 +144,7 @@ func (r *gatewayAPIReconciler) processGRPCRoutes(ctx context.Context, gatewayNam resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ Group: backendRef.BackendObjectReference.Group, Kind: backendRef.BackendObjectReference.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Namespace: gatewayapi.NamespacePtr(backendNamespace), Name: backendRef.Name, }) @@ -279,7 +279,7 @@ func (r *gatewayAPIReconciler) processHTTPRoutes(ctx context.Context, gatewayNam resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ Group: backendRef.BackendObjectReference.Group, Kind: backendRef.BackendObjectReference.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Namespace: gatewayapi.NamespacePtr(backendNamespace), Name: backendRef.Name, }) @@ -346,7 +346,7 @@ func (r *gatewayAPIReconciler) processHTTPRoutes(ctx context.Context, gatewayNam resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ Group: mirrorBackendRef.BackendObjectReference.Group, Kind: mirrorBackendRef.BackendObjectReference.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Namespace: gatewayapi.NamespacePtr(backendNamespace), Name: mirrorBackendRef.Name, }) @@ -454,11 +454,11 @@ func (r *gatewayAPIReconciler) processTCPRoutes(ctx context.Context, gatewayName continue } - backendNamespace := gatewayapi.NamespaceDerefOrAlpha(backendRef.Namespace, tcpRoute.Namespace) + backendNamespace := gatewayapi.NamespaceDerefOr(backendRef.Namespace, tcpRoute.Namespace) resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ Group: backendRef.BackendObjectReference.Group, Kind: backendRef.BackendObjectReference.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Namespace: gatewayapi.NamespacePtr(backendNamespace), Name: backendRef.Name, }) @@ -533,11 +533,11 @@ func (r *gatewayAPIReconciler) processUDPRoutes(ctx context.Context, gatewayName continue } - backendNamespace := gatewayapi.NamespaceDerefOrAlpha(backendRef.Namespace, udpRoute.Namespace) + backendNamespace := gatewayapi.NamespaceDerefOr(backendRef.Namespace, udpRoute.Namespace) resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{ Group: backendRef.BackendObjectReference.Group, Kind: backendRef.BackendObjectReference.Kind, - Namespace: gatewayapi.NamespacePtrV1Alpha2(backendNamespace), + Namespace: gatewayapi.NamespacePtr(backendNamespace), Name: backendRef.Name, }) diff --git a/internal/wasm/cache.go b/internal/wasm/cache.go new file mode 100644 index 00000000000..8bd94508bdf --- /dev/null +++ b/internal/wasm/cache.go @@ -0,0 +1,495 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package wasm + +import ( + "bytes" + "context" + "crypto/sha256" + "encoding/hex" + "fmt" + "net/url" + "os" + "path/filepath" + "strconv" + "strings" + "sync" + "time" + + "github.com/google/go-containerregistry/pkg/name" + "k8s.io/apimachinery/pkg/util/sets" + + "github.com/envoyproxy/gateway/internal/logging" +) + +const ( + // oci URL prefix + ociURLPrefix = "oci://" + // sha256 scheme prefix + sha256SchemePrefix = "sha256:" +) + +// Cache models a Wasm module cache. +type Cache interface { + Get(downloadURL string, opts GetOptions) (url string, checksum string, err error) + Start(ctx context.Context) +} + +// localFileCache for downloaded Wasm modules. It stores the Wasm module as local files. +type localFileCache struct { + // Map from Wasm module key to cache entry. + modules map[moduleKey]*cacheEntry + // Map from downloading URL to checksum + checksums map[string]*checksumEntry + // http fetcher fetches Wasm module with HTTP get. + httpFetcher *HTTPFetcher + + // mux is needed because stale Wasm module files will be purged periodically. + mux sync.Mutex + + // option sets for configuring the cache. + CacheOptions + + // logger + logger logging.Logger +} + +func (c *localFileCache) Start(ctx context.Context) { + go c.purge(ctx) +} + +var _ Cache = &localFileCache{} + +type checksumEntry struct { + checksum string + // Keeps the resource version per each resource for dealing with multiple resources which pointing the same image. + resourceVersionByResource map[string]string +} + +// moduleKey is a unique identifier for a Wasm module consisting of the name and checksum. +type moduleKey struct { + // Identifier for the wasm module. + // If the wasm module is an HTTP URL, it is the original download URL. + // e.g. http://example.com/test.wasm + // If the wasm module is an OCI image, it should be the image name without tag or digest. + // e.g. oci://docker.io/test + name string + // sha256 checksum of the wasm file or the image. + // Note that the checksum is different from the checksum of the wasm file if + // the module is extracted from an OCI image. + checksum string +} + +type cacheKey struct { + moduleKey + // URL to download the wasm module. + // e.g. http://example.com/test.wasm or oci://docker.io/test:v1.0.0 + downloadURL string + // Resource name of the wasm module. This should be a fully-qualified name. + // e.g. "envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0" + resourceName string + // Resource version of EnvoyExtensionPolicy resource. Even though PullPolicy is Always, + // if there is no change of resource state, a cached entry is used instead of pulling newly. + resourceVersion string +} + +// cacheEntry contains information about a Wasm module cache entry. +type cacheEntry struct { + // File path to the downloaded wasm modules. + modulePath string + // Last time that this local Wasm module is referenced. + last time.Time + // set of URLs referencing this entry + referencingURLs sets.Set[string] + // isPrivate is true if the module is from a private registry. + isPrivate bool + // checksum is the sha256 checksum of the module. + // It is different from the checksum of the image if the module is from an OCI image. + checksum string + // size is the size of the module. + size int +} + +// newLocalFileCache create a new Wasm module cache which downloads and stores Wasm module files locally. +func newLocalFileCache(options CacheOptions, logger logging.Logger) *localFileCache { + options = options.sanitize() + cache := &localFileCache{ + httpFetcher: NewHTTPFetcher(options.HTTPRequestTimeout, options.HTTPRequestMaxRetries, logger), + modules: make(map[moduleKey]*cacheEntry), + checksums: make(map[string]*checksumEntry), + CacheOptions: options, + logger: logger, + } + + return cache +} + +func moduleNameFromURL(fullURLStr string) string { + if strings.HasPrefix(fullURLStr, ociURLPrefix) { + if tag, err := name.ParseReference(fullURLStr[len(ociURLPrefix):]); err == nil { + // remove tag or sha + return ociURLPrefix + tag.Context().Name() + } + } + return fullURLStr +} + +func getModulePath(baseDir string, mkey moduleKey) (string, error) { + // Use sha256 checksum as the name of the module. + sha := sha256.Sum256([]byte(mkey.name)) + hashedName := hex.EncodeToString(sha[:]) + moduleDir := filepath.Join(baseDir, hashedName) + if err := os.Mkdir(moduleDir, 0o755); err != nil && !os.IsExist(err) { + return "", err + } + return filepath.Join(moduleDir, fmt.Sprintf("%s.wasm", mkey.checksum)), nil +} + +// Get returns path the local Wasm module file and its checksum. +func (c *localFileCache) Get(downloadURL string, opts GetOptions) (localFile string, checksum string, err error) { + // If the checksum is not provided, try to extract it from the OCI image URL. + originalChecksum := opts.Checksum + if len(opts.Checksum) == 0 && strings.HasPrefix(downloadURL, ociURLPrefix) { + if d, err := name.NewDigest(downloadURL[len(ociURLPrefix):]); err == nil { + // If there is no checksum and the digest is suffixed in URL, use the digest. + dstr := d.DigestStr() + if strings.HasPrefix(dstr, sha256SchemePrefix) { + originalChecksum = dstr[len(sha256SchemePrefix):] + } + } + } + + // Construct Wasm cache key with downloading URL and provided checksum of the module. + key := cacheKey{ + downloadURL: downloadURL, + moduleKey: moduleKey{ + name: moduleNameFromURL(downloadURL), + checksum: originalChecksum, + }, + resourceName: opts.ResourceName, + resourceVersion: opts.ResourceVersion, + } + + entry, err := c.getOrFetch(key, opts) + if err != nil { + return "", "", err + } + + return entry.modulePath, entry.checksum, err +} + +func (c *localFileCache) getOrFetch(key cacheKey, opts GetOptions) (*cacheEntry, error) { + var ( + u *url.URL + insecure bool + isPrivate bool + err error + ) + + if u, err = url.Parse(key.downloadURL); err != nil { + return nil, fmt.Errorf("fail to parse Wasm module fetch url: %s, error: %w", key.downloadURL, err) + } + insecure = c.allowInsecure(u.Host) + + requestTimout := DefaultPullTimeout + if opts.RequestTimeout != 0 { + requestTimout = opts.RequestTimeout + } + ctx, cancel := context.WithTimeout(context.Background(), requestTimout) + defer cancel() + + // First check if the cache entry is already downloaded and policy does not require pulling always. + ce := c.getEntry(key, opts.PullPolicy, u) + if ce != nil { + // We still need to check if the pull secret is correct if it is a private OCI image. + if u.Scheme == "oci" && ce.isPrivate { + if err = c.checkPermission(ctx, u, insecure, opts); err != nil { + return nil, err + } + } + return ce, nil + } + + // Fetch the image now as it is not available in cache. + var ( + b []byte // Byte array of Wasm binary. + dChecksum string // Hex-Encoded sha256 checksum of binary. + imageBinaryFetcher func() ([]byte, error) + ) + + switch u.Scheme { + case "http", "https": + // Download the Wasm module with http fetcher. + b, err = c.httpFetcher.Fetch(ctx, key.downloadURL, insecure) + if err != nil { + wasmRemoteFetchCount.With(resultTag.Value(downloadFailure)).Increment() + return nil, err + } + + // Get sha256 checksum and check if it is the same as the provided one. + sha := sha256.Sum256(b) + dChecksum = hex.EncodeToString(sha[:]) + case "oci": + if opts.PullSecret != nil && len(opts.PullSecret) > 0 { + isPrivate = true + } + if imageBinaryFetcher, dChecksum, err = c.prepareFetch(ctx, u, insecure, opts); err != nil { + wasmRemoteFetchCount.With(resultTag.Value(manifestFailure)).Increment() + return nil, fmt.Errorf("could not fetch Wasm OCI image: %w", err) + } + default: + return nil, fmt.Errorf("unsupported Wasm module downloading URL scheme: %v", u.Scheme) + } + + // If the checksum is provided, check if it matches the downloaded binary. + if key.checksum != "" { + if dChecksum != key.checksum { + wasmRemoteFetchCount.With(resultTag.Value(checksumMismatch)).Increment() + return nil, fmt.Errorf("module downloaded from %v has checksum %v, which does not match: %v", key.downloadURL, dChecksum, key.checksum) + } + } else { + // Update the checksum with the one from the downloaded binary. + key.checksum = dChecksum + } + + if imageBinaryFetcher != nil { + b, err = imageBinaryFetcher() + if err != nil { + wasmRemoteFetchCount.With(resultTag.Value(downloadFailure)).Increment() + return nil, fmt.Errorf("could not fetch Wasm binary: %w", err) + } + } + + if !isValidWasmBinary(b) { + wasmRemoteFetchCount.With(resultTag.Value(fetchFailure)).Increment() + return nil, fmt.Errorf("fetched Wasm binary from %s is invalid", key.downloadURL) + } + + wasmRemoteFetchCount.With(resultTag.Value(fetchSuccess)).Increment() + return c.addEntry(key, b, isPrivate) +} + +func (c *localFileCache) checkPermission(ctx context.Context, u *url.URL, insecure bool, opts GetOptions) error { + // Try to get the image metadata to check if the pull secret is correct. + if _, _, err := c.prepareFetch(ctx, u, insecure, opts); err != nil { + return fmt.Errorf("failed to login to private registry: %w", err) + } + return nil +} + +// prepareFetch won't fetch the binary, but it will prepare the binaryFetcher and actualDigest. +func (c *localFileCache) prepareFetch( + ctx context.Context, url *url.URL, insecure bool, opts GetOptions) ( + binaryFetcher func() ([]byte, error), actualDigest string, err error, +) { + imgFetcherOps := ImageFetcherOption{ + Insecure: insecure, + } + if opts.PullSecret != nil && len(opts.PullSecret) > 0 { + imgFetcherOps.PullSecret = opts.PullSecret + } + fetcher := NewImageFetcher(ctx, imgFetcherOps, c.logger) + if binaryFetcher, actualDigest, err = fetcher.PrepareFetch(url.Host + url.Path); err != nil { + return nil, "", err + } + return binaryFetcher, actualDigest, nil +} + +func (c *localFileCache) updateChecksum(key cacheKey) { + ce := c.checksums[key.downloadURL] + if ce == nil { + ce = new(checksumEntry) + ce.resourceVersionByResource = make(map[string]string) + c.checksums[key.downloadURL] = ce + } + ce.checksum = key.checksum + ce.resourceVersionByResource[key.resourceName] = key.resourceVersion +} + +// addEntry adds a wasmModule to cache with cacheKey, writes the module to the local file system, +// and returns the created entry. +func (c *localFileCache) addEntry(key cacheKey, wasmModule []byte, isPrivate bool) (*cacheEntry, error) { + c.mux.Lock() + defer c.mux.Unlock() + + // Check if the cache size exceeds the limit. + if c.size()+len(wasmModule) > c.MaxCacheSize { + return nil, fmt.Errorf("wasm cache size exceeded the limit: %d", c.MaxCacheSize) + } + + c.updateChecksum(key) + + // Check if the module has already been added. If so, avoid writing the file again. + if ce, ok := c.modules[key.moduleKey]; ok { + // Update last touched time. + ce.last = time.Now() + ce.referencingURLs.Insert(key.downloadURL) + return ce, nil + } + + modulePath, err := getModulePath(c.CacheDir, key.moduleKey) + if err != nil { + return nil, err + } + // Materialize the Wasm module into a local file. Use checksum as name of the module. + if err := os.WriteFile(modulePath, wasmModule, 0o600); err != nil { + return nil, err + } + + // Calculate the checksum of the wasm module. It is different from the checksum of the image. + wasmChecksum := strings.ToLower(fmt.Sprintf("%x", sha256.Sum256(wasmModule))) + ce := cacheEntry{ + modulePath: modulePath, + last: time.Now(), + referencingURLs: sets.New[string](), + isPrivate: isPrivate, + checksum: wasmChecksum, + size: len(wasmModule), + } + ce.referencingURLs.Insert(key.downloadURL) + c.modules[key.moduleKey] = &ce + wasmCacheEntries.Record(float64(len(c.modules))) + return &ce, nil +} + +// getEntry finds a cached module, and returns the found cache entry and its checksum. +// If the module is not found in the cache, it returns nil. +// If the module is found in the cache, but the module needs to be re-pulled, it returns nil. +func (c *localFileCache) getEntry(key cacheKey, pullPolicy PullPolicy, u *url.URL) *cacheEntry { + cacheHit := false + + c.mux.Lock() + defer func() { + c.mux.Unlock() + wasmCacheLookupCount.With(hitTag.Value(strconv.FormatBool(cacheHit))).Increment() + }() + + // If no checksum is provided, check if a wasm module with the same downloading URL has been pulled before. + if len(key.checksum) == 0 { + // If an image with the same downloading URL was pulled before, there should be a checksum of the most recently pulled image. + if ce, found := c.checksums[key.downloadURL]; found { + // If it is an OCI image and the tag is "latest", default pull policy is Always. + // Otherwise, default pull policy is IfNotPresent. + if pullPolicy == Unspecified { + if u.Scheme == "oci" && strings.HasSuffix(u.Path, ":latest") { + pullPolicy = Always + } else { + pullPolicy = IfNotPresent + } + } + + // Check if we need to re-pull the wasm module. + needPull := true + switch pullPolicy { + case IfNotPresent: + needPull = false + case Always: + // If the resource version is not changed, use the cached wasm module. + // Otherwise, pull the new one from its original URL. + if key.resourceVersion == ce.resourceVersionByResource[key.resourceName] { + needPull = false + } + } + + // If we need to re-pull this wasm module, return nil. + if needPull { + return nil + } + + // If we don't need to pull the module again, return the cached module. + key.checksum = ce.checksum + existingModule := c.modules[key.moduleKey] + // Update last touched time. + existingModule.last = time.Now() + cacheHit = true + // Update the checksum map as the same downloading URL can be referenced + // by multiple EnvoyExtensionPolicy resources. + c.updateChecksum(key) + return existingModule + } + + // If no previous checksum is found, return nil. + return nil + } + + // If the checksum is provided, check if the module with the same checksum has been pulled before. + if existingModule, ok := c.modules[key.moduleKey]; ok { + // Update last touched time. + existingModule.last = time.Now() + cacheHit = true + // Update the checksum map as the same downloading URL can be referenced + // by multiple EnvoyExtensionPolicy resources. + c.updateChecksum(key) + return existingModule + } + return nil +} + +func (c *localFileCache) size() int { + cacheSize := 0 + for _, entry := range c.modules { + cacheSize += entry.size + } + return cacheSize +} + +// Purge periodically clean up the stale Wasm modules local file and the cache map. +func (c *localFileCache) purge(ctx context.Context) { + ticker := time.NewTicker(c.PurgeInterval) + defer ticker.Stop() + for { + select { + case <-ticker.C: + c.mux.Lock() + for k, m := range c.modules { + if !m.expired(c.ModuleExpiry) { + continue + } + // The module has not be touched for expiry duration, delete it from the map as well as the local dir. + if err := os.Remove(m.modulePath); err != nil { + c.logger.Error(err, "failed to purge Wasm module", "path", m.modulePath) + } else { + for downloadURL := range m.referencingURLs { + delete(c.checksums, downloadURL) + } + delete(c.modules, k) + c.logger.Info("successfully removed stale Wasm module", "path", m.modulePath) + } + } + wasmCacheEntries.Record(float64(len(c.modules))) + c.mux.Unlock() + case <-ctx.Done(): + return + } + } +} + +// Expired returns true if the module has not been touched for Wasm module Expiry. +func (ce *cacheEntry) expired(expiry time.Duration) bool { + now := time.Now() + return now.Sub(ce.last) > expiry +} + +var wasmMagicNumber = []byte{0x00, 0x61, 0x73, 0x6d} + +func isValidWasmBinary(in []byte) bool { + // Wasm file header is 8 bytes (magic number + version). + return len(in) >= 8 && bytes.Equal(in[:4], wasmMagicNumber) +} diff --git a/internal/wasm/cache_test.go b/internal/wasm/cache_test.go new file mode 100644 index 00000000000..ba40c0625d8 --- /dev/null +++ b/internal/wasm/cache_test.go @@ -0,0 +1,993 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package wasm + +import ( + "context" + "crypto/sha256" + "crypto/tls" + "encoding/hex" + "errors" + "fmt" + "net/http" + "net/http/httptest" + "net/url" + "os" + "path/filepath" + "strings" + "sync/atomic" + "testing" + "time" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "github.com/google/go-containerregistry/pkg/crane" + "github.com/google/go-containerregistry/pkg/registry" + "github.com/google/go-containerregistry/pkg/v1/empty" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/google/go-containerregistry/pkg/v1/types" + "k8s.io/apimachinery/pkg/util/sets" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" + "github.com/envoyproxy/gateway/internal/logging" +) + +const wasmTestData = "this is wasm plugin" + +// Wasm header = magic number (4 bytes) + Wasm spec version (4 bytes). +var wasmHeader = append(wasmMagicNumber, []byte{0x1, 0x00, 0x00, 0x00}...) + +func TestWasmCache(t *testing.T) { + // Setup http server. + tsNumRequest := int32(0) + + wasmData := wasmHeader + wasmData = append(wasmData, wasmTestData...) + invalidHTTPData := []byte("invalid binary") + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + atomic.AddInt32(&tsNumRequest, 1) + + switch r.URL.Path { + case "/different-url": + _, _ = w.Write(append(wasmData, []byte("different data")...)) + case "/invalid-wasm-header": + _, _ = w.Write(invalidHTTPData) + default: + _, _ = w.Write(wasmData) + } + })) + defer ts.Close() + wasmDataSha := sha256.Sum256(wasmData) + wasmDataCheckSum := hex.EncodeToString(wasmDataSha[:]) + invalidHTTPDataSha := sha256.Sum256(invalidHTTPData) + invalidHTTPDataCheckSum := hex.EncodeToString(invalidHTTPDataSha[:]) + + reg := registry.New() + // Set up a fake registry for OCI images. + tos := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + atomic.AddInt32(&tsNumRequest, 1) + reg.ServeHTTP(w, r) + })) + defer tos.Close() + ou, err := url.Parse(tos.URL) + if err != nil { + t.Fatal(err) + } + + dockerImageDigest, invalidOCIImageDigest := setupOCIRegistry(t, ou.Host) + + ociWasmFile := fmt.Sprintf("%s.wasm", dockerImageDigest) + ociURLWithTag := fmt.Sprintf("oci://%s/test/valid/docker:v0.1.0", ou.Host) + ociURLWithLatestTag := fmt.Sprintf("oci://%s/test/valid/docker:latest", ou.Host) + ociURLWithDigest := fmt.Sprintf("oci://%s/test/valid/docker@sha256:%s", ou.Host, dockerImageDigest) + + // Calculate cachehit sum. + cacheHitSha := sha256.Sum256([]byte("cachehit")) + cacheHitSum := hex.EncodeToString(cacheHitSha[:]) + + cases := []struct { + name string + initialCachedModules map[moduleKey]cacheEntry + initialCachedChecksums map[string]*checksumEntry + fetchURL string + purgeInterval time.Duration + wasmModuleExpiry time.Duration + checkPurgeTimeout time.Duration + getOptions GetOptions + wantCachedModules map[moduleKey]*cacheEntry + wantCachedChecksums map[string]*checksumEntry + wantFileName string + wantErrorMsgPrefix string + wantVisitServer bool + }{ + { + name: "cache miss", + initialCachedModules: map[moduleKey]cacheEntry{}, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ts.URL, + getOptions: GetOptions{ + Checksum: wasmDataCheckSum, + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: ts.URL, checksum: wasmDataCheckSum}: {modulePath: wasmDataCheckSum + ".wasm", checksum: wasmDataCheckSum, size: 27}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ts.URL: {checksum: wasmDataCheckSum, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: fmt.Sprintf("%s.wasm", wasmDataCheckSum), + wantVisitServer: true, + }, + { + name: "cache hit", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ts.URL), checksum: cacheHitSum}: {modulePath: "test.wasm"}, + }, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ts.URL, + getOptions: GetOptions{ + Checksum: cacheHitSum, + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: ts.URL, checksum: cacheHitSum}: {modulePath: "test.wasm"}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ts.URL: {checksum: cacheHitSum, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: "test.wasm", + wantVisitServer: false, + }, + { + name: "invalid scheme", + initialCachedModules: map[moduleKey]cacheEntry{}, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: "foo://abc", + getOptions: GetOptions{ + Checksum: wasmDataCheckSum, + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{}, + wantCachedChecksums: map[string]*checksumEntry{}, + wantFileName: fmt.Sprintf("%s.wasm", wasmDataCheckSum), + wantErrorMsgPrefix: "unsupported Wasm module downloading URL scheme: foo", + wantVisitServer: false, + }, + { + name: "download failure", + initialCachedModules: map[moduleKey]cacheEntry{}, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: "https://-invalid-url", + getOptions: GetOptions{ + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{}, + wantCachedChecksums: map[string]*checksumEntry{}, + wantErrorMsgPrefix: "wasm module download failed after 5 attempts, last error: Get \"https://-invalid-url\"", + wantVisitServer: false, + }, + { + name: "wrong checksum", + initialCachedModules: map[moduleKey]cacheEntry{}, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ts.URL, + getOptions: GetOptions{ + Checksum: "wrongchecksum\n", + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{}, + wantCachedChecksums: map[string]*checksumEntry{}, + wantErrorMsgPrefix: fmt.Sprintf("module downloaded from %v has checksum %s, which does not match", ts.URL, wasmDataCheckSum), + wantVisitServer: true, + }, + { + // this might be common error in user configuration, that url was updated, but not checksum. + // Test that downloading still proceeds and error returns. + name: "different url same checksum", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ts.URL), checksum: wasmDataCheckSum}: {modulePath: fmt.Sprintf("%s.wasm", wasmDataCheckSum)}, + }, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ts.URL + "/different-url", + getOptions: GetOptions{ + Checksum: wasmDataCheckSum, + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: ts.URL, checksum: wasmDataCheckSum}: {modulePath: wasmDataCheckSum + ".wasm"}, + }, + wantCachedChecksums: map[string]*checksumEntry{}, + wantErrorMsgPrefix: fmt.Sprintf("module downloaded from %v/different-url has checksum", ts.URL), + wantVisitServer: true, + }, + { + name: "invalid wasm header", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ts.URL), checksum: wasmDataCheckSum}: {modulePath: fmt.Sprintf("%s.wasm", wasmDataCheckSum)}, + }, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ts.URL + "/invalid-wasm-header", + getOptions: GetOptions{ + Checksum: invalidHTTPDataCheckSum, + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: ts.URL, checksum: wasmDataCheckSum}: {modulePath: wasmDataCheckSum + ".wasm"}, + }, + wantCachedChecksums: map[string]*checksumEntry{}, + wantErrorMsgPrefix: fmt.Sprintf("fetched Wasm binary from %s is invalid", ts.URL+"/invalid-wasm-header"), + wantVisitServer: true, + }, + { + name: "purge on expiry", + initialCachedModules: map[moduleKey]cacheEntry{}, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ts.URL, + purgeInterval: 1 * time.Millisecond, + wasmModuleExpiry: 1 * time.Millisecond, + checkPurgeTimeout: 5 * time.Second, + getOptions: GetOptions{ + Checksum: wasmDataCheckSum, + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{}, + wantCachedChecksums: map[string]*checksumEntry{}, + wantFileName: fmt.Sprintf("%s.wasm", wasmDataCheckSum), + wantVisitServer: true, + }, + { + name: "fetch oci without digest", + initialCachedModules: map[moduleKey]cacheEntry{}, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ociURLWithTag, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile, checksum: wasmDataCheckSum, size: 27}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: true, + }, + { + name: "fetch oci with digest", + initialCachedModules: map[moduleKey]cacheEntry{}, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ociURLWithTag, + getOptions: GetOptions{ + Checksum: dockerImageDigest, + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile, checksum: wasmDataCheckSum, size: 27}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: true, + }, + { + name: "cache hit for tagged oci url with digest", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ociURLWithTag, + getOptions: GetOptions{ + Checksum: dockerImageDigest, + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: false, + }, + { + name: "cache hit for tagged oci url without digest", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + initialCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: { + checksum: dockerImageDigest, + resourceVersionByResource: map[string]string{ + "namespace.resource": "123456", + }, + }, + }, + fetchURL: ociURLWithTag, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: false, + }, + { + name: "cache miss for tagged oci url without digest", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + initialCachedChecksums: map[string]*checksumEntry{}, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + }, + fetchURL: ociURLWithTag, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: true, + }, + { + name: "cache hit for oci url suffixed by digest", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ociURLWithDigest, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + // We don't need checksum for OCI images with digest, but we still store it to make the code simpler. + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithDigest: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: false, + }, + { + name: "pull due to pull-always policy when cache hit", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + initialCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: { + checksum: dockerImageDigest, + resourceVersionByResource: map[string]string{ + "namespace.resource": "123456", + }, + }, + }, + fetchURL: ociURLWithTag, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + PullPolicy: Always, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: true, + }, + { + name: "do not pull due to resourceVersion is the same", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + initialCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: { + checksum: dockerImageDigest, + resourceVersionByResource: map[string]string{ + "namespace.resource": "123456", + }, + }, + }, + fetchURL: ociURLWithTag, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "123456", + RequestTimeout: time.Second * 10, + PullPolicy: Always, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "123456"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: false, + }, + { + name: "pull due to if-not-present policy when cache hit", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + initialCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: { + checksum: dockerImageDigest, + resourceVersionByResource: map[string]string{ + "namespace.resource": "123456", + }, + }, + }, + fetchURL: ociURLWithTag, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + PullPolicy: IfNotPresent, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: false, + }, + { + name: "do not pull in spite of pull-always policy due to checksum", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + fetchURL: ociURLWithTag, + getOptions: GetOptions{ + Checksum: dockerImageDigest, + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + PullPolicy: Always, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: false, + }, + { + name: "pull due to latest tag", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithLatestTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + initialCachedChecksums: map[string]*checksumEntry{ + ociURLWithLatestTag: { + checksum: dockerImageDigest, + resourceVersionByResource: map[string]string{ + "namespace.resource": "123456", + }, + }, + }, + fetchURL: ociURLWithLatestTag, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + PullPolicy: Unspecified, // Default policy + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithLatestTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithLatestTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: true, + }, + { + name: "do not pull in spite of latest tag due to checksum", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithLatestTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + initialCachedChecksums: map[string]*checksumEntry{ + ociURLWithLatestTag: { + checksum: dockerImageDigest, + resourceVersionByResource: map[string]string{ + "namespace.resource": "123456", + }, + }, + }, + fetchURL: ociURLWithLatestTag, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + Checksum: dockerImageDigest, + PullPolicy: Unspecified, // Default policy + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithLatestTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithLatestTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: false, + }, + { + name: "do not pull in spite of latest tag due to IfNotPresent policy", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithLatestTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + initialCachedChecksums: map[string]*checksumEntry{ + ociURLWithLatestTag: { + checksum: dockerImageDigest, + resourceVersionByResource: map[string]string{ + "namespace.resource": "123456", + }, + }, + }, + fetchURL: ociURLWithLatestTag, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + PullPolicy: IfNotPresent, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithLatestTag), checksum: dockerImageDigest}: {modulePath: ociWasmFile}, + }, + wantCachedChecksums: map[string]*checksumEntry{ + ociURLWithLatestTag: {checksum: dockerImageDigest, resourceVersionByResource: map[string]string{"namespace.resource": "0"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: false, + }, + { + name: "purge OCI image on expiry", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag) + "-purged", checksum: dockerImageDigest}: { + modulePath: ociWasmFile, + referencingURLs: sets.New[string](ociURLWithTag), + }, + }, + initialCachedChecksums: map[string]*checksumEntry{ + ociURLWithTag: { + checksum: dockerImageDigest, + resourceVersionByResource: map[string]string{ + "namespace.resource": "123456", + }, + }, + "test-url": { + checksum: "test-checksum", + resourceVersionByResource: map[string]string{ + "namespace.resource2": "123456", + }, + }, + }, + fetchURL: ociURLWithDigest, + purgeInterval: 1 * time.Millisecond, + wasmModuleExpiry: 1 * time.Millisecond, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + }, + checkPurgeTimeout: 5 * time.Second, + wantCachedModules: map[moduleKey]*cacheEntry{}, + wantCachedChecksums: map[string]*checksumEntry{ + "test-url": {checksum: "test-checksum", resourceVersionByResource: map[string]string{"namespace.resource2": "123456"}}, + }, + wantFileName: ociWasmFile, + wantVisitServer: true, + }, + { + name: "fetch oci with wrong digest", + initialCachedModules: map[moduleKey]cacheEntry{}, + fetchURL: ociURLWithTag, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + RequestTimeout: time.Second * 10, + Checksum: "wrongdigest", + }, + wantCachedModules: map[moduleKey]*cacheEntry{}, + wantCachedChecksums: map[string]*checksumEntry{}, + wantErrorMsgPrefix: fmt.Sprintf( + "module downloaded from %v has checksum %v, which does not match:", fmt.Sprintf("oci://%s/test/valid/docker:v0.1.0", ou.Host), dockerImageDigest, + ), + wantVisitServer: true, + }, + { + name: "fetch invalid oci", + initialCachedModules: map[moduleKey]cacheEntry{}, + fetchURL: fmt.Sprintf("oci://%s/test/invalid", ou.Host), + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + Checksum: invalidOCIImageDigest, + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{}, + wantCachedChecksums: map[string]*checksumEntry{}, + wantErrorMsgPrefix: `could not fetch Wasm binary: the given image is in invalid format as an OCI image: 2 errors occurred: + * could not parse as compat variant: invalid media type application/vnd.oci.image.layer.v1.tar (expect application/vnd.oci.image.layer.v1.tar+gzip) + * could not parse as oci variant: number of layers must be 2 but got 1`, + wantVisitServer: true, + }, + { + name: "cache size limit", + initialCachedModules: map[moduleKey]cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: cacheHitSum}: {modulePath: "test.wasm", size: DefaultMaxCacheSize - 1}, + }, + initialCachedChecksums: map[string]*checksumEntry{}, + fetchURL: ts.URL, + getOptions: GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "0", + Checksum: wasmDataCheckSum, + RequestTimeout: time.Second * 10, + }, + wantCachedModules: map[moduleKey]*cacheEntry{ + {name: moduleNameFromURL(ociURLWithTag), checksum: cacheHitSum}: {modulePath: "test.wasm", size: DefaultMaxCacheSize - 1}, + }, + wantCachedChecksums: map[string]*checksumEntry{}, + wantErrorMsgPrefix: `wasm cache size exceeded the limit`, + wantVisitServer: true, + }, + } + + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + tmpDir := t.TempDir() + options := defaultCacheOptions() + options.CacheDir = tmpDir + if c.purgeInterval != 0 { + options.PurgeInterval = c.purgeInterval + } + if c.wasmModuleExpiry != 0 { + options.ModuleExpiry = c.wasmModuleExpiry + } + cache := newLocalFileCache(options, logging.DefaultLogger(egv1a1.LogLevelInfo)) + cache.httpFetcher.initialBackoff = time.Microsecond + ctx, cancel := context.WithTimeout(context.Background(), time.Second*60) + cache.Start(ctx) + defer cancel() + + var cacheHitKey *moduleKey + initTime := time.Now() + cache.mux.Lock() + for k, m := range c.initialCachedModules { + filePath := generateModulePath(t, tmpDir, k.name, m.modulePath) + err := os.WriteFile(filePath, []byte("data/\n"), 0o600) + if err != nil { + t.Fatalf("failed to write initial wasm module file %v", err) + } + mkey := moduleKey{name: k.name, checksum: k.checksum} + + cache.modules[mkey] = &cacheEntry{modulePath: filePath, last: initTime, size: m.size} + if m.referencingURLs != nil { + cache.modules[mkey].referencingURLs = m.referencingURLs.Clone() + } else { + cache.modules[mkey].referencingURLs = sets.New[string]() + } + + if moduleNameFromURL(c.fetchURL) == k.name && c.getOptions.Checksum == k.checksum { + cacheHitKey = &mkey + } + } + + for k, m := range c.initialCachedChecksums { + cache.checksums[k] = m + } + + // put the tmp dir into the module path. + for k, m := range c.wantCachedModules { + c.wantCachedModules[k].modulePath = generateModulePath(t, tmpDir, k.name, m.modulePath) + } + cache.mux.Unlock() + + atomic.StoreInt32(&tsNumRequest, 0) + if c.getOptions.PullSecret == nil { + c.getOptions.PullSecret = []byte{} + } + gotFilePath, _, gotErr := cache.Get(c.fetchURL, c.getOptions) + serverVisited := atomic.LoadInt32(&tsNumRequest) > 0 + + if c.checkPurgeTimeout > 0 { + moduleDeleted := false + for start := time.Now(); time.Since(start) < c.checkPurgeTimeout; { + fileCount := 0 + err = filepath.Walk(tmpDir, + func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if !info.IsDir() { + fileCount++ + } + return nil + }) + // Check existence of module files. files should be deleted before timing out. + if err == nil && fileCount == 0 { + moduleDeleted = true + break + } + } + + if !moduleDeleted { + t.Fatalf("Wasm modules are not purged before purge timeout") + } + } + + cache.mux.Lock() + if cacheHitKey != nil { + if entry, ok := cache.modules[*cacheHitKey]; ok && entry.last == initTime { + t.Errorf("Wasm module cache entry's last access time not updated after get operation, key: %v", *cacheHitKey) + } + } + + if diff := cmp.Diff(c.wantCachedModules, cache.modules, + cmpopts.IgnoreFields(cacheEntry{}, "last", "referencingURLs"), + cmp.AllowUnexported(cacheEntry{}), + ); diff != "" { + t.Errorf("unexpected module cache: (-want, +got)\n%v", diff) + } + + if diff := cmp.Diff(c.wantCachedChecksums, cache.checksums, + cmp.AllowUnexported(checksumEntry{}), + ); diff != "" { + t.Errorf("unexpected checksums: (-want, +got)\n%v", diff) + } + + cache.mux.Unlock() + + wantFilePath := generateModulePath(t, tmpDir, moduleNameFromURL(c.fetchURL), c.wantFileName) + if c.wantErrorMsgPrefix != "" { + if gotErr == nil { + t.Errorf("Wasm module cache lookup got no error, want error prefix `%v`", c.wantErrorMsgPrefix) + } else if !strings.Contains(gotErr.Error(), c.wantErrorMsgPrefix) { + t.Errorf("Wasm module cache lookup got error `%v`, want error prefix `%v`", gotErr, c.wantErrorMsgPrefix) + } + } else if gotFilePath != wantFilePath { + t.Errorf("Wasm module local file path got %v, want %v", gotFilePath, wantFilePath) + if gotErr != nil { + t.Errorf("got unexpected error %v", gotErr) + } + } + if c.wantVisitServer != serverVisited { + t.Errorf("test wasm binary server encountered the unexpected visiting status got %v, want %v", serverVisited, c.wantVisitServer) + } + }) + } +} + +func setupOCIRegistry(t *testing.T, host string) (dockerImageDigest, invalidOCIImageDigest string) { + // Push *compat* variant docker image (others are well tested in imagefetcher's test and the behavior is consistent). + ref := fmt.Sprintf("%s/test/valid/docker:v0.1.0", host) + binary := wasmHeader + binary = append(binary, wasmTestData...) + transport := remote.DefaultTransport.(*http.Transport).Clone() + transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} // nolint: gosec // test only code + fetchOpt := crane.WithTransport(transport) + + // Create docker layer. + l, err := newMockLayer(types.DockerLayer, + map[string][]byte{"plugin.wasm": binary}) + if err != nil { + t.Fatal(err) + } + img, err := mutate.Append(empty.Image, mutate.Addendum{Layer: l}) + if err != nil { + t.Fatal(err) + } + + // Set manifest type. + manifest, err := img.Manifest() + if err != nil { + t.Fatal(err) + } + manifest.MediaType = types.DockerManifestSchema2 + + // Push image to the registry. + err = crane.Push(img, ref, fetchOpt) + if err != nil { + t.Fatal(err) + } + + // Push image to the registry with latest tag as well + ref = fmt.Sprintf("%s/test/valid/docker:latest", host) + err = crane.Push(img, ref, fetchOpt) + if err != nil { + t.Fatal(err) + } + + // Calculate sum + d, _ := img.Digest() + dockerImageDigest = d.Hex + + // Finally push the invalid image. + ref = fmt.Sprintf("%s/test/invalid", host) + l, err = newMockLayer(types.OCIUncompressedLayer, map[string][]byte{"not-wasm.txt": []byte("a")}) + if err != nil { + t.Fatal(err) + } + img2, err := mutate.Append(empty.Image, mutate.Addendum{Layer: l}) + if err != nil { + t.Fatal(err) + } + + // Set manifest type so it will pass the docker parsing branch. + img2 = mutate.MediaType(img2, types.OCIManifestSchema1) + + d, _ = img2.Digest() + invalidOCIImageDigest = d.Hex + + // Push image to the registry. + err = crane.Push(img2, ref, fetchOpt) + if err != nil { + t.Fatal(err) + } + return +} + +func TestWasmCachePolicyChangesUsingHTTP(t *testing.T) { + tmpDir := t.TempDir() + options := defaultCacheOptions() + options.CacheDir = tmpDir + cache := newLocalFileCache(options, logging.DefaultLogger(egv1a1.LogLevelInfo)) + ctx, cancel := context.WithTimeout(context.Background(), time.Second*60) + cache.Start(ctx) + defer cancel() + + gotNumRequest := 0 + binary1 := wasmHeader + binary1 = append(binary1, 1) + binary2 := wasmHeader + binary2 = append(binary2, 2) + + // Create a test server which returns 0 for the first two calls, and returns 1 for the following calls. + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if gotNumRequest <= 1 { + _, _ = w.Write(binary1) + } else { + _, _ = w.Write(binary2) + } + gotNumRequest++ + })) + defer ts.Close() + url1 := ts.URL + url2 := ts.URL + "/next" + wantFilePath1 := generateModulePath(t, tmpDir, url1, fmt.Sprintf("%x.wasm", sha256.Sum256(binary1))) + wantFilePath2 := generateModulePath(t, tmpDir, url2, fmt.Sprintf("%x.wasm", sha256.Sum256(binary2))) + var defaultPullPolicy PullPolicy + + testWasmGet := func(downloadURL string, policy PullPolicy, resourceVersion string, wantFilePath string, wantNumRequest int) { + t.Helper() + gotFilePath, _, err := cache.Get(downloadURL, GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: resourceVersion, + RequestTimeout: time.Second * 10, + PullSecret: []byte{}, + PullPolicy: policy, + }) + if err != nil { + t.Fatalf("failed to download Wasm module: %v", err) + } + if gotFilePath != wantFilePath { + t.Fatalf("wasm download path got %v want %v", gotFilePath, wantFilePath) + } + if gotNumRequest != wantNumRequest { + t.Fatalf("wasm download call got %v want %v", gotNumRequest, wantNumRequest) + } + } + + // 1st time: Initially load the binary1. + testWasmGet(url1, defaultPullPolicy, "1", wantFilePath1, 1) + // 2nd time: Should not pull the binary and use the cache because defaultPullPolicy is IfNotPresent + testWasmGet(url1, defaultPullPolicy, "2", wantFilePath1, 1) + // 3rd time: Should not pull the binary because the policy is IfNotPresent + testWasmGet(url1, IfNotPresent, "3", wantFilePath1, 1) + // 4th time: Should not pull the binary because the resource version is not changed + testWasmGet(url1, Always, "3", wantFilePath1, 1) + // 5th time: Should pull the binary because the resource version is changed. + testWasmGet(url1, Always, "4", wantFilePath1, 2) + // 6th time: Should pull the binary because URL is changed. + testWasmGet(url2, Always, "4", wantFilePath2, 3) +} + +func TestAllInsecureServer(t *testing.T) { + tmpDir := t.TempDir() + options := defaultCacheOptions() + options.CacheDir = tmpDir + options.InsecureRegistries = sets.New[string]("*") + cache := newLocalFileCache(options, logging.DefaultLogger(egv1a1.LogLevelInfo)) + ctx, cancel := context.WithTimeout(context.Background(), time.Second*60) + cache.Start(ctx) + defer cancel() + + // Set up a fake registry for OCI images with TLS Server + // Without "insecure" option, this should cause an error. + tos := httptest.NewTLSServer(registry.New()) + defer tos.Close() + ou, err := url.Parse(tos.URL) + if err != nil { + t.Fatal(err) + } + + dockerImageDigest, _ := setupOCIRegistry(t, ou.Host) + ociURLWithTag := fmt.Sprintf("oci://%s/test/valid/docker:v0.1.0", ou.Host) + var defaultPullPolicy PullPolicy + + gotFilePath, _, err := cache.Get(ociURLWithTag, GetOptions{ + ResourceName: "namespace.resource", + ResourceVersion: "123456", + RequestTimeout: time.Second * 10, + PullSecret: []byte{}, + PullPolicy: defaultPullPolicy, + }) + if err != nil { + t.Fatalf("failed to download Wasm module: %v", err) + } + + wantFilePath := generateModulePath(t, tmpDir, moduleNameFromURL(ociURLWithTag), fmt.Sprintf("%s.wasm", dockerImageDigest)) + if gotFilePath != wantFilePath { + t.Errorf("Wasm module local file path got %v, want %v", gotFilePath, wantFilePath) + } +} + +func generateModulePath(t *testing.T, baseDir, resourceName, filename string) string { + t.Helper() + sha := sha256.Sum256([]byte(resourceName)) + moduleDir := filepath.Join(baseDir, hex.EncodeToString(sha[:])) + if _, err := os.Stat(moduleDir); errors.Is(err, os.ErrNotExist) { + err := os.Mkdir(moduleDir, 0o755) + if err != nil { + t.Fatalf("failed to create module dir %s: %v", moduleDir, err) + } + } + return filepath.Join(moduleDir, filename) +} diff --git a/internal/wasm/httpfetcher.go b/internal/wasm/httpfetcher.go new file mode 100644 index 00000000000..6850ef9974b --- /dev/null +++ b/internal/wasm/httpfetcher.go @@ -0,0 +1,224 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package wasm + +import ( + "archive/tar" + "bytes" + "compress/gzip" + "context" + "crypto/tls" + "fmt" + "io" + "net/http" + "time" + + "github.com/cenkalti/backoff/v4" + + "github.com/envoyproxy/gateway/internal/logging" +) + +// Default values for ExponentialBackOff. +const ( + defaultInitialInterval = 500 * time.Millisecond + defaultMaxInterval = 60 * time.Second + maxWasmSize = 1024 * 1024 * 256 +) + +var ( + // Referred to https://en.wikipedia.org/wiki/Tar_(computing)#UStar_format + tarMagicNumber = []byte{0x75, 0x73, 0x74, 0x61, 0x72} + // Referred to https://en.wikipedia.org/wiki/Gzip#File_format + gzMagicNumber = []byte{0x1f, 0x8b} +) + +// HTTPFetcher fetches remote wasm module with HTTP get. +type HTTPFetcher struct { + client *http.Client + insecureClient *http.Client + initialBackoff time.Duration + requestMaxRetry int + logger logging.Logger +} + +// NewHTTPFetcher create a new HTTP remote wasm module fetcher. +// requestTimeout is a timeout for each HTTP/HTTPS request. +// requestMaxRetry is # of maximum retries of HTTP/HTTPS requests. +func NewHTTPFetcher(requestTimeout time.Duration, requestMaxRetry int, logger logging.Logger) *HTTPFetcher { + if requestTimeout == 0 { + requestTimeout = 5 * time.Second + } + transport := http.DefaultTransport.(*http.Transport).Clone() + // nolint: gosec + // This is only when a user explicitly sets a flag to enable insecure mode + transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} + return &HTTPFetcher{ + client: &http.Client{ + Timeout: requestTimeout, + }, + insecureClient: &http.Client{ + Timeout: requestTimeout, + Transport: transport, + }, + initialBackoff: time.Millisecond * 500, + requestMaxRetry: requestMaxRetry, + logger: logger, + } +} + +// Fetch downloads a wasm module with HTTP get. +func (f *HTTPFetcher) Fetch(ctx context.Context, url string, allowInsecure bool) ([]byte, error) { + c := f.client + if allowInsecure { + c = f.insecureClient + } + attempts := 0 + b := backoff.NewExponentialBackOff() + b.InitialInterval = defaultInitialInterval + b.MaxInterval = defaultMaxInterval + b.InitialInterval = f.initialBackoff + + var lastError error + for attempts < f.requestMaxRetry { + attempts++ + req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) + if err != nil { + f.logger.Info("wasm module download request failed", "error", err) + return nil, err + } + resp, err := c.Do(req) + if err != nil { + lastError = err + f.logger.Info("wasm module download request failed", "error", err) + if ctx.Err() != nil { + // If there is context timeout, exit this loop. + return nil, fmt.Errorf("wasm module download failed after %v attempts, last error: %w", attempts, lastError) + } + time.Sleep(b.NextBackOff()) + continue + } + if resp.StatusCode == http.StatusOK { + // Limit wasm module to 256mb; in reality, it must be much smaller + body, err := io.ReadAll(io.LimitReader(resp.Body, maxWasmSize)) + if err != nil { + return nil, err + } + err = resp.Body.Close() + if err != nil { + f.logger.Info("wasm server connection is not closed", "error", err) + } + return unboxIfPossible(body), err + } + lastError = fmt.Errorf("wasm module download request failed: status code %v", resp.StatusCode) + if retryable(resp.StatusCode) { + // Limit wasm module to 256mb; in reality it must be much smaller + body, err := io.ReadAll(io.LimitReader(resp.Body, maxWasmSize)) + if err != nil { + return nil, err + } + f.logger.Info("wasm module download failed", "status code", resp.StatusCode, "body", string(body)) + err = resp.Body.Close() + if err != nil { + f.logger.Info("wasm server connection is not closed", "error", err) + } + time.Sleep(b.NextBackOff()) + continue + } + err = resp.Body.Close() + if err != nil { + f.logger.Info("wasm server connection is not closed", "error", err) + } + break + } + return nil, fmt.Errorf("wasm module download failed after %v attempts, last error: %w", attempts, lastError) +} + +func retryable(code int) bool { + return code >= 500 && + !(code == http.StatusNotImplemented || + code == http.StatusHTTPVersionNotSupported || + code == http.StatusNetworkAuthenticationRequired) +} + +func isPosixTar(b []byte) bool { + return len(b) > 262 && bytes.Equal(b[257:262], tarMagicNumber) +} + +// wasm plugin should be the only file in the tarball. +func getFirstFileFromTar(b []byte) []byte { + buf := bytes.NewBuffer(b) + + // Limit wasm module to 256mb; in reality it must be much smaller + tr := tar.NewReader(io.LimitReader(buf, maxWasmSize)) + + h, err := tr.Next() + if err != nil { + return nil + } + + ret := make([]byte, h.Size) + _, err = io.ReadFull(tr, ret) + if err != nil { + return nil + } + return ret +} + +func isGZ(b []byte) bool { + return len(b) > 2 && bytes.Equal(b[:2], gzMagicNumber) +} + +func getFileFromGZ(b []byte) []byte { + buf := bytes.NewBuffer(b) + + zr, err := gzip.NewReader(buf) + if err != nil { + return nil + } + + ret, err := io.ReadAll(zr) + if err != nil { + return nil + } + return ret +} + +// Just do the best effort. +// If an error is encountered, just return the original bytes. +// Errors will be handled upper layers. +func unboxIfPossible(origin []byte) []byte { + b := origin + for { + switch { + case isValidWasmBinary(b): + return b + case isGZ(b): + if b = getFileFromGZ(b); b == nil { + return origin + } + case isPosixTar(b): + if b = getFirstFileFromTar(b); b == nil { + return origin + } + default: + return origin + } + } +} diff --git a/internal/wasm/httpfetcher_test.go b/internal/wasm/httpfetcher_test.go new file mode 100644 index 00000000000..a6ba760b188 --- /dev/null +++ b/internal/wasm/httpfetcher_test.go @@ -0,0 +1,277 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package wasm + +import ( + "archive/tar" + "bytes" + "compress/gzip" + "context" + "fmt" + "net/http" + "net/http/httptest" + "regexp" + "strings" + "testing" + "time" + + "github.com/google/go-cmp/cmp" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" + "github.com/envoyproxy/gateway/internal/logging" +) + +func TestWasmHTTPFetch(t *testing.T) { + var ts *httptest.Server + + cases := []struct { + name string + handler func(http.ResponseWriter, *http.Request, int) + timeout time.Duration + wantNumRequest int + wantErrorRegex string + }{ + { + name: "download ok", + handler: func(w http.ResponseWriter, r *http.Request, num int) { + fmt.Fprintln(w, "wasm") + }, + timeout: 10 * time.Second, + wantNumRequest: 1, + }, + { + name: "download retry", + handler: func(w http.ResponseWriter, r *http.Request, num int) { + if num <= 2 { + w.WriteHeader(http.StatusInternalServerError) + } else { + fmt.Fprintln(w, "wasm") + } + }, + timeout: 10 * time.Second, + wantNumRequest: 4, + }, + { + name: "download max retry", + handler: func(w http.ResponseWriter, r *http.Request, num int) { + w.WriteHeader(http.StatusInternalServerError) + }, + timeout: 10 * time.Second, + wantNumRequest: 5, + wantErrorRegex: "wasm module download failed after 5 attempts, last error: wasm module download request failed: status code 500", + }, + { + name: "download is never tried by immediate context timeout", + handler: func(w http.ResponseWriter, r *http.Request, num int) { + w.WriteHeader(http.StatusInternalServerError) + }, + timeout: 0, // Immediately timeout in the context level. + wantNumRequest: 0, // Should not retried because it is already timed out. + wantErrorRegex: "wasm module download failed after 1 attempts, last error: Get \"[^\"]+\": context deadline exceeded", + }, + } + + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + gotNumRequest := 0 + wantWasmModule := "wasm\n" + ts = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + c.handler(w, r, gotNumRequest) + gotNumRequest++ + })) + defer ts.Close() + fetcher := NewHTTPFetcher(DefaultHTTPRequestTimeout, DefaultHTTPRequestMaxRetries, logging.DefaultLogger(egv1a1.LogLevelInfo)) + fetcher.initialBackoff = time.Microsecond + ctx, cancel := context.WithTimeout(context.Background(), c.timeout) + defer cancel() + b, err := fetcher.Fetch(ctx, ts.URL, false) + if c.wantNumRequest != gotNumRequest { + t.Errorf("Wasm download request got %v, want %v", gotNumRequest, c.wantNumRequest) + } + if c.wantErrorRegex != "" { + if err == nil { + t.Errorf("Wasm download got no error, want error regex `%v`", c.wantErrorRegex) + } else if matched, regexErr := regexp.MatchString(c.wantErrorRegex, err.Error()); regexErr != nil || !matched { + t.Errorf("Wasm download got error `%v`, want error regex `%v`", err, c.wantErrorRegex) + } + } else if string(b) != wantWasmModule { + t.Errorf("downloaded wasm module got %v, want wasm", string(b)) + } + }) + } +} + +func TestWasmHTTPInsecureServer(t *testing.T) { + var ts *httptest.Server + + cases := []struct { + name string + handler func(http.ResponseWriter, *http.Request, int) + insecure bool + wantNumRequest int + wantErrorSuffix string + }{ + { + name: "download fail", + handler: func(w http.ResponseWriter, r *http.Request, num int) { + fmt.Fprintln(w, "wasm") + }, + insecure: false, + wantErrorSuffix: "x509: certificate signed by unknown authority", + wantNumRequest: 0, + }, + { + name: "download ok", + handler: func(w http.ResponseWriter, r *http.Request, num int) { + fmt.Fprintln(w, "wasm") + }, + insecure: true, + wantNumRequest: 1, + }, + } + + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + gotNumRequest := 0 + wantWasmModule := "wasm\n" + ts = httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + c.handler(w, r, gotNumRequest) + gotNumRequest++ + })) + defer ts.Close() + fetcher := NewHTTPFetcher(DefaultHTTPRequestTimeout, DefaultHTTPRequestMaxRetries, logging.DefaultLogger(egv1a1.LogLevelInfo)) + fetcher.initialBackoff = time.Microsecond + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + b, err := fetcher.Fetch(ctx, ts.URL, c.insecure) + if c.wantNumRequest != gotNumRequest { + t.Errorf("Wasm download request got %v, want %v", gotNumRequest, c.wantNumRequest) + } + if c.wantErrorSuffix != "" { + if err == nil { + t.Errorf("Wasm download got no error, want error suffix `%v`", c.wantErrorSuffix) + } else if !strings.HasSuffix(err.Error(), c.wantErrorSuffix) { + t.Errorf("Wasm download got error `%v`, want error suffix `%v`", err, c.wantErrorSuffix) + } + } else if string(b) != wantWasmModule { + t.Errorf("downloaded wasm module got %v, want wasm", string(b)) + } + }) + } +} + +func createTar(t *testing.T, b []byte) []byte { + t.Helper() + var buf bytes.Buffer + tw := tar.NewWriter(&buf) + hdr := &tar.Header{ + Name: "plugin.wasm", + Mode: 0o600, + Size: int64(len(b)), + } + if err := tw.WriteHeader(hdr); err != nil { + t.Fatal(err) + } + if _, err := tw.Write(b); err != nil { + t.Fatal(err) + } + if err := tw.Close(); err != nil { + t.Fatal(err) + } + return buf.Bytes() +} + +func createGZ(t *testing.T, b []byte) []byte { + t.Helper() + var buf bytes.Buffer + zw := gzip.NewWriter(&buf) + if _, err := zw.Write(b); err != nil { + t.Fatal(err) + } + + if err := zw.Close(); err != nil { + t.Fatal(err) + } + + return buf.Bytes() +} + +func TestWasmHTTPFetchCompressedOrTarFile(t *testing.T) { + wasmBinary := wasmMagicNumber + wasmBinary = append(wasmBinary, 0x00, 0x00, 0x00, 0x00) + tarball := createTar(t, wasmBinary) + gz := createGZ(t, wasmBinary) + gzTarball := createGZ(t, tarball) + cases := []struct { + name string + handler func(http.ResponseWriter, *http.Request, int) + }{ + { + name: "plain wasm binary", + handler: func(w http.ResponseWriter, r *http.Request, num int) { + _, _ = w.Write(wasmBinary) + }, + }, + { + name: "tarball of wasm binary", + handler: func(w http.ResponseWriter, r *http.Request, num int) { + _, _ = w.Write(tarball) + }, + }, + { + name: "gzipped wasm binary", + handler: func(w http.ResponseWriter, r *http.Request, num int) { + _, _ = w.Write(gz) + }, + }, + { + name: "gzipped tarball of wasm binary", + handler: func(w http.ResponseWriter, r *http.Request, num int) { + _, _ = w.Write(gzTarball) + }, + }, + } + + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + gotNumRequest := 0 + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + c.handler(w, r, gotNumRequest) + gotNumRequest++ + })) + defer ts.Close() + fetcher := NewHTTPFetcher(DefaultHTTPRequestTimeout, DefaultHTTPRequestMaxRetries, logging.DefaultLogger(egv1a1.LogLevelInfo)) + fetcher.initialBackoff = time.Microsecond + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + b, err := fetcher.Fetch(ctx, ts.URL, false) + if err != nil { + t.Errorf("Wasm download got an unexpected error: %v", err) + } + + if diff := cmp.Diff(wasmBinary, b); diff != "" { + if len(diff) > 500 { + diff = diff[:500] + } + t.Errorf("unexpected binary: (-want, +got)\n%v", diff) + } + }) + } +} diff --git a/internal/wasm/httpserver.go b/internal/wasm/httpserver.go new file mode 100644 index 00000000000..9b1d0b32c90 --- /dev/null +++ b/internal/wasm/httpserver.go @@ -0,0 +1,247 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package wasm + +import ( + "context" + "crypto/sha256" + "crypto/tls" + "encoding/base64" + "fmt" + "net/http" + "strings" + "sync" + "time" + + "github.com/envoyproxy/gateway/internal/logging" +) + +const ( + serverHost = "envoy-gateway" + serverPort = 18002 + defaultMaxFailedAttempts = 10 + defaultAttemptsResetInterval = 5 * time.Minute + defaultAttemptResetDelay = 1 * time.Hour +) + +var _ Cache = &HTTPServer{} + +type SeverOptions struct { + // Salt is used as a hash salt to generate an unguessable path for the Wasm module. + Salt []byte + // TLSConfig is the TLS configuration for the HTTP server. + TLSConfig *tls.Config + MaxFailedAttempts int + FailedAttemptsResetInterval time.Duration + FailedAttemptResetDelay time.Duration +} + +// setDefault sets the default values for the server options if they are not set. +func (o *SeverOptions) setDefault() { + if o.MaxFailedAttempts == 0 { + o.MaxFailedAttempts = defaultMaxFailedAttempts + } + if o.FailedAttemptsResetInterval == 0 { + o.FailedAttemptsResetInterval = defaultAttemptsResetInterval + } + if o.FailedAttemptResetDelay == 0 { + o.FailedAttemptResetDelay = defaultAttemptResetDelay + } +} + +// HTTPServer wraps a local file cache and serves the Wasm modules over HTTP. +type HTTPServer struct { + SeverOptions + sync.Mutex + // map from the mapping path to the wasm file path in the local cache. + // The mapping path is a generated unguessable path to prevent unauthorized users + // from accessing the Wasm module using EnvoyPatchPolicy. Unless the user is + // an admin who can dump the configuration of the Envoy proxy, the mapping path + // is not exposed to the user. + mappingPath2Cache map[string]wasmModuleEntry + // map from the original URL to the number of failed attempts to download the Wasm module. + // If the number of failed attempts exceeds the maximum number of attempts, we will not + // try to download the Wasm module again for attemptResetDelay. This is used + // to prevent the cache from being flooded by failed requests. + failedAttempts map[string]attemptEntry + // local file cache + cache Cache + // HTTP server to serve the Wasm modules to the Envoy Proxies. + server *http.Server + // logger + logger logging.Logger +} + +type attemptEntry struct { + fails int + last time.Time + delay time.Duration +} + +func (a *attemptEntry) expired() bool { + return time.Since(a.last) > a.delay +} + +type wasmModuleEntry struct { + name string + originalURL string + localFile string +} + +// NewHTTPServerWithFileCache creates a HTTP server with a local file cache for Wasm modules. +// The local file cache is used to store the Wasm modules downloaded from the original URL. +// The HTTP server serves the cached Wasm modules over HTTP to the Envoy Proxies. +func NewHTTPServerWithFileCache(serverOptions SeverOptions, cacheOptions CacheOptions, logger logging.Logger) *HTTPServer { + logger = logger.WithName("wasm-cache") + serverOptions.setDefault() + return &HTTPServer{ + SeverOptions: serverOptions, + mappingPath2Cache: make(map[string]wasmModuleEntry), + failedAttempts: make(map[string]attemptEntry), + cache: newLocalFileCache(cacheOptions, logger), + logger: logger, + } +} + +func (s *HTTPServer) Start(ctx context.Context) { + s.logger.Info(fmt.Sprintf("Listening on :%d", serverPort)) + + handler := http.NewServeMux() + handler.Handle("/", s) + + s.server = &http.Server{ + Addr: fmt.Sprintf(":%d", serverPort), + Handler: handler, + TLSConfig: s.TLSConfig, + ReadHeaderTimeout: 15 * time.Second, + } + + var err error + go func() { + if s.enableTLS() { + err = s.server.ListenAndServeTLS("", "") + } else { + err = s.server.ListenAndServe() + } + if err != nil { + s.logger.Error(err, "Failed to start Wasm HTTP server") + return + } + }() + s.cache.Start(ctx) + go s.resetFailedAttempts(ctx) +} + +func (s *HTTPServer) ServeHTTP(w http.ResponseWriter, r *http.Request) { + s.logger.Sugar().Debugw("Received wasm request", "path", r.URL.Path) + + path := strings.TrimPrefix(r.URL.Path, "/") + if entry, ok := s.mappingPath2Cache[path]; ok { + http.ServeFile(w, r, entry.localFile) + } else { + w.WriteHeader(http.StatusNotFound) + } +} + +// Get returns the HTTP URL of the Wasm module serving by the EG HTTP Wasm server +// and the checksum of the Wasm module. +// EG downloads the Wasm module from its original URL, caches it locally in the +// file system, and serves it through an HTTP server. +func (s *HTTPServer) Get(originalURL string, opts GetOptions) (servingURL string, checksum string, err error) { + var ( + mappingPath string + localFile string + ) + + s.Lock() + defer s.Unlock() + attempt, attempted := s.failedAttempts[originalURL] + + if attempted && attempt.fails > s.MaxFailedAttempts { + err = fmt.Errorf("failed to get Wasm module %s after %d attempts", originalURL, s.MaxFailedAttempts) + s.logger.Error(err, "") + return "", "", err + } + + // Get the local file path of the cached Wasm module. + // Even it's already cached, the file cache may still download the Wasm module + // again if it is expired or it needs to be updated. + if localFile, checksum, err = s.cache.Get(originalURL, opts); err != nil { + s.logger.Error(err, "Failed to get Wasm module", "URL", originalURL) + attempt, attempted = s.failedAttempts[originalURL] + if !attempted { + attempt = attemptEntry{fails: 0, last: time.Now(), delay: s.FailedAttemptResetDelay} + } + attempt.fails++ + attempt.last = time.Now() + s.failedAttempts[originalURL] = attempt + return "", "", err + } + delete(s.failedAttempts, originalURL) + + // Generate a new path with the hash of the original url and a salt to + // make the URL unpredictable. + // The unguessable path is used to prevent unauthorized users from accessing + // an unauthorized private Wasm module. + mappingPath = generateUnguessablePath(originalURL, s.Salt) + s.mappingPath2Cache[mappingPath] = wasmModuleEntry{ + name: opts.ResourceName, + originalURL: originalURL, + localFile: localFile, + } + + entry := s.mappingPath2Cache[mappingPath] + entry.localFile = localFile + s.mappingPath2Cache[mappingPath] = entry + + scheme := "http" + if s.enableTLS() { + scheme = "https" + } + servingURL = fmt.Sprintf("%s://%s:%d/%s", scheme, serverHost, serverPort, mappingPath) + return servingURL, checksum, nil +} + +// Generate an unguessable downloading path for a Wasm module. +func generateUnguessablePath(originalURL string, salt []byte) string { + saltedData := []byte(originalURL) + saltedData = append(saltedData, salt...) + hash := sha256.Sum256(saltedData) + return fmt.Sprintf("%s.wasm", base64.URLEncoding.EncodeToString(hash[:])) +} + +func (s *HTTPServer) close() { + if s != nil { + _ = s.server.Close() + } +} + +func (s *HTTPServer) enableTLS() bool { + return s.TLSConfig != nil +} + +// resetFailedAttempts resets the failed attempts. +// After reset, the cache will try to download the failed Wasm module again the +// next time it is requested. +func (s *HTTPServer) resetFailedAttempts(ctx context.Context) { + ticker := time.NewTicker(s.FailedAttemptsResetInterval) + defer ticker.Stop() + for { + select { + case <-ticker.C: + s.Lock() + for k, m := range s.failedAttempts { + if m.expired() { + s.logger.Info("Reset failed attempts", "URL", k) + delete(s.failedAttempts, k) + } + } + s.Unlock() + case <-ctx.Done(): + return + } + } +} diff --git a/internal/wasm/httpserver_test.go b/internal/wasm/httpserver_test.go new file mode 100644 index 00000000000..0f054ea8416 --- /dev/null +++ b/internal/wasm/httpserver_test.go @@ -0,0 +1,368 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package wasm + +import ( + "context" + "fmt" + "net" + "net/http" + "net/http/httptest" + "net/url" + "strings" + "testing" + "time" + + "github.com/google/go-containerregistry/pkg/crane" + "github.com/google/go-containerregistry/pkg/registry" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/empty" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/types" + "github.com/stretchr/testify/require" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" + "github.com/envoyproxy/gateway/internal/logging" +) + +const ( + validWasmModule = "valid.wasm" + nonExistingWasmModule = "non-existing.wasm" + resourceName = "envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0" +) + +func Test_httpServerWithOCIImage(t *testing.T) { + var ( + registryURL *url.URL + err error + ) + + // Set up a fake registry. + r := httptest.NewServer(registry.New()) + defer r.Close() + + if registryURL, err = url.Parse(r.URL); err != nil { + t.Fatal(err) + } + if err = setupFakeRegistry(registryURL.Host); err != nil { + t.Fatal(err) + } + + t.Run("get wasm module from EG HTTP server", func(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + var ( + server *HTTPServer + client = newHTTPClient() + resp *http.Response + servingURL string + ) + + if server, err = startLocalHTTPServer( + ctx, + t.TempDir(), + defaultMaxFailedAttempts, + defaultAttemptResetDelay, + defaultAttemptsResetInterval); err != nil { + t.Fatal(err) + } + defer server.close() + + // Call server.Get() to initialize the local file cache. + servingURL, _, err = server.Get( + fmt.Sprintf("oci://%s/%s", registryURL.Host, validWasmModule), + GetOptions{ + ResourceName: resourceName, + RequestTimeout: time.Second * 1000, + }) + require.NoError(t, err) + + // Get wasm module from the EG HTTP server. + t.Logf("Get wasm module from the EG HTTP server: %s", servingURL) + resp, err = client.Get(servingURL) + _ = resp.Body.Close() + require.Equal(t, http.StatusOK, resp.StatusCode) + + // Call server.Get() again to get the serving URL for the same wasm module. + // The serving URL should be the same as the previous one. + servingURL1, _, err := server.Get( + fmt.Sprintf("oci://%s/%s", registryURL.Host, validWasmModule), + GetOptions{ + ResourceName: resourceName, + RequestTimeout: time.Second * 1000, + }) + require.NoError(t, err) + require.Equal(t, servingURL, servingURL1) + + // Get wasm module from the EG HTTP server. + t.Logf("Get wasm module from the EG HTTP server: %s", servingURL1) + resp, err = client.Get(servingURL1) + require.NoError(t, err) + _ = resp.Body.Close() + require.Equal(t, http.StatusOK, resp.StatusCode) + }) + + t.Run("get non-existing wasm module from EG HTTP server", func(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + var server *HTTPServer + + if server, err = startLocalHTTPServer( + ctx, + t.TempDir(), + defaultMaxFailedAttempts, + defaultAttemptResetDelay, + defaultAttemptsResetInterval); err != nil { + t.Fatal(err) + } + defer server.close() + + // Initialize the local cache. + _, _, err = server.Get(fmt.Sprintf("oci://%s/%s", registryURL.Host, nonExistingWasmModule), + GetOptions{ + ResourceName: resourceName, + RequestTimeout: time.Second * 10, + }) + if err == nil || !strings.Contains(err.Error(), "Unknown name") { + t.Errorf("Get() error = %v, expect error contains 'Unknown name'", err) + } + }) +} + +func Test_httpServerWithHTTP(t *testing.T) { + var ( + fakeServerURL string + err error + ) + + // Set up a fake HTTP server. + httpData := append([]byte{}, wasmHeader...) + httpData = append(httpData, []byte("data")...) + r := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path == fmt.Sprintf("/%s", validWasmModule) { + _, _ = w.Write(httpData) + } else { + w.WriteHeader(http.StatusNotFound) + } + })) + fakeServerURL = r.URL + defer r.Close() + + t.Run("get wasm module from EG HTTP server", func(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + var ( + server *HTTPServer + client = newHTTPClient() + resp *http.Response + servingURL string + ) + + if server, err = startLocalHTTPServer( + ctx, + t.TempDir(), + defaultMaxFailedAttempts, + defaultAttemptResetDelay, + defaultAttemptsResetInterval); err != nil { + t.Fatal(err) + } + defer server.close() + + getOptions := GetOptions{ + ResourceName: resourceName, + RequestTimeout: time.Second * 10, + } + + // Call server.Get() to initialize the local file cache. + servingURL, _, err = server.Get(fmt.Sprintf("%s/%s", fakeServerURL, validWasmModule), getOptions) + require.NoError(t, err) + + // Get wasm module from the EG HTTP server. + t.Logf("Get wasm module from the EG HTTP server: %s", servingURL) + resp, err = client.Get(servingURL) + require.Equal(t, http.StatusOK, resp.StatusCode) + _ = resp.Body.Close() + + // Call server.Get() again to get the serving URL for the same wasm module. + // The serving URL should be the same as the previous one. + servingURL1, _, err := server.Get(fmt.Sprintf("%s/%s", fakeServerURL, validWasmModule), getOptions) + require.NoError(t, err) + require.Equal(t, servingURL, servingURL1) + + // Get wasm module from the EG HTTP server. + t.Logf("Get wasm module from the EG HTTP server: %s", servingURL1) + resp, err = client.Get(servingURL1) + require.NoError(t, err) + require.Equal(t, http.StatusOK, resp.StatusCode) + _ = resp.Body.Close() + }) + + t.Run("get non-existing wasm module from EG HTTP server", func(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + var server *HTTPServer + + if server, err = startLocalHTTPServer( + ctx, + t.TempDir(), + defaultMaxFailedAttempts, + defaultAttemptResetDelay, + defaultAttemptsResetInterval); err != nil { + t.Fatal(err) + } + defer server.close() + + // Initialize the local cache. + _, _, err = server.Get(fmt.Sprintf("%s/%s", fakeServerURL, nonExistingWasmModule), GetOptions{ + ResourceName: resourceName, + RequestTimeout: time.Second * 10, + }) + if err == nil || !strings.Contains(err.Error(), "404") { + t.Errorf("Get() error = %v, expect error contains 'Unknown name'", err) + } + }) +} + +func Test_httpServerFailedAttempt(t *testing.T) { + var ( + registryURL *url.URL + err error + ) + + // Set up a fake registry. + r := httptest.NewServer(registry.New()) + defer r.Close() + + if registryURL, err = url.Parse(r.URL); err != nil { + t.Fatal(err) + } + if err = setupFakeRegistry(registryURL.Host); err != nil { + t.Fatal(err) + } + + t.Run("failed attempts exceed the max", func(t *testing.T) { + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + var ( + server *HTTPServer + maxFailedAttempts = 5 + attemptResetDelay = time.Millisecond * 200 + attemptsResetInterval = time.Millisecond * 100 + ) + + if server, err = startLocalHTTPServer( + ctx, + t.TempDir(), + maxFailedAttempts, + attemptResetDelay, + attemptsResetInterval); err != nil { + t.Fatal(err) + } + defer server.close() + + // The 6th Get() should return an error immediately because the max failed attempts is 5. + for i := 0; i <= 6; i++ { + _, _, err = server.Get( + fmt.Sprintf("oci://%s/%s", registryURL.Host, nonExistingWasmModule), + GetOptions{ + ResourceName: resourceName, + RequestTimeout: time.Second * 1000, + }) + } + require.ErrorContains(t, err, "after 5 attempts") + + // The 7th Get() should return a normal error because the failed attempts have been reset. + err = nil + for i := 0; i < 3; i++ { + time.Sleep(300 * time.Millisecond) + _, _, err = server.Get( + fmt.Sprintf("oci://%s/%s", registryURL.Host, nonExistingWasmModule), + GetOptions{ + ResourceName: resourceName, + RequestTimeout: time.Second * 1000, + }) + if err != nil { + break + } + } + require.ErrorContains(t, err, "Unknown name") + }) +} + +func setupFakeRegistry(host string) error { + var ( + l v1.Layer + img v1.Image + err error + ) + + ref := fmt.Sprintf("%s/%s", host, validWasmModule) + binary := wasmHeader + binary = append(binary, []byte("this is wasm plugin")...) + + // Create OCI compressed layer. + if l, err = newMockLayer(types.OCILayer, map[string][]byte{"plugin.wasm": binary}); err != nil { + return err + } + + if img, err = mutate.Append(empty.Image, mutate.Addendum{Layer: l}); err != nil { + return err + } + + img = mutate.MediaType(img, types.OCIManifestSchema1) + + // Push image to the registry. + if err = crane.Push(img, ref); err != nil { + return err + } + return nil +} + +func startLocalHTTPServer(ctx context.Context, cacheDir string, maxFailedAttempts int, failedAttemptResetDelay, failedAttemptsResetInterval time.Duration) (*HTTPServer, error) { + logger := logging.DefaultLogger(egv1a1.LogLevelInfo) + s := NewHTTPServerWithFileCache( + SeverOptions{ + Salt: []byte("salt"), + MaxFailedAttempts: maxFailedAttempts, + FailedAttemptResetDelay: failedAttemptResetDelay, + FailedAttemptsResetInterval: failedAttemptsResetInterval, + }, + CacheOptions{ + CacheDir: cacheDir, + }, logger) + go s.Start(ctx) + + // Wait for the server to start + var ( + retries = 10 + response *http.Response + err error + ) + for i := 0; i < retries; i++ { + if response, err = http.Get(fmt.Sprintf("http://127.0.0.1:%d", serverPort)); err == nil { + _ = response.Body.Close() + break + } + time.Sleep(200 * time.Millisecond) + } + return s, err +} + +func newHTTPClient() *http.Client { + return &http.Client{ + Transport: &http.Transport{ + DialContext: func(ctx context.Context, network, _ string) (net.Conn, error) { + d := net.Dialer{} + return d.DialContext(ctx, network, fmt.Sprintf("127.0.0.1:%d", serverPort)) + }, + }, + } +} diff --git a/internal/wasm/imagefetcher.go b/internal/wasm/imagefetcher.go new file mode 100644 index 00000000000..5c97ad5f4a4 --- /dev/null +++ b/internal/wasm/imagefetcher.go @@ -0,0 +1,377 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package wasm + +import ( + "archive/tar" + "bytes" + "compress/gzip" + "context" + "crypto/tls" + "errors" + "fmt" + "io" + "net/http" + "path/filepath" + "strings" + + "github.com/docker/cli/cli/config/configfile" + dtypes "github.com/docker/cli/cli/config/types" + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/google/go-containerregistry/pkg/v1/types" + "github.com/hashicorp/go-multierror" + + "github.com/envoyproxy/gateway/internal/logging" +) + +// This file implements the fetcher of "Wasm Image Specification" compatible container images. +// The spec is here https://github.com/solo-io/wasm/blob/master/spec/README.md. +// Basically, this supports fetching and unpackaging three types of container images containing a Wasm binary. + +type ImageFetcherOption struct { + PullSecret []byte + Insecure bool +} + +func (o *ImageFetcherOption) useAnonymous() bool { + return o.PullSecret == nil || len(o.PullSecret) == 0 +} + +func (o *ImageFetcherOption) String() string { + if o.PullSecret == nil { + return fmt.Sprintf("{Insecure: %v}", o.Insecure) + } + return fmt.Sprintf("{Insecure: %v, PullSecret: }", o.Insecure) +} + +type ImageFetcher struct { + fetchOpts []remote.Option + logger logging.Logger +} + +func NewImageFetcher(ctx context.Context, opt ImageFetcherOption, logger logging.Logger) *ImageFetcher { + fetchOpts := make([]remote.Option, 0, 2) + if opt.useAnonymous() { + // Use anonymous auth if no pull secret is provided. + fetchOpts = append(fetchOpts, remote.WithAuth(authn.Anonymous)) + } else { + fetchOpts = append(fetchOpts, remote.WithAuthFromKeychain(&wasmKeyChain{data: opt.PullSecret})) + } + + if opt.Insecure { + t := remote.DefaultTransport.(*http.Transport).Clone() + // nolint: gosec + // This is only when a user explicitly sets a flag to enable insecure mode + t.TLSClientConfig = &tls.Config{ + InsecureSkipVerify: opt.Insecure, + } + fetchOpts = append(fetchOpts, remote.WithTransport(t)) + } + + return &ImageFetcher{ + fetchOpts: append(fetchOpts, remote.WithContext(ctx)), + logger: logger, + } +} + +// PrepareFetch is the entrypoint for fetching Wasm binary from Wasm Image Specification compatible images. +// Wasm binary is not fetched immediately, but returned by `binaryFetcher` function, which is returned by PrepareFetch. +// By this way, we can have another chance to check cache with `actualDigest` without downloading the OCI image. +func (o *ImageFetcher) PrepareFetch(url string) (binaryFetcher func() ([]byte, error), actualDigest string, err error) { + ref, err := name.ParseReference(url) + if err != nil { + err = fmt.Errorf("could not parse url in image reference: %w", err) + return + } + o.logger.Info("fetching image", "image", ref.Context().RepositoryStr(), + "registry", ref.Context().RegistryStr(), "tag", ref.Identifier()) + + // fallback to http based request, inspired by [helm](https://github.com/helm/helm/blob/12f1bc0acdeb675a8c50a78462ed3917fb7b2e37/pkg/registry/client.go#L594) + // only deal with https fallback instead of attributing all other type of errors to URL parsing error + desc, err := remote.Get(ref, o.fetchOpts...) + if err != nil && strings.Contains(err.Error(), "server gave HTTP response") { + o.logger.Info("fetching image with plain text", "url", url) + ref, err = name.ParseReference(url, name.Insecure) + if err == nil { + desc, err = remote.Get(ref, o.fetchOpts...) + } + } + + if err != nil { + err = fmt.Errorf("could not fetch manifest: %w", err) + return + } + + // Fetch image. + img, err := desc.Image() + if err != nil { + err = fmt.Errorf("could not fetch image: %w", err) + return + } + + // Check Manifest's digest if expManifestDigest is not empty. + d, _ := img.Digest() + actualDigest = d.Hex + binaryFetcher = func() ([]byte, error) { + manifest, err := img.Manifest() + if err != nil { + return nil, fmt.Errorf("could not retrieve manifest: %w", err) + } + + if manifest.MediaType == types.DockerManifestSchema2 { + // This case, assume we have docker images with "application/vnd.docker.distribution.manifest.v2+json" + // as the manifest media type. Note that the media type of manifest is Docker specific and + // all OCI images would have an empty string in .MediaType field. + ret, err := extractDockerImage(img) + if err != nil { + return nil, fmt.Errorf("could not extract Wasm file from the image as Docker container %w", err) + } + return ret, nil + } + + // We try to parse it as the "compat" variant image with a single "application/vnd.oci.image.layer.v1.tar+gzip" layer. + ret, errCompat := extractOCIStandardImage(img) + if errCompat == nil { + return ret, nil + } + + // Otherwise, we try to parse it as the *oci* variant image with custom artifact media types. + ret, errOCI := extractOCIArtifactImage(img) + if errOCI == nil { + return ret, nil + } + + // We failed to parse the image in any format, so wrap the errors and return. + return nil, fmt.Errorf("the given image is in invalid format as an OCI image: %w", + multierror.Append(err, + fmt.Errorf("could not parse as compat variant: %w", errCompat), + fmt.Errorf("could not parse as oci variant: %w", errOCI), + ), + ) + } + return +} + +// extractDockerImage extracts the Wasm binary from the +// *compat* variant Wasm image with the standard Docker media type: application/vnd.docker.image.rootfs.diff.tar.gzip. +// https://github.com/solo-io/wasm/blob/master/spec/spec-compat.md#specification +func extractDockerImage(img v1.Image) ([]byte, error) { + layers, err := img.Layers() + if err != nil { + return nil, fmt.Errorf("could not fetch layers: %w", err) + } + + // The image must have at least one layer. + if len(layers) == 0 { + return nil, errors.New("number of layers must be greater than zero") + } + + layer := layers[len(layers)-1] + mt, err := layer.MediaType() + if err != nil { + return nil, fmt.Errorf("could not get media type: %w", err) + } + + // Media type must be application/vnd.docker.image.rootfs.diff.tar.gzip. + if mt != types.DockerLayer { + return nil, fmt.Errorf("invalid media type %s (expect %s)", mt, types.DockerLayer) + } + + r, err := layer.Compressed() + if err != nil { + return nil, fmt.Errorf("could not get layer content: %w", err) + } + defer r.Close() + + ret, err := extractWasmPluginBinary(r) + if err != nil { + return nil, fmt.Errorf("could not extract wasm binary: %w", err) + } + return ret, nil +} + +// extractOCIStandardImage extracts the Wasm binary from the +// *compat* variant Wasm image with the standard OCI media type: application/vnd.oci.image.layer.v1.tar+gzip. +// https://github.com/solo-io/wasm/blob/master/spec/spec-compat.md#specification +func extractOCIStandardImage(img v1.Image) ([]byte, error) { + layers, err := img.Layers() + if err != nil { + return nil, fmt.Errorf("could not fetch layers: %w", err) + } + + // The image must have at least one layer. + if len(layers) == 0 { + return nil, fmt.Errorf("number of layers must be greater than zero") + } + + layer := layers[len(layers)-1] + mt, err := layer.MediaType() + if err != nil { + return nil, fmt.Errorf("could not get media type: %w", err) + } + + // Check if the layer is "application/vnd.oci.image.layer.v1.tar+gzip". + if types.OCILayer != mt { + return nil, fmt.Errorf("invalid media type %s (expect %s)", mt, types.OCILayer) + } + + r, err := layer.Compressed() + if err != nil { + return nil, fmt.Errorf("could not get layer content: %w", err) + } + defer r.Close() + + ret, err := extractWasmPluginBinary(r) + if err != nil { + return nil, fmt.Errorf("could not extract wasm binary: %w", err) + } + return ret, nil +} + +// Extracts the Wasm plugin binary named "plugin.wasm" in a given reader for tar.gz. +// This is only used for *compat* variant. +func extractWasmPluginBinary(r io.Reader) ([]byte, error) { + gr, err := gzip.NewReader(r) + if err != nil { + return nil, fmt.Errorf("failed to parse layer as tar.gz: %w", err) + } + + // The target file name for Wasm binary. + // https://github.com/solo-io/wasm/blob/master/spec/spec-compat.md#specification + const wasmPluginFileName = "plugin.wasm" + + // Search for the file walking through the archive. + + // Limit wasm binary to 256mb; in reality it must be much smaller + tr := tar.NewReader(io.LimitReader(gr, maxWasmSize)) + for { + h, err := tr.Next() + if err == io.EOF { + break + } else if err != nil { + return nil, err + } + + ret := make([]byte, h.Size) + if filepath.Base(h.Name) == wasmPluginFileName { + _, err := io.ReadFull(tr, ret) + if err != nil { + return nil, fmt.Errorf("failed to read %s: %w", wasmPluginFileName, err) + } + return ret, nil + } + } + return nil, fmt.Errorf("%s not found in the archive", wasmPluginFileName) +} + +// extractOCIArtifactImage extracts the Wasm binary from the +// *oci* variant Wasm image: https://github.com/solo-io/wasm/blob/master/spec/spec.md#format +func extractOCIArtifactImage(img v1.Image) ([]byte, error) { + layers, err := img.Layers() + if err != nil { + return nil, fmt.Errorf("could not fetch layers: %w", err) + } + + // The image must be two-layered. + if len(layers) != 2 { + return nil, fmt.Errorf("number of layers must be 2 but got %d", len(layers)) + } + + // The layer type of the Wasm binary itself in *oci* variant. + const wasmLayerMediaType = "application/vnd.module.wasm.content.layer.v1+wasm" + + // Find the target layer walking through the layers. + var layer v1.Layer + for _, l := range layers { + mt, err := l.MediaType() + if err != nil { + return nil, fmt.Errorf("could not retrieve the media type: %w", err) + } + if mt == wasmLayerMediaType { + layer = l + break + } + } + + if layer == nil { + return nil, fmt.Errorf("could not find the layer of type %s", wasmLayerMediaType) + } + + // Somehow go-containerregistry recognizes custom artifact layers as compressed ones, + // while the Solo's Wasm layer is actually uncompressed and therefore + // the content itself is a raw Wasm binary. So using "Uncompressed()" here result in errors + // since internally it tries to umcompress it as gzipped blob. + r, err := layer.Compressed() + if err != nil { + return nil, fmt.Errorf("could not get layer content: %w", err) + } + defer r.Close() + + // Just read it since the content is already a raw Wasm binary as mentioned above. + ret, err := io.ReadAll(r) + if err != nil { + return nil, fmt.Errorf("could not extract wasm binary: %w", err) + } + return ret, nil +} + +type wasmKeyChain struct { + data []byte +} + +// Resolve an image reference to a credential. +// The function code is borrowed from https://github.com/google/go-containerregistry/blob/v0.8.0/pkg/authn/keychain.go#L65, +// by making it take dockerconfigjson directly as bytes instead of reading from files. +func (k *wasmKeyChain) Resolve(target authn.Resource) (authn.Authenticator, error) { + if bytes.Equal(k.data, []byte("null")) { + // Filter out key chain with content "null" to prevent crash at underlying docker library. + // Remove this check when https://github.com/docker/cli/pull/3434 is merged. + return nil, fmt.Errorf("") + } + reader := bytes.NewReader(k.data) + cf := configfile.ConfigFile{} + if err := cf.LoadFromReader(reader); err != nil { + return nil, err + } + key := target.RegistryStr() + if key == name.DefaultRegistry { + key = authn.DefaultAuthKey + } + cfg, err := cf.GetAuthConfig(key) + if err != nil { + return nil, err + } + + empty := dtypes.AuthConfig{} + if cfg == empty { + return authn.Anonymous, nil + } + authConfig := authn.AuthConfig{ + Username: cfg.Username, + Password: cfg.Password, + Auth: cfg.Auth, + IdentityToken: cfg.IdentityToken, + RegistryToken: cfg.RegistryToken, + } + return authn.FromConfig(authConfig), nil +} diff --git a/internal/wasm/imagefetcher_test.go b/internal/wasm/imagefetcher_test.go new file mode 100644 index 00000000000..833680e3955 --- /dev/null +++ b/internal/wasm/imagefetcher_test.go @@ -0,0 +1,636 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package wasm + +import ( + "archive/tar" + "bytes" + "compress/gzip" + "crypto/sha256" + "encoding/base64" + "encoding/hex" + "fmt" + "io" + "net/http/httptest" + "net/url" + "reflect" + "strings" + "testing" + + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/crane" + "github.com/google/go-containerregistry/pkg/name" + "github.com/google/go-containerregistry/pkg/registry" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/empty" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/partial" + "github.com/google/go-containerregistry/pkg/v1/random" + "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/google/go-containerregistry/pkg/v1/types" +) + +func TestImageFetcherOption_useAnonymous(t *testing.T) { + cases := []struct { + name string + opt ImageFetcherOption + exp bool + }{ + {name: "anonymous", exp: true}, + {name: "use secret config", opt: ImageFetcherOption{PullSecret: []byte("secret")}}, + {name: "missing secret", opt: ImageFetcherOption{}, exp: true}, + } + for _, c := range cases { + t.Run(c.name, func(t *testing.T) { + actual := c.opt.useAnonymous() + if actual != c.exp { + t.Errorf("anonymous got %v want %v", actual, c.exp) + } + }) + } +} + +func TestImageFetcher_Fetch(t *testing.T) { + // Fetcher with anonymous auth. + fetcher := ImageFetcher{fetchOpts: []remote.Option{remote.WithAuth(authn.Anonymous)}} + + // Set up a fake registry. + s := httptest.NewServer(registry.New()) + defer s.Close() + u, err := url.Parse(s.URL) + if err != nil { + t.Fatal(err) + } + + t.Run("docker image", func(t *testing.T) { + ref := fmt.Sprintf("%s/test/valid/docker", u.Host) + exp := "this is wasm plugin" + + // Create docker layer. + l, err := newMockLayer(types.DockerLayer, + map[string][]byte{"plugin.wasm": []byte(exp)}) + if err != nil { + t.Fatal(err) + } + img, err := mutate.Append(empty.Image, mutate.Addendum{Layer: l}) + if err != nil { + t.Fatal(err) + } + + // Set manifest type. + manifest, err := img.Manifest() + if err != nil { + t.Fatal(err) + } + manifest.MediaType = types.DockerManifestSchema2 + + // Push image to the registry. + err = crane.Push(img, ref) + if err != nil { + t.Fatal(err) + } + + // Fetch docker image with digest + d, err := img.Digest() + if err != nil { + t.Fatal(err) + } + + // Fetch OCI image. + binaryFetcher, actualDiget, err := fetcher.PrepareFetch(ref) + if err != nil { + t.Fatal(err) + } + actual, err := binaryFetcher() + if err != nil { + t.Fatal(err) + } + if string(actual) != exp { + t.Errorf("ImageFetcher.binaryFetcher got %s, but want '%s'", string(actual), exp) + } + if actualDiget != d.Hex { + t.Errorf("ImageFetcher.binaryFetcher got digest %s, but want '%s'", actualDiget, d.Hex) + } + }) + + t.Run("OCI standard", func(t *testing.T) { + ref := fmt.Sprintf("%s/test/valid/oci_standard", u.Host) + exp := "this is wasm plugin" + + // Create OCI compressed layer. + l, err := newMockLayer(types.OCILayer, + map[string][]byte{"plugin.wasm": []byte(exp)}) + if err != nil { + t.Fatal(err) + } + img, err := mutate.Append(empty.Image, mutate.Addendum{Layer: l}) + if err != nil { + t.Fatal(err) + } + img = mutate.MediaType(img, types.OCIManifestSchema1) + + // Push image to the registry. + err = crane.Push(img, ref) + if err != nil { + t.Fatal(err) + } + + // Fetch OCI image with digest + d, err := img.Digest() + if err != nil { + t.Fatal(err) + } + + // Fetch OCI image. + binaryFetcher, actualDiget, err := fetcher.PrepareFetch(ref) + if err != nil { + t.Fatal(err) + } + actual, err := binaryFetcher() + if err != nil { + t.Fatal(err) + } + if string(actual) != exp { + t.Errorf("ImageFetcher.binaryFetcher got %s, but want '%s'", string(actual), exp) + } + if actualDiget != d.Hex { + t.Errorf("ImageFetcher.binaryFetcher got digest %s, but want '%s'", actualDiget, d.Hex) + } + }) + + t.Run("OCI artifact", func(t *testing.T) { + ref := fmt.Sprintf("%s/test/valid/oci_artifact", u.Host) + + // Create the image with custom media types. + wasmLayer, err := random.Layer(1000, "application/vnd.module.wasm.content.layer.v1+wasm") + if err != nil { + t.Fatal(err) + } + configLayer, err := random.Layer(1000, "application/vnd.module.wasm.config.v1+json") + if err != nil { + t.Fatal(err) + } + img, err := mutate.Append(empty.Image, mutate.Addendum{Layer: wasmLayer}, mutate.Addendum{Layer: configLayer}) + if err != nil { + t.Fatal(err) + } + img = mutate.MediaType(img, types.OCIManifestSchema1) + + // Push image to the registry. + err = crane.Push(img, ref) + if err != nil { + t.Fatal(err) + } + + // Retrieve the wanted image content. + wantReader, err := wasmLayer.Compressed() + if err != nil { + t.Fatal(err) + } + defer wantReader.Close() + + want, err := io.ReadAll(wantReader) + if err != nil { + t.Fatal(err) + } + + // Fetch OCI image with digest + d, err := img.Digest() + if err != nil { + t.Fatal(err) + } + + // Fetch OCI image. + binaryFetcher, actualDiget, err := fetcher.PrepareFetch(ref) + if err != nil { + t.Fatal(err) + } + actual, err := binaryFetcher() + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(actual, want) { + t.Errorf("ImageFetcher.binaryFetcher got %s, but want '%s'", string(actual), string(want)) + } + if actualDiget != d.Hex { + t.Errorf("ImageFetcher.binaryFetcher got digest %s, but want '%s'", actualDiget, d.Hex) + } + }) + + t.Run("invalid image", func(t *testing.T) { + ref := fmt.Sprintf("%s/test/invalid", u.Host) + + l, err := newMockLayer(types.OCIUncompressedLayer, map[string][]byte{"not-wasm.txt": []byte("a")}) + if err != nil { + t.Fatal(err) + } + img, err := mutate.Append(empty.Image, mutate.Addendum{Layer: l}) + if err != nil { + t.Fatal(err) + } + img = mutate.MediaType(img, types.OCIManifestSchema1) + + // Push image to the registry. + err = crane.Push(img, ref) + if err != nil { + t.Fatal(err) + } + + // Try to fetch. + binaryFetcher, _, err := fetcher.PrepareFetch(ref) + if err != nil { + t.Fatal(err) + } + actual, err := binaryFetcher() + if actual != nil { + t.Errorf("ImageFetcher.binaryFetcher got %s, but want nil", string(actual)) + } + + expErr := `the given image is in invalid format as an OCI image: 2 errors occurred: + * could not parse as compat variant: invalid media type application/vnd.oci.image.layer.v1.tar (expect application/vnd.oci.image.layer.v1.tar+gzip) + * could not parse as oci variant: number of layers must be 2 but got 1` + if actual := strings.TrimSpace(err.Error()); actual != expErr { + t.Errorf("ImageFetcher.binaryFetcher get unexpected error '%v', but want '%v'", actual, expErr) + } + }) +} + +func TestExtractDockerImage(t *testing.T) { + t.Run("no layers", func(t *testing.T) { + _, err := extractDockerImage(empty.Image) + if err == nil || err.Error() != "number of layers must be greater than zero" { + t.Fatal("extractDockerImage should fail due to empty image") + } + }) + + t.Run("valid layers", func(t *testing.T) { + previousLayer, err := newMockLayer(types.DockerLayer, nil) + if err != nil { + t.Fatal(err) + } + + exp := "this is wasm binary" + lastLayer, err := newMockLayer(types.DockerLayer, map[string][]byte{ + "plugin.wasm": []byte(exp), + }) + if err != nil { + t.Fatal(err) + } + + tCases := map[string]int{ + "one layer": 0, + "more than one layer": 1, + } + + for name, numberOfPreviousLayers := range tCases { + t.Run(name, func(t *testing.T) { + img := empty.Image + for i := 0; i < numberOfPreviousLayers; i++ { + img, err = mutate.Append(img, mutate.Addendum{Layer: previousLayer}) + if err != nil { + t.Fatal(err) + } + } + + img, err = mutate.Append(img, mutate.Addendum{Layer: lastLayer}) + if err != nil { + t.Fatal(err) + } + actual, err := extractDockerImage(img) + if err != nil { + t.Fatalf("extractDockerImage failed: %v", err) + } + + if string(actual) != exp { + t.Fatalf("got %s, but want %s", string(actual), exp) + } + }) + } + }) + + t.Run("invalid media type", func(t *testing.T) { + l, err := newMockLayer(types.DockerPluginConfig, nil) + if err != nil { + t.Fatal(err) + } + img, err := mutate.Append(empty.Image, mutate.Addendum{Layer: l}) + if err != nil { + t.Fatal(err) + } + _, err = extractDockerImage(img) + if err == nil || !strings.Contains(err.Error(), "invalid media type") { + t.Fatal("extractDockerImage should fail due to invalid media type") + } + }) +} + +func TestExtractOCIStandardImage(t *testing.T) { + t.Run("no layers", func(t *testing.T) { + _, err := extractOCIStandardImage(empty.Image) + if err == nil || err.Error() != "number of layers must be greater than zero" { + t.Fatal("extractDockerImage should fail due to empty image") + } + }) + + t.Run("valid layers", func(t *testing.T) { + previousLayer, err := newMockLayer(types.DockerLayer, nil) + if err != nil { + t.Fatal(err) + } + + exp := "this is wasm binary" + lastLayer, err := newMockLayer(types.OCILayer, map[string][]byte{ + "plugin.wasm": []byte(exp), + }) + if err != nil { + t.Fatal(err) + } + + tCases := map[string]int{ + "one layer": 0, + "more than one layer": 1, + } + + for name, numberOfPreviousLayers := range tCases { + t.Run(name, func(t *testing.T) { + img := empty.Image + for i := 0; i < numberOfPreviousLayers; i++ { + img, err = mutate.Append(img, mutate.Addendum{Layer: previousLayer}) + if err != nil { + t.Fatal(err) + } + } + + img, err = mutate.Append(img, mutate.Addendum{Layer: lastLayer}) + if err != nil { + t.Fatal(err) + } + actual, err := extractOCIStandardImage(img) + if err != nil { + t.Fatalf("extractOCIStandardImage failed: %v", err) + } + + if string(actual) != exp { + t.Fatalf("got %s, but want %s", string(actual), exp) + } + }) + } + }) + + t.Run("invalid media type", func(t *testing.T) { + l, err := newMockLayer(types.DockerLayer, nil) + if err != nil { + t.Fatal(err) + } + img, err := mutate.Append(empty.Image, mutate.Addendum{Layer: l}) + if err != nil { + t.Fatal(err) + } + _, err = extractOCIStandardImage(img) + if err == nil || !strings.Contains(err.Error(), "invalid media type") { + t.Fatal("extractOCIStandardImage should fail due to invalid media type") + } + }) +} + +func newMockLayer(mediaType types.MediaType, contents map[string][]byte) (v1.Layer, error) { + var b bytes.Buffer + hasher := sha256.New() + mw := io.MultiWriter(&b, hasher) + tw := tar.NewWriter(mw) + defer tw.Close() + + for filename, content := range contents { + if err := tw.WriteHeader(&tar.Header{ + Name: filename, + Size: int64(len(content)), + Typeflag: tar.TypeReg, + }); err != nil { + return nil, err + } + if _, err := io.CopyN(tw, bytes.NewReader(content), int64(len(content))); err != nil { + return nil, err + } + } + return partial.UncompressedToLayer( + &mockLayer{ + raw: b.Bytes(), + diffID: v1.Hash{ + Algorithm: "sha256", + Hex: hex.EncodeToString(hasher.Sum(make([]byte, 0, hasher.Size()))), + }, + mediaType: mediaType, + }, + ) +} + +type mockLayer struct { + raw []byte + diffID v1.Hash + mediaType types.MediaType +} + +func (r *mockLayer) DiffID() (v1.Hash, error) { return v1.Hash{}, nil } +func (r *mockLayer) Uncompressed() (io.ReadCloser, error) { + return io.NopCloser(bytes.NewBuffer(r.raw)), nil +} +func (r *mockLayer) MediaType() (types.MediaType, error) { return r.mediaType, nil } + +func TestExtractOCIArtifactImage(t *testing.T) { + t.Run("valid", func(t *testing.T) { + // Create the image with custom media types. + wasmLayer, err := random.Layer(1000, "application/vnd.module.wasm.content.layer.v1+wasm") + if err != nil { + t.Fatal(err) + } + configLayer, err := random.Layer(1000, "application/vnd.module.wasm.config.v1+json") + if err != nil { + t.Fatal(err) + } + img, err := mutate.Append(empty.Image, mutate.Addendum{Layer: wasmLayer}, mutate.Addendum{Layer: configLayer}) + if err != nil { + t.Fatal(err) + } + + // Extract the binary. + actual, err := extractOCIArtifactImage(img) + if err != nil { + t.Fatalf("extractOCIArtifactImage failed: %v", err) + } + + // Retrieve the wanted image content. + wantReader, err := wasmLayer.Compressed() + if err != nil { + t.Fatal(err) + } + defer wantReader.Close() + want, err := io.ReadAll(wantReader) + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(actual, want) { + t.Errorf("extractOCIArtifactImage got %s, but want '%s'", string(actual), string(want)) + } + }) + + t.Run("invalid number of layers", func(t *testing.T) { + l, err := random.Layer(1000, "application/vnd.module.wasm.content.layer.v1+wasm") + if err != nil { + t.Fatal(err) + } + img, err := mutate.Append(empty.Image, mutate.Addendum{Layer: l}) + if err != nil { + t.Fatal(err) + } + _, err = extractOCIArtifactImage(img) + if err == nil || !strings.Contains(err.Error(), "number of layers must be") { + t.Fatal("extractOCIArtifactImage should fail due to invalid number of layers") + } + }) + + t.Run("invalid media types", func(t *testing.T) { + // Create the image with invalid media types. + layer, err := random.Layer(1000, "aaa") + if err != nil { + t.Fatal(err) + } + img, err := mutate.Append(empty.Image, mutate.Addendum{Layer: layer}, mutate.Addendum{Layer: layer}) + if err != nil { + t.Fatal(err) + } + + _, err = extractOCIArtifactImage(img) + if err == nil || !strings.Contains(err.Error(), + "could not find the layer of type application/vnd.module.wasm.content.layer.v1+wasm") { + t.Fatal("extractOCIArtifactImage should fail due to invalid number of layers") + } + }) +} + +func TestExtractWasmPluginBinary(t *testing.T) { + t.Run("ok", func(t *testing.T) { + buf := bytes.NewBuffer(nil) + gz := gzip.NewWriter(buf) + tw := tar.NewWriter(gz) + + exp := "hello" + if err := tw.WriteHeader(&tar.Header{ + Name: "plugin.wasm", + Size: int64(len(exp)), + }); err != nil { + t.Fatal(err) + } + + if _, err := io.WriteString(tw, exp); err != nil { + t.Fatal(err) + } + + tw.Close() + gz.Close() + + actual, err := extractWasmPluginBinary(buf) + if err != nil { + t.Errorf("extractWasmPluginBinary failed: %v", err) + } + + if string(actual) != exp { + t.Errorf("extractWasmPluginBinary got %v, but want %v", string(actual), exp) + } + }) + + t.Run("ok with relative path prefix", func(t *testing.T) { + buf := bytes.NewBuffer(nil) + gz := gzip.NewWriter(buf) + tw := tar.NewWriter(gz) + + exp := "hello" + if err := tw.WriteHeader(&tar.Header{ + Name: "./plugin.wasm", + Size: int64(len(exp)), + }); err != nil { + t.Fatal(err) + } + + if _, err := io.WriteString(tw, exp); err != nil { + t.Fatal(err) + } + + tw.Close() + gz.Close() + + actual, err := extractWasmPluginBinary(buf) + if err != nil { + t.Errorf("extractWasmPluginBinary failed: %v", err) + } + + if string(actual) != exp { + t.Errorf("extractWasmPluginBinary got %v, but want %v", string(actual), exp) + } + }) + + t.Run("not found", func(t *testing.T) { + buf := bytes.NewBuffer(nil) + gz := gzip.NewWriter(buf) + tw := tar.NewWriter(gz) + if err := tw.WriteHeader(&tar.Header{ + Name: "non-wasm.txt", + Size: int64(1), + }); err != nil { + t.Fatal(err) + } + if _, err := tw.Write([]byte{1}); err != nil { + t.Fatal(err) + } + tw.Close() + gz.Close() + _, err := extractWasmPluginBinary(buf) + if err == nil || !strings.Contains(err.Error(), "not found") { + t.Errorf("extractWasmPluginBinary must fail with not found") + } + }) +} + +func TestWasmKeyChain(t *testing.T) { + dockerjson := fmt.Sprintf(`{"auths": {"test.io": {"auth": %q}}}`, encode("foo", "bar")) + keyChain := wasmKeyChain{data: []byte(dockerjson)} + testRegistry, _ := name.NewRegistry("test.io", name.WeakValidation) + _, _ = keyChain.Resolve(testRegistry) + auth, err := keyChain.Resolve(testRegistry) + if err != nil { + t.Fatalf("Resolve() = %v", err) + } + got, err := auth.Authorization() + if err != nil { + t.Fatal(err) + } + want := &authn.AuthConfig{ + Username: "foo", + Password: "bar", + } + if !reflect.DeepEqual(got, want) { + t.Errorf("got %+v, want %+v", got, want) + } +} + +func encode(user, pass string) string { + delimited := fmt.Sprintf("%s:%s", user, pass) + return base64.StdEncoding.EncodeToString([]byte(delimited)) +} diff --git a/internal/wasm/metrics.go b/internal/wasm/metrics.go new file mode 100644 index 00000000000..9de7e6208f0 --- /dev/null +++ b/internal/wasm/metrics.go @@ -0,0 +1,54 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package wasm + +import "github.com/envoyproxy/gateway/internal/metrics" + +// Const strings for label value. +const ( + // For remote fetch metric. + fetchSuccess = "success" + fetchFailure = "fetch_failure" + downloadFailure = "download_failure" + manifestFailure = "manifest_failure" + checksumMismatch = "checksum_mismatched" +) + +var ( + hitTag = metrics.NewLabel("hit") + resultTag = metrics.NewLabel("result") + + wasmCacheEntries = metrics.NewGauge( + "wasm_cache_entries", + "number of Wasm remote fetch cache entries.", + ) + + wasmCacheLookupCount = metrics.NewCounter( + "wasm_cache_lookup_count", + "number of Wasm remote fetch cache lookups.", + ) + + wasmRemoteFetchCount = metrics.NewCounter( + "wasm_remote_fetch_count", + "number of Wasm remote fetches and results, including success, download failure, and checksum mismatch.", + ) +) + +// TODO zhaohuabing export metrics to control plane dashboard. diff --git a/internal/wasm/options.go b/internal/wasm/options.go new file mode 100644 index 00000000000..e3838bac33c --- /dev/null +++ b/internal/wasm/options.go @@ -0,0 +1,108 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package wasm + +import ( + "time" + + "k8s.io/apimachinery/pkg/util/sets" +) + +const ( + DefaultPurgeInterval = 1 * time.Hour + DefaultModuleExpiry = 24 * time.Hour + DefaultHTTPRequestTimeout = 15 * time.Second + DefaultHTTPRequestMaxRetries = 5 + DefaultPullTimeout = 5 * time.Minute + DefaultMaxCacheSize = 1024 * 1024 * 1024 // 1GB +) + +// CacheOptions contains configurations to create a Cache instance. +type CacheOptions struct { + PurgeInterval time.Duration + ModuleExpiry time.Duration + // InsecureRegistries is a set of registries that are allowed to be accessed without TLS. + InsecureRegistries sets.Set[string] + HTTPRequestTimeout time.Duration + HTTPRequestMaxRetries int + MaxCacheSize int + CacheDir string +} + +// allowInsecure returns true if the host is allowed to be accessed without TLS. +func (o *CacheOptions) allowInsecure(host string) bool { + return o.InsecureRegistries.Has(host) || o.InsecureRegistries.Has("*") +} + +func (o *CacheOptions) sanitize() CacheOptions { + ret := defaultCacheOptions() + if o.InsecureRegistries != nil { + ret.InsecureRegistries = o.InsecureRegistries + } + if o.PurgeInterval != 0 { + ret.PurgeInterval = o.PurgeInterval + } + if o.ModuleExpiry != 0 { + ret.ModuleExpiry = o.ModuleExpiry + } + if o.HTTPRequestTimeout != 0 { + ret.HTTPRequestTimeout = o.HTTPRequestTimeout + } + if o.HTTPRequestMaxRetries != 0 { + ret.HTTPRequestMaxRetries = o.HTTPRequestMaxRetries + } + if o.MaxCacheSize != 0 { + ret.MaxCacheSize = o.MaxCacheSize + } + if o.CacheDir != "" { + ret.CacheDir = o.CacheDir + } + + return ret +} + +func defaultCacheOptions() CacheOptions { + return CacheOptions{ + PurgeInterval: DefaultPurgeInterval, + ModuleExpiry: DefaultModuleExpiry, + InsecureRegistries: sets.New[string](), + HTTPRequestTimeout: DefaultHTTPRequestTimeout, + HTTPRequestMaxRetries: DefaultHTTPRequestMaxRetries, + MaxCacheSize: DefaultMaxCacheSize, + } +} + +type PullPolicy int32 + +const ( + Unspecified PullPolicy = 0 + IfNotPresent PullPolicy = 1 + Always PullPolicy = 2 +) + +// GetOptions is a struct for providing options to Get method of Cache. +type GetOptions struct { + Checksum string + ResourceName string + ResourceVersion string + RequestTimeout time.Duration + PullSecret []byte + PullPolicy PullPolicy +} diff --git a/internal/xds/bootstrap/bootstrap.go b/internal/xds/bootstrap/bootstrap.go index eb5e4398dc5..e74620483f4 100644 --- a/internal/xds/bootstrap/bootstrap.go +++ b/internal/xds/bootstrap/bootstrap.go @@ -35,6 +35,10 @@ const ( // DefaultXdsServerPort is the default listening port of the xds-server. DefaultXdsServerPort = 18000 + wasmServerHost = envoyGatewayXdsServerHost + // DefaultWasmServerPort is the default listening port of the wasm HTTP server. + wasmServerPort = 18002 + envoyReadinessAddress = "0.0.0.0" EnvoyReadinessPort = 19001 EnvoyReadinessPath = "/ready" @@ -56,7 +60,9 @@ type bootstrapConfig struct { // bootstrapParameters defines the envoy Bootstrap configuration. type bootstrapParameters struct { // XdsServer defines the configuration of the XDS server. - XdsServer xdsServerParameters + XdsServer serverParameters + // WasmServer defines the configuration of the Wasm HTTP server. + WasmServer serverParameters // AdminServer defines the configuration of the Envoy admin interface. AdminServer adminServerParameters // ReadyServer defines the configuration for health check ready listener @@ -79,7 +85,7 @@ type bootstrapParameters struct { OverloadManager overloadManagerParameters } -type xdsServerParameters struct { +type serverParameters struct { // Address is the address of the XDS Server that Envoy is managed by. Address string // Port is the port of the XDS Server that Envoy is managed by. @@ -214,10 +220,14 @@ func GetRenderedBootstrapConfig(opts *RenderBootstrapConfigOptions) (string, err cfg := &bootstrapConfig{ parameters: bootstrapParameters{ - XdsServer: xdsServerParameters{ + XdsServer: serverParameters{ Address: envoyGatewayXdsServerHost, Port: DefaultXdsServerPort, }, + WasmServer: serverParameters{ + Address: wasmServerHost, + Port: wasmServerPort, + }, AdminServer: adminServerParameters{ Address: EnvoyAdminAddress, Port: EnvoyAdminPort, diff --git a/internal/xds/bootstrap/bootstrap.yaml.tpl b/internal/xds/bootstrap/bootstrap.yaml.tpl index af05d9752a5..b7d26c7d4a9 100644 --- a/internal/xds/bootstrap/bootstrap.yaml.tpl +++ b/internal/xds/bootstrap/bootstrap.yaml.tpl @@ -199,6 +199,44 @@ static_resources: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: {{ .WasmServer.Address }} + port_value: {{ .WasmServer.Port }} + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/xds/bootstrap/testdata/merge/default.out.yaml b/internal/xds/bootstrap/testdata/merge/default.out.yaml index 0fc11f219be..e0a187fd8bc 100644 --- a/internal/xds/bootstrap/testdata/merge/default.out.yaml +++ b/internal/xds/bootstrap/testdata/merge/default.out.yaml @@ -97,6 +97,44 @@ staticResources: connectionKeepalive: interval: 30s timeout: 5s + - connectTimeout: 10s + loadAssignment: + clusterName: wasm_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-gateway + portValue: 18002 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + name: wasm_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} listeners: - address: socketAddress: diff --git a/internal/xds/bootstrap/testdata/merge/stats_sinks.out.yaml b/internal/xds/bootstrap/testdata/merge/stats_sinks.out.yaml index c805025fd13..40d2392a98d 100644 --- a/internal/xds/bootstrap/testdata/merge/stats_sinks.out.yaml +++ b/internal/xds/bootstrap/testdata/merge/stats_sinks.out.yaml @@ -91,6 +91,44 @@ staticResources: connectionKeepalive: interval: 30s timeout: 5s + - connectTimeout: 10s + loadAssignment: + clusterName: wasm_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-gateway + portValue: 18002 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + name: wasm_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} - connectTimeout: 1s dnsLookupFamily: V4_ONLY dnsRefreshRate: 30s diff --git a/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml b/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml index 3a588cb9369..e23e57ff515 100644 --- a/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml +++ b/internal/xds/bootstrap/testdata/render/custom-stats-matcher.yaml @@ -132,6 +132,44 @@ static_resources: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml b/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml index 86b4ea3ee00..02902fec330 100644 --- a/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml +++ b/internal/xds/bootstrap/testdata/render/disable-prometheus.yaml @@ -99,6 +99,44 @@ static_resources: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml b/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml index ca82e1996b4..39219431305 100644 --- a/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml +++ b/internal/xds/bootstrap/testdata/render/enable-prometheus-gzip-compression.yaml @@ -128,6 +128,44 @@ static_resources: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml b/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml index 347bccd5376..f2e0b49b859 100644 --- a/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml +++ b/internal/xds/bootstrap/testdata/render/enable-prometheus.yaml @@ -121,6 +121,44 @@ static_resources: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml b/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml index db865b4cb8b..6079f777dc8 100644 --- a/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml +++ b/internal/xds/bootstrap/testdata/render/otel-metrics-backendref.yaml @@ -124,6 +124,44 @@ static_resources: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/xds/bootstrap/testdata/render/otel-metrics.yaml b/internal/xds/bootstrap/testdata/render/otel-metrics.yaml index db865b4cb8b..6079f777dc8 100644 --- a/internal/xds/bootstrap/testdata/render/otel-metrics.yaml +++ b/internal/xds/bootstrap/testdata/render/otel-metrics.yaml @@ -124,6 +124,44 @@ static_resources: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml b/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml index e79291a7bb0..9eebf9d010c 100644 --- a/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml +++ b/internal/xds/bootstrap/testdata/render/with-max-heap-size-bytes.yaml @@ -121,6 +121,44 @@ static_resources: path_config_source: path: "/sds/xds-trusted-ca.json" resource_api_version: V3 + - name: wasm_cluster + type: STRICT_DNS + connect_timeout: 10s + load_assignment: + cluster_name: wasm_cluster + endpoints: + - load_balancing_weight: 1 + lb_endpoints: + - load_balancing_weight: 1 + endpoint: + address: + socket_address: + address: envoy-gateway + port_value: 18002 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions" + explicit_http_config: + http2_protocol_options: {} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + tls_params: + tls_maximum_protocol_version: TLSv1_3 + tls_certificate_sds_secret_configs: + - name: xds_certificate + sds_config: + path_config_source: + path: "/sds/xds-certificate.json" + resource_api_version: V3 + validation_context_sds_secret_config: + name: xds_trusted_ca + sds_config: + path_config_source: + path: "/sds/xds-trusted-ca.json" + resource_api_version: V3 overload_manager: refresh_interval: 0.25s resource_monitors: diff --git a/internal/xds/translator/accesslog.go b/internal/xds/translator/accesslog.go index aa826a24188..4a22b20500b 100644 --- a/internal/xds/translator/accesslog.go +++ b/internal/xds/translator/accesslog.go @@ -14,6 +14,7 @@ import ( accesslog "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" cfgcore "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" fileaccesslog "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" + cel "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/filters/cel/v3" grpcaccesslog "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3" otelaccesslog "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/open_telemetry/v3" celformatter "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/cel/v3" @@ -58,6 +59,7 @@ const ( celCommandOperator = "%CEL" tcpGRPCAccessLog = "envoy.access_loggers.tcp_grpc" + celFilter = "envoy.access_loggers.extension_filters.cel" ) // for the case when a route does not exist to upstream, hcm logs will not be present @@ -289,16 +291,57 @@ func buildXdsAccessLog(al *ir.AccessLog, forListener bool) []*accesslog.AccessLo }) } - // add filter for listener access logs + // add filter for access logs + filters := make([]*accesslog.AccessLogFilter, 0) + for _, expr := range al.CELMatches { + filters = append(filters, celAccessLogFilter(expr)) + } if forListener { - for _, al := range accessLogs { - al.Filter = listenerAccessLogFilter - } + filters = append(filters, listenerAccessLogFilter) + } + + f := buildAccessLogFilter(filters...) + + for _, log := range accessLogs { + log.Filter = f } return accessLogs } +func celAccessLogFilter(expr string) *accesslog.AccessLogFilter { + fl := &cel.ExpressionFilter{ + Expression: expr, + } + + return &accesslog.AccessLogFilter{ + FilterSpecifier: &accesslog.AccessLogFilter_ExtensionFilter{ + ExtensionFilter: &accesslog.ExtensionFilter{ + Name: celFilter, + ConfigType: &accesslog.ExtensionFilter_TypedConfig{TypedConfig: protocov.ToAny(fl)}, + }, + }, + } +} + +func buildAccessLogFilter(f ...*accesslog.AccessLogFilter) *accesslog.AccessLogFilter { + if len(f) == 0 { + return nil + } + + if len(f) == 1 { + return f[0] + } + + return &accesslog.AccessLogFilter{ + FilterSpecifier: &accesslog.AccessLogFilter_AndFilter{ + AndFilter: &accesslog.AndFilter{ + Filters: f, + }, + }, + } +} + func accessLogTextFormatters(text string) []*cfgcore.TypedExtensionConfig { formatters := make([]*cfgcore.TypedExtensionConfig, 0, 3) diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go index e72cf797d4c..ee1f5c7d133 100644 --- a/internal/xds/translator/listener.go +++ b/internal/xds/translator/listener.go @@ -137,7 +137,7 @@ func originalIPDetectionExtensions(clientIPDetection *ir.ClientIPDetectionSettin // buildXdsTCPListener creates a xds Listener resource // TODO: Improve function parameters -func buildXdsTCPListener(name, address string, port uint32, keepalive *ir.TCPKeepalive, connection *ir.Connection, accesslog *ir.AccessLog) *listenerv3.Listener { +func buildXdsTCPListener(name, address string, port uint32, keepalive *ir.TCPKeepalive, connection *ir.ClientConnection, accesslog *ir.AccessLog) *listenerv3.Listener { socketOptions := buildTCPSocketOptions(keepalive) al := buildXdsAccessLog(accesslog, true) bufferLimitBytes := buildPerConnectionBufferLimitBytes(connection) @@ -163,7 +163,7 @@ func buildXdsTCPListener(name, address string, port uint32, keepalive *ir.TCPKee } } -func buildPerConnectionBufferLimitBytes(connection *ir.Connection) *wrapperspb.UInt32Value { +func buildPerConnectionBufferLimitBytes(connection *ir.ClientConnection) *wrapperspb.UInt32Value { if connection != nil && connection.BufferLimitBytes != nil { return wrapperspb.UInt32(*connection.BufferLimitBytes) } @@ -209,7 +209,7 @@ func buildXdsQuicListener(name, address string, port uint32, accesslog *ir.Acces // The newly created TCP filter chain is configured with a filter chain match to // match the server names(SNI) based on the listener's hostnames. func (t *Translator) addHCMToXDSListener(xdsListener *listenerv3.Listener, irListener *ir.HTTPListener, - accesslog *ir.AccessLog, tracing *ir.Tracing, http3Listener bool, connection *ir.Connection, + accesslog *ir.AccessLog, tracing *ir.Tracing, http3Listener bool, connection *ir.ClientConnection, ) error { al := buildXdsAccessLog(accesslog, false) @@ -391,7 +391,10 @@ func findXdsHTTPRouteConfigName(xdsListener *listenerv3.Listener) string { return "" } -func addXdsTCPFilterChain(xdsListener *listenerv3.Listener, irRoute *ir.TCPRoute, clusterName string, accesslog *ir.AccessLog, timeout *ir.ClientTimeout, connection *ir.Connection) error { +func addXdsTCPFilterChain(xdsListener *listenerv3.Listener, irRoute *ir.TCPRoute, + clusterName string, accesslog *ir.AccessLog, timeout *ir.ClientTimeout, + connection *ir.ClientConnection, +) error { if irRoute == nil { return errors.New("tcp listener is nil") } @@ -470,7 +473,7 @@ func addXdsTCPFilterChain(xdsListener *listenerv3.Listener, irRoute *ir.TCPRoute return nil } -func buildConnectionLimitFilter(statPrefix string, connection *ir.Connection) *connection_limitv3.ConnectionLimit { +func buildConnectionLimitFilter(statPrefix string, connection *ir.ClientConnection) *connection_limitv3.ConnectionLimit { cl := &connection_limitv3.ConnectionLimit{ StatPrefix: statPrefix, MaxConnections: wrapperspb.UInt64(*connection.ConnectionLimit.Value), diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml new file mode 100644 index 00000000000..b0623fd0842 --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml @@ -0,0 +1,52 @@ +name: "accesslog" +accesslog: + celMatches: + - response.code >= 400 + text: + - path: "/dev/stdout" + format: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + json: + - path: "/dev/stdout" + json: + start_time: "%START_TIME%" + method: "%REQ(:METHOD)%" + path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" + protocol: "%PROTOCOL%" + response_code: "%RESPONSE_CODE%" + openTelemetry: + - text: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + attributes: + "response_code": "%RESPONSE_CODE%" + resources: + "cluster_name": "cluster1" + authority: "otel-collector.default.svc.cluster.local" + destination: + name: "accesslog-0" + settings: + - endpoints: + - host: "otel-collector.default.svc.cluster.local" + port: 4317 + protocol: "GRPC" +http: +- name: "first-listener" + address: "0.0.0.0" + port: 10080 + hostnames: + - "*" + path: + mergeSlashes: true + escapedSlashesAction: UnescapeAndRedirect + routes: + - name: "direct-route" + hostname: "*" + destination: + name: "direct-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 + directResponse: + body: "Unknown custom filter type: UnsupportedType" + statusCode: 500 diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml new file mode 100644 index 00000000000..704c19863d6 --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml @@ -0,0 +1,53 @@ +name: "accesslog" +accesslog: + celMatches: + - response.code >= 400 + - request.url_path.contains('v1beta3') + text: + - path: "/dev/stdout" + format: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + json: + - path: "/dev/stdout" + json: + start_time: "%START_TIME%" + method: "%REQ(:METHOD)%" + path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" + protocol: "%PROTOCOL%" + response_code: "%RESPONSE_CODE%" + openTelemetry: + - text: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + attributes: + "response_code": "%RESPONSE_CODE%" + resources: + "cluster_name": "cluster1" + authority: "otel-collector.default.svc.cluster.local" + destination: + name: "accesslog-0" + settings: + - endpoints: + - host: "otel-collector.default.svc.cluster.local" + port: 4317 + protocol: "GRPC" +http: +- name: "first-listener" + address: "0.0.0.0" + port: 10080 + hostnames: + - "*" + path: + mergeSlashes: true + escapedSlashesAction: UnescapeAndRedirect + routes: + - name: "direct-route" + hostname: "*" + destination: + name: "direct-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 + directResponse: + body: "Unknown custom filter type: UnsupportedType" + statusCode: 500 diff --git a/internal/xds/translator/testdata/in/xds-ir/custom-filter-order.yaml b/internal/xds/translator/testdata/in/xds-ir/custom-filter-order.yaml index 8dcefc9c880..4650e1ea2a3 100644 --- a/internal/xds/translator/testdata/in/xds-ir/custom-filter-order.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/custom-filter-order.yaml @@ -70,7 +70,7 @@ http: failOpen: false httpWasmCode: sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 - url: https://www.example.com/wasm-filter-1.wasm + servingURL: https://envoy-gateway:18002/42d30b4a4cc631415e6e48c02d244700da327201eb273f752cacf745715b31d9.wasm name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/0 wasmName: wasm-filter-1 - config: @@ -79,6 +79,6 @@ http: failOpen: false httpWasmCode: sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 - url: https://www.example.com/wasm-filter-2.wasm + servingURL: https://envoy-gateway:18002/7abf116e5cd5a20389604a5ba0f3bd04fdf76f92181fe67506b42c2ee596d3fd.wasm name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/1 wasmName: wasm-filter-2 diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml index f57949f2ce4..b5ee8b57dd9 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml @@ -27,6 +27,10 @@ tracing: - host: "otel-collector.default.svc.cluster.local" port: 4317 protocol: "GRPC" + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry http: - name: "first-listener" address: "0.0.0.0" diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml new file mode 100644 index 00000000000..45f669ef643 --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml @@ -0,0 +1,51 @@ +name: "tracing" +tracing: + serviceName: "fake-name.fake-ns" + samplingRate: 90 + customTags: + "literal1": + type: Literal + literal: + value: "value1" + "env1": + type: Environment + environment: + name: "env1" + defaultValue: "-" + "req1": + type: RequestHeader + requestHeader: + name: "X-Request-Id" + defaultValue: "-" + authority: "datadog-agent.default.svc.cluster.local" + destination: + name: "tracing-0" + settings: + - endpoints: + - host: "datadog-agent.default.svc.cluster.local" + port: 8126 + provider: + host: datadog-agent.monitoring.svc.cluster.local + port: 8126 + type: Datadog +http: + - name: "first-listener" + address: "0.0.0.0" + port: 10080 + hostnames: + - "*" + path: + mergeSlashes: true + escapedSlashesAction: UnescapeAndRedirect + routes: + - name: "direct-route" + hostname: "*" + destination: + name: "direct-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 + directResponse: + body: "Unknown custom filter type: UnsupportedType" + statusCode: 500 diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml new file mode 100644 index 00000000000..a60183dd268 --- /dev/null +++ b/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml @@ -0,0 +1,55 @@ +name: "tracing" +tracing: + serviceName: "fake-name.fake-ns" + samplingRate: 90 + customTags: + "literal1": + type: Literal + literal: + value: "value1" + "env1": + type: Environment + environment: + name: "env1" + defaultValue: "-" + "req1": + type: RequestHeader + requestHeader: + name: "X-Request-Id" + defaultValue: "-" + authority: "zipkin.default.svc.cluster.local" + destination: + name: "tracing-0" + settings: + - endpoints: + - host: "zipkin.default.svc.cluster.local" + port: 9411 + protocol: "GRPC" + provider: + host: zipkin.default.svc.cluster.local + port: 9411 + type: Zipkin + zipkin: + enable128BitTraceId: true + disableSharedSpanContext: true +http: +- name: "first-listener" + address: "0.0.0.0" + port: 10080 + hostnames: + - "*" + path: + mergeSlashes: true + escapedSlashesAction: UnescapeAndRedirect + routes: + - name: "direct-route" + hostname: "*" + destination: + name: "direct-route-dest" + settings: + - endpoints: + - host: "1.2.3.4" + port: 50000 + directResponse: + body: "Unknown custom filter type: UnsupportedType" + statusCode: 500 diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing.yaml index fd5a29672dd..0f3555524ff 100644 --- a/internal/xds/translator/testdata/in/xds-ir/tracing.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/tracing.yaml @@ -25,6 +25,10 @@ tracing: - host: "otel-collector.default.svc.cluster.local" port: 4317 protocol: "GRPC" + provider: + host: otel-collector.monitoring.svc.cluster.local + port: 4317 + type: OpenTelemetry http: - name: "first-listener" address: "0.0.0.0" diff --git a/internal/xds/translator/testdata/in/xds-ir/wasm.yaml b/internal/xds/translator/testdata/in/xds-ir/wasm.yaml index 06f767957c1..faa729eec98 100644 --- a/internal/xds/translator/testdata/in/xds-ir/wasm.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/wasm.yaml @@ -9,10 +9,7 @@ http: mergeSlashes: true port: 10080 routes: - - backendWeights: - invalid: 0 - valid: 0 - destination: + - destination: name: httproute/default/httproute-1/rule/0 settings: - addressType: IP @@ -37,10 +34,11 @@ http: key3: value3 failOpen: true httpWasmCode: + servingURL: https://envoy-gateway:18002/fe571e7b1ef5dc626ceb2c2c86782a134a92989a2643485238951696ae4334c3.wasm + originalDownloadingURL: https://www.test.com/wasm-filter-4.wasm sha256: a1f0b78b8c1320690327800e3a5de10e7dbba7b6c752e702193a395a52c727b6 - url: https://www.test.com/wasm-filter-3.wasm - name: envoyextensionpolicy/default/policy-for-http-route/0 - wasmName: wasm-filter-3 + name: envoyextensionpolicy/default/policy-for-http-route/wasm/0 + wasmName: wasm-filter-4 - destination: name: httproute/default/httproute-2/rule/0 settings: @@ -65,17 +63,27 @@ http: parameter2: value3 failOpen: false httpWasmCode: + servingURL: https://envoy-gateway:18002/5c90b9a82642ce00a7753923fabead306b9d9a54a7c0bd2463a1af3efcfb110b.wasm + originalDownloadingURL: https://www.example.com/wasm-filter-1.wasm sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 - url: https://www.example.com/wasm-filter-1.wasm - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/0 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0 wasmName: wasm-filter-1 - rootID: my-root-id - config: parameter1: value1 parameter2: value2 failOpen: false httpWasmCode: - sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 - url: https://www.example.com/wasm-filter-2.wasm - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/1 + servingURL: https://envoy-gateway:18002/7abf116e5cd5a20389604a5ba0f3bd04fdf76f92181fe67506b42c2ee596d3fd.wasm + originalDownloadingURL: oci://www.example.com/wasm-filter-2:v1.0.0 + sha256: 314100af781b98a8ca175d5bf90a8bf76576e20a2f397a88223404edc6ebfd46 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/1 wasmName: wasm-filter-2 + rootID: my-root-id + - config: null + failOpen: false + httpWasmCode: + servingURL: https://envoy-gateway:18002/42d30b4a4cc631415e6e48c02d244700da327201eb273f752cacf745715b31d9.wasm + originalDownloadingURL: oci://www.example.com:8080/wasm-filter-3:latest + sha256: 2a19e4f337e5223d7287e7fccd933fb01905deaff804292e5257f8c681b82bee + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 + wasmName: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml new file mode 100644 index 00000000000..b8874bf24f9 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml @@ -0,0 +1,49 @@ +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: direct-route-dest + lbPolicy: LEAST_REQUEST + name: direct-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + dnsRefreshRate: 30s + lbPolicy: LEAST_REQUEST + loadAssignment: + clusterName: accesslog-0 + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: otel-collector.default.svc.cluster.local + portValue: 4317 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: accesslog-0/backend/0 + name: accesslog-0 + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + respectDnsTtl: true + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.endpoints.yaml new file mode 100644 index 00000000000..20c80b3aaaa --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.endpoints.yaml @@ -0,0 +1,12 @@ +- clusterName: direct-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: direct-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml new file mode 100644 index 00000000000..2ccfca8ce50 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml @@ -0,0 +1,184 @@ +- accessLog: + - filter: + andFilter: + filters: + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + - responseFlagFilter: + flags: + - NR + name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + textFormatSource: + inlineString: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + path: /dev/stdout + - filter: + andFilter: + filters: + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + - responseFlagFilter: + flags: + - NR + name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + jsonFormat: + method: '%REQ(:METHOD)%' + path: '%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%' + protocol: '%PROTOCOL%' + response_code: '%RESPONSE_CODE%' + start_time: '%START_TIME%' + path: /dev/stdout + - filter: + andFilter: + filters: + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + - responseFlagFilter: + flags: + - NR + name: envoy.access_loggers.open_telemetry + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig + attributes: + values: + - key: k8s.namespace.name + value: + stringValue: '%ENVIRONMENT(ENVOY_GATEWAY_NAMESPACE)%' + - key: k8s.pod.name + value: + stringValue: '%ENVIRONMENT(ENVOY_POD_NAME)%' + - key: response_code + value: + stringValue: '%RESPONSE_CODE%' + body: + stringValue: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + commonConfig: + grpcService: + envoyGrpc: + authority: otel-collector.default.svc.cluster.local + clusterName: accesslog-0 + logName: otel_envoy_accesslog + transportApiVersion: V3 + resourceAttributes: + values: + - key: cluster_name + value: + stringValue: cluster1 + address: + socketAddress: + address: 0.0.0.0 + portValue: 10080 + defaultFilterChain: + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + accessLog: + - filter: + extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + textFormatSource: + inlineString: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + path: /dev/stdout + - filter: + extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + jsonFormat: + method: '%REQ(:METHOD)%' + path: '%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%' + protocol: '%PROTOCOL%' + response_code: '%RESPONSE_CODE%' + start_time: '%START_TIME%' + path: /dev/stdout + - filter: + extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + name: envoy.access_loggers.open_telemetry + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig + attributes: + values: + - key: k8s.namespace.name + value: + stringValue: '%ENVIRONMENT(ENVOY_GATEWAY_NAMESPACE)%' + - key: k8s.pod.name + value: + stringValue: '%ENVIRONMENT(ENVOY_POD_NAME)%' + - key: response_code + value: + stringValue: '%RESPONSE_CODE%' + body: + stringValue: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + commonConfig: + grpcService: + envoyGrpc: + authority: otel-collector.default.svc.cluster.local + clusterName: accesslog-0 + logName: otel_envoy_accesslog + transportApiVersion: V3 + resourceAttributes: + values: + - key: cluster_name + value: + stringValue: cluster1 + commonHttpProtocolOptions: + headersWithUnderscoresAction: REJECT_REQUEST + http2ProtocolOptions: + initialConnectionWindowSize: 1048576 + initialStreamWindowSize: 65536 + maxConcurrentStreams: 100 + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + suppressEnvoyHeaders: true + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + resourceApiVersion: V3 + routeConfigName: first-listener + serverHeaderTransformation: PASS_THROUGH + statPrefix: http + useRemoteAddress: true + name: first-listener + drainType: MODIFY_ONLY + name: first-listener + perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.routes.yaml new file mode 100644 index 00000000000..d4a7fa5ae20 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.routes.yaml @@ -0,0 +1,14 @@ +- ignorePortInHostMatching: true + name: first-listener + virtualHosts: + - domains: + - '*' + name: first-listener/* + routes: + - directResponse: + body: + inlineString: 'Unknown custom filter type: UnsupportedType' + status: 500 + match: + prefix: / + name: direct-route diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml new file mode 100644 index 00000000000..b8874bf24f9 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml @@ -0,0 +1,49 @@ +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: direct-route-dest + lbPolicy: LEAST_REQUEST + name: direct-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + dnsRefreshRate: 30s + lbPolicy: LEAST_REQUEST + loadAssignment: + clusterName: accesslog-0 + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: otel-collector.default.svc.cluster.local + portValue: 4317 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: accesslog-0/backend/0 + name: accesslog-0 + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + respectDnsTtl: true + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.endpoints.yaml new file mode 100644 index 00000000000..20c80b3aaaa --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.endpoints.yaml @@ -0,0 +1,12 @@ +- clusterName: direct-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: direct-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml new file mode 100644 index 00000000000..0bca441a443 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml @@ -0,0 +1,220 @@ +- accessLog: + - filter: + andFilter: + filters: + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: request.url_path.contains('v1beta3') + - responseFlagFilter: + flags: + - NR + name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + textFormatSource: + inlineString: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + path: /dev/stdout + - filter: + andFilter: + filters: + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: request.url_path.contains('v1beta3') + - responseFlagFilter: + flags: + - NR + name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + jsonFormat: + method: '%REQ(:METHOD)%' + path: '%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%' + protocol: '%PROTOCOL%' + response_code: '%RESPONSE_CODE%' + start_time: '%START_TIME%' + path: /dev/stdout + - filter: + andFilter: + filters: + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: request.url_path.contains('v1beta3') + - responseFlagFilter: + flags: + - NR + name: envoy.access_loggers.open_telemetry + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig + attributes: + values: + - key: k8s.namespace.name + value: + stringValue: '%ENVIRONMENT(ENVOY_GATEWAY_NAMESPACE)%' + - key: k8s.pod.name + value: + stringValue: '%ENVIRONMENT(ENVOY_POD_NAME)%' + - key: response_code + value: + stringValue: '%RESPONSE_CODE%' + body: + stringValue: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + commonConfig: + grpcService: + envoyGrpc: + authority: otel-collector.default.svc.cluster.local + clusterName: accesslog-0 + logName: otel_envoy_accesslog + transportApiVersion: V3 + resourceAttributes: + values: + - key: cluster_name + value: + stringValue: cluster1 + address: + socketAddress: + address: 0.0.0.0 + portValue: 10080 + defaultFilterChain: + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + accessLog: + - filter: + andFilter: + filters: + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: request.url_path.contains('v1beta3') + name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + textFormatSource: + inlineString: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + path: /dev/stdout + - filter: + andFilter: + filters: + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: request.url_path.contains('v1beta3') + name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + logFormat: + jsonFormat: + method: '%REQ(:METHOD)%' + path: '%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%' + protocol: '%PROTOCOL%' + response_code: '%RESPONSE_CODE%' + start_time: '%START_TIME%' + path: /dev/stdout + - filter: + andFilter: + filters: + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: response.code >= 400 + - extensionFilter: + name: envoy.access_loggers.extension_filters.cel + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter + expression: request.url_path.contains('v1beta3') + name: envoy.access_loggers.open_telemetry + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig + attributes: + values: + - key: k8s.namespace.name + value: + stringValue: '%ENVIRONMENT(ENVOY_GATEWAY_NAMESPACE)%' + - key: k8s.pod.name + value: + stringValue: '%ENVIRONMENT(ENVOY_POD_NAME)%' + - key: response_code + value: + stringValue: '%RESPONSE_CODE%' + body: + stringValue: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + commonConfig: + grpcService: + envoyGrpc: + authority: otel-collector.default.svc.cluster.local + clusterName: accesslog-0 + logName: otel_envoy_accesslog + transportApiVersion: V3 + resourceAttributes: + values: + - key: cluster_name + value: + stringValue: cluster1 + commonHttpProtocolOptions: + headersWithUnderscoresAction: REJECT_REQUEST + http2ProtocolOptions: + initialConnectionWindowSize: 1048576 + initialStreamWindowSize: 65536 + maxConcurrentStreams: 100 + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + suppressEnvoyHeaders: true + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + resourceApiVersion: V3 + routeConfigName: first-listener + serverHeaderTransformation: PASS_THROUGH + statPrefix: http + useRemoteAddress: true + name: first-listener + drainType: MODIFY_ONLY + name: first-listener + perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.routes.yaml new file mode 100644 index 00000000000..d4a7fa5ae20 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.routes.yaml @@ -0,0 +1,14 @@ +- ignorePortInHostMatching: true + name: first-listener + virtualHosts: + - domains: + - '*' + name: first-listener/* + routes: + - directResponse: + body: + inlineString: 'Unknown custom filter type: UnsupportedType' + status: 500 + match: + prefix: / + name: direct-route diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml index ae5259499fd..0e10ab58f0c 100644 --- a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml @@ -61,39 +61,3 @@ perConnectionBufferLimitBytes: 32768 respectDnsTtl: true type: STRICT_DNS -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - dnsRefreshRate: 30s - lbPolicy: LEAST_REQUEST - loadAssignment: - clusterName: www_example_com_443 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: www.example.com - portValue: 443 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: www_example_com_443/backend/0 - name: www_example_com_443 - outlierDetection: {} - perConnectionBufferLimitBytes: 32768 - respectDnsTtl: true - transportSocket: - name: envoy.transport_sockets.tls - typedConfig: - '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext - commonTlsContext: - validationContext: - trustedCa: - filename: /etc/ssl/certs/ca-certificates.crt - sni: www.example.com - type: STRICT_DNS diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml index 5c87d208ac1..5f54802ba05 100644 --- a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml @@ -36,9 +36,9 @@ code: remote: httpUri: - cluster: www_example_com_443 + cluster: wasm_cluster timeout: 10s - uri: https://www.example.com/wasm-filter-1.wasm + uri: https://envoy-gateway:18002/42d30b4a4cc631415e6e48c02d244700da327201eb273f752cacf745715b31d9.wasm sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 runtime: envoy.wasm.runtime.v8 vmId: envoyextensionpolicy/envoy-gateway/policy-for-gateway/0 @@ -55,9 +55,9 @@ code: remote: httpUri: - cluster: www_example_com_443 + cluster: wasm_cluster timeout: 10s - uri: https://www.example.com/wasm-filter-2.wasm + uri: https://envoy-gateway:18002/7abf116e5cd5a20389604a5ba0f3bd04fdf76f92181fe67506b42c2ee596d3fd.wasm sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 runtime: envoy.wasm.runtime.v8 vmId: envoyextensionpolicy/envoy-gateway/policy-for-gateway/1 diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml new file mode 100644 index 00000000000..b8a1ac3df39 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml @@ -0,0 +1,49 @@ +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + edsClusterConfig: + edsConfig: + ads: {} + resourceApiVersion: V3 + serviceName: direct-route-dest + lbPolicy: LEAST_REQUEST + name: direct-route-dest + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + type: EDS +- circuitBreakers: + thresholds: + - maxRetries: 1024 + commonLbConfig: + localityWeightedLbConfig: {} + connectTimeout: 10s + dnsLookupFamily: V4_ONLY + dnsRefreshRate: 30s + lbPolicy: LEAST_REQUEST + loadAssignment: + clusterName: tracing-0 + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: zipkin.default.svc.cluster.local + portValue: 9411 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: tracing-0/backend/0 + name: tracing-0 + outlierDetection: {} + perConnectionBufferLimitBytes: 32768 + respectDnsTtl: true + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.endpoints.yaml new file mode 100644 index 00000000000..20c80b3aaaa --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.endpoints.yaml @@ -0,0 +1,12 @@ +- clusterName: direct-route-dest + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: 1.2.3.4 + portValue: 50000 + loadBalancingWeight: 1 + loadBalancingWeight: 1 + locality: + region: direct-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml new file mode 100644 index 00000000000..25b3e9e4d40 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml @@ -0,0 +1,64 @@ +- address: + socketAddress: + address: 0.0.0.0 + portValue: 10080 + defaultFilterChain: + filters: + - name: envoy.filters.network.http_connection_manager + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + commonHttpProtocolOptions: + headersWithUnderscoresAction: REJECT_REQUEST + http2ProtocolOptions: + initialConnectionWindowSize: 1048576 + initialStreamWindowSize: 65536 + maxConcurrentStreams: 100 + httpFilters: + - name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + suppressEnvoyHeaders: true + mergeSlashes: true + normalizePath: true + pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT + rds: + configSource: + ads: {} + resourceApiVersion: V3 + routeConfigName: first-listener + serverHeaderTransformation: PASS_THROUGH + statPrefix: http + tracing: + clientSampling: + value: 100 + customTags: + - environment: + defaultValue: '-' + name: env1 + tag: env1 + - literal: + value: value1 + tag: literal1 + - requestHeader: + defaultValue: '-' + name: X-Request-Id + tag: req1 + overallSampling: + value: 100 + provider: + name: envoy.traces.zipkin + typedConfig: + '@type': type.googleapis.com/envoy.config.trace.v3.ZipkinConfig + collectorCluster: tracing-0 + collectorEndpoint: /api/v2/spans + collectorEndpointVersion: HTTP_JSON + sharedSpanContext: false + traceId128bit: true + randomSampling: + value: 90 + spawnUpstreamSpan: true + useRemoteAddress: true + name: first-listener + drainType: MODIFY_ONLY + name: first-listener + perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.routes.yaml new file mode 100644 index 00000000000..d4a7fa5ae20 --- /dev/null +++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.routes.yaml @@ -0,0 +1,14 @@ +- ignorePortInHostMatching: true + name: first-listener + virtualHosts: + - domains: + - '*' + name: first-listener/* + routes: + - directResponse: + body: + inlineString: 'Unknown custom filter type: UnsupportedType' + status: 500 + match: + prefix: / + name: direct-route diff --git a/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml index a70d771a1db..6a277bb94f6 100755 --- a/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml @@ -32,75 +32,3 @@ outlierDetection: {} perConnectionBufferLimitBytes: 32768 type: EDS -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - dnsRefreshRate: 30s - lbPolicy: LEAST_REQUEST - loadAssignment: - clusterName: www_test_com_443 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: www.test.com - portValue: 443 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: www_test_com_443/backend/0 - name: www_test_com_443 - outlierDetection: {} - perConnectionBufferLimitBytes: 32768 - respectDnsTtl: true - transportSocket: - name: envoy.transport_sockets.tls - typedConfig: - '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext - commonTlsContext: - validationContext: - trustedCa: - filename: /etc/ssl/certs/ca-certificates.crt - sni: www.test.com - type: STRICT_DNS -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - dnsRefreshRate: 30s - lbPolicy: LEAST_REQUEST - loadAssignment: - clusterName: www_example_com_443 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: www.example.com - portValue: 443 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: www_example_com_443/backend/0 - name: www_example_com_443 - outlierDetection: {} - perConnectionBufferLimitBytes: 32768 - respectDnsTtl: true - transportSocket: - name: envoy.transport_sockets.tls - typedConfig: - '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext - commonTlsContext: - validationContext: - trustedCa: - filename: /etc/ssl/certs/ca-certificates.crt - sni: www.example.com - type: STRICT_DNS diff --git a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml index 4d59b5842d5..e5ecdbb8156 100755 --- a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml @@ -15,7 +15,7 @@ maxConcurrentStreams: 100 httpFilters: - disabled: true - name: envoy.filters.http.wasm/envoyextensionpolicy/default/policy-for-http-route/0 + name: envoy.filters.http.wasm/envoyextensionpolicy/default/policy-for-http-route/wasm/0 typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm config: @@ -23,19 +23,19 @@ '@type': type.googleapis.com/google.protobuf.StringValue value: '{"parameter1":{"key1":"value1"},"parameter2":{"key2":{"key3":"value3"}}}' failOpen: true - name: wasm-filter-3 + name: wasm-filter-4 vmConfig: code: remote: httpUri: - cluster: www_test_com_443 + cluster: wasm_cluster timeout: 10s - uri: https://www.test.com/wasm-filter-3.wasm + uri: https://envoy-gateway:18002/fe571e7b1ef5dc626ceb2c2c86782a134a92989a2643485238951696ae4334c3.wasm sha256: a1f0b78b8c1320690327800e3a5de10e7dbba7b6c752e702193a395a52c727b6 runtime: envoy.wasm.runtime.v8 - vmId: envoyextensionpolicy/default/policy-for-http-route/0 + vmId: envoyextensionpolicy/default/policy-for-http-route/wasm/0 - disabled: true - name: envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/0 + name: envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0 typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm config: @@ -43,19 +43,18 @@ '@type': type.googleapis.com/google.protobuf.StringValue value: '{"parameter1":{"key1":"value1","key2":"value2"},"parameter2":"value3"}' name: wasm-filter-1 - rootId: my-root-id vmConfig: code: remote: httpUri: - cluster: www_example_com_443 + cluster: wasm_cluster timeout: 10s - uri: https://www.example.com/wasm-filter-1.wasm + uri: https://envoy-gateway:18002/5c90b9a82642ce00a7753923fabead306b9d9a54a7c0bd2463a1af3efcfb110b.wasm sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5 runtime: envoy.wasm.runtime.v8 - vmId: envoyextensionpolicy/envoy-gateway/policy-for-gateway/0 + vmId: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0 - disabled: true - name: envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/1 + name: envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/1 typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm config: @@ -63,16 +62,36 @@ '@type': type.googleapis.com/google.protobuf.StringValue value: '{"parameter1":"value1","parameter2":"value2"}' name: wasm-filter-2 + rootId: my-root-id + vmConfig: + code: + remote: + httpUri: + cluster: wasm_cluster + timeout: 10s + uri: https://envoy-gateway:18002/7abf116e5cd5a20389604a5ba0f3bd04fdf76f92181fe67506b42c2ee596d3fd.wasm + sha256: 314100af781b98a8ca175d5bf90a8bf76576e20a2f397a88223404edc6ebfd46 + runtime: envoy.wasm.runtime.v8 + vmId: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/1 + - disabled: true + name: envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm + config: + configuration: + '@type': type.googleapis.com/google.protobuf.StringValue + value: "" + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 vmConfig: code: remote: httpUri: - cluster: www_example_com_443 + cluster: wasm_cluster timeout: 10s - uri: https://www.example.com/wasm-filter-2.wasm - sha256: a1efca12ea51069abb123bf9c77889fcc2a31cc5483fc14d115e44fdf07c7980 + uri: https://envoy-gateway:18002/42d30b4a4cc631415e6e48c02d244700da327201eb273f752cacf745715b31d9.wasm + sha256: 2a19e4f337e5223d7287e7fccd933fb01905deaff804292e5257f8c681b82bee runtime: envoy.wasm.runtime.v8 - vmId: envoyextensionpolicy/envoy-gateway/policy-for-gateway/1 + vmId: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2 - name: envoy.filters.http.router typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router diff --git a/internal/xds/translator/testdata/out/xds-ir/wasm.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/wasm.routes.yaml index 8fb6f03a0f0..1e07a621d5a 100755 --- a/internal/xds/translator/testdata/out/xds-ir/wasm.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/wasm.routes.yaml @@ -13,7 +13,7 @@ upgradeConfigs: - upgradeType: websocket typedPerFilterConfig: - envoy.filters.http.wasm/envoyextensionpolicy/default/policy-for-http-route/0: + envoy.filters.http.wasm/envoyextensionpolicy/default/policy-for-http-route/wasm/0: '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig config: {} - match: @@ -24,9 +24,12 @@ upgradeConfigs: - upgradeType: websocket typedPerFilterConfig: - envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/0: + envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0: '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig config: {} - envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/1: + envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/1: + '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig + config: {} + envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2: '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig config: {} diff --git a/internal/xds/translator/tracing.go b/internal/xds/translator/tracing.go index c31d25b7290..b2a52ec6a18 100644 --- a/internal/xds/translator/tracing.go +++ b/internal/xds/translator/tracing.go @@ -15,7 +15,9 @@ import ( hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" tracingtype "github.com/envoyproxy/go-control-plane/envoy/type/tracing/v3" xdstype "github.com/envoyproxy/go-control-plane/envoy/type/v3" + "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/wrapperspb" + "k8s.io/utils/ptr" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" @@ -23,26 +25,61 @@ import ( "github.com/envoyproxy/gateway/internal/xds/types" ) +const ( + envoyOpenTelemetry = "envoy.tracers.opentelemetry" + envoyZipkin = "envoy.traces.zipkin" +) + +type typConfigGen func() (*anypb.Any, error) + func buildHCMTracing(tracing *ir.Tracing) (*hcm.HttpConnectionManager_Tracing, error) { if tracing == nil { return nil, nil } - oc := &tracecfg.OpenTelemetryConfig{ - GrpcService: &corev3.GrpcService{ - TargetSpecifier: &corev3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &corev3.GrpcService_EnvoyGrpc{ - ClusterName: tracing.Destination.Name, - Authority: tracing.Authority, + var providerName string + var providerConfig typConfigGen + + switch tracing.Provider.Type { + case egv1a1.TracingProviderTypeOpenTelemetry: + providerName = envoyOpenTelemetry + + providerConfig = func() (*anypb.Any, error) { + config := &tracecfg.OpenTelemetryConfig{ + GrpcService: &corev3.GrpcService{ + TargetSpecifier: &corev3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &corev3.GrpcService_EnvoyGrpc{ + ClusterName: tracing.Destination.Name, + Authority: tracing.Authority, + }, + }, }, - }, - }, - ServiceName: tracing.ServiceName, + ServiceName: tracing.ServiceName, + } + + return protocov.ToAnyWithError(config) + } + case egv1a1.TracingProviderTypeZipkin: + providerName = envoyZipkin + + providerConfig = func() (*anypb.Any, error) { + config := &tracecfg.ZipkinConfig{ + CollectorCluster: tracing.Destination.Name, + CollectorEndpoint: "/api/v2/spans", + TraceId_128Bit: ptr.Deref(tracing.Provider.Zipkin.Enable128BitTraceID, false), + SharedSpanContext: wrapperspb.Bool(!ptr.Deref(tracing.Provider.Zipkin.DisableSharedSpanContext, false)), + CollectorEndpointVersion: tracecfg.ZipkinConfig_HTTP_JSON, + } + + return protocov.ToAnyWithError(config) + } + default: + return nil, fmt.Errorf("unknown tracing provider type: %s", tracing.Provider.Type) } - ocAny, err := protocov.ToAnyWithError(oc) + ocAny, err := providerConfig() if err != nil { - return nil, fmt.Errorf("failed to marshal OpenTelemetryConfig: %w", err) + return nil, fmt.Errorf("failed to marshal tracing configuration: %w", err) } tags := make([]*tracingtype.CustomTag, 0, len(tracing.CustomTags)) @@ -108,7 +145,7 @@ func buildHCMTracing(tracing *ir.Tracing) (*hcm.HttpConnectionManager_Tracing, e Value: tracing.SamplingRate, }, Provider: &tracecfg.Tracing_Http{ - Name: "envoy.tracers.opentelemetry", + Name: providerName, ConfigType: &tracecfg.Tracing_Http_TypedConfig{ TypedConfig: ocAny, }, diff --git a/internal/xds/translator/translator_test.go b/internal/xds/translator/translator_test.go index 4e559dda22b..44d6d127bca 100644 --- a/internal/xds/translator/translator_test.go +++ b/internal/xds/translator/translator_test.go @@ -94,6 +94,9 @@ func TestTranslateXds(t *testing.T) { "tracing-invalid": { errMsg: "validation failed for xds resource", }, + "tracing-unknown-provider-type": { + errMsg: "unknown tracing provider type: Datadog", + }, } inputFiles, err := filepath.Glob(filepath.Join("testdata", "in", "xds-ir", "*.yaml")) @@ -127,6 +130,7 @@ func TestTranslateXds(t *testing.T) { tCtx, err := tr.Translate(x) if !strings.HasSuffix(inputFileName, "partial-invalid") && len(cfg.errMsg) == 0 { + t.Logf(inputFileName) require.NoError(t, err) } else if len(cfg.errMsg) > 0 { require.Error(t, err) diff --git a/internal/xds/translator/wasm.go b/internal/xds/translator/wasm.go index 1e096318df8..01d7411c6a2 100644 --- a/internal/xds/translator/wasm.go +++ b/internal/xds/translator/wasm.go @@ -22,8 +22,9 @@ import ( ) const ( - wasmFilter = "envoy.filters.http.wasm" - vmRuntimeV8 = "envoy.wasm.runtime.v8" + wasmFilter = "envoy.filters.http.wasm" + vmRuntimeV8 = "envoy.wasm.runtime.v8" + wasmHTTPServerCluster = "wasm_cluster" ) func init() { @@ -103,18 +104,12 @@ func wasmFilterName(wasm ir.Wasm) string { func wasmConfig(wasm ir.Wasm) (*wasmfilterv3.Wasm, error) { var ( - uc *urlCluster pluginConfig = "" configAny *anypb.Any filterConfig *wasmfilterv3.Wasm err error ) - // We only support HTTP Wasm code source for now - if uc, err = url2Cluster(wasm.HTTPWasmCode.URL); err != nil { - return nil, err - } - if wasm.Config != nil { pluginConfig = string(wasm.Config.Raw) } @@ -134,15 +129,15 @@ func wasmConfig(wasm ir.Wasm) (*wasmfilterv3.Wasm, error) { Specifier: &corev3.AsyncDataSource_Remote{ Remote: &corev3.RemoteDataSource{ HttpUri: &corev3.HttpUri{ - Uri: wasm.HTTPWasmCode.URL, + Uri: wasm.Code.ServingURL, HttpUpstreamType: &corev3.HttpUri_Cluster{ - Cluster: uc.name, + Cluster: wasmHTTPServerCluster, }, Timeout: &durationpb.Duration{ Seconds: defaultExtServiceRequestTimeout, }, }, - Sha256: wasm.HTTPWasmCode.SHA256, + Sha256: wasm.Code.SHA256, }, }, }, @@ -170,27 +165,11 @@ func routeContainsWasm(irRoute *ir.HTTPRoute) bool { } // patchResources patches the cluster resources for the http wasm code source. -func (*wasm) patchResources(tCtx *types.ResourceVersionTable, - routes []*ir.HTTPRoute, -) error { - if tCtx == nil || tCtx.XdsResources == nil { - return errors.New("xds resource table is nil") - } - - var err, errs error - for _, route := range routes { - if !routeContainsWasm(route) { - continue - } - - for _, w := range route.Wasms { - if err = addClusterFromURL(w.HTTPWasmCode.URL, tCtx); err != nil { - errs = errors.Join(errs, err) - } - } - } - - return errs +func (*wasm) patchResources(_ *types.ResourceVersionTable, _ []*ir.HTTPRoute) error { + // EG always serves the Wasm module through the built-in HTTP server, which + // has been configured in the bootstrap configuration. So we don't need to + // create a cluster for the Wasm module. + return nil } // patchRoute patches the provided route with the wasm config if applicable. diff --git a/site/content/en/boilerplates/index.md b/site/content/en/boilerplates/index.md new file mode 100644 index 00000000000..dda80adbcbf --- /dev/null +++ b/site/content/en/boilerplates/index.md @@ -0,0 +1,5 @@ +--- +headless: true +--- + +This file tells Hugo that the files in this directory tree shouldn't be rendered as normal pages on the site. diff --git a/site/content/en/boilerplates/o11y_prerequisites.md b/site/content/en/boilerplates/o11y_prerequisites.md new file mode 100644 index 00000000000..fa20e77c43b --- /dev/null +++ b/site/content/en/boilerplates/o11y_prerequisites.md @@ -0,0 +1,13 @@ +--- +--- +Follow the steps from the [Quickstart](../quickstart) to install Envoy Gateway and the example manifest. +Before proceeding, you should be able to query the example backend using HTTP. + +Envoy Gateway provides an add-ons Helm Chart, which includes all the needing components for observability. +By default, the [OpenTelemetry Collector](https://opentelemetry.io/docs/collector/) is disabled. + +Install the add-ons Helm Chart: + +```shell +helm install eg-addons oci://docker.io/envoyproxy/gateway-addons-helm --version v0.0.0-latest --set opentelemetry-collector.enabled=true -n monitoring --create-namespace +``` diff --git a/site/content/en/latest/_index.md b/site/content/en/latest/_index.md index ea08d244d31..92ae8586885 100644 --- a/site/content/en/latest/_index.md +++ b/site/content/en/latest/_index.md @@ -7,12 +7,6 @@ description = "Envoy Gateway Documents" type = "docs" +++ -{{% alert title="Note" color="primary" %}} - -This project is under **active** development. Many features are not complete. We would love for you to [Get Involved](/contributions)! - -{{% /alert %}} - Envoy Gateway is an open source project for managing [Envoy Proxy](https://www.envoyproxy.io/) as a standalone or Kubernetes-based application gateway. [Gateway API](https://gateway-api.sigs.k8s.io/) resources are used to dynamically provision and configure the managed Envoy Proxies. diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 57b24c2b5b9..37a76398121 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -234,7 +234,7 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | -| `name` | _string_ | false | Name is a user-friendly name for the rule. It's just for display purposes. | +| `name` | _string_ | false | Name is a user-friendly name for the rule.
If not specified, Envoy Gateway will generate a unique name for the rule.n | | `action` | _[AuthorizationAction](#authorizationaction)_ | true | Action defines the action to be taken if the rule matches. | | `principal` | _[Principal](#principal)_ | true | Principal specifies the client identity of a request. | @@ -277,6 +277,20 @@ _Appears in:_ +#### BackendConnection + + + +BackendConnection allows users to configure connection-level settings of backend + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `bufferLimit` | _[Quantity](#quantity)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. | + + #### BackendEndpoint @@ -403,18 +417,6 @@ _Appears in:_ | `status` | _[PolicyStatus](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.PolicyStatus)_ | true | status defines the current status of BackendTrafficPolicy. | -#### BackendTrafficPolicyConnection - - - -BackendTrafficPolicyConnection allows users to configure connection-level settings of backend - -_Appears in:_ -- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) - -| Field | Type | Required | Description | -| --- | --- | --- | --- | -| `bufferLimit` | _[Quantity](#quantity)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. | #### BackendTrafficPolicyList @@ -456,7 +458,7 @@ _Appears in:_ | `retry` | _[Retry](#retry)_ | false | Retry provides more advanced usage, allowing users to customize the number of retries, retry fallback strategy, and retry triggering conditions.
If not set, retry will be disabled. | | `useClientProtocol` | _boolean_ | false | UseClientProtocol configures Envoy to prefer sending requests to backends using
the same HTTP protocol that the incoming request used. Defaults to false, which means
that Envoy will use the protocol indicated by the attached BackendRef. | | `timeout` | _[Timeout](#timeout)_ | false | Timeout settings for the backend connections. | -| `connection` | _[BackendTrafficPolicyConnection](#backendtrafficpolicyconnection)_ | false | Connection includes backend connection settings. | +| `connection` | _[BackendConnection](#backendconnection)_ | false | Connection includes backend connection settings. | #### BasicAuth @@ -552,6 +554,21 @@ _Appears in:_ | `claim` | _string_ | true | Claim is the JWT Claim that should be saved into the header : it can be a nested claim of type
(eg. "claim.nested.key", "sub"). The nested claim name must use dot "."
to separate the JSON name path. | +#### ClientConnection + + + +ClientConnection allows users to configure connection-level settings of client + +_Appears in:_ +- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `connectionLimit` | _[ConnectionLimit](#connectionlimit)_ | false | ConnectionLimit defines limits related to connections | +| `bufferLimit` | _[Quantity](#quantity)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. | + + #### ClientIPDetectionSettings @@ -657,7 +674,7 @@ _Appears in:_ | `path` | _[PathSettings](#pathsettings)_ | false | Path enables managing how the incoming path set by clients can be normalized. | | `headers` | _[HeaderSettings](#headersettings)_ | false | HeaderSettings provides configuration for header management. | | `timeout` | _[ClientTimeout](#clienttimeout)_ | false | Timeout settings for the client connections. | -| `connection` | _[Connection](#connection)_ | false | Connection includes client connection settings. | +| `connection` | _[ClientConnection](#clientconnection)_ | false | Connection includes client connection settings. | | `http1` | _[HTTP1Settings](#http1settings)_ | false | HTTP1 provides HTTP/1 configuration on the listener. | | `http2` | _[HTTP2Settings](#http2settings)_ | false | HTTP2 provides HTTP/2 configuration on the listener. | | `http3` | _[HTTP3Settings](#http3settings)_ | false | HTTP3 provides HTTP/3 configuration on the listener. | @@ -709,21 +726,6 @@ _Appears in:_ -#### Connection - - - -Connection allows users to configure connection-level settings - -_Appears in:_ -- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) - -| Field | Type | Required | Description | -| --- | --- | --- | --- | -| `connectionLimit` | _[ConnectionLimit](#connectionlimit)_ | false | ConnectionLimit defines limits related to connections | -| `bufferLimit` | _[Quantity](#quantity)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. | - - #### ConnectionLimit @@ -731,7 +733,7 @@ _Appears in:_ _Appears in:_ -- [Connection](#connection) +- [ClientConnection](#clientconnection) | Field | Type | Required | Description | | --- | --- | --- | --- | @@ -1867,14 +1869,15 @@ _Appears in:_ -HTTPWasmCodeSource defines the HTTP URL containing the wasm code. +HTTPWasmCodeSource defines the HTTP URL containing the Wasm code. _Appears in:_ - [WasmCodeSource](#wasmcodesource) | Field | Type | Required | Description | | --- | --- | --- | --- | -| `url` | _string_ | true | URL is the URL containing the wasm code. | +| `url` | _string_ | true | URL is the URL containing the Wasm code. | +| `sha256` | _string_ | false | SHA256 checksum that will be used to verify the Wasm code.

If not specified, Envoy Gateway will not verify the downloaded Wasm code.
kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` | #### Header @@ -1976,19 +1979,35 @@ _Appears in:_ | `port` | _integer_ | true | Port defines the port of the backend endpoint. | +#### ImagePullPolicy + +_Underlying type:_ _string_ + +ImagePullPolicy defines the policy to use when pulling an OIC image. + +_Appears in:_ +- [WasmCodeSource](#wasmcodesource) + +| Value | Description | +| ----- | ----------- | +| `IfNotPresent` | ImagePullPolicyIfNotPresent will only pull the image if it does not already exist in the EG cache.
| +| `Always` | ImagePullPolicyAlways will pull the image when the EnvoyExtension resource version changes.
Note: EG does not update the Wasm module every time an Envoy proxy requests the Wasm module.
| + + #### ImageWasmCodeSource -ImageWasmCodeSource defines the OCI image containing the wasm code. +ImageWasmCodeSource defines the OCI image containing the Wasm code. _Appears in:_ - [WasmCodeSource](#wasmcodesource) | Field | Type | Required | Description | | --- | --- | --- | --- | -| `url` | _string_ | true | URL is the URL of the OCI image. | -| `pullSecret` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference)_ | true | PullSecretRef is a reference to the secret containing the credentials to pull the image. | +| `url` | _string_ | true | URL is the URL of the OCI image.
URL can be in the format of `registry/image:tag` or `registry/image@sha256:digest`. | +| `sha256` | _string_ | false | SHA256 checksum that will be used to verify the OCI image.

It must match the digest of the OCI image.

If not specified, Envoy Gateway will not verify the downloaded OCI image.
kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` | +| `pullSecretRef` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference)_ | false | PullSecretRef is a reference to the secret containing the credentials to pull the image.
Only support Kubernetes Secret resource from the same namespace. | #### InfrastructureProviderType @@ -2910,7 +2929,7 @@ _Appears in:_ | --- | --- | --- | --- | | `samplingRate` | _integer_ | false | SamplingRate controls the rate at which traffic will be
selected for tracing if no prior sampling decision has been made.
Defaults to 100, valid values [0-100]. 100 indicates 100% sampling. | | `customTags` | _object (keys:string, values:[CustomTag](#customtag))_ | true | CustomTags defines the custom tags to add to each span.
If provider is kubernetes, pod name and namespace are added by default. | -| `provider` | _[TracingProvider](#tracingprovider)_ | true | Provider defines the tracing provider.
Only OpenTelemetry is supported currently. | +| `provider` | _[TracingProvider](#tracingprovider)_ | true | Provider defines the tracing provider. | #### RateLimit @@ -3564,10 +3583,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | -| `type` | _[TracingProviderType](#tracingprovidertype)_ | true | Type defines the tracing provider type.
EG currently only supports OpenTelemetry. | +| `type` | _[TracingProviderType](#tracingprovidertype)_ | true | Type defines the tracing provider type. | | `host` | _string_ | false | Host define the provider service hostname.
Deprecated: Use BackendRefs instead. | | `port` | _integer_ | false | Port defines the port the provider service is exposed on.
Deprecated: Use BackendRefs instead. | | `backendRefs` | _[BackendRef](#backendref) array_ | false | BackendRefs references a Kubernetes object that represents the
backend server to which the trace will be sent.
Only Service kind is supported for now. | +| `zipkin` | _[ZipkinTracingProvider](#zipkintracingprovider)_ | false | Zipkin defines the Zipkin tracing provider configuration | #### TracingProviderType @@ -3583,6 +3603,7 @@ _Appears in:_ | ----- | ----------- | | `OpenTelemetry` | | | `OpenTelemetry` | | +| `Zipkin` | | #### TriggerEnum @@ -3630,7 +3651,7 @@ _Appears in:_ -Wasm defines a wasm extension. +Wasm defines a Wasm extension. Note: at the moment, Envoy Gateway does not support configuring Wasm runtime. @@ -3641,9 +3662,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | -| `name` | _string_ | true | Name is a unique name for this Wasm extension. It is used to identify the
Wasm extension if multiple extensions are handled by the same vm_id and root_id.
It's also used for logging/debugging. | -| `rootID` | _string_ | true | RootID is a unique ID for a set of extensions in a VM which will share a
RootContext and Contexts if applicable (e.g., an Wasm HttpFilter and an Wasm AccessLog).
If left blank, all extensions with a blank root_id with the same vm_id will share Context(s).
RootID must match the root_id parameter used to register the Context in the Wasm code. | -| `code` | _[WasmCodeSource](#wasmcodesource)_ | true | Code is the wasm code for the extension. | +| `name` | _string_ | false | Name is a unique name for this Wasm extension. It is used to identify the
Wasm extension if multiple extensions are handled by the same vm_id and root_id.
It's also used for logging/debugging.
If not specified, EG will generate a unique name for the Wasm extension. | +| `rootID` | _string_ | true | RootID is a unique ID for a set of extensions in a VM which will share a
RootContext and Contexts if applicable (e.g., an Wasm HttpFilter and an Wasm AccessLog).
If left blank, all extensions with a blank root_id with the same vm_id will share Context(s).

Note: RootID must match the root_id parameter used to register the Context in the Wasm code. | +| `code` | _[WasmCodeSource](#wasmcodesource)_ | true | Code is the Wasm code for the extension. | | `config` | _[JSON](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#json-v1-apiextensions-k8s-io)_ | false | Config is the configuration for the Wasm extension.
This configuration will be passed as a JSON string to the Wasm extension. | | `failOpen` | _boolean_ | false | FailOpen is a switch used to control the behavior when a fatal error occurs
during the initialization or the execution of the Wasm extension.
If FailOpen is set to true, the system bypasses the Wasm extension and
allows the traffic to pass through. Otherwise, if it is set to false or
not set (defaulting to false), the system blocks the traffic and returns
an HTTP 5xx error. | @@ -3652,32 +3673,32 @@ _Appears in:_ -WasmCodeSource defines the source of the wasm code. +WasmCodeSource defines the source of the Wasm code. _Appears in:_ - [Wasm](#wasm) | Field | Type | Required | Description | | --- | --- | --- | --- | -| `type` | _[WasmCodeSourceType](#wasmcodesourcetype)_ | true | Type is the type of the source of the wasm code.
Valid WasmCodeSourceType values are "HTTP" or "Image". | -| `http` | _[HTTPWasmCodeSource](#httpwasmcodesource)_ | false | HTTP is the HTTP URL containing the wasm code.

Note that the HTTP server must be accessible from the Envoy proxy. | -| `image` | _[ImageWasmCodeSource](#imagewasmcodesource)_ | false | Image is the OCI image containing the wasm code.

Note that the image must be accessible from the Envoy Gateway. | -| `sha256` | _string_ | true | SHA256 checksum that will be used to verify the wasm code.

kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` | +| `type` | _[WasmCodeSourceType](#wasmcodesourcetype)_ | true | Type is the type of the source of the Wasm code.
Valid WasmCodeSourceType values are "HTTP" or "Image". | +| `http` | _[HTTPWasmCodeSource](#httpwasmcodesource)_ | false | HTTP is the HTTP URL containing the Wasm code.

Note that the HTTP server must be accessible from the Envoy proxy. | +| `image` | _[ImageWasmCodeSource](#imagewasmcodesource)_ | false | Image is the OCI image containing the Wasm code.

Note that the image must be accessible from the Envoy Gateway. | +| `pullPolicy` | _[ImagePullPolicy](#imagepullpolicy)_ | false | PullPolicy is the policy to use when pulling the Wasm module by either the HTTP or Image source.
This field is only applicable when the SHA256 field is not set.

If not specified, the default policy is IfNotPresent except for OCI images whose tag is latest.

Note: EG does not update the Wasm module every time an Envoy proxy requests
the Wasm module even if the pull policy is set to Always.
It only updates the Wasm module when the EnvoyExtension resource version changes. | #### WasmCodeSourceType _Underlying type:_ _string_ -WasmCodeSourceType specifies the types of sources for the wasm code. +WasmCodeSourceType specifies the types of sources for the Wasm code. _Appears in:_ - [WasmCodeSource](#wasmcodesource) | Value | Description | | ----- | ----------- | -| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the wasm code in an HTTP URL.
| -| `Image` | ImageWasmCodeSourceType allows the user to specify the wasm code in an OCI image.
| +| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the Wasm code in an HTTP URL.
| +| `Image` | ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
| #### WithUnderscoresAction @@ -3795,3 +3816,18 @@ _Appears in:_ | `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. | +#### ZipkinTracingProvider + + + +ZipkinTracingProvider defines the Zipkin tracing provider configuration. + +_Appears in:_ +- [TracingProvider](#tracingprovider) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `enable128BitTraceId` | _boolean_ | false | Enable128BitTraceID determines whether a 128bit trace id will be used
when creating a new trace instance. If set to false, a 64bit trace
id will be used. | +| `disableSharedSpanContext` | _boolean_ | false | DisableSharedSpanContext determines whether the default Envoy behaviour of
client and server spans sharing the same span context should be disabled. | + + diff --git a/site/content/en/latest/install/gateway-addons-helm-api.md b/site/content/en/latest/install/gateway-addons-helm-api.md index 4401cc03efe..222121967a6 100644 --- a/site/content/en/latest/install/gateway-addons-helm-api.md +++ b/site/content/en/latest/install/gateway-addons-helm-api.md @@ -27,7 +27,7 @@ An Add-ons Helm chart for Envoy Gateway | https://grafana.github.io/helm-charts | grafana | 8.0.0 | | https://grafana.github.io/helm-charts | loki | 4.8.0 | | https://grafana.github.io/helm-charts | tempo | 1.3.1 | -| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.60.0 | +| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.73.1 | | https://prometheus-community.github.io/helm-charts | prometheus | 25.21.0 | ## Values @@ -58,7 +58,7 @@ An Add-ons Helm chart for Envoy Gateway | grafana.datasources."datasources.yaml".apiVersion | int | `1` | | | grafana.datasources."datasources.yaml".datasources[0].name | string | `"Prometheus"` | | | grafana.datasources."datasources.yaml".datasources[0].type | string | `"prometheus"` | | -| grafana.datasources."datasources.yaml".datasources[0].url | string | `"http://prometheus-server"` | | +| grafana.datasources."datasources.yaml".datasources[0].url | string | `"http://prometheus"` | | | grafana.enabled | bool | `true` | | | grafana.fullnameOverride | string | `"grafana"` | | | grafana.service.type | string | `"LoadBalancer"` | | @@ -73,9 +73,12 @@ An Add-ons Helm chart for Envoy Gateway | loki.loki.memberlist | string | `"loki-memberlist"` | | | loki.loki.rulerConfig.storage.type | string | `"local"` | | | loki.loki.storage.type | string | `"filesystem"` | | -| loki.monitoring.selfMonitoring.grafanaAgent.installOperator | bool | `true` | | +| loki.monitoring.lokiCanary.enabled | bool | `false` | | +| loki.monitoring.selfMonitoring.enabled | bool | `false` | | +| loki.monitoring.selfMonitoring.grafanaAgent.installOperator | bool | `false` | | | loki.read.replicas | int | `0` | | | loki.singleBinary.replicas | int | `1` | | +| loki.test.enabled | bool | `false` | | | loki.write.replicas | int | `0` | | | opentelemetry-collector.config.exporters.logging.verbosity | string | `"detailed"` | | | opentelemetry-collector.config.exporters.loki.endpoint | string | `"http://loki.monitoring.svc:3100/loki/api/v1/push"` | | @@ -104,16 +107,13 @@ An Add-ons Helm chart for Envoy Gateway | prometheus.kube-state-metrics.enabled | bool | `false` | | | prometheus.prometheus-node-exporter.enabled | bool | `false` | | | prometheus.prometheus-pushgateway.enabled | bool | `false` | | -| prometheus.server.fullnameOverride | string | `"prometheus-server"` | | +| prometheus.server.fullnameOverride | string | `"prometheus"` | | | prometheus.server.global.scrape_interval | string | `"15s"` | | | prometheus.server.image.repository | string | `"prom/prometheus"` | | | prometheus.server.persistentVolume.enabled | bool | `false` | | | prometheus.server.readinessProbeInitialDelay | int | `0` | | | prometheus.server.securityContext | object | `{}` | | | prometheus.server.service.type | string | `"LoadBalancer"` | | -| tags.logging | bool | `false` | | -| tags.metrics | bool | `true` | | -| tags.tracing | bool | `false` | | | tempo.enabled | bool | `true` | | | tempo.fullnameOverride | string | `"tempo"` | | | tempo.service.type | string | `"LoadBalancer"` | | diff --git a/site/content/en/latest/install/gateway-helm-api.md b/site/content/en/latest/install/gateway-helm-api.md index e1b68a6ae7a..9f2046a537f 100644 --- a/site/content/en/latest/install/gateway-helm-api.md +++ b/site/content/en/latest/install/gateway-helm-api.md @@ -48,9 +48,12 @@ The Helm chart for Envoy Gateway | deployment.ports[1].name | string | `"ratelimit"` | | | deployment.ports[1].port | int | `18001` | | | deployment.ports[1].targetPort | int | `18001` | | -| deployment.ports[2].name | string | `"metrics"` | | -| deployment.ports[2].port | int | `19001` | | -| deployment.ports[2].targetPort | int | `19001` | | +| deployment.ports[2].name | string | `"wasm"` | | +| deployment.ports[2].port | int | `18002` | | +| deployment.ports[2].targetPort | int | `18002` | | +| deployment.ports[3].name | string | `"metrics"` | | +| deployment.ports[3].port | int | `19001` | | +| deployment.ports[3].targetPort | int | `19001` | | | deployment.replicas | int | `1` | | | global.images.envoyGateway.image | string | `nil` | | | global.images.envoyGateway.pullPolicy | string | `nil` | | diff --git a/site/content/en/latest/tasks/observability/gateway-observability.md b/site/content/en/latest/tasks/observability/gateway-observability.md index 745821e3ddd..6e0040b4f5d 100644 --- a/site/content/en/latest/tasks/observability/gateway-observability.md +++ b/site/content/en/latest/tasks/observability/gateway-observability.md @@ -7,17 +7,7 @@ This task show you how to config gateway control-plane observability, includes m ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) to install Envoy Gateway and the example manifest. -Before proceeding, you should be able to query the example backend using HTTP. - -[OpenTelemetry Collector](https://opentelemetry.io/docs/collector/) offers a vendor-agnostic implementation of how to receive, process and export telemetry data. -Install OTel-Collector: - -```shell -helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts -helm repo update -helm upgrade --install otel-collector open-telemetry/opentelemetry-collector -f https://raw.githubusercontent.com/envoyproxy/gateway/latest/examples/otel-collector/helm-values.yaml -n monitoring --create-namespace --version 0.60.0 -``` +{{< boilerplate o11y_prerequisites >}} ## Metrics diff --git a/site/content/en/latest/tasks/observability/grafana-integration.md b/site/content/en/latest/tasks/observability/grafana-integration.md index f86b382278c..986f8af1986 100644 --- a/site/content/en/latest/tasks/observability/grafana-integration.md +++ b/site/content/en/latest/tasks/observability/grafana-integration.md @@ -7,29 +7,11 @@ This task shows you how to visualise the metrics exposed to Prometheus using Gra ## Prerequisites -Follow the steps from the [Quickstart](../../quickstart) to install Envoy Gateway and the example manifest. -Before proceeding, you should be able to query the example backend using HTTP. +{{< boilerplate o11y_prerequisites >}} Follow the steps from the [Gateway Observability](../gateway-observability) and [Proxy Observability](../proxy-observability#metrics) to enable Prometheus metrics for both Envoy Gateway (Control Plane) and Envoy Proxy (Data Plane). -[Prometheus](https://prometheus.io) is used to scrape metrics from the Envoy Gateway and Envoy Proxy instances. Install Prometheus: - -```shell -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -helm upgrade --install prometheus prometheus-community/prometheus -n monitoring --create-namespace -``` - -[Grafana](https://grafana.com/grafana/) is used to visualise the metrics exposed by the Envoy Gateway and Envoy Proxy instances. -Install Grafana: - -```shell -helm repo add grafana https://grafana.github.io/helm-charts -helm repo update -helm upgrade --install grafana grafana/grafana -f https://raw.githubusercontent.com/envoyproxy/gateway/latest/examples/grafana/helm-values.yaml -n monitoring --create-namespace -``` - Expose endpoints: ```shell @@ -83,6 +65,12 @@ This dashboard example shows the overall stats exported by Envoy Gateway fleet. ![Envoy Gateway Global: Infrastructure Manager](/img/envoy-gateway-global-infra-manager.png) +### [Envoy Gateway Resources](https://raw.githubusercontent.com/envoyproxy/gateway/main/charts/gateway-addons-helm/dashboards/envoy-gateway-resource.json) + +This dashboard example shows the overall resources stats for each Envoy Gateway fleet. + +![Envoy Gateway Resources](/img/envoy-gateway-resources-dashboard.png) + ## Update Dashboards The example dashboards cannot be updated in-place by default, if you are trying to diff --git a/site/content/en/latest/tasks/observability/proxy-observability.md b/site/content/en/latest/tasks/observability/proxy-observability.md index 90cab919325..ea7ba8fdc8f 100644 --- a/site/content/en/latest/tasks/observability/proxy-observability.md +++ b/site/content/en/latest/tasks/observability/proxy-observability.md @@ -7,38 +7,12 @@ This task show you how to config proxy observability, includes metrics, logs, an ## Prerequisites -Follow the steps from the [Quickstart](../quickstart) to install Envoy Gateway and the example manifest. -Before proceeding, you should be able to query the example backend using HTTP. +{{< boilerplate o11y_prerequisites >}} -[FluentBit](https://fluentbit.io/) is used to collect logs from the EnvoyProxy instances and forward them to Loki. Install FluentBit: +By default, the Service type of `loki` is ClusterIP, you can change it to LoadBalancer type for further usage: ```shell -helm repo add fluent https://fluent.github.io/helm-charts -helm repo update -helm upgrade --install fluent-bit fluent/fluent-bit -f https://raw.githubusercontent.com/envoyproxy/gateway/latest/examples/fluent-bit/helm-values.yaml -n monitoring --create-namespace --version 0.30.4 -``` - -[Loki](https://grafana.com/oss/loki/) is used to store logs. Install Loki: - -```shell -kubectl apply -f https://raw.githubusercontent.com/envoyproxy/gateway/latest/examples/loki/loki.yaml -n monitoring -``` - -[Tempo](https://grafana.com/oss/tempo/) is used to store traces. Install Tempo: - -```shell -helm repo add grafana https://grafana.github.io/helm-charts -helm repo update -helm upgrade --install tempo grafana/tempo -f https://raw.githubusercontent.com/envoyproxy/gateway/latest/examples/tempo/helm-values.yaml -n monitoring --create-namespace --version 1.3.1 -``` - -[OpenTelemetry Collector](https://opentelemetry.io/docs/collector/) offers a vendor-agnostic implementation of how to receive, process and export telemetry data. -Install OTel-Collector: - -```shell -helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts -helm repo update -helm upgrade --install otel-collector open-telemetry/opentelemetry-collector -f https://raw.githubusercontent.com/envoyproxy/gateway/latest/examples/otel-collector/helm-values.yaml -n monitoring --create-namespace --version 0.60.0 +kubectl patch service loki -n monitoring -p '{"spec": {"type": "LoadBalancer"}}' ``` Expose endpoints: diff --git a/site/content/en/latest/tasks/observability/rate-limit-observability.md b/site/content/en/latest/tasks/observability/rate-limit-observability.md index 478b85859b9..a0e523d6c8a 100644 --- a/site/content/en/latest/tasks/observability/rate-limit-observability.md +++ b/site/content/en/latest/tasks/observability/rate-limit-observability.md @@ -7,18 +7,9 @@ This guide show you how to config RateLimit observability, includes traces. ## Prerequisites -Follow the steps from the [Quickstart Guide](../quickstart) to install Envoy Gateway and the HTTPRoute example manifest. -Before proceeding, you should be able to query the example backend using HTTP. Follow the steps from the [Global Rate Limit](../traffic/global-rate-limit) to install RateLimit. +{{< boilerplate o11y_prerequisites >}} -[OpenTelemetry Collector](https://opentelemetry.io/docs/collector/) offers a vendor-agnostic implementation of how to receive, process and export telemetry data. - -Install OTel-Collector: - -```shell -helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts -helm repo update -helm upgrade --install otel-collector open-telemetry/opentelemetry-collector -f https://raw.githubusercontent.com/envoyproxy/gateway/latest/examples/otel-collector/helm-values.yaml -n monitoring --create-namespace --version 0.60.0 -``` +Follow the steps from the [Global Rate Limit](../traffic/global-rate-limit) to install RateLimit. ## Traces diff --git a/site/content/en/latest/tasks/quickstart.md b/site/content/en/latest/tasks/quickstart.md index 4f345fa289a..c48fec6f83f 100644 --- a/site/content/en/latest/tasks/quickstart.md +++ b/site/content/en/latest/tasks/quickstart.md @@ -54,7 +54,7 @@ You can also test the same functionality by sending traffic to the External IP. Envoy service, run: ```shell -export GATEWAY_HOST=$(kubectl get svc/${ENVOY_SERVICE} -n envoy-gateway-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}') +export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}') ``` In certain environments, the load balancer may be exposed using a hostname, instead of an IP address. If so, replace diff --git a/site/content/en/latest/tasks/traffic/http-redirect.md b/site/content/en/latest/tasks/traffic/http-redirect.md index 2a41777f80b..b3177e89263 100644 --- a/site/content/en/latest/tasks/traffic/http-redirect.md +++ b/site/content/en/latest/tasks/traffic/http-redirect.md @@ -40,7 +40,6 @@ spec: scheme: https statusCode: 301 hostname: www.example.com - port: 443 EOF ``` @@ -66,7 +65,6 @@ spec: scheme: https statusCode: 301 hostname: www.example.com - port: 443 ``` {{% /tab %}} @@ -342,9 +340,6 @@ spec: type: ReplaceFullPath replaceFullPath: /status/200 statusCode: 302 - backendRefs: - - name: backend - port: 3000 EOF ``` @@ -375,9 +370,6 @@ spec: type: ReplaceFullPath replaceFullPath: /status/200 statusCode: 302 - backendRefs: - - name: backend - port: 3000 ``` {{% /tab %}} diff --git a/site/content/en/v1.0.2/_index.md b/site/content/en/v1.0.2/_index.md index ea08d244d31..92ae8586885 100644 --- a/site/content/en/v1.0.2/_index.md +++ b/site/content/en/v1.0.2/_index.md @@ -7,12 +7,6 @@ description = "Envoy Gateway Documents" type = "docs" +++ -{{% alert title="Note" color="primary" %}} - -This project is under **active** development. Many features are not complete. We would love for you to [Get Involved](/contributions)! - -{{% /alert %}} - Envoy Gateway is an open source project for managing [Envoy Proxy](https://www.envoyproxy.io/) as a standalone or Kubernetes-based application gateway. [Gateway API](https://gateway-api.sigs.k8s.io/) resources are used to dynamically provision and configure the managed Envoy Proxies. diff --git a/site/content/en/v1.0.2/tasks/quickstart.md b/site/content/en/v1.0.2/tasks/quickstart.md index 5cf407d2e39..b898b5e989b 100644 --- a/site/content/en/v1.0.2/tasks/quickstart.md +++ b/site/content/en/v1.0.2/tasks/quickstart.md @@ -4,7 +4,7 @@ weight: 1 description: Get started with Envoy Gateway in a few simple steps. --- -This guide will help you get started with Envoy Gateway in a few simple steps. +This "quick start" will help you get started with Envoy Gateway in a few simple steps. ## Prerequisites @@ -47,42 +47,49 @@ consideration when debugging. ## Testing the Configuration -Get the name of the Envoy service created the by the example Gateway: +{{< tabpane text=true >}} +{{% tab header="With External LoadBalancer Support" %}} -```shell -export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}') -``` - -Port forward to the Envoy service: +You can also test the same functionality by sending traffic to the External IP. To get the external IP of the +Envoy service, run: ```shell -kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 8888:80 & +export GATEWAY_HOST=$(kubectl get gateway/eg -o jsonpath='{.status.addresses[0].value}') ``` +In certain environments, the load balancer may be exposed using a hostname, instead of an IP address. If so, replace +`ip` in the above command with `hostname`. + Curl the example app through Envoy proxy: ```shell -curl --verbose --header "Host: www.example.com" http://localhost:8888/get +curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/get ``` -### External LoadBalancer Support +{{% /tab %}} +{{% tab header="Without LoadBalancer Support" %}} -You can also test the same functionality by sending traffic to the External IP. To get the external IP of the -Envoy service, run: +Get the name of the Envoy service created the by the example Gateway: ```shell -export GATEWAY_HOST=$(kubectl get svc/${ENVOY_SERVICE} -n envoy-gateway-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}') +export ENVOY_SERVICE=$(kubectl get svc -n envoy-gateway-system --selector=gateway.envoyproxy.io/owning-gateway-namespace=default,gateway.envoyproxy.io/owning-gateway-name=eg -o jsonpath='{.items[0].metadata.name}') ``` -In certain environments, the load balancer may be exposed using a hostname, instead of an IP address. If so, replace -`ip` in the above command with `hostname`. +Port forward to the Envoy service: + +```shell +kubectl -n envoy-gateway-system port-forward service/${ENVOY_SERVICE} 8888:80 & +``` Curl the example app through Envoy proxy: ```shell -curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/get +curl --verbose --header "Host: www.example.com" http://localhost:8888/get ``` +{{% /tab %}} +{{< /tabpane >}} + ## What to explore next? In this quickstart, you have: diff --git a/site/content/en/v1.0.2/tasks/traffic/http-redirect.md b/site/content/en/v1.0.2/tasks/traffic/http-redirect.md index aeb4db8a5a2..b3177e89263 100644 --- a/site/content/en/v1.0.2/tasks/traffic/http-redirect.md +++ b/site/content/en/v1.0.2/tasks/traffic/http-redirect.md @@ -19,6 +19,9 @@ Redirects return HTTP 3XX responses to a client, instructing it to retrieve a di For example, to issue a permanent redirect (301) from HTTP to HTTPS, configure `requestRedirect.statusCode=301` and `requestRedirect.scheme="https"`: +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + ```shell cat <}} + __Note:__ `301` (default) and `302` are the only supported statusCodes. The HTTPRoute status should indicate that it has been accepted and is bound to the example Gateway. @@ -69,7 +95,7 @@ $ curl -L -vvv --header "Host: redirect.example" "http://${GATEWAY_HOST}/get" ... ``` -If you followed the steps in the [Secure Gateways](../security/secure-gateways) guide, you should be able to curl the redirect +If you followed the steps in the [Secure Gateways](../security/secure-gateways) task, you should be able to curl the redirect location. ## HTTP --> HTTPS @@ -107,8 +133,11 @@ kubectl create secret tls example-com --key=tls.key --cert=tls.crt Define a https listener on the existing gateway +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + ```shell -cat <}} + Check for any TLS certificate issues on the gateway. ```bash @@ -140,9 +200,11 @@ kubectl -n default describe gateway eg Create two HTTPRoutes and attach them to the HTTP and HTTPS listeners using the [sectionName][] field. +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} ```shell -cat <}} + Curl the example app through http listener: ```bash @@ -203,6 +314,9 @@ curl -v -H 'Host:www.example.com' --resolve "www.example.com:443:$GATEWAY_HOST" Path redirects use an HTTP Path Modifier to replace either entire paths or path prefixes. For example, the HTTPRoute below will issue a 302 redirect to all `path.redirect.example` requests whose path begins with `/get` to `/status/200`. +{{< tabpane text=true >}} +{{% tab header="Apply from stdin" %}} + ```shell cat <}} + The HTTPRoute status should indicate that it has been accepted and is bound to the example Gateway. ```shell diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md index 57b24c2b5b9..37a76398121 100644 --- a/site/content/zh/latest/api/extension_types.md +++ b/site/content/zh/latest/api/extension_types.md @@ -234,7 +234,7 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | -| `name` | _string_ | false | Name is a user-friendly name for the rule. It's just for display purposes. | +| `name` | _string_ | false | Name is a user-friendly name for the rule.
If not specified, Envoy Gateway will generate a unique name for the rule.n | | `action` | _[AuthorizationAction](#authorizationaction)_ | true | Action defines the action to be taken if the rule matches. | | `principal` | _[Principal](#principal)_ | true | Principal specifies the client identity of a request. | @@ -277,6 +277,20 @@ _Appears in:_ +#### BackendConnection + + + +BackendConnection allows users to configure connection-level settings of backend + +_Appears in:_ +- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `bufferLimit` | _[Quantity](#quantity)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. | + + #### BackendEndpoint @@ -403,18 +417,6 @@ _Appears in:_ | `status` | _[PolicyStatus](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.PolicyStatus)_ | true | status defines the current status of BackendTrafficPolicy. | -#### BackendTrafficPolicyConnection - - - -BackendTrafficPolicyConnection allows users to configure connection-level settings of backend - -_Appears in:_ -- [BackendTrafficPolicySpec](#backendtrafficpolicyspec) - -| Field | Type | Required | Description | -| --- | --- | --- | --- | -| `bufferLimit` | _[Quantity](#quantity)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. | #### BackendTrafficPolicyList @@ -456,7 +458,7 @@ _Appears in:_ | `retry` | _[Retry](#retry)_ | false | Retry provides more advanced usage, allowing users to customize the number of retries, retry fallback strategy, and retry triggering conditions.
If not set, retry will be disabled. | | `useClientProtocol` | _boolean_ | false | UseClientProtocol configures Envoy to prefer sending requests to backends using
the same HTTP protocol that the incoming request used. Defaults to false, which means
that Envoy will use the protocol indicated by the attached BackendRef. | | `timeout` | _[Timeout](#timeout)_ | false | Timeout settings for the backend connections. | -| `connection` | _[BackendTrafficPolicyConnection](#backendtrafficpolicyconnection)_ | false | Connection includes backend connection settings. | +| `connection` | _[BackendConnection](#backendconnection)_ | false | Connection includes backend connection settings. | #### BasicAuth @@ -552,6 +554,21 @@ _Appears in:_ | `claim` | _string_ | true | Claim is the JWT Claim that should be saved into the header : it can be a nested claim of type
(eg. "claim.nested.key", "sub"). The nested claim name must use dot "."
to separate the JSON name path. | +#### ClientConnection + + + +ClientConnection allows users to configure connection-level settings of client + +_Appears in:_ +- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `connectionLimit` | _[ConnectionLimit](#connectionlimit)_ | false | ConnectionLimit defines limits related to connections | +| `bufferLimit` | _[Quantity](#quantity)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. | + + #### ClientIPDetectionSettings @@ -657,7 +674,7 @@ _Appears in:_ | `path` | _[PathSettings](#pathsettings)_ | false | Path enables managing how the incoming path set by clients can be normalized. | | `headers` | _[HeaderSettings](#headersettings)_ | false | HeaderSettings provides configuration for header management. | | `timeout` | _[ClientTimeout](#clienttimeout)_ | false | Timeout settings for the client connections. | -| `connection` | _[Connection](#connection)_ | false | Connection includes client connection settings. | +| `connection` | _[ClientConnection](#clientconnection)_ | false | Connection includes client connection settings. | | `http1` | _[HTTP1Settings](#http1settings)_ | false | HTTP1 provides HTTP/1 configuration on the listener. | | `http2` | _[HTTP2Settings](#http2settings)_ | false | HTTP2 provides HTTP/2 configuration on the listener. | | `http3` | _[HTTP3Settings](#http3settings)_ | false | HTTP3 provides HTTP/3 configuration on the listener. | @@ -709,21 +726,6 @@ _Appears in:_ -#### Connection - - - -Connection allows users to configure connection-level settings - -_Appears in:_ -- [ClientTrafficPolicySpec](#clienttrafficpolicyspec) - -| Field | Type | Required | Description | -| --- | --- | --- | --- | -| `connectionLimit` | _[ConnectionLimit](#connectionlimit)_ | false | ConnectionLimit defines limits related to connections | -| `bufferLimit` | _[Quantity](#quantity)_ | false | BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
For example, 20Mi, 1Gi, 256Ki etc.
Note that when the suffix is not provided, the value is interpreted as bytes.
Default: 32768 bytes. | - - #### ConnectionLimit @@ -731,7 +733,7 @@ _Appears in:_ _Appears in:_ -- [Connection](#connection) +- [ClientConnection](#clientconnection) | Field | Type | Required | Description | | --- | --- | --- | --- | @@ -1867,14 +1869,15 @@ _Appears in:_ -HTTPWasmCodeSource defines the HTTP URL containing the wasm code. +HTTPWasmCodeSource defines the HTTP URL containing the Wasm code. _Appears in:_ - [WasmCodeSource](#wasmcodesource) | Field | Type | Required | Description | | --- | --- | --- | --- | -| `url` | _string_ | true | URL is the URL containing the wasm code. | +| `url` | _string_ | true | URL is the URL containing the Wasm code. | +| `sha256` | _string_ | false | SHA256 checksum that will be used to verify the Wasm code.

If not specified, Envoy Gateway will not verify the downloaded Wasm code.
kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` | #### Header @@ -1976,19 +1979,35 @@ _Appears in:_ | `port` | _integer_ | true | Port defines the port of the backend endpoint. | +#### ImagePullPolicy + +_Underlying type:_ _string_ + +ImagePullPolicy defines the policy to use when pulling an OIC image. + +_Appears in:_ +- [WasmCodeSource](#wasmcodesource) + +| Value | Description | +| ----- | ----------- | +| `IfNotPresent` | ImagePullPolicyIfNotPresent will only pull the image if it does not already exist in the EG cache.
| +| `Always` | ImagePullPolicyAlways will pull the image when the EnvoyExtension resource version changes.
Note: EG does not update the Wasm module every time an Envoy proxy requests the Wasm module.
| + + #### ImageWasmCodeSource -ImageWasmCodeSource defines the OCI image containing the wasm code. +ImageWasmCodeSource defines the OCI image containing the Wasm code. _Appears in:_ - [WasmCodeSource](#wasmcodesource) | Field | Type | Required | Description | | --- | --- | --- | --- | -| `url` | _string_ | true | URL is the URL of the OCI image. | -| `pullSecret` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference)_ | true | PullSecretRef is a reference to the secret containing the credentials to pull the image. | +| `url` | _string_ | true | URL is the URL of the OCI image.
URL can be in the format of `registry/image:tag` or `registry/image@sha256:digest`. | +| `sha256` | _string_ | false | SHA256 checksum that will be used to verify the OCI image.

It must match the digest of the OCI image.

If not specified, Envoy Gateway will not verify the downloaded OCI image.
kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` | +| `pullSecretRef` | _[SecretObjectReference](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.SecretObjectReference)_ | false | PullSecretRef is a reference to the secret containing the credentials to pull the image.
Only support Kubernetes Secret resource from the same namespace. | #### InfrastructureProviderType @@ -2910,7 +2929,7 @@ _Appears in:_ | --- | --- | --- | --- | | `samplingRate` | _integer_ | false | SamplingRate controls the rate at which traffic will be
selected for tracing if no prior sampling decision has been made.
Defaults to 100, valid values [0-100]. 100 indicates 100% sampling. | | `customTags` | _object (keys:string, values:[CustomTag](#customtag))_ | true | CustomTags defines the custom tags to add to each span.
If provider is kubernetes, pod name and namespace are added by default. | -| `provider` | _[TracingProvider](#tracingprovider)_ | true | Provider defines the tracing provider.
Only OpenTelemetry is supported currently. | +| `provider` | _[TracingProvider](#tracingprovider)_ | true | Provider defines the tracing provider. | #### RateLimit @@ -3564,10 +3583,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | -| `type` | _[TracingProviderType](#tracingprovidertype)_ | true | Type defines the tracing provider type.
EG currently only supports OpenTelemetry. | +| `type` | _[TracingProviderType](#tracingprovidertype)_ | true | Type defines the tracing provider type. | | `host` | _string_ | false | Host define the provider service hostname.
Deprecated: Use BackendRefs instead. | | `port` | _integer_ | false | Port defines the port the provider service is exposed on.
Deprecated: Use BackendRefs instead. | | `backendRefs` | _[BackendRef](#backendref) array_ | false | BackendRefs references a Kubernetes object that represents the
backend server to which the trace will be sent.
Only Service kind is supported for now. | +| `zipkin` | _[ZipkinTracingProvider](#zipkintracingprovider)_ | false | Zipkin defines the Zipkin tracing provider configuration | #### TracingProviderType @@ -3583,6 +3603,7 @@ _Appears in:_ | ----- | ----------- | | `OpenTelemetry` | | | `OpenTelemetry` | | +| `Zipkin` | | #### TriggerEnum @@ -3630,7 +3651,7 @@ _Appears in:_ -Wasm defines a wasm extension. +Wasm defines a Wasm extension. Note: at the moment, Envoy Gateway does not support configuring Wasm runtime. @@ -3641,9 +3662,9 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | -| `name` | _string_ | true | Name is a unique name for this Wasm extension. It is used to identify the
Wasm extension if multiple extensions are handled by the same vm_id and root_id.
It's also used for logging/debugging. | -| `rootID` | _string_ | true | RootID is a unique ID for a set of extensions in a VM which will share a
RootContext and Contexts if applicable (e.g., an Wasm HttpFilter and an Wasm AccessLog).
If left blank, all extensions with a blank root_id with the same vm_id will share Context(s).
RootID must match the root_id parameter used to register the Context in the Wasm code. | -| `code` | _[WasmCodeSource](#wasmcodesource)_ | true | Code is the wasm code for the extension. | +| `name` | _string_ | false | Name is a unique name for this Wasm extension. It is used to identify the
Wasm extension if multiple extensions are handled by the same vm_id and root_id.
It's also used for logging/debugging.
If not specified, EG will generate a unique name for the Wasm extension. | +| `rootID` | _string_ | true | RootID is a unique ID for a set of extensions in a VM which will share a
RootContext and Contexts if applicable (e.g., an Wasm HttpFilter and an Wasm AccessLog).
If left blank, all extensions with a blank root_id with the same vm_id will share Context(s).

Note: RootID must match the root_id parameter used to register the Context in the Wasm code. | +| `code` | _[WasmCodeSource](#wasmcodesource)_ | true | Code is the Wasm code for the extension. | | `config` | _[JSON](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#json-v1-apiextensions-k8s-io)_ | false | Config is the configuration for the Wasm extension.
This configuration will be passed as a JSON string to the Wasm extension. | | `failOpen` | _boolean_ | false | FailOpen is a switch used to control the behavior when a fatal error occurs
during the initialization or the execution of the Wasm extension.
If FailOpen is set to true, the system bypasses the Wasm extension and
allows the traffic to pass through. Otherwise, if it is set to false or
not set (defaulting to false), the system blocks the traffic and returns
an HTTP 5xx error. | @@ -3652,32 +3673,32 @@ _Appears in:_ -WasmCodeSource defines the source of the wasm code. +WasmCodeSource defines the source of the Wasm code. _Appears in:_ - [Wasm](#wasm) | Field | Type | Required | Description | | --- | --- | --- | --- | -| `type` | _[WasmCodeSourceType](#wasmcodesourcetype)_ | true | Type is the type of the source of the wasm code.
Valid WasmCodeSourceType values are "HTTP" or "Image". | -| `http` | _[HTTPWasmCodeSource](#httpwasmcodesource)_ | false | HTTP is the HTTP URL containing the wasm code.

Note that the HTTP server must be accessible from the Envoy proxy. | -| `image` | _[ImageWasmCodeSource](#imagewasmcodesource)_ | false | Image is the OCI image containing the wasm code.

Note that the image must be accessible from the Envoy Gateway. | -| `sha256` | _string_ | true | SHA256 checksum that will be used to verify the wasm code.

kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` | +| `type` | _[WasmCodeSourceType](#wasmcodesourcetype)_ | true | Type is the type of the source of the Wasm code.
Valid WasmCodeSourceType values are "HTTP" or "Image". | +| `http` | _[HTTPWasmCodeSource](#httpwasmcodesource)_ | false | HTTP is the HTTP URL containing the Wasm code.

Note that the HTTP server must be accessible from the Envoy proxy. | +| `image` | _[ImageWasmCodeSource](#imagewasmcodesource)_ | false | Image is the OCI image containing the Wasm code.

Note that the image must be accessible from the Envoy Gateway. | +| `pullPolicy` | _[ImagePullPolicy](#imagepullpolicy)_ | false | PullPolicy is the policy to use when pulling the Wasm module by either the HTTP or Image source.
This field is only applicable when the SHA256 field is not set.

If not specified, the default policy is IfNotPresent except for OCI images whose tag is latest.

Note: EG does not update the Wasm module every time an Envoy proxy requests
the Wasm module even if the pull policy is set to Always.
It only updates the Wasm module when the EnvoyExtension resource version changes. | #### WasmCodeSourceType _Underlying type:_ _string_ -WasmCodeSourceType specifies the types of sources for the wasm code. +WasmCodeSourceType specifies the types of sources for the Wasm code. _Appears in:_ - [WasmCodeSource](#wasmcodesource) | Value | Description | | ----- | ----------- | -| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the wasm code in an HTTP URL.
| -| `Image` | ImageWasmCodeSourceType allows the user to specify the wasm code in an OCI image.
| +| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the Wasm code in an HTTP URL.
| +| `Image` | ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
| #### WithUnderscoresAction @@ -3795,3 +3816,18 @@ _Appears in:_ | `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. | +#### ZipkinTracingProvider + + + +ZipkinTracingProvider defines the Zipkin tracing provider configuration. + +_Appears in:_ +- [TracingProvider](#tracingprovider) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `enable128BitTraceId` | _boolean_ | false | Enable128BitTraceID determines whether a 128bit trace id will be used
when creating a new trace instance. If set to false, a 64bit trace
id will be used. | +| `disableSharedSpanContext` | _boolean_ | false | DisableSharedSpanContext determines whether the default Envoy behaviour of
client and server spans sharing the same span context should be disabled. | + + diff --git a/site/content/zh/latest/install/gateway-addons-helm-api.md b/site/content/zh/latest/install/gateway-addons-helm-api.md index 4401cc03efe..222121967a6 100644 --- a/site/content/zh/latest/install/gateway-addons-helm-api.md +++ b/site/content/zh/latest/install/gateway-addons-helm-api.md @@ -27,7 +27,7 @@ An Add-ons Helm chart for Envoy Gateway | https://grafana.github.io/helm-charts | grafana | 8.0.0 | | https://grafana.github.io/helm-charts | loki | 4.8.0 | | https://grafana.github.io/helm-charts | tempo | 1.3.1 | -| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.60.0 | +| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.73.1 | | https://prometheus-community.github.io/helm-charts | prometheus | 25.21.0 | ## Values @@ -58,7 +58,7 @@ An Add-ons Helm chart for Envoy Gateway | grafana.datasources."datasources.yaml".apiVersion | int | `1` | | | grafana.datasources."datasources.yaml".datasources[0].name | string | `"Prometheus"` | | | grafana.datasources."datasources.yaml".datasources[0].type | string | `"prometheus"` | | -| grafana.datasources."datasources.yaml".datasources[0].url | string | `"http://prometheus-server"` | | +| grafana.datasources."datasources.yaml".datasources[0].url | string | `"http://prometheus"` | | | grafana.enabled | bool | `true` | | | grafana.fullnameOverride | string | `"grafana"` | | | grafana.service.type | string | `"LoadBalancer"` | | @@ -73,9 +73,12 @@ An Add-ons Helm chart for Envoy Gateway | loki.loki.memberlist | string | `"loki-memberlist"` | | | loki.loki.rulerConfig.storage.type | string | `"local"` | | | loki.loki.storage.type | string | `"filesystem"` | | -| loki.monitoring.selfMonitoring.grafanaAgent.installOperator | bool | `true` | | +| loki.monitoring.lokiCanary.enabled | bool | `false` | | +| loki.monitoring.selfMonitoring.enabled | bool | `false` | | +| loki.monitoring.selfMonitoring.grafanaAgent.installOperator | bool | `false` | | | loki.read.replicas | int | `0` | | | loki.singleBinary.replicas | int | `1` | | +| loki.test.enabled | bool | `false` | | | loki.write.replicas | int | `0` | | | opentelemetry-collector.config.exporters.logging.verbosity | string | `"detailed"` | | | opentelemetry-collector.config.exporters.loki.endpoint | string | `"http://loki.monitoring.svc:3100/loki/api/v1/push"` | | @@ -104,16 +107,13 @@ An Add-ons Helm chart for Envoy Gateway | prometheus.kube-state-metrics.enabled | bool | `false` | | | prometheus.prometheus-node-exporter.enabled | bool | `false` | | | prometheus.prometheus-pushgateway.enabled | bool | `false` | | -| prometheus.server.fullnameOverride | string | `"prometheus-server"` | | +| prometheus.server.fullnameOverride | string | `"prometheus"` | | | prometheus.server.global.scrape_interval | string | `"15s"` | | | prometheus.server.image.repository | string | `"prom/prometheus"` | | | prometheus.server.persistentVolume.enabled | bool | `false` | | | prometheus.server.readinessProbeInitialDelay | int | `0` | | | prometheus.server.securityContext | object | `{}` | | | prometheus.server.service.type | string | `"LoadBalancer"` | | -| tags.logging | bool | `false` | | -| tags.metrics | bool | `true` | | -| tags.tracing | bool | `false` | | | tempo.enabled | bool | `true` | | | tempo.fullnameOverride | string | `"tempo"` | | | tempo.service.type | string | `"LoadBalancer"` | | diff --git a/site/content/zh/latest/install/gateway-helm-api.md b/site/content/zh/latest/install/gateway-helm-api.md index e1b68a6ae7a..9f2046a537f 100644 --- a/site/content/zh/latest/install/gateway-helm-api.md +++ b/site/content/zh/latest/install/gateway-helm-api.md @@ -48,9 +48,12 @@ The Helm chart for Envoy Gateway | deployment.ports[1].name | string | `"ratelimit"` | | | deployment.ports[1].port | int | `18001` | | | deployment.ports[1].targetPort | int | `18001` | | -| deployment.ports[2].name | string | `"metrics"` | | -| deployment.ports[2].port | int | `19001` | | -| deployment.ports[2].targetPort | int | `19001` | | +| deployment.ports[2].name | string | `"wasm"` | | +| deployment.ports[2].port | int | `18002` | | +| deployment.ports[2].targetPort | int | `18002` | | +| deployment.ports[3].name | string | `"metrics"` | | +| deployment.ports[3].port | int | `19001` | | +| deployment.ports[3].targetPort | int | `19001` | | | deployment.replicas | int | `1` | | | global.images.envoyGateway.image | string | `nil` | | | global.images.envoyGateway.pullPolicy | string | `nil` | | diff --git a/site/go.mod b/site/go.mod index 6b54e56af72..85d2a6a4a0b 100644 --- a/site/go.mod +++ b/site/go.mod @@ -3,7 +3,8 @@ module github.com/google/docsy-example go 1.22.4 require ( - github.com/FortAwesome/Font-Awesome v0.0.0-20230327165841-0698449d50f2 // indirect - github.com/google/docsy v0.7.1 // indirect - github.com/twbs/bootstrap v5.2.3+incompatible // indirect + github.com/FortAwesome/Font-Awesome v0.0.0-20240402185447-c0f460dca7f7 // indirect + github.com/google/docsy v0.10.0 // indirect + github.com/google/docsy/dependencies v0.7.2 // indirect + github.com/twbs/bootstrap v5.3.3+incompatible // indirect ) diff --git a/site/go.sum b/site/go.sum index e1d4ad4df70..0db3acceffe 100644 --- a/site/go.sum +++ b/site/go.sum @@ -4,6 +4,8 @@ github.com/FortAwesome/Font-Awesome v0.0.0-20221115183454-96cafbd73ec4 h1:xfr9Si github.com/FortAwesome/Font-Awesome v0.0.0-20221115183454-96cafbd73ec4/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo= github.com/FortAwesome/Font-Awesome v0.0.0-20230327165841-0698449d50f2 h1:Uv1z5EqCfmiK4IHUwT0m3h/u/WCk+kpRfxvAZhpC7Gc= github.com/FortAwesome/Font-Awesome v0.0.0-20230327165841-0698449d50f2/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo= +github.com/FortAwesome/Font-Awesome v0.0.0-20240402185447-c0f460dca7f7 h1:2aWEKCRLqQ9nPyXaz4/IYtRrDr3PzEiX0DUSUr2/EDs= +github.com/FortAwesome/Font-Awesome v0.0.0-20240402185447-c0f460dca7f7/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo= github.com/google/docsy v0.5.1 h1:D/ZdFKiE29xM/gwPwQzmkyXhcbQGkReRS6aGrF7lnYk= github.com/google/docsy v0.5.1/go.mod h1:maoUAQU5H/d+FrZIB4xg1EVWAx7RyFMGSDJyWghm31E= github.com/google/docsy v0.6.0 h1:43bVF18t2JihAamelQjjGzx1vO2ljCilVrBgetCA8oI= @@ -12,11 +14,17 @@ github.com/google/docsy v0.7.0 h1:JaeZ0/KufX/BJ3SyATb/fmZa1DFI7o5d9KU+i6+lLJY= github.com/google/docsy v0.7.0/go.mod h1:5WhIFchr5BfH6agjcInhpLRz7U7map0bcmKSpcrg6BE= github.com/google/docsy v0.7.1 h1:DUriA7Nr3lJjNi9Ulev1SfiG1sUYmvyDeU4nTp7uDxY= github.com/google/docsy v0.7.1/go.mod h1:JCmE+c+izhE0Rvzv3y+AzHhz1KdwlA9Oj5YBMklJcfc= +github.com/google/docsy v0.10.0 h1:6tMDacPwAyRWNCfvsn/9qGOZDQ8b0aRzjRZvnZPY5dg= +github.com/google/docsy v0.10.0/go.mod h1:c0nIAqmRTOuJ01F85U/wJPQtc3Zj9N58Kea9bOT2AJc= github.com/google/docsy/dependencies v0.5.1/go.mod h1:EDGc2znMbGUw0RW5kWwy2oGgLt0iVXBmoq4UOqstuNE= github.com/google/docsy/dependencies v0.6.0/go.mod h1:EDGc2znMbGUw0RW5kWwy2oGgLt0iVXBmoq4UOqstuNE= github.com/google/docsy/dependencies v0.7.0/go.mod h1:gihhs5gmgeO+wuoay4FwOzob+jYJVyQbNaQOh788lD4= github.com/google/docsy/dependencies v0.7.1/go.mod h1:gihhs5gmgeO+wuoay4FwOzob+jYJVyQbNaQOh788lD4= +github.com/google/docsy/dependencies v0.7.2 h1:+t5ufoADQAj4XneFphz4A+UU0ICAxmNaRHVWtMYXPSI= +github.com/google/docsy/dependencies v0.7.2/go.mod h1:gihhs5gmgeO+wuoay4FwOzob+jYJVyQbNaQOh788lD4= github.com/twbs/bootstrap v4.6.2+incompatible h1:TDa+R51BTiy1wEHSYjmqDb8LxNl/zaEjAOpRE9Hwh/o= github.com/twbs/bootstrap v4.6.2+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0= github.com/twbs/bootstrap v5.2.3+incompatible h1:lOmsJx587qfF7/gE7Vv4FxEofegyJlEACeVV+Mt7cgc= github.com/twbs/bootstrap v5.2.3+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0= +github.com/twbs/bootstrap v5.3.3+incompatible h1:goFoqinzdHfkeegpFP7pvhbd0g+A3O2hbU3XCjuNrEQ= +github.com/twbs/bootstrap v5.3.3+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0= diff --git a/site/layouts/shortcodes/boilerplate.html b/site/layouts/shortcodes/boilerplate.html new file mode 100644 index 00000000000..96b939e9fc2 --- /dev/null +++ b/site/layouts/shortcodes/boilerplate.html @@ -0,0 +1,21 @@ +{{- /* This will try to find a resource in the "boilerplates" top-level content directory */ -}} +{{- $name := .Get 0 -}} +{{- $position := .Position }} + +{{- if $name -}} + {{- $bundle := .Page.GetPage "/boilerplates" -}} + {{- with $bundle -}} + {{- $name := printf "%s.md" $name -}} + {{- $pattern := printf "%s*" $name -}} + {{- $resource := $bundle.Resources.GetMatch $pattern -}} + {{- with $resource -}} + {{- .Content | markdownify -}} + {{- else -}} + {{- errorf "Could not find boilerplate '%s' (%s)" $name $position -}} + {{- end -}} + {{- else -}} + {{- errorf "'boilerplates' directory was not found (%s)" $position -}} + {{- end -}} +{{- else -}} + {{- errorf "Missing name in boilerplate (%s)" $position -}} +{{- end -}} diff --git a/site/static/img/envoy-gateway-resources-dashboard.png b/site/static/img/envoy-gateway-resources-dashboard.png new file mode 100644 index 00000000000..8b7128658bb Binary files /dev/null and b/site/static/img/envoy-gateway-resources-dashboard.png differ diff --git a/test/benchmark/benchmark_report.md b/test/benchmark/benchmark_report.md new file mode 100644 index 00000000000..4d6d57da1a0 --- /dev/null +++ b/test/benchmark/benchmark_report.md @@ -0,0 +1,925 @@ +# Benchmark Report + +Benchmark test settings: + +|RPS |Connections|Duration (Seconds)|CPU Limits (m)|Memory Limits (MiB)| +|- |- |- |- |- | +|1000|100 |90 |1000 |2048 | + +## Test: ScaleHTTPRoute + +Fixed one Gateway and different scales of HTTPRoutes. + + +### Results + +Click to see the full results. + + +
+scale-up-httproutes-10 + +```plaintext +[2024-06-25 14:23:36.545][1][warning][misc] [external/envoy/source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. +[14:23:36.545677][1][I] Detected 4 (v)CPUs with affinity.. +[14:23:36.545689][1][I] Starting 4 threads / event loops. Time limit: 90 seconds. +[14:23:36.545691][1][I] Global targets: 400 connections and 4000 calls per second. +[14:23:36.545692][1][I] (Per-worker targets: 100 connections and 1000 calls per second) +[14:25:07.247563][19][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9998444444686 per second.) +[14:25:07.248019][20][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9975333394178 per second.) +[14:25:07.248086][22][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.999577777956 per second.) +[14:25:07.248380][24][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9990666675377 per second.) +[14:25:07.818186][1][I] Done. +Nighthawk - A layer 7 protocol benchmarking tool. + +benchmark_http_client.latency_2xx (359802 samples) + min: 0s 000ms 290us | mean: 0s 000ms 544us | max: 0s 062ms 072us | pstdev: 0s 000ms 863us + + Percentile Count Value + 0.5 179926 0s 000ms 448us + 0.75 269854 0s 000ms 530us + 0.8 287861 0s 000ms 552us + 0.9 323828 0s 000ms 684us + 0.95 341812 0s 000ms 793us + 0.990625 356429 0s 001ms 863us + 0.99902344 359451 0s 009ms 407us + +Queueing and connection setup latency (359802 samples) + min: 0s 000ms 002us | mean: 0s 000ms 011us | max: 0s 023ms 417us | pstdev: 0s 000ms 100us + + Percentile Count Value + 0.5 179902 0s 000ms 010us + 0.75 269909 0s 000ms 010us + 0.8 288003 0s 000ms 011us + 0.9 323850 0s 000ms 011us + 0.95 341822 0s 000ms 012us + 0.990625 356429 0s 000ms 029us + 0.99902344 359451 0s 000ms 170us + +Request start to response end (359802 samples) + min: 0s 000ms 289us | mean: 0s 000ms 543us | max: 0s 062ms 072us | pstdev: 0s 000ms 863us + + Percentile Count Value + 0.5 179915 0s 000ms 448us + 0.75 269861 0s 000ms 530us + 0.8 287848 0s 000ms 552us + 0.9 323824 0s 000ms 683us + 0.95 341813 0s 000ms 792us + 0.990625 356429 0s 001ms 862us + 0.99902344 359451 0s 009ms 406us + +Response body size in bytes (359802 samples) + min: 10 | mean: 10 | max: 10 | pstdev: 0 + +Response header size in bytes (359802 samples) + min: 110 | mean: 110 | max: 110 | pstdev: 0 + +Blocking. Results are skewed when significant numbers are reported here. (2 samples) + min: 0s 000ms 901us | mean: 0s 001ms 551us | max: 0s 002ms 202us | pstdev: 0s 000ms 650us + + Percentile Count Value + 0.5 1 0s 000ms 901us + +Initiation to completion (360000 samples) + min: 0s 000ms 006us | mean: 0s 000ms 562us | max: 0s 062ms 310us | pstdev: 0s 000ms 883us + + Percentile Count Value + 0.5 180016 0s 000ms 465us + 0.75 270003 0s 000ms 547us + 0.8 288024 0s 000ms 570us + 0.9 324002 0s 000ms 702us + 0.95 342002 0s 000ms 815us + 0.990625 356625 0s 001ms 912us + 0.99902344 359649 0s 009ms 617us + +Counter Value Per second +benchmark.http_2xx 359802 3997.80 +benchmark.pool_overflow 198 2.20 +cluster_manager.cluster_added 4 0.04 +default.total_match_count 4 0.04 +membership_change 4 0.04 +runtime.load_success 1 0.01 +runtime.override_dir_not_exists 1 0.01 +upstream_cx_http1_total 108 1.20 +upstream_cx_rx_bytes_total 56488914 627653.97 +upstream_cx_total 108 1.20 +upstream_cx_tx_bytes_total 15471486 171905.23 +upstream_rq_pending_overflow 198 2.20 +upstream_rq_pending_total 108 1.20 +upstream_rq_total 359802 3997.80 + + +``` + +
+ +
+scale-up-httproutes-50 + +```plaintext +[2024-06-25 14:25:18.533][1][warning][misc] [external/envoy/source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. +[14:25:18.533824][1][I] Detected 4 (v)CPUs with affinity.. +[14:25:18.533833][1][I] Starting 4 threads / event loops. Time limit: 90 seconds. +[14:25:18.533836][1][I] Global targets: 400 connections and 4000 calls per second. +[14:25:18.533837][1][I] (Per-worker targets: 100 connections and 1000 calls per second) +[14:26:49.235731][18][I] Stopping after 89999 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 1000.0000222222228 per second.) +[14:26:49.235977][19][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 1000 per second.) +[14:26:49.236240][21][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 89999. (Completion rate was 999.9888111119815 per second.) +[14:26:49.236565][23][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 89999. (Completion rate was 999.9879333448638 per second.) +[14:26:54.772502][21][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +Nighthawk - A layer 7 protocol benchmarking tool. + +benchmark_http_client.latency_2xx (359912 samples) + min: 0s 000ms 303us | mean: 0s 000ms 508us | max: 0s 031ms 259us | pstdev: 0s 000ms 449us + + Percentile Count Value + 0.5 179967 0s 000ms 437us + 0.75 269938 0s 000ms 509us + 0.8 287950 0s 000ms 533us + 0.9 323925 0s 000ms 643us + 0.95 341919 0s 000ms 735us + 0.990625 356538 0s 001ms 526us + 0.99902344 359561 0s 006ms 589us + +Queueing and connection setup latency (359914 samples) + min: 0s 000ms 001us | mean: 0s 000ms 011us | max: 0s 023ms 449us | pstdev: 0s 000ms 080us + + Percentile Count Value + 0.5 180198 0s 000ms 010us + 0.75 270795 0s 000ms 011us + 0.8 288165 0s 000ms 011us + 0.9 324019 0s 000ms 011us + 0.95 341989 0s 000ms 011us + 0.990625 356540 0s 000ms 025us + 0.99902344 359564 0s 000ms 159us + +Request start to response end (359912 samples) + min: 0s 000ms 302us | mean: 0s 000ms 508us | max: 0s 031ms 258us | pstdev: 0s 000ms 448us + + Percentile Count Value + 0.5 179970 0s 000ms 437us + 0.75 269934 0s 000ms 509us + 0.8 287943 0s 000ms 533us + 0.9 323921 0s 000ms 643us + 0.95 341917 0s 000ms 735us + 0.990625 356538 0s 001ms 525us + 0.99902344 359561 0s 006ms 589us + +Response body size in bytes (359912 samples) + min: 10 | mean: 10 | max: 10 | pstdev: 0 + +Response header size in bytes (359912 samples) + min: 110 | mean: 110 | max: 110 | pstdev: 0 + +Initiation to completion (359998 samples) + min: 0s 000ms 006us | mean: 0s 000ms 525us | max: 0s 032ms 263us | pstdev: 0s 000ms 461us + + Percentile Count Value + 0.5 180024 0s 000ms 453us + 0.75 270017 0s 000ms 526us + 0.8 288004 0s 000ms 550us + 0.9 323999 0s 000ms 663us + 0.95 341999 0s 000ms 753us + 0.990625 356624 0s 001ms 571us + 0.99902344 359647 0s 006ms 655us + +Counter Value Per second +benchmark.http_2xx 359912 3999.02 +benchmark.pool_overflow 86 0.96 +cluster_manager.cluster_added 4 0.04 +default.total_match_count 4 0.04 +membership_change 4 0.04 +runtime.load_success 1 0.01 +runtime.override_dir_not_exists 1 0.01 +upstream_cx_http1_total 61 0.68 +upstream_cx_rx_bytes_total 56506184 627846.33 +upstream_cx_total 61 0.68 +upstream_cx_tx_bytes_total 15476302 171958.87 +upstream_rq_pending_overflow 86 0.96 +upstream_rq_pending_total 61 0.68 +upstream_rq_total 359914 3999.04 + +[14:26:59.773726][23][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +[14:26:59.775576][1][I] Done. + +``` + +
+ +
+scale-up-httproutes-100 + +```plaintext +[2024-06-25 14:27:18.024][1][warning][misc] [external/envoy/source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. +[14:27:18.024969][1][I] Detected 4 (v)CPUs with affinity.. +[14:27:18.024981][1][I] Starting 4 threads / event loops. Time limit: 90 seconds. +[14:27:18.024984][1][I] Global targets: 400 connections and 4000 calls per second. +[14:27:18.024985][1][I] (Per-worker targets: 100 connections and 1000 calls per second) +[14:28:48.726723][18][I] Stopping after 89999 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 1000.0000111111112 per second.) +[14:28:48.726970][19][I] Stopping after 89999 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 1000.0000222222228 per second.) +[14:28:48.727250][21][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 89999. (Completion rate was 999.9885555593705 per second.) +[14:28:48.727579][23][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 89999. (Completion rate was 999.9878444571402 per second.) +[14:28:54.260999][21][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +Nighthawk - A layer 7 protocol benchmarking tool. + +benchmark_http_client.latency_2xx (359869 samples) + min: 0s 000ms 301us | mean: 0s 000ms 514us | max: 0s 029ms 035us | pstdev: 0s 000ms 431us + + Percentile Count Value + 0.5 179965 0s 000ms 444us + 0.75 269904 0s 000ms 518us + 0.8 287910 0s 000ms 540us + 0.9 323888 0s 000ms 641us + 0.95 341879 0s 000ms 744us + 0.990625 356497 0s 001ms 522us + 0.99902344 359518 0s 006ms 553us + +Queueing and connection setup latency (359871 samples) + min: 0s 000ms 001us | mean: 0s 000ms 011us | max: 0s 027ms 366us | pstdev: 0s 000ms 058us + + Percentile Count Value + 0.5 179998 0s 000ms 010us + 0.75 271128 0s 000ms 011us + 0.8 288699 0s 000ms 011us + 0.9 324073 0s 000ms 011us + 0.95 341895 0s 000ms 012us + 0.990625 356498 0s 000ms 029us + 0.99902344 359520 0s 000ms 166us + +Request start to response end (359869 samples) + min: 0s 000ms 301us | mean: 0s 000ms 513us | max: 0s 029ms 035us | pstdev: 0s 000ms 431us + + Percentile Count Value + 0.5 179935 0s 000ms 444us + 0.75 269906 0s 000ms 517us + 0.8 287896 0s 000ms 539us + 0.9 323883 0s 000ms 641us + 0.95 341876 0s 000ms 743us + 0.990625 356496 0s 001ms 521us + 0.99902344 359518 0s 006ms 552us + +Response body size in bytes (359869 samples) + min: 10 | mean: 10 | max: 10 | pstdev: 0 + +Response header size in bytes (359869 samples) + min: 110 | mean: 110 | max: 110 | pstdev: 0 + +Initiation to completion (359998 samples) + min: 0s 000ms 007us | mean: 0s 000ms 532us | max: 0s 029ms 055us | pstdev: 0s 000ms 451us + + Percentile Count Value + 0.5 180023 0s 000ms 461us + 0.75 270008 0s 000ms 535us + 0.8 288030 0s 000ms 557us + 0.9 324004 0s 000ms 661us + 0.95 341999 0s 000ms 763us + 0.990625 356624 0s 001ms 570us + 0.99902344 359647 0s 007ms 023us + +Counter Value Per second +benchmark.http_2xx 359869 3998.54 +benchmark.pool_overflow 129 1.43 +cluster_manager.cluster_added 4 0.04 +default.total_match_count 4 0.04 +membership_change 4 0.04 +runtime.load_success 1 0.01 +runtime.override_dir_not_exists 1 0.01 +upstream_cx_http1_total 63 0.70 +upstream_cx_rx_bytes_total 56499433 627771.26 +upstream_cx_total 63 0.70 +upstream_cx_tx_bytes_total 15474453 171938.31 +upstream_rq_pending_overflow 129 1.43 +upstream_rq_pending_total 63 0.70 +upstream_rq_total 359871 3998.57 + +[14:28:59.262084][23][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +[14:28:59.263795][1][I] Done. + +``` + +
+ +
+scale-up-httproutes-300 + +```plaintext +[2024-06-25 14:32:23.491][1][warning][misc] [external/envoy/source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. +[14:32:23.491963][1][I] Detected 4 (v)CPUs with affinity.. +[14:32:23.491978][1][I] Starting 4 threads / event loops. Time limit: 90 seconds. +[14:32:23.491980][1][I] Global targets: 400 connections and 4000 calls per second. +[14:32:23.491981][1][I] (Per-worker targets: 100 connections and 1000 calls per second) +[14:33:54.193887][18][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9999888888891 per second.) +[14:33:54.194133][19][I] Stopping after 89999 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 1000.0000222222228 per second.) +[14:33:54.194387][21][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9999888888891 per second.) +[14:33:54.194633][23][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 1000 per second.) +[14:33:54.712898][1][I] Done. +Nighthawk - A layer 7 protocol benchmarking tool. + +benchmark_http_client.latency_2xx (359845 samples) + min: 0s 000ms 302us | mean: 0s 000ms 507us | max: 0s 019ms 987us | pstdev: 0s 000ms 380us + + Percentile Count Value + 0.5 179931 0s 000ms 440us + 0.75 269886 0s 000ms 512us + 0.8 287876 0s 000ms 533us + 0.9 323864 0s 000ms 637us + 0.95 341854 0s 000ms 734us + 0.990625 356472 0s 001ms 469us + 0.99902344 359494 0s 006ms 259us + +Queueing and connection setup latency (359845 samples) + min: 0s 000ms 001us | mean: 0s 000ms 011us | max: 0s 017ms 634us | pstdev: 0s 000ms 043us + + Percentile Count Value + 0.5 180160 0s 000ms 010us + 0.75 270791 0s 000ms 010us + 0.8 287918 0s 000ms 011us + 0.9 324365 0s 000ms 011us + 0.95 341940 0s 000ms 011us + 0.990625 356473 0s 000ms 027us + 0.99902344 359494 0s 000ms 167us + +Request start to response end (359845 samples) + min: 0s 000ms 302us | mean: 0s 000ms 506us | max: 0s 019ms 987us | pstdev: 0s 000ms 380us + + Percentile Count Value + 0.5 179923 0s 000ms 440us + 0.75 269893 0s 000ms 511us + 0.8 287905 0s 000ms 533us + 0.9 323861 0s 000ms 636us + 0.95 341854 0s 000ms 733us + 0.990625 356472 0s 001ms 468us + 0.99902344 359494 0s 006ms 259us + +Response body size in bytes (359845 samples) + min: 10 | mean: 10 | max: 10 | pstdev: 0 + +Response header size in bytes (359845 samples) + min: 110 | mean: 110 | max: 110 | pstdev: 0 + +Initiation to completion (360000 samples) + min: 0s 000ms 007us | mean: 0s 000ms 525us | max: 0s 020ms 035us | pstdev: 0s 000ms 409us + + Percentile Count Value + 0.5 180011 0s 000ms 456us + 0.75 270028 0s 000ms 529us + 0.8 288004 0s 000ms 550us + 0.9 324006 0s 000ms 656us + 0.95 342005 0s 000ms 751us + 0.990625 356625 0s 001ms 525us + 0.99902344 359649 0s 006ms 569us + +Counter Value Per second +benchmark.http_2xx 359845 3998.28 +benchmark.pool_overflow 155 1.72 +cluster_manager.cluster_added 4 0.04 +default.total_match_count 4 0.04 +membership_change 4 0.04 +runtime.load_success 1 0.01 +runtime.override_dir_not_exists 1 0.01 +upstream_cx_http1_total 62 0.69 +upstream_cx_rx_bytes_total 56495665 627729.61 +upstream_cx_total 62 0.69 +upstream_cx_tx_bytes_total 15473335 171925.94 +upstream_rq_pending_overflow 155 1.72 +upstream_rq_pending_total 62 0.69 +upstream_rq_total 359845 3998.28 + + +``` + +
+ +
+scale-up-httproutes-500 + +```plaintext +[2024-06-25 14:38:43.691][1][warning][misc] [external/envoy/source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. +[14:38:43.691938][1][I] Detected 4 (v)CPUs with affinity.. +[14:38:43.691951][1][I] Starting 4 threads / event loops. Time limit: 90 seconds. +[14:38:43.691953][1][I] Global targets: 400 connections and 4000 calls per second. +[14:38:43.691954][1][I] (Per-worker targets: 100 connections and 1000 calls per second) +[14:40:14.393764][18][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 89999. (Completion rate was 999.9885666703507 per second.) +[14:40:14.393981][19][I] Stopping after 89999 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 1000.0000555555587 per second.) +[14:40:14.394312][21][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9992666672044 per second.) +[14:40:14.394484][23][I] Stopping after 89999 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 1000.0000333333344 per second.) +[14:40:19.954533][18][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +Nighthawk - A layer 7 protocol benchmarking tool. + +benchmark_http_client.latency_2xx (359743 samples) + min: 0s 000ms 311us | mean: 0s 000ms 566us | max: 0s 064ms 673us | pstdev: 0s 001ms 003us + + Percentile Count Value + 0.5 179890 0s 000ms 441us + 0.75 269813 0s 000ms 519us + 0.8 287802 0s 000ms 544us + 0.9 323771 0s 000ms 684us + 0.95 341757 0s 000ms 790us + 0.990625 356372 0s 002ms 465us + 0.99902344 359392 0s 016ms 404us + +Queueing and connection setup latency (359744 samples) + min: 0s 000ms 001us | mean: 0s 000ms 011us | max: 0s 040ms 116us | pstdev: 0s 000ms 093us + + Percentile Count Value + 0.5 180015 0s 000ms 010us + 0.75 269817 0s 000ms 011us + 0.8 288758 0s 000ms 011us + 0.9 324218 0s 000ms 011us + 0.95 341791 0s 000ms 012us + 0.990625 356372 0s 000ms 029us + 0.99902344 359393 0s 000ms 172us + +Request start to response end (359743 samples) + min: 0s 000ms 311us | mean: 0s 000ms 566us | max: 0s 064ms 673us | pstdev: 0s 001ms 003us + + Percentile Count Value + 0.5 179874 0s 000ms 441us + 0.75 269820 0s 000ms 519us + 0.8 287800 0s 000ms 544us + 0.9 323772 0s 000ms 684us + 0.95 341758 0s 000ms 790us + 0.990625 356372 0s 002ms 464us + 0.99902344 359392 0s 016ms 404us + +Response body size in bytes (359743 samples) + min: 10 | mean: 10 | max: 10 | pstdev: 0 + +Response header size in bytes (359743 samples) + min: 110 | mean: 110 | max: 110 | pstdev: 0 + +Blocking. Results are skewed when significant numbers are reported here. (1 samples) + min: 0s 001ms 331us | mean: 0s 001ms 331us | max: 0s 001ms 331us | pstdev: 0s 000ms 000us + +Initiation to completion (359999 samples) + min: 0s 000ms 005us | mean: 0s 000ms 593us | max: 0s 064ms 710us | pstdev: 0s 001ms 145us + + Percentile Count Value + 0.5 180029 0s 000ms 458us + 0.75 270014 0s 000ms 537us + 0.8 288011 0s 000ms 562us + 0.9 324008 0s 000ms 703us + 0.95 342000 0s 000ms 813us + 0.990625 356625 0s 002ms 640us + 0.99902344 359648 0s 018ms 319us + +Counter Value Per second +benchmark.http_2xx 359743 3997.14 +benchmark.pool_overflow 256 2.84 +cluster_manager.cluster_added 4 0.04 +default.total_match_count 4 0.04 +membership_change 4 0.04 +runtime.load_success 1 0.01 +runtime.override_dir_not_exists 1 0.01 +upstream_cx_http1_total 96 1.07 +upstream_cx_rx_bytes_total 56479651 627551.52 +upstream_cx_total 96 1.07 +upstream_cx_tx_bytes_total 15468992 171877.65 +upstream_rq_pending_overflow 256 2.84 +upstream_rq_pending_total 96 1.07 +upstream_rq_total 359744 3997.15 + +[14:40:19.962562][1][I] Done. + +``` + +
+ +
+scale-down-httproutes-300 + +```plaintext +[2024-06-25 14:40:47.629][1][warning][misc] [external/envoy/source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. +[14:40:47.629688][1][I] Detected 4 (v)CPUs with affinity.. +[14:40:47.629700][1][I] Starting 4 threads / event loops. Time limit: 90 seconds. +[14:40:47.629703][1][I] Global targets: 400 connections and 4000 calls per second. +[14:40:47.629704][1][I] (Per-worker targets: 100 connections and 1000 calls per second) +[14:42:18.331523][18][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9990222231783 per second.) +[14:42:18.331681][19][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9999777777783 per second.) +[14:42:18.331935][21][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 89999. (Completion rate was 999.988855555927 per second.) +[14:42:18.332255][23][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.999166667361 per second.) +[14:42:23.961708][21][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +Nighthawk - A layer 7 protocol benchmarking tool. + +benchmark_http_client.latency_2xx (359722 samples) + min: 0s 000ms 303us | mean: 0s 001ms 203us | max: 0s 121ms 311us | pstdev: 0s 006ms 029us + + Percentile Count Value + 0.5 179885 0s 000ms 456us + 0.75 269810 0s 000ms 543us + 0.8 287781 0s 000ms 570us + 0.9 323750 0s 000ms 749us + 0.95 341736 0s 001ms 344us + 0.990625 356350 0s 016ms 743us + 0.99902344 359371 0s 083ms 783us + +Queueing and connection setup latency (359723 samples) + min: 0s 000ms 001us | mean: 0s 000ms 012us | max: 0s 041ms 897us | pstdev: 0s 000ms 131us + + Percentile Count Value + 0.5 179921 0s 000ms 010us + 0.75 270953 0s 000ms 011us + 0.8 288381 0s 000ms 011us + 0.9 323867 0s 000ms 011us + 0.95 341759 0s 000ms 012us + 0.990625 356351 0s 000ms 032us + 0.99902344 359372 0s 000ms 206us + +Request start to response end (359722 samples) + min: 0s 000ms 302us | mean: 0s 001ms 202us | max: 0s 121ms 311us | pstdev: 0s 006ms 029us + + Percentile Count Value + 0.5 179877 0s 000ms 456us + 0.75 269810 0s 000ms 542us + 0.8 287783 0s 000ms 570us + 0.9 323752 0s 000ms 748us + 0.95 341736 0s 001ms 344us + 0.990625 356350 0s 016ms 742us + 0.99902344 359371 0s 083ms 783us + +Response body size in bytes (359722 samples) + min: 10 | mean: 10 | max: 10 | pstdev: 0 + +Response header size in bytes (359722 samples) + min: 110 | mean: 110 | max: 110 | pstdev: 0 + +Blocking. Results are skewed when significant numbers are reported here. (1022 samples) + min: 0s 000ms 045us | mean: 0s 006ms 403us | max: 0s 099ms 049us | pstdev: 0s 015ms 130us + + Percentile Count Value + 0.5 511 0s 001ms 012us + 0.75 767 0s 003ms 262us + 0.8 818 0s 004ms 782us + 0.9 920 0s 015ms 482us + 0.95 971 0s 047ms 316us + 0.990625 1013 0s 075ms 657us + 0.99902344 1022 0s 099ms 049us + +Initiation to completion (359999 samples) + min: 0s 000ms 002us | mean: 0s 001ms 224us | max: 0s 121ms 405us | pstdev: 0s 006ms 041us + + Percentile Count Value + 0.5 180002 0s 000ms 473us + 0.75 270009 0s 000ms 560us + 0.8 288002 0s 000ms 589us + 0.9 324002 0s 000ms 770us + 0.95 342001 0s 001ms 390us + 0.990625 356625 0s 017ms 278us + 0.99902344 359648 0s 083ms 849us + +Counter Value Per second +benchmark.http_2xx 359722 3996.91 +benchmark.pool_overflow 277 3.08 +cluster_manager.cluster_added 4 0.04 +default.total_match_count 4 0.04 +membership_change 4 0.04 +runtime.load_success 1 0.01 +runtime.override_dir_not_exists 1 0.01 +upstream_cx_http1_total 123 1.37 +upstream_cx_rx_bytes_total 56476354 627514.75 +upstream_cx_total 123 1.37 +upstream_cx_tx_bytes_total 15468089 171867.57 +upstream_rq_pending_overflow 277 3.08 +upstream_rq_pending_total 123 1.37 +upstream_rq_total 359723 3996.92 + +[14:42:23.965353][1][I] Done. + +``` + +
+ +
+scale-down-httproutes-100 + +```plaintext +[2024-06-25 14:42:41.429][1][warning][misc] [external/envoy/source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. +[14:42:41.430321][1][I] Detected 4 (v)CPUs with affinity.. +[14:42:41.430334][1][I] Starting 4 threads / event loops. Time limit: 90 seconds. +[14:42:41.430336][1][I] Global targets: 400 connections and 4000 calls per second. +[14:42:41.430338][1][I] (Per-worker targets: 100 connections and 1000 calls per second) +[14:44:12.132884][18][I] Stopping after 89999 ms. Initiated: 90000 / Completed: 89996. (Completion rate was 999.9555777767906 per second.) +[14:44:12.133405][21][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.999777777827 per second.) +[14:44:12.133681][23][I] Stopping after 90000 ms. Initiated: 89995 / Completed: 89995. (Completion rate was 999.9439111410252 per second.) +[14:44:12.138437][19][I] Stopping after 90005 ms. Initiated: 89979 / Completed: 89958. (Completion rate was 999.474453182769 per second.) +[14:44:17.976650][18][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +Nighthawk - A layer 7 protocol benchmarking tool. + +benchmark_http_client.latency_2xx (359649 samples) + min: 0s 000ms 297us | mean: 0s 009ms 493us | max: 0s 163ms 553us | pstdev: 0s 017ms 560us + + Percentile Count Value + 0.5 179826 0s 002ms 042us + 0.75 269740 0s 008ms 322us + 0.8 287721 0s 011ms 606us + 0.9 323685 0s 030ms 779us + 0.95 341667 0s 054ms 808us + 0.990625 356278 0s 079ms 679us + 0.99902344 359299 0s 106ms 098us + +Queueing and connection setup latency (359674 samples) + min: 0s 000ms 001us | mean: 0s 000ms 015us | max: 0s 033ms 947us | pstdev: 0s 000ms 269us + + Percentile Count Value + 0.5 179931 0s 000ms 008us + 0.75 269789 0s 000ms 010us + 0.8 287838 0s 000ms 011us + 0.9 323819 0s 000ms 011us + 0.95 341697 0s 000ms 015us + 0.990625 356303 0s 000ms 059us + 0.99902344 359323 0s 001ms 303us + +Request start to response end (359649 samples) + min: 0s 000ms 296us | mean: 0s 009ms 493us | max: 0s 163ms 553us | pstdev: 0s 017ms 560us + + Percentile Count Value + 0.5 179829 0s 002ms 041us + 0.75 269740 0s 008ms 321us + 0.8 287722 0s 011ms 606us + 0.9 323687 0s 030ms 779us + 0.95 341667 0s 054ms 808us + 0.990625 356278 0s 079ms 679us + 0.99902344 359299 0s 106ms 098us + +Response body size in bytes (359649 samples) + min: 10 | mean: 10 | max: 10 | pstdev: 0 + +Response header size in bytes (359649 samples) + min: 110 | mean: 110 | max: 110 | pstdev: 0 + +Blocking. Results are skewed when significant numbers are reported here. (19052 samples) + min: 0s 000ms 039us | mean: 0s 006ms 142us | max: 0s 146ms 767us | pstdev: 0s 012ms 746us + + Percentile Count Value + 0.5 9526 0s 001ms 273us + 0.75 14289 0s 004ms 540us + 0.8 15242 0s 006ms 354us + 0.9 17147 0s 018ms 240us + 0.95 18100 0s 036ms 243us + 0.990625 18874 0s 063ms 096us + 0.99902344 19034 0s 087ms 937us + +Initiation to completion (359949 samples) + min: 0s 000ms 006us | mean: 0s 009ms 592us | max: 0s 163ms 594us | pstdev: 0s 017ms 643us + + Percentile Count Value + 0.5 179976 0s 002ms 093us + 0.75 269962 0s 008ms 477us + 0.8 287962 0s 011ms 824us + 0.9 323955 0s 030ms 991us + 0.95 341957 0s 055ms 142us + 0.990625 356578 0s 080ms 228us + 0.99902344 359598 0s 106ms 164us + +Counter Value Per second +benchmark.http_2xx 359649 3996.04 +benchmark.pool_overflow 300 3.33 +cluster_manager.cluster_added 4 0.04 +default.total_match_count 4 0.04 +membership_change 4 0.04 +runtime.load_success 1 0.01 +runtime.override_dir_not_exists 1 0.01 +upstream_cx_http1_total 100 1.11 +upstream_cx_rx_bytes_total 56464893 627378.34 +upstream_cx_total 100 1.11 +upstream_cx_tx_bytes_total 15465939 171841.20 +upstream_rq_pending_overflow 300 3.33 +upstream_rq_pending_total 100 1.11 +upstream_rq_total 359674 3996.32 + +[14:44:22.981221][19][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +[14:44:22.985214][1][I] Done. + +``` + +
+ +
+scale-down-httproutes-50 + +```plaintext +[2024-06-25 14:44:35.399][1][warning][misc] [external/envoy/source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. +[14:44:35.400594][1][I] Detected 4 (v)CPUs with affinity.. +[14:44:35.400604][1][I] Starting 4 threads / event loops. Time limit: 90 seconds. +[14:44:35.400607][1][I] Global targets: 400 connections and 4000 calls per second. +[14:44:35.400609][1][I] (Per-worker targets: 100 connections and 1000 calls per second) +[14:45:50.873708][19][E] Exiting due to failing termination predicate +[14:45:50.873747][19][I] Stopping after 74767 ms. Initiated: 74767 / Completed: 74746. (Completion rate was 999.716774109537 per second.) +[14:45:50.874918][18][E] Exiting due to failing termination predicate +[14:45:50.875120][18][I] Stopping after 74769 ms. Initiated: 74770 / Completed: 74749. (Completion rate was 999.7209036132042 per second.) +[14:45:50.878184][20][E] Exiting due to failing termination predicate +[14:45:50.878203][20][I] Stopping after 74772 ms. Initiated: 74772 / Completed: 74750. (Completion rate was 999.6972288218956 per second.) +[14:45:50.880264][21][E] Exiting due to failing termination predicate +[14:45:50.880286][21][I] Stopping after 74773 ms. Initiated: 74774 / Completed: 74747. (Completion rate was 999.6424011911454 per second.) +[14:45:51.840758][1][E] Terminated early because of a failure predicate. +[14:45:51.840780][1][I] Check the output for problematic counter values. The default Nighthawk failure predicates report failure if (1) Nighthawk could not connect to the target (see 'benchmark.pool_connection_failure' counter; check the address and port number, and try explicitly setting --address-family v4 or v6, especially when using DNS; instead of localhost try 127.0.0.1 or ::1 explicitly), (2) the protocol was not supported by the target (see 'benchmark.stream_resets' counter; check http/https in the URI, --h2), (3) the target returned a 4xx or 5xx HTTP response code (see 'benchmark.http_4xx' and 'benchmark.http_5xx' counters; check the URI path and the server config), or (4) a custom gRPC RequestSource failed. --failure-predicate can be used to relax expectations. +[14:45:56.841540][18][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +Nighthawk - A layer 7 protocol benchmarking tool. + +benchmark_http_client.latency_2xx (298738 samples) + min: 0s 000ms 307us | mean: 0s 011ms 515us | max: 0s 187ms 269us | pstdev: 0s 019ms 783us + + Percentile Count Value + 0.5 149369 0s 002ms 416us + 0.75 224054 0s 011ms 230us + 0.8 238992 0s 016ms 571us + 0.9 268865 0s 041ms 666us + 0.95 283803 0s 059ms 402us + 0.990625 295939 0s 085ms 483us + 0.99902344 298447 0s 120ms 631us + +benchmark_http_client.latency_5xx (7 samples) + min: 0s 000ms 210us | mean: 0s 000ms 884us | max: 0s 001ms 337us | pstdev: 0s 000ms 404us + + Percentile Count Value + 0.5 4 0s 000ms 683us + 0.75 6 0s 001ms 309us + 0.8 6 0s 001ms 309us + +Queueing and connection setup latency (298836 samples) + min: 0s 000ms 001us | mean: 0s 000ms 016us | max: 0s 075ms 845us | pstdev: 0s 000ms 315us + + Percentile Count Value + 0.5 149531 0s 000ms 008us + 0.75 224310 0s 000ms 010us + 0.8 239171 0s 000ms 010us + 0.9 268973 0s 000ms 011us + 0.95 283896 0s 000ms 016us + 0.990625 296035 0s 000ms 061us + 0.99902344 298545 0s 001ms 244us + +Request start to response end (298745 samples) + min: 0s 000ms 210us | mean: 0s 011ms 514us | max: 0s 187ms 269us | pstdev: 0s 019ms 783us + + Percentile Count Value + 0.5 149373 0s 002ms 415us + 0.75 224059 0s 011ms 229us + 0.8 238996 0s 016ms 569us + 0.9 268871 0s 041ms 664us + 0.95 283810 0s 059ms 402us + 0.990625 295946 0s 085ms 483us + 0.99902344 298454 0s 120ms 631us + +Response body size in bytes (298745 samples) + min: 0 | mean: 9.999765686455003 | max: 10 | pstdev: 0.048405377254271256 + +Response header size in bytes (298745 samples) + min: 58 | mean: 109.99878156956602 | max: 110 | pstdev: 0.25170796172221055 + +Blocking. Results are skewed when significant numbers are reported here. (8534 samples) + min: 0s 000ms 040us | mean: 0s 006ms 742us | max: 0s 101ms 433us | pstdev: 0s 012ms 626us + + Percentile Count Value + 0.5 4267 0s 001ms 369us + 0.75 6401 0s 005ms 750us + 0.8 6828 0s 008ms 406us + 0.9 7681 0s 022ms 739us + 0.95 8108 0s 037ms 554us + 0.990625 8454 0s 058ms 765us + 0.99902344 8526 0s 078ms 221us + +Initiation to completion (298992 samples) + min: 0s 000ms 005us | mean: 0s 011ms 618us | max: 0s 187ms 277us | pstdev: 0s 019ms 857us + + Percentile Count Value + 0.5 149496 0s 002ms 465us + 0.75 224244 0s 011ms 490us + 0.8 239195 0s 016ms 867us + 0.9 269093 0s 041ms 924us + 0.95 284043 0s 059ms 586us + 0.990625 296189 0s 085ms 766us + 0.99902344 298701 0s 120ms 954us + +Counter Value Per second +benchmark.http_2xx 298738 3995.38 +benchmark.http_5xx 7 0.09 +benchmark.pool_overflow 247 3.30 +cluster_manager.cluster_added 4 0.05 +default.total_match_count 4 0.05 +membership_change 4 0.05 +runtime.load_success 1 0.01 +runtime.override_dir_not_exists 1 0.01 +sequencer.failed_terminations 4 0.05 +upstream_cx_http1_total 153 2.05 +upstream_cx_rx_bytes_total 46902510 627283.31 +upstream_cx_total 153 2.05 +upstream_cx_tx_bytes_total 12849948 171857.71 +upstream_rq_pending_overflow 247 3.30 +upstream_rq_pending_total 153 2.05 +upstream_rq_total 298836 3996.69 + +[14:46:01.842997][19][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +[14:46:06.845068][20][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +[14:46:11.847277][21][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. +[14:46:11.850206][1][E] An error occurred. + +``` + +
+ +
+scale-down-httproutes-10 + +```plaintext +[2024-06-25 14:48:06.510][1][warning][misc] [external/envoy/source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override. +[14:48:06.510881][1][I] Detected 4 (v)CPUs with affinity.. +[14:48:06.510893][1][I] Starting 4 threads / event loops. Time limit: 90 seconds. +[14:48:06.510895][1][I] Global targets: 400 connections and 4000 calls per second. +[14:48:06.510897][1][I] (Per-worker targets: 100 connections and 1000 calls per second) +[14:49:37.212970][19][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9998000000401 per second.) +[14:49:37.213444][21][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9973000072899 per second.) +[14:49:37.213541][23][I] Stopping after 90000 ms. Initiated: 90000 / Completed: 90000. (Completion rate was 999.9989777788228 per second.) +[14:49:37.213971][18][I] Stopping after 90001 ms. Initiated: 89999 / Completed: 89996. (Completion rate was 999.9414452707166 per second.) +Nighthawk - A layer 7 protocol benchmarking tool. + +benchmark_http_client.latency_2xx (359809 samples) + min: 0s 000ms 297us | mean: 0s 000ms 525us | max: 0s 048ms 130us | pstdev: 0s 000ms 466us + +[14:49:42.728878][18][I] Wait for the connection pool drain timed out, proceeding to hard shutdown. + Percentile Count Value + 0.5 179925 0s 000ms 450us + 0.75 269871 0s 000ms 525us + 0.8 287855 0s 000ms 549us + 0.9 323830 0s 000ms 661us + 0.95 341819 0s 000ms 762us + 0.990625 356436 0s 001ms 585us + 0.99902344 359458 0s 007ms 084us + +Queueing and connection setup latency (359812 samples) + min: 0s 000ms 002us | mean: 0s 000ms 012us | max: 0s 034ms 091us | pstdev: 0s 000ms 067us + + Percentile Count Value + 0.5 180343 0s 000ms 010us + 0.75 269955 0s 000ms 011us + 0.8 288513 0s 000ms 011us + 0.9 323857 0s 000ms 012us + 0.95 341824 0s 000ms 023us + 0.990625 356439 0s 000ms 050us + 0.99902344 359461 0s 000ms 189us + +Request start to response end (359809 samples) + min: 0s 000ms 297us | mean: 0s 000ms 524us | max: 0s 048ms 130us | pstdev: 0s 000ms 466us + + Percentile Count Value + 0.5 179906 0s 000ms 450us + 0.75 269861 0s 000ms 524us + 0.8 287864 0s 000ms 549us + 0.9 323829 0s 000ms 661us + 0.95 341820 0s 000ms 761us + 0.990625 356436 0s 001ms 585us + 0.99902344 359458 0s 007ms 083us + +Response body size in bytes (359809 samples) + min: 10 | mean: 10 | max: 10 | pstdev: 0 + +Response header size in bytes (359809 samples) + min: 110 | mean: 110 | max: 110 | pstdev: 0 + +Initiation to completion (359996 samples) + min: 0s 000ms 005us | mean: 0s 000ms 543us | max: 0s 048ms 146us | pstdev: 0s 000ms 476us + + Percentile Count Value + 0.5 179999 0s 000ms 468us + 0.75 269997 0s 000ms 543us + 0.8 288002 0s 000ms 568us + 0.9 324002 0s 000ms 683us + 0.95 341998 0s 000ms 783us + 0.990625 356622 0s 001ms 632us + 0.99902344 359645 0s 007ms 247us + +Counter Value Per second +benchmark.http_2xx 359809 3997.86 +benchmark.pool_overflow 187 2.08 +cluster_manager.cluster_added 4 0.04 +default.total_match_count 4 0.04 +membership_change 4 0.04 +runtime.load_success 1 0.01 +runtime.override_dir_not_exists 1 0.01 +upstream_cx_http1_total 66 0.73 +upstream_cx_rx_bytes_total 56490013 627663.98 +upstream_cx_total 66 0.73 +upstream_cx_tx_bytes_total 15471916 171909.40 +upstream_rq_pending_overflow 187 2.08 +upstream_rq_pending_total 66 0.73 +upstream_rq_total 359812 3997.89 + +[14:49:42.732798][1][I] Done. + +``` + +
+ +### Metrics + +|Benchmark Name |Envoy Gateway Memory (MiB)|Envoy Gateway Total CPU (Seconds)|Envoy Proxy Memory: k5s2s[1] (MiB)| +|- |- |- |- | +|scale-up-httproutes-10 |76 |0.34 |7 | +|scale-up-httproutes-50 |114 |1.94 |12 | +|scale-up-httproutes-100 |195 |10.85 |20 | +|scale-up-httproutes-300 |1124 |176.36 |81 | +|scale-up-httproutes-500 |1588 |16.69 |190 | +|scale-down-httproutes-300|661 |6.04 |87 | +|scale-down-httproutes-100|679 |104.73 |95 | +|scale-down-httproutes-50 |143 |172.84 |53 | +|scale-down-httproutes-10 |118 |174.16 |18 | +1. envoy-gateway-system/envoy-benchmark-test-benchmark-0520098c-7668c94dd5-k5s2s diff --git a/test/benchmark/benchmark_test.go b/test/benchmark/benchmark_test.go new file mode 100644 index 00000000000..7edbd215cec --- /dev/null +++ b/test/benchmark/benchmark_test.go @@ -0,0 +1,56 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build benchmark +// +build benchmark + +package benchmark + +import ( + "flag" + "testing" + + "github.com/stretchr/testify/require" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/config" + + "github.com/envoyproxy/gateway/test/benchmark/suite" + "github.com/envoyproxy/gateway/test/benchmark/tests" +) + +func TestBenchmark(t *testing.T) { + cfg, err := config.GetConfig() + require.NoError(t, err) + + cli, err := client.New(cfg, client.Options{}) + require.NoError(t, err) + + // Install all the scheme for kubernetes client. + suite.CheckInstallScheme(t, cli) + + // Parse benchmark options. + flag.Parse() + options := suite.NewBenchmarkOptions( + *suite.RPS, + *suite.Connections, + *suite.Duration, + *suite.Concurrency, + ) + + bSuite, err := suite.NewBenchmarkTestSuite( + cli, + options, + "config/gateway.yaml", + "config/httproute.yaml", + "config/nighthawk-client.yaml", + *suite.ReportSavePath, + ) + if err != nil { + t.Fatalf("Failed to create BenchmarkTestSuite: %v", err) + } + + t.Logf("Running %d benchmark tests", len(tests.BenchmarkTests)) + bSuite.Run(t, tests.BenchmarkTests) +} diff --git a/test/benchmark/config/gateway.yaml b/test/benchmark/config/gateway.yaml new file mode 100644 index 00000000000..d7863e86ac5 --- /dev/null +++ b/test/benchmark/config/gateway.yaml @@ -0,0 +1,14 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: "{GATEWAY_NAME}" + namespace: benchmark-test +spec: + gatewayClassName: envoy-gateway + listeners: + - name: http + port: 8081 + protocol: HTTP + allowedRoutes: + namespaces: + from: Same diff --git a/test/benchmark/config/gatewayclass.yaml b/test/benchmark/config/gatewayclass.yaml new file mode 100644 index 00000000000..fbecf76332d --- /dev/null +++ b/test/benchmark/config/gatewayclass.yaml @@ -0,0 +1,82 @@ +kind: GatewayClass +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: envoy-gateway +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: proxy-config + namespace: envoy-gateway-system +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: EnvoyProxy +metadata: + name: proxy-config + namespace: envoy-gateway-system +spec: + provider: + type: Kubernetes + kubernetes: + envoyDeployment: + container: + resources: + limits: + memory: "1024Mi" + cpu: "1000m" + requests: + memory: "256Mi" + cpu: "500m" + telemetry: + metrics: + prometheus: {} + sinks: + - type: OpenTelemetry + openTelemetry: + backendRefs: + - name: otel-collector + namespace: monitoring + port: 4317 + accessLog: + settings: + - format: + type: Text + text: | + [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" + sinks: + - type: File + file: + path: /dev/stdout + - type: OpenTelemetry + openTelemetry: + backendRefs: + - name: otel-collector + namespace: monitoring + port: 4317 + resources: + k8s.cluster.name: "envoy-gateway" + tracing: + provider: + backendRefs: + - name: otel-collector + namespace: monitoring + port: 4317 + customTags: + "k8s.cluster.name": + type: Literal + literal: + value: "envoy-gateway" + "k8s.pod.name": + type: Environment + environment: + name: ENVOY_POD_NAME + defaultValue: "-" + "k8s.namespace.name": + type: Environment + environment: + name: ENVOY_GATEWAY_NAMESPACE + defaultValue: "envoy-gateway-system" + shutdown: + drainTimeout: 5s + minDrainDuration: 1s diff --git a/test/benchmark/config/httproute.yaml b/test/benchmark/config/httproute.yaml new file mode 100644 index 00000000000..b422d4f2d85 --- /dev/null +++ b/test/benchmark/config/httproute.yaml @@ -0,0 +1,22 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: "{HTTPROUTE_NAME}" + namespace: benchmark-test +spec: + parentRefs: + - name: "{REF_GATEWAY_NAME}" + hostnames: + - "www.benchmark.com" + rules: + - backendRefs: + - group: "" + kind: Service + name: nighthawk-test-server + namespace: benchmark-test + port: 8080 + weight: 1 + matches: + - path: + type: PathPrefix + value: / diff --git a/test/benchmark/config/nighthawk-client.yaml b/test/benchmark/config/nighthawk-client.yaml new file mode 100644 index 00000000000..90375d8c05c --- /dev/null +++ b/test/benchmark/config/nighthawk-client.yaml @@ -0,0 +1,18 @@ +### Nighthawk test client job template +apiVersion: batch/v1 +kind: Job +metadata: + name: "{NIGHTHAWK_CLIENT_NAME}" + namespace: benchmark-test + labels: + benchmark-test/client: "true" +spec: + template: + spec: + containers: + - name: nighthawk-client + image: envoyproxy/nighthawk-dev:latest + imagePullPolicy: IfNotPresent + args: ["nighthawk_client"] # Fill-up args at runtime + restartPolicy: Never + backoffLimit: 3 diff --git a/test/benchmark/config/nighthawk-test-server-config.yaml b/test/benchmark/config/nighthawk-test-server-config.yaml new file mode 100644 index 00000000000..f8e69f6f1cb --- /dev/null +++ b/test/benchmark/config/nighthawk-test-server-config.yaml @@ -0,0 +1,44 @@ +static_resources: + listeners: + # define an origin server on :10000 that always returns "lorem ipsum..." + - address: + socket_address: + address: 0.0.0.0 + port_value: 8080 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + generate_request_id: false + codec_type: AUTO + stat_prefix: ingress_http + route_config: + name: local_route + virtual_hosts: + - name: service + domains: + - "*" + http_filters: + - name: dynamic-delay + typed_config: + "@type": type.googleapis.com/nighthawk.server.DynamicDelayConfiguration + static_delay: 0s + - name: test-server # before envoy.router because order matters! + typed_config: + "@type": type.googleapis.com/nighthawk.server.ResponseOptions + response_body_size: 10 + v3_response_headers: + - {header: {key: "foo", value: "bar"}} + - {header: {key: "foo", value: "bar2"}, append: true} + - {header: {key: "x-nh", value: "1"}} + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + dynamic_stats: false +admin: + access_log_path: /tmp/envoy.log + address: + socket_address: + address: 0.0.0.0 + port_value: 8081 diff --git a/test/benchmark/config/nighthawk-test-server.yaml b/test/benchmark/config/nighthawk-test-server.yaml new file mode 100644 index 00000000000..dfd91aae464 --- /dev/null +++ b/test/benchmark/config/nighthawk-test-server.yaml @@ -0,0 +1,53 @@ +### Nighthawk test server deployment & service +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nighthawk-test-server + namespace: benchmark-test +spec: + replicas: 1 + selector: + matchLabels: + app: nighthawk-test-server + template: + metadata: + labels: + app: nighthawk-test-server + spec: + serviceAccountName: default + containers: + - name: nighthawk-server + image: envoyproxy/nighthawk-dev:latest + imagePullPolicy: IfNotPresent + args: ["nighthawk_test_server", "-c", "/etc/test-server-config/nighthawk-test-server-config.yaml"] + ports: + - containerPort: 8080 + volumeMounts: + - name: test-server-config + mountPath: "/etc/test-server-config" + env: + - name: PORT + value: "8080" + resources: + requests: + cpu: "2" + limits: + cpu: "2" + volumes: + - name: test-server-config + configMap: + name: test-server-config # Created directly from file +--- +apiVersion: v1 +kind: Service +metadata: + name: nighthawk-test-server + namespace: benchmark-test +spec: + type: ClusterIP + selector: + app: nighthawk-test-server + ports: + - name: http + port: 8080 + targetPort: 8080 diff --git a/test/benchmark/suite/client.go b/test/benchmark/suite/client.go new file mode 100644 index 00000000000..3db4c16c52d --- /dev/null +++ b/test/benchmark/suite/client.go @@ -0,0 +1,32 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build benchmark +// +build benchmark + +package suite + +import ( + "testing" + + "github.com/stretchr/testify/require" + batchv1 "k8s.io/api/batch/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" + gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3" + gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" +) + +func CheckInstallScheme(t *testing.T, c client.Client) { + require.NoError(t, gwapiv1a3.Install(c.Scheme())) + require.NoError(t, gwapiv1a2.Install(c.Scheme())) + require.NoError(t, gwapiv1b1.Install(c.Scheme())) + require.NoError(t, gwapiv1.Install(c.Scheme())) + require.NoError(t, egv1a1.AddToScheme(c.Scheme())) + require.NoError(t, batchv1.AddToScheme(c.Scheme())) +} diff --git a/test/benchmark/suite/flags.go b/test/benchmark/suite/flags.go new file mode 100644 index 00000000000..a07d2d4b010 --- /dev/null +++ b/test/benchmark/suite/flags.go @@ -0,0 +1,19 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build benchmark +// +build benchmark + +package suite + +import "flag" + +var ( + RPS = flag.String("rps", "1000", "The target requests-per-second rate.") + Connections = flag.String("connections", "10", "The maximum allowed number of concurrent connections per event loop. HTTP/1 only.") + Duration = flag.String("duration", "60", "The number of seconds that the test should run.") + Concurrency = flag.String("concurrency", "auto", "The number of concurrent event loops that should be used.") + ReportSavePath = flag.String("report-save-path", "", "The path where to save the benchmark test report.") +) diff --git a/test/benchmark/suite/render.go b/test/benchmark/suite/render.go new file mode 100644 index 00000000000..e3c059685f1 --- /dev/null +++ b/test/benchmark/suite/render.go @@ -0,0 +1,329 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build benchmark +// +build benchmark + +package suite + +import ( + "bytes" + "fmt" + "io" + "math" + "os" + "strconv" + "strings" + "text/tabwriter" + + prom "github.com/prometheus/client_model/go" + "github.com/prometheus/common/expfmt" + "k8s.io/apimachinery/pkg/util/sets" +) + +const ( + omitEmptyValue = "-" + benchmarkEnvPrefix = "BENCHMARK_" + + // Supported metric type. + metricTypeGauge = "gauge" + metricTypeCounter = "counter" + + // Supported metric unit. + metricUnitMiB = "MiB" + metricUnitSeconds = "Seconds" + metricUnitMilliCPU = "m" +) + +type ReportTableHeader struct { + Name string + Metric *MetricEntry + + // Underlying name of one envoy-proxy, used by data-plane metrics. + ProxyName string +} + +type MetricEntry struct { + Name string + Type string + FromControlPlane bool + DisplayUnit string + ConvertUnit func(float64) float64 +} + +// RenderReport renders a report out of given list of benchmark report in Markdown format. +func RenderReport(writer io.Writer, name, description string, reports []*BenchmarkReport, titleLevel int) error { + headerSettings := []ReportTableHeader{ + { + Name: "Benchmark Name", + }, + { + Name: "Envoy Gateway Memory", + Metric: &MetricEntry{ + Name: "process_resident_memory_bytes", + Type: metricTypeGauge, + DisplayUnit: metricUnitMiB, + FromControlPlane: true, + ConvertUnit: byteToMiB, + }, + }, + { + Name: "Envoy Gateway Total CPU", + Metric: &MetricEntry{ + Name: "process_cpu_seconds_total", + Type: metricTypeCounter, + DisplayUnit: metricUnitSeconds, + FromControlPlane: true, + }, + }, + { + Name: "Envoy Proxy Memory", + Metric: &MetricEntry{ + Name: "envoy_server_memory_allocated", + Type: metricTypeGauge, + DisplayUnit: metricUnitMiB, + FromControlPlane: false, + ConvertUnit: byteToMiB, + }, + }, + } + + writeSection(writer, name, titleLevel, description) + + writeSection(writer, "Results", titleLevel+1, "Click to see the full results.") + renderResultsTable(writer, reports) + + writeSection(writer, "Metrics", titleLevel+1, "") + err := renderMetricsTable(writer, headerSettings, reports) + if err != nil { + return err + } + + return nil +} + +// newMarkdownStyleTableWriter returns a tabwriter that write table in Markdown style. +func newMarkdownStyleTableWriter(writer io.Writer) *tabwriter.Writer { + return tabwriter.NewWriter(writer, 0, 0, 0, ' ', tabwriter.Debug) +} + +func renderEnvSettingsTable(writer io.Writer) { + _, _ = fmt.Fprintln(writer, "Benchmark test settings:", "\n") + + table := newMarkdownStyleTableWriter(writer) + + headers := []ReportTableHeader{ + { + Name: "RPS", + }, + { + Name: "Connections", + }, + { + Name: "Duration", + Metric: &MetricEntry{ + DisplayUnit: metricUnitSeconds, + }, + }, + { + Name: "CPU Limits", + Metric: &MetricEntry{ + DisplayUnit: metricUnitMilliCPU, + }, + }, + { + Name: "Memory Limits", + Metric: &MetricEntry{ + DisplayUnit: metricUnitMiB, + }, + }, + } + + renderMetricsTableHeader(table, headers) + + writeTableRow(table, headers, func(_ int, h ReportTableHeader) string { + env := strings.Replace(strings.ToUpper(h.Name), " ", "_", -1) + if v, ok := os.LookupEnv(benchmarkEnvPrefix + env); ok { + return v + } + return omitEmptyValue + }) + + _ = table.Flush() +} + +func renderResultsTable(writer io.Writer, reports []*BenchmarkReport) { + // TODO: better processing these benchmark results. + for _, report := range reports { + writeCollapsibleSection(writer, report.Name, report.RawResult) + } +} + +func renderMetricsTable(writer io.Writer, headerSettings []ReportTableHeader, reports []*BenchmarkReport) error { + table := newMarkdownStyleTableWriter(writer) + + // Preprocess the table header for metrics table. + var headers []ReportTableHeader + // 1. Collect all the possible proxy names. + proxyNames := sets.NewString() + for _, report := range reports { + for name := range report.RawDPMetrics { + proxyNames.Insert(name) + } + } + // 2. Generate header names for data-plane proxies. + for _, hs := range headerSettings { + if hs.Metric != nil && !hs.Metric.FromControlPlane { + for i, proxyName := range proxyNames.List() { + names := strings.Split(proxyName, "-") + headers = append(headers, ReportTableHeader{ + Name: fmt.Sprintf("%s: %s[%d]", hs.Name, names[len(names)-1], i+1), + Metric: hs.Metric, + ProxyName: proxyName, + }) + } + } else { + // For control-plane metrics or plain header. + headers = append(headers, hs) + } + } + + renderMetricsTableHeader(table, headers) + + for _, report := range reports { + mfCP, err := parseMetrics(report.RawCPMetrics) + if err != nil { + return err + } + + mfDPs := make(map[string]map[string]*prom.MetricFamily, len(report.RawDPMetrics)) + for dpName, dpMetrics := range report.RawDPMetrics { + mfDP, err := parseMetrics(dpMetrics) + if err != nil { + return err + } + mfDPs[dpName] = mfDP + } + + writeTableRow(table, headers, func(_ int, h ReportTableHeader) string { + if h.Metric == nil { + return report.Name + } + + if h.Metric.FromControlPlane { + return processMetricValue(mfCP, h) + } else { + if mfDP, ok := mfDPs[h.ProxyName]; ok { + return processMetricValue(mfDP, h) + } + } + + return omitEmptyValue + }) + } + + _ = table.Flush() + + // Generate footnotes for envoy-proxy headers. + for i, proxyName := range proxyNames.List() { + _, _ = fmt.Fprintln(writer, fmt.Sprintf("%d.", i+1), proxyName) + } + + return nil +} + +func renderMetricsTableHeader(table *tabwriter.Writer, headers []ReportTableHeader) { + writeTableRow(table, headers, func(_ int, h ReportTableHeader) string { + if h.Metric != nil && len(h.Metric.DisplayUnit) > 0 { + return fmt.Sprintf("%s (%s)", h.Name, h.Metric.DisplayUnit) + } + return h.Name + }) + + writeTableDelimiter(table, len(headers)) +} + +func byteToMiB(x float64) float64 { + return math.Round(x / (1024 * 1024)) +} + +// writeSection writes one section in Markdown style, content is optional. +func writeSection(writer io.Writer, title string, level int, content string) { + md := fmt.Sprintf("\n%s %s\n", strings.Repeat("#", level), title) + if len(content) > 0 { + md += fmt.Sprintf("\n%s\n", content) + } + _, _ = fmt.Fprintln(writer, md) +} + +// writeCollapsibleSection writes one collapsible section in Markdown style. +func writeCollapsibleSection(writer io.Writer, title string, content []byte) { + _, _ = fmt.Fprintln(writer, fmt.Sprintf(` +
+%s + +%s + +
`, title, fmt.Sprintf("```plaintext\n%s\n```", content))) +} + +// writeTableRow writes one row in Markdown table style. +func writeTableRow[T any](table *tabwriter.Writer, values []T, get func(int, T) string) { + row := "|" + for i, v := range values { + row += get(i, v) + "\t" + } + + _, _ = fmt.Fprintln(table, row) +} + +// writeTableDelimiter writes table delimiter in Markdown table style. +func writeTableDelimiter(table *tabwriter.Writer, n int) { + sep := "|" + for i := 0; i < n; i++ { + sep += "-\t" + } + + _, _ = fmt.Fprintln(table, sep) +} + +// parseMetrics parses input metrics that in Prometheus format. +func parseMetrics(metrics []byte) (map[string]*prom.MetricFamily, error) { + var ( + reader = bytes.NewReader(metrics) + parser expfmt.TextParser + ) + + mf, err := parser.TextToMetricFamilies(reader) + if err != nil { + return nil, err + } + + return mf, nil +} + +// processMetricValue process one metric value according to the given header and metric families. +func processMetricValue(metricFamilies map[string]*prom.MetricFamily, header ReportTableHeader) string { + if mf, ok := metricFamilies[header.Metric.Name]; ok { + var value float64 + + switch header.Metric.Type { + case metricTypeGauge: + value = *mf.Metric[0].Gauge.Value + case metricTypeCounter: + value = *mf.Metric[0].Counter.Value + default: + return omitEmptyValue + } + + if header.Metric.ConvertUnit != nil { + value = header.Metric.ConvertUnit(value) + } + + return strconv.FormatFloat(value, 'f', -1, 64) + } + + return omitEmptyValue +} diff --git a/test/benchmark/suite/report.go b/test/benchmark/suite/report.go new file mode 100644 index 00000000000..949fb5fa8d2 --- /dev/null +++ b/test/benchmark/suite/report.go @@ -0,0 +1,219 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build benchmark +// +build benchmark + +package suite + +import ( + "bytes" + "context" + "fmt" + "io" + "net/http" + "testing" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + + "github.com/envoyproxy/gateway/internal/cmd/options" + kube "github.com/envoyproxy/gateway/internal/kubernetes" +) + +const ( + localMetricsPort = 0 + controlPlaneMetricsPort = 19001 +) + +type BenchmarkReport struct { + Name string + RawResult []byte + RawCPMetrics []byte + RawDPMetrics map[string][]byte + + kubeClient kube.CLIClient +} + +func NewBenchmarkReport(name string) (*BenchmarkReport, error) { + kubeClient, err := kube.NewCLIClient(options.DefaultConfigFlags.ToRawKubeConfigLoader()) + if err != nil { + return nil, err + } + + return &BenchmarkReport{ + Name: name, + RawDPMetrics: make(map[string][]byte), + kubeClient: kubeClient, + }, nil +} + +// Print prints the raw report of one benchmark test. +func (r *BenchmarkReport) Print(t *testing.T, name string) { + t.Logf("The raw report of benchmark test: %s", name) + + t.Logf("=== Benchmark Result: \n\n %s \n\n", r.RawResult) + t.Logf("=== Control-Plane Metrics: \n\n %s \n\n", r.RawCPMetrics) + + for dpName, dpMetrics := range r.RawDPMetrics { + t.Logf("=== Data-Plane Metrics for %s: \n\n %s \n\n", dpName, dpMetrics) + } +} + +func (r *BenchmarkReport) Collect(t *testing.T, ctx context.Context, job *types.NamespacedName) error { + if err := r.GetBenchmarkResult(t, ctx, job); err != nil { + return err + } + + if err := r.GetControlPlaneMetrics(t, ctx); err != nil { + return err + } + + if err := r.GetDataPlaneMetrics(t, ctx); err != nil { + return err + } + + return nil +} + +func (r *BenchmarkReport) GetBenchmarkResult(t *testing.T, ctx context.Context, job *types.NamespacedName) error { + pods, err := r.kubeClient.Kube().CoreV1().Pods(job.Namespace).List(ctx, metav1.ListOptions{LabelSelector: "job-name=" + job.Name}) + + if len(pods.Items) < 1 { + return fmt.Errorf("failed to get any pods for job %s", job.String()) + } + + if len(pods.Items) > 1 { + t.Logf("Got %d pod(s) associated job %s, should be 1 pod, could be pod err and job backoff then restart, please check your pod(s) status", + len(pods.Items), job.Name) + } + + pod := &pods.Items[0] + logs, err := r.getLogsFromPod( + ctx, &types.NamespacedName{Name: pod.Name, Namespace: pod.Namespace}, + ) + if err != nil { + return err + } + + r.RawResult = logs + + return nil +} + +func (r *BenchmarkReport) GetControlPlaneMetrics(t *testing.T, ctx context.Context) error { + egPods, err := r.kubeClient.Kube().CoreV1().Pods("envoy-gateway-system"). + List(ctx, metav1.ListOptions{LabelSelector: "control-plane=envoy-gateway"}) + if err != nil { + return err + } + + if len(egPods.Items) < 1 { + return fmt.Errorf("failed to get any pods for envoy-gateway") + } + + if len(egPods.Items) > 1 { + t.Logf("Got %d pod(s), using the first one as default envoy-gateway pod", len(egPods.Items)) + } + + egPod := &egPods.Items[0] + metrics, err := r.getMetricsFromPortForwarder( + t, &types.NamespacedName{Name: egPod.Name, Namespace: egPod.Namespace}, "/metrics", + ) + if err != nil { + return err + } + + r.RawCPMetrics = metrics + + return nil +} + +func (r *BenchmarkReport) GetDataPlaneMetrics(t *testing.T, ctx context.Context) error { + epPods, err := r.kubeClient.Kube().CoreV1().Pods("envoy-gateway-system"). + List(ctx, metav1.ListOptions{LabelSelector: "gateway.envoyproxy.io/owning-gateway-namespace=benchmark-test,gateway.envoyproxy.io/owning-gateway-name=benchmark"}) + if err != nil { + return err + } + + if len(epPods.Items) < 1 { + return fmt.Errorf("failed to get any pods for envoy-proxies") + } + + t.Logf("Got %d pod(s) from data-plane", len(epPods.Items)) + + for _, epPod := range epPods.Items { + podNN := &types.NamespacedName{Name: epPod.Name, Namespace: epPod.Namespace} + metrics, err := r.getMetricsFromPortForwarder(t, podNN, "/stats/prometheus") + if err != nil { + return err + } + + r.RawDPMetrics[podNN.String()] = metrics + } + + return nil +} + +// getLogsFromPod scrapes the logs directly from the pod (default container). +func (r *BenchmarkReport) getLogsFromPod(ctx context.Context, pod *types.NamespacedName) ([]byte, error) { + podLogOpts := corev1.PodLogOptions{} + + req := r.kubeClient.Kube().CoreV1().Pods(pod.Namespace).GetLogs(pod.Name, &podLogOpts) + podLogs, err := req.Stream(ctx) + if err != nil { + return nil, err + } + + defer podLogs.Close() + + buf := new(bytes.Buffer) + _, err = io.Copy(buf, podLogs) + if err != nil { + return nil, err + } + + return buf.Bytes(), nil +} + +// getMetricsFromPortForwarder retrieves metrics from pod by request url, like `/metrics`. +func (r *BenchmarkReport) getMetricsFromPortForwarder(t *testing.T, pod *types.NamespacedName, url string) ([]byte, error) { + fw, err := kube.NewLocalPortForwarder(r.kubeClient, *pod, localMetricsPort, controlPlaneMetricsPort) + if err != nil { + return nil, fmt.Errorf("failed to build port forwarder for pod %s: %v", pod.String(), err) + } + + if err = fw.Start(); err != nil { + fw.Stop() + + return nil, fmt.Errorf("failed to start port forwarder for pod %s: %v", pod.String(), err) + } + + var out []byte + // Retrieving metrics from Pod. + go func() { + defer fw.Stop() + + url := fmt.Sprintf("http://%s%s", fw.Address(), url) + resp, err := http.Get(url) + if err != nil { + t.Errorf("failed to request %s: %v", url, err) + return + } + + metrics, err := io.ReadAll(resp.Body) + if err != nil { + t.Errorf("failed to read metrics: %v", err) + return + } + + out = metrics + }() + + fw.WaitForStop() + + return out, nil +} diff --git a/test/benchmark/suite/suite.go b/test/benchmark/suite/suite.go new file mode 100644 index 00000000000..919e019e63a --- /dev/null +++ b/test/benchmark/suite/suite.go @@ -0,0 +1,355 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build benchmark +// +build benchmark + +package suite + +import ( + "bytes" + "context" + "fmt" + "os" + "strconv" + "testing" + "time" + + batchv1 "k8s.io/api/batch/v1" + kerrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/wait" + "sigs.k8s.io/controller-runtime/pkg/client" + gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" + "sigs.k8s.io/gateway-api/conformance/utils/config" + "sigs.k8s.io/yaml" +) + +const ( + BenchmarkTestScaledKey = "benchmark-test/scaled" + BenchmarkTestClientKey = "benchmark-test/client" + DefaultControllerName = "gateway.envoyproxy.io/gatewayclass-controller" +) + +type BenchmarkTestSuite struct { + Client client.Client + TimeoutConfig config.TimeoutConfig + ControllerName string + Options BenchmarkOptions + ReportSavePath string + + // Resources template for supported benchmark targets. + GatewayTemplate *gwapiv1.Gateway + HTTPRouteTemplate *gwapiv1.HTTPRoute + BenchmarkClientJob *batchv1.Job + + // Indicates which resources are scaled. + scaledLabel map[string]string +} + +func NewBenchmarkTestSuite(client client.Client, options BenchmarkOptions, + gatewayManifest, httpRouteManifest, benchmarkClientManifest, reportPath string) (*BenchmarkTestSuite, error) { + var ( + gateway = new(gwapiv1.Gateway) + httproute = new(gwapiv1.HTTPRoute) + benchmarkClient = new(batchv1.Job) + timeoutConfig = config.TimeoutConfig{} + ) + + data, err := os.ReadFile(gatewayManifest) + if err != nil { + return nil, err + } + if err = yaml.Unmarshal(data, gateway); err != nil { + return nil, err + } + + data, err = os.ReadFile(httpRouteManifest) + if err != nil { + return nil, err + } + if err = yaml.Unmarshal(data, httproute); err != nil { + return nil, err + } + + data, err = os.ReadFile(benchmarkClientManifest) + if err != nil { + return nil, err + } + if err = yaml.Unmarshal(data, benchmarkClient); err != nil { + return nil, err + } + + // Reset some timeout config for the benchmark test. + config.SetupTimeoutConfig(&timeoutConfig) + timeoutConfig.RouteMustHaveParents = 180 * time.Second + + // Prepare static options for benchmark client. + staticArgs := prepareBenchmarkClientStaticArgs(options) + container := &benchmarkClient.Spec.Template.Spec.Containers[0] + container.Args = append(container.Args, staticArgs...) + + return &BenchmarkTestSuite{ + Client: client, + Options: options, + TimeoutConfig: timeoutConfig, + ControllerName: DefaultControllerName, + ReportSavePath: reportPath, + GatewayTemplate: gateway, + HTTPRouteTemplate: httproute, + BenchmarkClientJob: benchmarkClient, + scaledLabel: map[string]string{ + BenchmarkTestScaledKey: "true", + }, + }, nil +} + +func (b *BenchmarkTestSuite) Run(t *testing.T, tests []BenchmarkTest) { + t.Logf("Running %d benchmark test", len(tests)) + + buf := make([]byte, 0) + writer := bytes.NewBuffer(buf) + + writeSection(writer, "Benchmark Report", 1, "") + renderEnvSettingsTable(writer) + + for _, test := range tests { + t.Logf("Running benchmark test: %s", test.ShortName) + + reports := test.Test(t, b) + if len(reports) == 0 { + continue + } + + // Generate a human-readable benchmark report for each test. + t.Logf("Got %d reports for test: %s", len(reports), test.ShortName) + + if err := RenderReport(writer, "Test: "+test.ShortName, test.Description, reports, 2); err != nil { + t.Errorf("Error generating report for %s: %v", test.ShortName, err) + } + } + + if len(b.ReportSavePath) > 0 { + if err := os.WriteFile(b.ReportSavePath, writer.Bytes(), 0644); err != nil { + t.Errorf("Error writing report to path '%s': %v", b.ReportSavePath, err) + } else { + t.Logf("Writing report to path '%s' successfully", b.ReportSavePath) + } + } else { + t.Log(fmt.Sprintf("%s", writer.Bytes())) + } +} + +// Benchmark runs benchmark test as a Kubernetes Job, and return the benchmark result. +// +// TODO: currently running benchmark test via nighthawk_client, +// consider switching to gRPC nighthawk-service for benchmark test. +// ref: https://github.com/envoyproxy/nighthawk/blob/main/api/client/service.proto +func (b *BenchmarkTestSuite) Benchmark(t *testing.T, ctx context.Context, name, gatewayHostPort string, requestHeaders ...string) (*BenchmarkReport, error) { + t.Logf("Running benchmark test: %s", name) + + jobNN, err := b.createBenchmarkClientJob(ctx, name, gatewayHostPort, requestHeaders...) + if err != nil { + return nil, err + } + + duration, err := strconv.ParseInt(b.Options.Duration, 10, 64) + if err != nil { + return nil, err + } + + // Wait from benchmark test job to complete. + if err = wait.PollUntilContextTimeout(ctx, 10*time.Second, time.Duration(duration*10)*time.Second, true, func(ctx context.Context) (bool, error) { + job := new(batchv1.Job) + if err = b.Client.Get(ctx, *jobNN, job); err != nil { + return false, err + } + + for _, condition := range job.Status.Conditions { + if condition.Type == batchv1.JobComplete && condition.Status == "True" { + return true, nil + } + + // Early return if job already failed. + if condition.Type == batchv1.JobFailed && condition.Status == "True" && + condition.Reason == batchv1.JobReasonBackoffLimitExceeded { + return false, fmt.Errorf("job already failed") + } + } + + t.Logf("Job %s still not complete", name) + + return false, nil + }); err != nil { + t.Errorf("Failed to run benchmark test: %v", err) + + return nil, err + } + + t.Logf("Running benchmark test: %s successfully", name) + + report, err := NewBenchmarkReport(name) + if err != nil { + return nil, err + } + + // Get all the reports from this benchmark test run. + if err = report.Collect(t, ctx, jobNN); err != nil { + return nil, err + } + + report.Print(t, name) + + return report, nil +} + +func (b *BenchmarkTestSuite) createBenchmarkClientJob(ctx context.Context, name, gatewayHostPort string, requestHeaders ...string) (*types.NamespacedName, error) { + job := b.BenchmarkClientJob.DeepCopy() + job.SetName(name) + + runtimeArgs := prepareBenchmarkClientRuntimeArgs(gatewayHostPort, requestHeaders...) + container := &job.Spec.Template.Spec.Containers[0] + container.Args = append(container.Args, runtimeArgs...) + + if err := b.CreateResource(ctx, job); err != nil { + return nil, err + } + + return &types.NamespacedName{Name: job.Name, Namespace: job.Namespace}, nil +} + +func prepareBenchmarkClientStaticArgs(options BenchmarkOptions) []string { + staticArgs := []string{ + "--rps", options.RPS, + "--connections", options.Connections, + "--duration", options.Duration, + "--concurrency", options.Concurrency, + } + return staticArgs +} + +func prepareBenchmarkClientRuntimeArgs(gatewayHostPort string, requestHeaders ...string) []string { + args := make([]string, 0, len(requestHeaders)*2+1) + + for _, reqHeader := range requestHeaders { + args = append(args, "--request-header", reqHeader) + } + args = append(args, "http://"+gatewayHostPort) + + return args +} + +// ScaleUpHTTPRoutes scales up HTTPRoutes that are all referenced to one Gateway according to +// the scale range: (a, b], which scales up from a to b with a <= b. +// +// The `afterCreation` is a callback function that only runs every time after one HTTPRoutes +// has been created successfully. +// +// All created scaled resources will be labeled with BenchmarkTestScaledKey. +func (b *BenchmarkTestSuite) ScaleUpHTTPRoutes(ctx context.Context, scaleRange [2]uint16, routeNameFormat, refGateway string, afterCreation func(*gwapiv1.HTTPRoute)) error { + var i, begin, end uint16 + begin, end = scaleRange[0], scaleRange[1] + + if begin > end { + return fmt.Errorf("got wrong scale range, %d is not greater than %d", end, begin) + } + + for i = begin + 1; i <= end; i++ { + routeName := fmt.Sprintf(routeNameFormat, i) + newRoute := b.HTTPRouteTemplate.DeepCopy() + newRoute.SetName(routeName) + newRoute.SetLabels(b.scaledLabel) + newRoute.Spec.ParentRefs[0].Name = gwapiv1.ObjectName(refGateway) + + if err := b.CreateResource(ctx, newRoute); err != nil { + return err + } + + if afterCreation != nil { + afterCreation(newRoute) + } + } + + return nil +} + +// ScaleDownHTTPRoutes scales down HTTPRoutes that are all referenced to one Gateway according to +// the scale range: [a, b), which scales down from a to b with a > b. +// +// The `afterDeletion` is a callback function that only runs every time after one HTTPRoutes has +// been deleted successfully. +func (b *BenchmarkTestSuite) ScaleDownHTTPRoutes(ctx context.Context, scaleRange [2]uint16, routeNameFormat, refGateway string, afterDeletion func(*gwapiv1.HTTPRoute)) error { + var i, begin, end uint16 + begin, end = scaleRange[0], scaleRange[1] + + if begin <= end { + return fmt.Errorf("got wrong scale range, %d is not less than %d", end, begin) + } + + if end == 0 { + return fmt.Errorf("cannot scale routes down to zero") + } + + for i = begin; i > end; i-- { + routeName := fmt.Sprintf(routeNameFormat, i) + oldRoute := b.HTTPRouteTemplate.DeepCopy() + oldRoute.SetName(routeName) + oldRoute.SetLabels(b.scaledLabel) + oldRoute.Spec.ParentRefs[0].Name = gwapiv1.ObjectName(refGateway) + + if err := b.DeleteResource(ctx, oldRoute); err != nil { + return err + } + + if afterDeletion != nil { + afterDeletion(oldRoute) + } + } + + return nil +} + +func (b *BenchmarkTestSuite) CreateResource(ctx context.Context, object client.Object) error { + if err := b.Client.Create(ctx, object); err != nil { + if !kerrors.IsAlreadyExists(err) { + return err + } else { + return nil + } + } + return nil +} + +func (b *BenchmarkTestSuite) DeleteResource(ctx context.Context, object client.Object) error { + if err := b.Client.Delete(ctx, object); err != nil { + if !kerrors.IsNotFound(err) { + return err + } else { + return nil + } + } + return nil +} + +// DeleteScaledResources only cleanups all the resources under benchmark-test namespace. +func (b *BenchmarkTestSuite) DeleteScaledResources(ctx context.Context, object client.Object) error { + if err := b.Client.DeleteAllOf(ctx, object, + client.MatchingLabels{BenchmarkTestScaledKey: "true"}, client.InNamespace("benchmark-test")); err != nil { + return err + } + return nil +} + +// RegisterCleanup registers cleanup functions for all benchmark test resources. +func (b *BenchmarkTestSuite) RegisterCleanup(t *testing.T, ctx context.Context, object, scaledObject client.Object) { + t.Cleanup(func() { + t.Logf("Start to cleanup benchmark test resources") + + _ = b.DeleteResource(ctx, object) + _ = b.DeleteScaledResources(ctx, scaledObject) + + t.Logf("Clean up complete!") + }) +} diff --git a/test/benchmark/suite/test.go b/test/benchmark/suite/test.go new file mode 100644 index 00000000000..17138dfad25 --- /dev/null +++ b/test/benchmark/suite/test.go @@ -0,0 +1,34 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build benchmark +// +build benchmark + +package suite + +import "testing" + +type BenchmarkTest struct { + ShortName string + Description string + Test func(*testing.T, *BenchmarkTestSuite) []*BenchmarkReport +} + +// BenchmarkOptions for nighthawk-client. +type BenchmarkOptions struct { + RPS string + Connections string + Duration string + Concurrency string +} + +func NewBenchmarkOptions(rps, connections, duration, concurrency string) BenchmarkOptions { + return BenchmarkOptions{ + RPS: rps, + Connections: connections, + Duration: duration, + Concurrency: concurrency, + } +} diff --git a/test/benchmark/tests/scale_httproutes.go b/test/benchmark/tests/scale_httproutes.go new file mode 100644 index 00000000000..ca9c13f1828 --- /dev/null +++ b/test/benchmark/tests/scale_httproutes.go @@ -0,0 +1,115 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build benchmark +// +build benchmark + +package tests + +import ( + "context" + "fmt" + "testing" + + "github.com/stretchr/testify/require" + "k8s.io/apimachinery/pkg/types" + gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" + "sigs.k8s.io/gateway-api/conformance/utils/kubernetes" + + "github.com/envoyproxy/gateway/test/benchmark/suite" +) + +func init() { + BenchmarkTests = append(BenchmarkTests, ScaleHTTPRoutes) +} + +var ScaleHTTPRoutes = suite.BenchmarkTest{ + ShortName: "ScaleHTTPRoute", + Description: "Fixed one Gateway and different scales of HTTPRoutes.", + Test: func(t *testing.T, bSuite *suite.BenchmarkTestSuite) (reports []*suite.BenchmarkReport) { + var ( + ctx = context.Background() + ns = "benchmark-test" + err error + requestHeaders = []string{ + "Host: www.benchmark.com", + } + ) + + gatewayNN := types.NamespacedName{Name: "benchmark", Namespace: ns} + gateway := bSuite.GatewayTemplate.DeepCopy() + gateway.SetName(gatewayNN.Name) + err = bSuite.CreateResource(ctx, gateway) + require.NoError(t, err) + + routeNameFormat := "benchmark-route-%d" + routeScales := []uint16{10, 50, 100, 300, 500} + routeScalesN := len(routeScales) + routeNNs := make([]types.NamespacedName, 0, routeScales[routeScalesN-1]) + + bSuite.RegisterCleanup(t, ctx, gateway, &gwapiv1.HTTPRoute{}) + + t.Run("scaling up httproutes", func(t *testing.T) { + var start uint16 = 0 + for _, scale := range routeScales { + t.Run(fmt.Sprintf("scaling up httproutes to %d", scale), func(t *testing.T) { + err = bSuite.ScaleUpHTTPRoutes(ctx, [2]uint16{start, scale}, routeNameFormat, gatewayNN.Name, func(route *gwapiv1.HTTPRoute) { + routeNN := types.NamespacedName{Name: route.Name, Namespace: route.Namespace} + routeNNs = append(routeNNs, routeNN) + + t.Logf("Create HTTPRoute: %s", routeNN.String()) + }) + require.NoError(t, err) + start = scale + + gatewayAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, bSuite.Client, bSuite.TimeoutConfig, + bSuite.ControllerName, kubernetes.NewGatewayRef(gatewayNN), routeNNs...) + + // Run benchmark test at different scale. + name := fmt.Sprintf("scale-up-httproutes-%d", scale) + report, err := bSuite.Benchmark(t, ctx, name, gatewayAddr, requestHeaders...) + require.NoError(t, err) + + reports = append(reports, report) + }) + } + }) + + t.Run("scaling down httproutes", func(t *testing.T) { + var start = routeScales[routeScalesN-1] + + for i := routeScalesN - 2; i >= 0; i-- { + scale := routeScales[i] + + t.Run(fmt.Sprintf("scaling down httproutes to %d", scale), func(t *testing.T) { + err = bSuite.ScaleDownHTTPRoutes(ctx, [2]uint16{start, scale}, routeNameFormat, gatewayNN.Name, func(route *gwapiv1.HTTPRoute) { + routeNN := routeNNs[len(routeNNs)-1] + routeNNs = routeNNs[:len(routeNNs)-1] + + // Making sure we are deleting the right one route. + require.Equal(t, routeNN, + types.NamespacedName{Name: route.Name, Namespace: route.Namespace}) + + t.Logf("Delete HTTPRoute: %s", routeNN.String()) + }) + require.NoError(t, err) + start = scale + + gatewayAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, bSuite.Client, bSuite.TimeoutConfig, + bSuite.ControllerName, kubernetes.NewGatewayRef(gatewayNN), routeNNs...) + + // Run benchmark test at different scale. + name := fmt.Sprintf("scale-down-httproutes-%d", scale) + report, err := bSuite.Benchmark(t, ctx, name, gatewayAddr, requestHeaders...) + require.NoError(t, err) + + reports = append(reports, report) + }) + } + }) + + return + }, +} diff --git a/test/benchmark/tests/tests.go b/test/benchmark/tests/tests.go new file mode 100644 index 00000000000..0aa49a13bb1 --- /dev/null +++ b/test/benchmark/tests/tests.go @@ -0,0 +1,13 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build benchmark +// +build benchmark + +package tests + +import "github.com/envoyproxy/gateway/test/benchmark/suite" + +var BenchmarkTests []suite.BenchmarkTest diff --git a/test/cel-validation/backendtrafficpolicy_test.go b/test/cel-validation/backendtrafficpolicy_test.go index 2e5ed776e71..e8418790d31 100644 --- a/test/cel-validation/backendtrafficpolicy_test.go +++ b/test/cel-validation/backendtrafficpolicy_test.go @@ -1078,7 +1078,7 @@ func TestBackendTrafficPolicyTarget(t *testing.T) { }, }, }, - Connection: &egv1a1.BackendTrafficPolicyConnection{ + Connection: &egv1a1.BackendConnection{ BufferLimit: ptr.To(resource.MustParse("1Mi")), }, } @@ -1097,7 +1097,7 @@ func TestBackendTrafficPolicyTarget(t *testing.T) { }, }, }, - Connection: &egv1a1.BackendTrafficPolicyConnection{ + Connection: &egv1a1.BackendConnection{ BufferLimit: ptr.To(resource.MustParse("1m")), }, } diff --git a/test/cel-validation/clienttrafficpolicy_test.go b/test/cel-validation/clienttrafficpolicy_test.go index db5d3aa65e6..e28ad6c83bf 100644 --- a/test/cel-validation/clienttrafficpolicy_test.go +++ b/test/cel-validation/clienttrafficpolicy_test.go @@ -306,7 +306,7 @@ func TestClientTrafficPolicyTarget(t *testing.T) { }, }, }, - Connection: &egv1a1.Connection{ + Connection: &egv1a1.ClientConnection{ BufferLimit: ptr.To(resource.MustParse("15m")), }, } diff --git a/test/e2e/testdata/metric.yaml b/test/e2e/testdata/metric.yaml index 2d2c26311dc..e31c72fdab3 100644 --- a/test/e2e/testdata/metric.yaml +++ b/test/e2e/testdata/metric.yaml @@ -41,7 +41,7 @@ metadata: namespace: monitoring spec: selector: - app.kubernetes.io/instance: otel-collector + app.kubernetes.io/instance: eg-addons app.kubernetes.io/name: opentelemetry-collector component: standalone-collector ports: diff --git a/test/e2e/testdata/wasm.yaml b/test/e2e/testdata/wasm-http.yaml similarity index 93% rename from test/e2e/testdata/wasm.yaml rename to test/e2e/testdata/wasm-http.yaml index 76723cafb8c..e684da26765 100644 --- a/test/e2e/testdata/wasm.yaml +++ b/test/e2e/testdata/wasm-http.yaml @@ -52,4 +52,4 @@ spec: type: HTTP http: url: https://raw.githubusercontent.com/envoyproxy/envoy/main/examples/wasm-cc/lib/envoy_filter_http_wasm_example.wasm - sha256: 79c9f85128bb0177b6511afa85d587224efded376ac0ef76df56595f1e6315c0 + sha256: 79c9f85128bb0177b6511afa85d587224efded376ac0ef76df56595f1e6315c0 diff --git a/test/e2e/testdata/wasm-oci-registry-test-server.yaml b/test/e2e/testdata/wasm-oci-registry-test-server.yaml new file mode 100644 index 00000000000..3eed167d9a2 --- /dev/null +++ b/test/e2e/testdata/wasm-oci-registry-test-server.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: htpasswd + namespace: gateway-conformance-infra +data: + htpasswd: "testuser:$2y$05$NLYuo.x7JAL4EL7OOEHGjOUznJagjXCUczoWwc.dW1/5Qo6h5NiwO" # password is "testpassword" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oci-registry + namespace: gateway-conformance-infra +spec: + replicas: 1 + selector: + matchLabels: + app: oci-registry + template: + metadata: + labels: + app: oci-registry + spec: + containers: + - name: registry + image: registry:2 + ports: + - containerPort: 5000 + env: + - name: REGISTRY_AUTH + value: htpasswd + - name: REGISTRY_AUTH_HTPASSWD_REALM + value: Registry Realm + - name: REGISTRY_AUTH_HTPASSWD_PATH + value: /auth/htpasswd + volumeMounts: + - name: htpasswd + mountPath: /auth + volumes: + - name: htpasswd + configMap: + name: htpasswd +--- +apiVersion: v1 +kind: Service +metadata: + name: oci-registry + namespace: gateway-conformance-infra +spec: + selector: + app: oci-registry + ports: + - protocol: TCP + port: 5000 + targetPort: 5000 + type: LoadBalancer # Expose the registry for testing diff --git a/test/e2e/testdata/wasm-oci.yaml b/test/e2e/testdata/wasm-oci.yaml new file mode 100644 index 00000000000..98f92cb97bf --- /dev/null +++ b/test/e2e/testdata/wasm-oci.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-with-oci-wasm-source + namespace: gateway-conformance-infra +spec: + parentRefs: + - name: same-namespace + hostnames: ["www.example.com"] + rules: + - matches: + - path: + type: PathPrefix + value: /wasm-oci + backendRefs: + - name: infra-backend-v1 + port: 8080 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-without-wasm + namespace: gateway-conformance-infra +spec: + parentRefs: + - name: same-namespace + hostnames: ["www.example.com"] + rules: + - matches: + - path: + type: PathPrefix + value: /no-wasm + backendRefs: + - name: infra-backend-v1 + port: 8080 +--- +# EnvoyExtensionPolicy for OCI Wasm source test is created in the test code because we can't get the OCI registry's LB +# address in advance. diff --git a/test/e2e/testdata/wasm/Dockerfile b/test/e2e/testdata/wasm/Dockerfile new file mode 100644 index 00000000000..422da60914a --- /dev/null +++ b/test/e2e/testdata/wasm/Dockerfile @@ -0,0 +1,3 @@ +FROM scratch +LABEL org.opencontainers.image.title test-wasm +COPY plugin.wasm ./ diff --git a/test/e2e/testdata/wasm/plugin.wasm b/test/e2e/testdata/wasm/plugin.wasm new file mode 100644 index 00000000000..df2554e971e Binary files /dev/null and b/test/e2e/testdata/wasm/plugin.wasm differ diff --git a/test/e2e/tests/ext_proc.go b/test/e2e/tests/ext_proc.go index 45cda23c0c3..b4bd96d453e 100644 --- a/test/e2e/tests/ext_proc.go +++ b/test/e2e/tests/ext_proc.go @@ -56,9 +56,17 @@ var ExtProcTest = suite.ConformanceTest{ Host: "www.example.com", Path: "/processor", Headers: map[string]string{ - "x-request-ext-processed": "true", // header added by ext-processor to backend-bound request - "x-request-client-header-received": "original", // this is the original client header preserved by ext-proc in a new header - "x-request-client-header": "mutated", // this is the mutated value expected to reach upstream + "x-request-client-header": "original", // add a request header that will be mutated by ext-proc + }, + }, + ExpectedRequest: &http.ExpectedRequest{ + Request: http.Request{ + Path: "/processor", + Headers: map[string]string{ + "x-request-ext-processed": "true", // header added by ext-processor to backend-bound request + "x-request-client-header-received": "original", // this is the original client header preserved by ext-proc in a new header + "x-request-client-header": "mutated", // this is the mutated value expected to reach upstream + }, }, }, Response: http.Response{ @@ -70,19 +78,7 @@ var ExtProcTest = suite.ConformanceTest{ Namespace: ns, } - req := http.MakeRequest(t, &expectedResponse, gwAddr, "HTTP", "http") - - // add a request header that will be mutated by ext-proc - req.Headers["x-request-client-header"] = []string{"original"} - - cReq, cResp, err := suite.RoundTripper.CaptureRoundTrip(req) - if err != nil { - t.Errorf("failed to get expected response: %v", err) - } - - if err := http.CompareRequest(t, &req, cReq, cResp, expectedResponse); err != nil { - t.Errorf("failed to compare request and response: %v", err) - } + http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse) }) t.Run("http route without proc mode", func(t *testing.T) { @@ -109,7 +105,15 @@ var ExtProcTest = suite.ConformanceTest{ Host: "www.example.com", Path: "/no-processor", Headers: map[string]string{ - "x-request-client-header": "original", + "x-request-client-header": "original", // add a request header that will be mutated by ext-proc + }, + }, + ExpectedRequest: &http.ExpectedRequest{ + Request: http.Request{ + Path: "/no-processor", + Headers: map[string]string{ + "x-request-client-header": "original", // this is the original value expected to reach upstream + }, }, }, Response: http.Response{ @@ -119,19 +123,7 @@ var ExtProcTest = suite.ConformanceTest{ Namespace: ns, } - req := http.MakeRequest(t, &expectedResponse, gwAddr, "HTTP", "http") - - // add a request header that will be mutated by ext-proc if the request headers are sent - req.Headers["x-request-client-header"] = []string{"original"} - - cReq, cResp, err := suite.RoundTripper.CaptureRoundTrip(req) - if err != nil { - t.Errorf("failed to get expected response: %v", err) - } - - if err := http.CompareRequest(t, &req, cReq, cResp, expectedResponse); err != nil { - t.Errorf("failed to compare request and response: %v", err) - } + http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse) }) t.Run("http route with uds ext proc", func(t *testing.T) { @@ -158,9 +150,17 @@ var ExtProcTest = suite.ConformanceTest{ Host: "www.example.com", Path: "/uds-processor", Headers: map[string]string{ - "x-request-ext-processed": "true", // header added by ext-processor to backend-bound request - "x-request-client-header-received": "original", // this is the original client header preserved by ext-proc in a new header - "x-request-client-header": "mutated", // this is the mutated value expected to reach upstream + "x-request-client-header": "original", // add a request header that will be mutated by ext-proc + }, + }, + ExpectedRequest: &http.ExpectedRequest{ + Request: http.Request{ + Path: "/uds-processor", + Headers: map[string]string{ + "x-request-ext-processed": "true", // header added by ext-processor to backend-bound request + "x-request-client-header-received": "original", // this is the original client header preserved by ext-proc in a new header + "x-request-client-header": "mutated", // this is the mutated value expected to reach upstream + }, }, }, Response: http.Response{ @@ -172,19 +172,7 @@ var ExtProcTest = suite.ConformanceTest{ Namespace: ns, } - req := http.MakeRequest(t, &expectedResponse, gwAddr, "HTTP", "http") - - // add a request header that will be mutated by ext-proc - req.Headers["x-request-client-header"] = []string{"original"} - - cReq, cResp, err := suite.RoundTripper.CaptureRoundTrip(req) - if err != nil { - t.Errorf("failed to get expected response: %v", err) - } - - if err := http.CompareRequest(t, &req, cReq, cResp, expectedResponse); err != nil { - t.Errorf("failed to compare request and response: %v", err) - } + http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse) }) }, } diff --git a/test/e2e/tests/utils.go b/test/e2e/tests/utils.go index 541bdede59a..5dfc9af494e 100644 --- a/test/e2e/tests/utils.go +++ b/test/e2e/tests/utils.go @@ -11,6 +11,7 @@ import ( "fmt" "io" "net/http" + "strings" "testing" "time" @@ -29,6 +30,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" "sigs.k8s.io/gateway-api/conformance/utils/config" + "sigs.k8s.io/gateway-api/conformance/utils/tlog" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" ) @@ -68,6 +70,7 @@ func WaitForPods(t *testing.T, cl client.Client, namespace string, selectors map } } + t.Logf("pod %s/%s status: %v", p.Namespace, p.Name, p.Status) return false } @@ -204,6 +207,48 @@ func policyAcceptedByAncestor(ancestors []gwapiv1a2.PolicyAncestorStatus, contro return false } +// EnvoyExtensionPolicyMustFail waits for an EnvoyExtensionPolicy to fail with the specified reason. +func EnvoyExtensionPolicyMustFail( + t *testing.T, client client.Client, policyName types.NamespacedName, + controllerName string, ancestorRef gwapiv1a2.ParentReference, message string, +) { + t.Helper() + + policy := &egv1a1.EnvoyExtensionPolicy{} + waitErr := wait.PollUntilContextTimeout( + context.Background(), 1*time.Second, 60*time.Second, + true, func(ctx context.Context) (bool, error) { + err := client.Get(ctx, policyName, policy) + if err != nil { + return false, fmt.Errorf("error fetching EnvoyExtensionPolicy: %w", err) + } + + if policyFailAcceptedByAncestor(policy.Status.Ancestors, controllerName, ancestorRef, message) { + t.Logf("EnvoyExtensionPolicy has been failed: %v", policy) + return true, nil + } + + return false, nil + }) + + require.NoErrorf(t, waitErr, "error waiting for EnvoyExtensionPolicy to fail with message: %s policy %v", message, policy) +} + +func policyFailAcceptedByAncestor(ancestors []gwapiv1a2.PolicyAncestorStatus, controllerName string, ancestorRef gwapiv1a2.ParentReference, message string) bool { + for _, ancestor := range ancestors { + if string(ancestor.ControllerName) == controllerName && cmp.Equal(ancestor.AncestorRef, ancestorRef) { + for _, condition := range ancestor.Conditions { + if condition.Type == string(gwapiv1a2.PolicyConditionAccepted) && + condition.Status == metav1.ConditionFalse && + strings.Contains(condition.Message, message) { + return true + } + } + } + } + return false +} + // EnvoyExtensionPolicyMustBeAccepted waits for the specified EnvoyExtensionPolicy to be accepted. func EnvoyExtensionPolicyMustBeAccepted(t *testing.T, client client.Client, policyName types.NamespacedName, controllerName string, ancestorRef gwapiv1a2.ParentReference) { t.Helper() @@ -298,3 +343,25 @@ func RetrieveMetric(url string, name string, timeout time.Duration) (*dto.Metric return nil, fmt.Errorf("metric %s not found", name) } + +func WaitForLoadBalancerAddress(t *testing.T, client client.Client, timeout time.Duration, nn types.NamespacedName) (string, error) { + t.Helper() + + var ipAddr string + waitErr := wait.PollUntilContextTimeout(context.Background(), 1*time.Second, timeout, true, func(ctx context.Context) (bool, error) { + s := &corev1.Service{} + err := client.Get(ctx, nn, s) + if err != nil { + tlog.Logf(t, "error fetching Service: %v", err) + return false, fmt.Errorf("error fetching Service: %w", err) + } + + if len(s.Status.LoadBalancer.Ingress) > 0 { + ipAddr = s.Status.LoadBalancer.Ingress[0].IP + return true, nil + } + return false, nil + }) + require.NoErrorf(t, waitErr, "error waiting for Service to have at least one load balancer IP address in status") + return ipAddr, nil +} diff --git a/test/e2e/tests/wasm.go b/test/e2e/tests/wasm_http.go similarity index 93% rename from test/e2e/tests/wasm.go rename to test/e2e/tests/wasm_http.go index 7211c13e943..6ce3078f3ab 100644 --- a/test/e2e/tests/wasm.go +++ b/test/e2e/tests/wasm_http.go @@ -22,14 +22,14 @@ import ( ) func init() { - ConformanceTests = append(ConformanceTests, WasmTest) + ConformanceTests = append(ConformanceTests, HTTPWasmTest) } -// WasmTest tests Wasm extension for an http route with HTTP Wasm configured. -var WasmTest = suite.ConformanceTest{ - ShortName: "Wasm", +// HTTPWasmTest tests Wasm extension for an http route with HTTP Wasm configured. +var HTTPWasmTest = suite.ConformanceTest{ + ShortName: "Wasm HTTP Code Source", Description: "Test Wasm extension that adds response headers", - Manifests: []string{"testdata/wasm.yaml"}, + Manifests: []string{"testdata/wasm-http.yaml"}, Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { t.Run("http route with http wasm source", func(t *testing.T) { ns := "gateway-conformance-infra" diff --git a/test/e2e/tests/wasm_oci.go b/test/e2e/tests/wasm_oci.go new file mode 100644 index 00000000000..1a41187092b --- /dev/null +++ b/test/e2e/tests/wasm_oci.go @@ -0,0 +1,427 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +//go:build e2e +// +build e2e + +package tests + +import ( + "bufio" + "context" + "encoding/base64" + "encoding/json" + "errors" + "fmt" + "io" + "testing" + "time" + + dockertypes "github.com/docker/docker/api/types" + "github.com/docker/docker/client" + "github.com/docker/docker/pkg/archive" + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/daemon" + "github.com/google/go-containerregistry/pkg/v1/remote" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" + gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" + gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1" + "sigs.k8s.io/gateway-api/conformance/utils/http" + "sigs.k8s.io/gateway-api/conformance/utils/kubernetes" + "sigs.k8s.io/gateway-api/conformance/utils/suite" + + egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" + "github.com/envoyproxy/gateway/internal/gatewayapi" +) + +const ( + dockerUsername = "testuser" + dockerPassword = "testpassword" + dockerEmail = "your-email@example.com" + testNS = "gateway-conformance-infra" + testGW = "same-namespace" + testEEP = "oci-wasm-source-test" + pullSecret = "registry-secret" + httpRouteWithWasm = "http-with-oci-wasm-source" + httpRouteWithoutWasm = "http-without-wasm" +) + +func init() { + ConformanceTests = append(ConformanceTests, OCIWasmTest) +} + +// OCIWasmTest tests Wasm extension for an http route with OCI Wasm configured. +var OCIWasmTest = suite.ConformanceTest{ + ShortName: "Wasm OCI Image Code Source", + Description: "Test OCI Wasm extension", + Manifests: []string{"testdata/wasm-oci.yaml", "testdata/wasm-oci-registry-test-server.yaml"}, + Test: func(t *testing.T, suite *suite.ConformanceTestSuite) { + // Get the LoadBalancer IP of the registry + registryNN := types.NamespacedName{Name: "oci-registry", Namespace: testNS} + registryIP, err := WaitForLoadBalancerAddress(t, suite.Client, 10*time.Second, registryNN) + if err != nil { + t.Fatalf("failed to get registry IP: %v", err) + } + registryAddr := fmt.Sprintf("%s:5000", registryIP) + + // Push the wasm image to the registry + digest := pushWasmImageForTest(t, suite, registryAddr) + + // Create the pull secret for the wasm image + secret := createPullSecretForWasmTest(t, suite, registryAddr, dockerPassword) + + // Create the EnvoyExtensionPolicy referencing the wasm image + eep := createEEPForWasmTest(t, suite, registryAddr, digest, true) + + // Wait for the EnvoyExtensionPolicy to be accepted + ancestorRef := gwapiv1a2.ParentReference{ + Group: gatewayapi.GroupPtr(gwapiv1.GroupName), + Kind: gatewayapi.KindPtr(gatewayapi.KindGateway), + Namespace: gatewayapi.NamespacePtr(testNS), + Name: gwapiv1.ObjectName(testGW), + } + + EnvoyExtensionPolicyMustBeAccepted( + t, suite.Client, + types.NamespacedName{Name: testEEP, Namespace: testNS}, + suite.ControllerName, + ancestorRef) + + // HTTPRoute configured with the correct wasm extension should modify the response + t.Run("http route with oci wasm source", func(t *testing.T) { + // Wait for the HTTPRoute to be accepted + routeNN := types.NamespacedName{Name: httpRouteWithWasm, Namespace: testNS} + gwNN := types.NamespacedName{Name: testGW, Namespace: testNS} + gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) + + // Make a request to the gateway and expect the wasm filter to add a response header + expectedResponse := http.ExpectedResponse{ + Request: http.Request{ + Host: "www.example.com", + Path: "/wasm-oci", + }, + + // Set the expected request properties to empty strings. + // This is a workaround to avoid the test failure. + // These values can't be extracted from the json format response + // body because the test wasm code appends a "Hello, world" text + // to the response body, invalidating the json format. + ExpectedRequest: &http.ExpectedRequest{ + Request: http.Request{ + Host: "", + Method: "", + Path: "", + Headers: nil, + }, + }, + Namespace: "", + + Response: http.Response{ + StatusCode: 200, + Headers: map[string]string{ + "x-wasm-custom": "FOO", // response header added by wasm + }, + }, + } + + http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse) + }) + + // HTTPRoute without wasm should not modify the response + t.Run("http route without wasm", func(t *testing.T) { + EnvoyExtensionPolicyMustBeAccepted( + t, suite.Client, + types.NamespacedName{Name: testEEP, Namespace: testNS}, + suite.ControllerName, + ancestorRef) + + ns := testNS + routeNN := types.NamespacedName{Name: httpRouteWithoutWasm, Namespace: ns} + gwNN := types.NamespacedName{Name: testGW, Namespace: ns} + gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN) + + expectedResponse := http.ExpectedResponse{ + Request: http.Request{ + Host: "www.example.com", + Path: "/no-wasm", + }, + Response: http.Response{ + StatusCode: 200, + AbsentHeaders: []string{"x-wasm-custom"}, + }, + Namespace: ns, + } + + req := http.MakeRequest(t, &expectedResponse, gwAddr, "HTTP", "http") + cReq, cResp, err := suite.RoundTripper.CaptureRoundTrip(req) + if err != nil { + t.Errorf("failed to get expected response: %v", err) + } + + if err := http.CompareRequest(t, &req, cReq, cResp, expectedResponse); err != nil { + t.Errorf("failed to compare request and response: %v", err) + } + }) + + // Verify that the wasm module can't be loaded if the pull secret is missing + // even if the wasm image is already cached. + t.Run("without pull secret", func(t *testing.T) { + // Delete the EnvoyExtensionPolicy with pull secret + _ = suite.Client.Delete(context.Background(), eep) + + // Create the EnvoyExtensionPolicy without pull secret + createEEPForWasmTest(t, suite, registryAddr, digest, false) + + defer func() { + _ = suite.Client.Delete(context.Background(), eep) + }() + + // Wait for the EnvoyExtensionPolicy to be failed due to missing pull secret + ancestorRef := gwapiv1a2.ParentReference{ + Group: gatewayapi.GroupPtr(gwapiv1.GroupName), + Kind: gatewayapi.KindPtr(gatewayapi.KindGateway), + Namespace: gatewayapi.NamespacePtr(testNS), + Name: gwapiv1.ObjectName(testGW), + } + + EnvoyExtensionPolicyMustFail( + t, suite.Client, + types.NamespacedName{Name: testEEP, Namespace: testNS}, + suite.ControllerName, + ancestorRef, "failed to login to private registry") + }) + + // Verify that the wasm module can't be loaded if the password is incorrect + // even if the wasm image is already cached. + t.Run("with wrong password", func(t *testing.T) { + // Delete the EnvoyExtensionPolicy with pull secret + _ = suite.Client.Delete(context.Background(), eep) + + // Delete the pull secret + _ = suite.Client.Delete(context.Background(), secret) + + // Create the pull secret with a wrong password + secret = createPullSecretForWasmTest(t, suite, registryAddr, "wrongpassword") + + // Create the EnvoyExtensionPolicy without pull secret + eep = createEEPForWasmTest(t, suite, registryAddr, digest, true) + + defer func() { + _ = suite.Client.Delete(context.Background(), eep) + _ = suite.Client.Delete(context.Background(), secret) + }() + + // Wait for the EnvoyExtensionPolicy to be failed due to missing pull secret + ancestorRef := gwapiv1a2.ParentReference{ + Group: gatewayapi.GroupPtr(gwapiv1.GroupName), + Kind: gatewayapi.KindPtr(gatewayapi.KindGateway), + Namespace: gatewayapi.NamespacePtr(testNS), + Name: gwapiv1.ObjectName(testGW), + } + + EnvoyExtensionPolicyMustFail( + t, suite.Client, + types.NamespacedName{Name: testEEP, Namespace: testNS}, + suite.ControllerName, + ancestorRef, "failed to login to private registry") + }) + }, +} + +func pushWasmImageForTest(t *testing.T, suite *suite.ConformanceTestSuite, registryAddr string) string { + // Wait for the registry pod to be ready + podReady := corev1.PodCondition{Type: corev1.PodReady, Status: corev1.ConditionTrue} + WaitForPods( + t, suite.Client, testNS, + map[string]string{"app": "oci-registry"}, corev1.PodRunning, podReady) + + ctx, cancel := context.WithTimeout(context.Background(), time.Second*120) + defer cancel() + + var ( + cli *client.Client + tar io.Reader + res dockertypes.ImageBuildResponse + digest v1.Hash + err error + ) + + tag := fmt.Sprintf("%s/testwasm:v1.0.0", registryAddr) + + if cli, err = client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()); err != nil { + t.Fatalf("failed to create docker client: %v", err) + } + + if tar, err = archive.TarWithOptions("testdata/wasm", &archive.TarOptions{}); err != nil { + t.Fatalf("failed to create tar: %v", err) + } + + opts := dockertypes.ImageBuildOptions{ + Dockerfile: "Dockerfile", + Tags: []string{tag}, + Remove: true, + } + if res, err = cli.ImageBuild(ctx, tar, opts); err != nil { + t.Fatalf("failed to build image: %v", err) + } + defer func() { + _ = res.Body.Close() + }() + if err = printDockerCLIResponse(res.Body); err != nil { + t.Fatalf("failed to print docker cli response: %v", err) + } + + ref, err := name.ParseReference(tag, name.Insecure) + if err != nil { + t.Fatalf("failed to parse reference: %v", err) + } + + // Retrieve the image from the local Docker daemon + img, err := daemon.Image(ref) + if err != nil { + t.Fatalf("failed to retrieve image: %v", err) + } + + authOption := remote.WithAuth(&authn.Basic{ + Username: dockerUsername, + Password: dockerPassword, + }) + + const retries = 5 + for i := 0; i < retries; i++ { + // Push the image to the remote registry + // err = crane.Push(img, tag) + err = remote.Write(ref, img, authOption) + if err == nil { + break + } + t.Logf("failed to push image: %v", err) + } + if err != nil { + t.Fatalf("failed to push image: %v", err) + } + + if img, err = remote.Image(ref, authOption); err != nil { + t.Fatalf("failed to retrieve image: %v", err) + } + if digest, err = img.Digest(); err != nil { + t.Fatalf("failed to get image digest: %v", err) + } + + t.Logf("pushed image %s with digest: %s", tag, digest.Hex) + return digest.Hex +} + +type ErrorLine struct { + Error string `json:"error"` + ErrorDetail ErrorDetail `json:"errorDetail"` +} + +type ErrorDetail struct { + Message string `json:"message"` +} + +func printDockerCLIResponse(rd io.Reader) error { + var lastLine string + + scanner := bufio.NewScanner(rd) + for scanner.Scan() { + lastLine = scanner.Text() + fmt.Println(scanner.Text()) + } + + errLine := &ErrorLine{} + _ = json.Unmarshal([]byte(lastLine), errLine) + if errLine.Error != "" { + return errors.New(errLine.Error) + } + + if err := scanner.Err(); err != nil { + return err + } + + return nil +} + +func createPullSecretForWasmTest(t *testing.T, suite *suite.ConformanceTestSuite, registryAddr string, password string) *corev1.Secret { + // Create Docker config JSON + dockerConfigJSON := fmt.Sprintf(`{"auths":{"%s":{"username":"%s","password":"%s","email":"%s","auth":"%s"}}}`, + registryAddr, dockerUsername, password, dockerEmail, + base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", dockerUsername, password)))) + + // Create a Secret object + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: pullSecret, + Namespace: testNS, + }, + Type: corev1.SecretTypeDockerConfigJson, + Data: map[string][]byte{ + corev1.DockerConfigJsonKey: []byte(dockerConfigJSON), + }, + } + + // Create the secret in the specified namespace + _ = suite.Client.Delete(context.Background(), secret) + if err := suite.Client.Create(context.Background(), secret); err != nil { + t.Fatalf("failed to create secret: %v", err) + } + return secret +} + +func createEEPForWasmTest( + t *testing.T, suite *suite.ConformanceTestSuite, + registryAddr string, digest string, withPullSecret bool, +) *egv1a1.EnvoyExtensionPolicy { + eep := &egv1a1.EnvoyExtensionPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: testEEP, + Namespace: testNS, + }, + Spec: egv1a1.EnvoyExtensionPolicySpec{ + PolicyTargetReferences: egv1a1.PolicyTargetReferences{ + TargetRefs: []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{ + { + LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{ + Group: "gateway.networking.k8s.io", + Kind: "HTTPRoute", + Name: httpRouteWithWasm, + }, + }, + }, + }, + + Wasm: []egv1a1.Wasm{ + { + Name: ptr.To("wasm-filter"), + RootID: ptr.To("my_root_id"), + Code: egv1a1.WasmCodeSource{ + Type: egv1a1.ImageWasmCodeSourceType, + Image: &egv1a1.ImageWasmCodeSource{ + URL: fmt.Sprintf("%s/testwasm:v1.0.0", registryAddr), + SHA256: &digest, + }, + }, + }, + }, + }, + } + if withPullSecret { + eep.Spec.Wasm[0].Code.Image.PullSecretRef = &gwapiv1b1.SecretObjectReference{ + Name: gwapiv1.ObjectName(pullSecret), + } + } + // Create the EnvoyExtensionPolicy in the specified namespace + if err := suite.Client.Create(context.Background(), eep); err != nil { + t.Fatalf("failed to create envoy extension policy: %v", err) + } + return eep +} diff --git a/test/helm/gateway-addons-helm/default.in.yaml b/test/helm/gateway-addons-helm/default.in.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/helm/gateway-addons-helm/default.out.yaml b/test/helm/gateway-addons-helm/default.out.yaml new file mode 100644 index 00000000000..805e6520b95 --- /dev/null +++ b/test/helm/gateway-addons-helm/default.out.yaml @@ -0,0 +1,10433 @@ +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fluent-bit + namespace: monitoring + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +--- +# Source: gateway-addons-helm/charts/grafana/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: false +metadata: + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm + name: grafana + namespace: monitoring +--- +# Source: gateway-addons-helm/charts/loki/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: loki + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: true +--- +# Source: gateway-addons-helm/charts/prometheus/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus + namespace: monitoring + annotations: + {} +--- +# Source: gateway-addons-helm/charts/tempo/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tempo + namespace: monitoring + labels: + helm.sh/chart: tempo-1.3.1 + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.1" + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: true +--- +# Source: gateway-addons-helm/charts/grafana/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: grafana + namespace: monitoring + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm +type: Opaque +data: + + admin-user: "YWRtaW4=" + admin-password: "YWRtaW4=" + ldap-toml: "" +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: fluent-bit + namespace: monitoring + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +data: + custom_parsers.conf: | + [PARSER] + Name docker_no_time + Format json + Time_Keep Off + Time_Key time + Time_Format %Y-%m-%dT%H:%M:%S.%L + + fluent-bit.conf: | + [SERVICE] + Daemon Off + Flush 1 + Log_Level info + Parsers_File parsers.conf + Parsers_File custom_parsers.conf + HTTP_Server On + HTTP_Listen 0.0.0.0 + HTTP_Port 2020 + Health_Check On + + [INPUT] + Name tail + Path /var/log/containers/*.log + multiline.parser docker, cri + Tag kube.* + Mem_Buf_Limit 5MB + Skip_Long_Lines On + + [FILTER] + Name kubernetes + Match kube.* + Merge_Log On + Keep_Log Off + K8S-Logging.Parser On + K8S-Logging.Exclude On + + [FILTER] + Name grep + Match kube.* + Regex $kubernetes['container_name'] ^envoy$ + + [FILTER] + Name parser + Match kube.* + Key_Name log + Parser envoy + Reserve_Data True + + [OUTPUT] + Name loki + Match kube.* + Host loki.monitoring.svc.cluster.local + Port 3100 + Labels job=fluentbit, app=$kubernetes['labels']['app'], k8s_namespace_name=$kubernetes['namespace_name'], k8s_pod_name=$kubernetes['pod_name'], k8s_container_name=$kubernetes['container_name'] +--- +# Source: gateway-addons-helm/charts/grafana/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana + namespace: monitoring + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm +data: + + grafana.ini: | + [analytics] + check_for_updates = true + [grafana_net] + url = https://grafana.net + [log] + mode = console + [paths] + data = /var/lib/grafana/ + logs = /var/log/grafana + plugins = /var/lib/grafana/plugins + provisioning = /etc/grafana/provisioning + [server] + domain = '' + datasources.yaml: | + apiVersion: 1 + datasources: + - name: Prometheus + type: prometheus + url: http://prometheus + dashboardproviders.yaml: | + apiVersion: 1 + providers: + - disableDeletion: false + editable: true + folder: envoy-gateway + name: envoy-gateway + options: + path: /var/lib/grafana/dashboards/envoy-gateway + orgId: 1 + type: file +--- +# Source: gateway-addons-helm/charts/loki/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: loki + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm +data: + config.yaml: | + auth_enabled: false + common: + compactor_address: 'loki' + path_prefix: /var/loki + replication_factor: 1 + storage: + filesystem: + chunks_directory: /var/loki/chunks + rules_directory: /var/loki/rules + limits_config: + enforce_metric_name: false + max_cache_freshness_per_query: 10m + reject_old_samples: true + reject_old_samples_max_age: 168h + split_queries_by_interval: 15m + memberlist: + join_members: + - loki-memberlist + query_range: + align_queries_with_step: true + ruler: + storage: + type: local + runtime_config: + file: /etc/loki/runtime-config/runtime-config.yaml + schema_config: + configs: + - from: "2022-01-11" + index: + period: 24h + prefix: loki_index_ + object_store: filesystem + schema: v12 + store: boltdb-shipper + server: + grpc_listen_port: 9095 + http_listen_port: 3100 + storage_config: + hedging: + at: 250ms + max_per_second: 20 + up_to: 3 + table_manager: + retention_deletes_enabled: false + retention_period: 0 +--- +# Source: gateway-addons-helm/charts/loki/templates/runtime-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: loki-runtime + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm +data: + runtime-config.yaml: | + + {} +--- +# Source: gateway-addons-helm/charts/prometheus/templates/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus + namespace: monitoring +data: + allow-snippet-annotations: "false" + alerting_rules.yml: | + {} + alerts: | + {} + prometheus.yml: | + global: + evaluation_interval: 1m + scrape_interval: 15s + scrape_timeout: 10s + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + - /etc/config/rules + - /etc/config/alerts + scrape_configs: + - job_name: prometheus + static_configs: + - targets: + - localhost:9090 + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-apiservers + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: default;kubernetes;https + source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-nodes + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - replacement: kubernetes.default.svc:443 + target_label: __address__ + - regex: (.+) + replacement: /api/v1/nodes/$1/proxy/metrics + source_labels: + - __meta_kubernetes_node_name + target_label: __metrics_path__ + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-nodes-cadvisor + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - replacement: kubernetes.default.svc:443 + target_label: __address__ + - regex: (.+) + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + source_labels: + - __meta_kubernetes_node_name + target_label: __metrics_path__ + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + - honor_labels: true + job_name: kubernetes-service-endpoints + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scrape + - action: drop + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + source_labels: + - __address__ + - __meta_kubernetes_service_annotation_prometheus_io_port + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_service_name + target_label: service + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: node + - honor_labels: true + job_name: kubernetes-service-endpoints-slow + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + source_labels: + - __address__ + - __meta_kubernetes_service_annotation_prometheus_io_port + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_service_name + target_label: service + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: node + scrape_interval: 5m + scrape_timeout: 30s + - honor_labels: true + job_name: prometheus-pushgateway + kubernetes_sd_configs: + - role: service + relabel_configs: + - action: keep + regex: pushgateway + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_probe + - honor_labels: true + job_name: kubernetes-services + kubernetes_sd_configs: + - role: service + metrics_path: /probe + params: + module: + - http_2xx + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_probe + - source_labels: + - __address__ + target_label: __param_target + - replacement: blackbox + target_label: __address__ + - source_labels: + - __param_target + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - source_labels: + - __meta_kubernetes_service_name + target_label: service + - honor_labels: true + job_name: kubernetes-pods + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scrape + - action: drop + regex: true + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}) + replacement: '[$2]:$1' + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_port + - __meta_kubernetes_pod_ip + target_label: __address__ + - action: replace + regex: (\d+);((([0-9]+?)(\.|$)){4}) + replacement: $2:$1 + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_port + - __meta_kubernetes_pod_ip + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: drop + regex: Pending|Succeeded|Failed|Completed + source_labels: + - __meta_kubernetes_pod_phase + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: node + - honor_labels: true + job_name: kubernetes-pods-slow + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}) + replacement: '[$2]:$1' + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_port + - __meta_kubernetes_pod_ip + target_label: __address__ + - action: replace + regex: (\d+);((([0-9]+?)(\.|$)){4}) + replacement: $2:$1 + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_port + - __meta_kubernetes_pod_ip + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: drop + regex: Pending|Succeeded|Failed|Completed + source_labels: + - __meta_kubernetes_pod_phase + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: node + scrape_interval: 5m + scrape_timeout: 30s + recording_rules.yml: | + {} + rules: | + {} +--- +# Source: gateway-addons-helm/charts/tempo/templates/configmap-tempo.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: tempo + namespace: monitoring + labels: + helm.sh/chart: tempo-1.3.1 + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.1" + app.kubernetes.io/managed-by: Helm +data: + overrides.yaml: | + overrides: + {} + tempo.yaml: | + multitenancy_enabled: false + usage_report: + reporting_enabled: true + compactor: + compaction: + block_retention: 24h + distributor: + receivers: + jaeger: + protocols: + grpc: + endpoint: 0.0.0.0:14250 + thrift_binary: + endpoint: 0.0.0.0:6832 + thrift_compact: + endpoint: 0.0.0.0:6831 + thrift_http: + endpoint: 0.0.0.0:14268 + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:4317 + http: + endpoint: 0.0.0.0:4318 + ingester: + {} + server: + http_listen_port: 3100 + storage: + trace: + backend: local + local: + path: /var/tempo/traces + wal: + path: /var/tempo/wal + querier: + {} + query_frontend: + {} + overrides: + per_tenant_override_config: /conf/overrides.yaml +--- +# Source: gateway-addons-helm/templates/dashboards_config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboards + namespace: 'monitoring' +data: + envoy-clusters.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy proxy monitoring Dashboard with cluster and service level templates. ", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 11021, + "graphTooltip": 0, + "id": 2, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 3, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#299c46", + "value": 2 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 5, + "x": 0, + "y": 0 + }, + "id": 9, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(envoy_server_live{})", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Live servers", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 5, + "y": 0 + }, + "id": 12, + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "avg(envoy_server_uptime)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Avg uptime per node", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 5, + "x": 9, + "y": 0 + }, + "id": 11, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "SUM(envoy_server_memory_allocated{})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Allocated Memory", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 14, + "y": 0 + }, + "id": 13, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "SUM(envoy_server_memory_heap_size)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Heap Size", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 3, + "x": 18, + "y": 0 + }, + "id": 19, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "(sum(envoy_cluster_membership_healthy{envoy_cluster_name=~\"$cluster\"}) - sum(envoy_cluster_membership_total{envoy_cluster_name=~\"$cluster\"}))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Unhealthy Clusters", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "text": "NOT WELL" + }, + "1": { + "text": "OK" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "#299c46", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 3, + "x": 21, + "y": 0 + }, + "id": 20, + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "(sum(envoy_cluster_membership_total{envoy_cluster_name=~\"$cluster\"})-sum(envoy_cluster_membership_healthy{envoy_cluster_name=~\"$cluster\"})) == bool 0", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Cluster State", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 5 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(envoy_cluster_upstream_cx_active{envoy_cluster_name=~\"$cluster\"}) by (envoy_cluster_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Total active connections", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "__systemRef": "hideSeriesFrom", + "matcher": { + "id": "byNames", + "options": { + "mode": "exclude", + "names": [ + "httproute/default/backend/rule/0" + ], + "prefix": "All except:", + "readOnly": true + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": false, + "tooltip": false, + "viz": true + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 5 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "editorMode": "code", + "expr": "sum(irate(envoy_cluster_upstream_rq_total{envoy_cluster_name=~\"$cluster\"}[5m])) by (envoy_cluster_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Total requests", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 12 + }, + "id": 15, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(irate(envoy_cluster_upstream_cx_rx_bytes_total{envoy_cluster_name=~\"$cluster\"}[5m])) by (envoy_cluster_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{envoy_cluster_name}} - in", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(irate(envoy_cluster_upstream_cx_tx_bytes_total{envoy_cluster_name=~\"$cluster\"}[5m])) by (envoy_cluster_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{envoy_cluster_name}} - out", + "range": true, + "refId": "B" + } + ], + "title": "Upstream Network Traffic", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 12 + }, + "id": 17, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum(irate(envoy_http_downstream_cx_rx_bytes_total{envoy_http_conn_manager_prefix=~\"http\"}[5m]))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{service}} - in", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum(irate(envoy_http_downstream_cx_tx_bytes_total{envoy_http_conn_manager_prefix=~\"http\"}[5m]))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{service}} - out", + "range": true, + "refId": "B" + } + ], + "title": "Downstream Network Traffic", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 19 + }, + "id": 22, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.99, sum(rate(envoy_cluster_upstream_rq_time_bucket{envoy_cluster_name=~\"$cluster\"}[5m])) by (le, envoy_cluster_name))", + "instant": false, + "legendFormat": "{{envoy_cluster_name}} 99%", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.9, sum(rate(envoy_cluster_upstream_rq_time_bucket{envoy_cluster_name=~\"$cluster\"}[5m])) by (le, envoy_cluster_name))", + "hide": false, + "instant": false, + "legendFormat": "{{envoy_cluster_name}} 90%", + "range": true, + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.5, sum(rate(envoy_cluster_upstream_rq_time_bucket{envoy_cluster_name=~\"$cluster\"}[5m])) by (le, envoy_cluster_name))", + "hide": false, + "instant": false, + "legendFormat": "{{envoy_cluster_name}} 50%", + "range": true, + "refId": "C" + } + ], + "title": "Upstream Latency", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 19 + }, + "id": 24, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_response_code_class=~\"2\", envoy_cluster_name=~\"$cluster\"}[5m])) by (envoy_cluster_name)", + "instant": false, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 2xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 19 + }, + "id": 28, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_cluster_name=~\"$cluster\",envoy_response_code_class=~\"4\"}[1m])) by (envoy_cluster_name)", + "instant": false, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 4xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 27 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(envoy_cluster_membership_healthy{envoy_cluster_name=~\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "healthy", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "$datasource" + }, + "expr": "sum(envoy_cluster_membership_total{envoy_cluster_name=~\"$cluster\",service=~\"$service\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "total", + "refId": "B" + } + ], + "title": "Downstream members", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 27 + }, + "id": 30, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_cluster_name=~\"$cluster\",envoy_response_code_class=~\"5\"}[5m])) by (envoy_cluster_name)", + "instant": false, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 5xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 27 + }, + "id": 26, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_cluster_name=~\"$cluster\",envoy_response_code_class=~\"3\"}[5m])) by (envoy_cluster_name)", + "instant": false, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 3xx Responses", + "type": "timeseries" + } + ], + "refresh": "30s", + "schemaVersion": 39, + "tags": [ + "Data Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": false, + "text": "httproute/default/backend/rule/0", + "value": "httproute/default/backend/rule/0" + }, + "datasource": { + "uid": "$datasource" + }, + "definition": "label_values(envoy_cluster_name)", + "hide": 0, + "includeAll": true, + "label": "Cluster", + "multi": false, + "name": "cluster", + "options": [], + "query": { + "query": "label_values(envoy_cluster_name)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Envoy Clusters", + "uid": "8WkEOMnANKE6PW5hhpVv", + "version": 1, + "weekStart": "" + } + envoy-gateway-global.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy Gateway monitoring Dashboard with exported metrics.", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 1, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [], + "title": "Watching Components", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "How long in seconds a subscribed watchable is handled.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 7, + "x": 0, + "y": 1 + }, + "id": 1, + "maxPerRow": 3, + "options": { + "displayMode": "basic", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "11.0.0", + "repeat": "Runner", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(le) (watchable_subscribed_duration_seconds_bucket{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "format": "heatmap", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{le}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Duration Bucket: $Runner", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 7, + "y": 1 + }, + "id": 24, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "value_and_name", + "wideLayout": false + }, + "pluginVersion": "11.0.0", + "repeat": "Runner", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "exemplar": false, + "expr": "avg by(runner) (watchable_subscribed_duration_seconds_sum{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "format": "time_series", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Avg", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "max by(runner) (watchable_subscribed_duration_seconds_sum{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Max", + "range": true, + "refId": "B", + "useBackend": false + } + ], + "title": "Duration Status", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Current depth of watchable map.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "super-light-blue", + "mode": "shades" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 2, + "x": 10, + "y": 1 + }, + "id": 7, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "value", + "wideLayout": false + }, + "pluginVersion": "11.0.0", + "repeat": "Runner", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(runner) (watchable_depth{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Depth", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Success" + }, + "properties": [ + { + "id": "displayName", + "value": "Success" + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 7, + "x": 12, + "y": 1 + }, + "id": 10, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "value_and_name", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "repeat": "Runner", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(runner) (watchable_subscribed_total{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Total", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(runner) (watchable_subscribed_errors_total{runner=~\"$Runner\", namespace=\"$Namespace\"}) OR vector(0)", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Errors", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "$A-$B", + "hide": false, + "refId": "Success", + "type": "math" + } + ], + "title": "Statistics", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "semi-dark-red", + "value": null + }, + { + "color": "#EAB839", + "value": 30 + }, + { + "color": "semi-dark-green", + "value": 70 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 19, + "y": 1 + }, + "id": 23, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "11.0.0", + "repeat": "Runner", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(runner) (watchable_subscribed_total{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(runner) (watchable_subscribed_errors_total{runner=~\"$Runner\", namespace=\"$Namespace\"}) OR vector(0)", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "(($A-$B) / $A) * 100", + "hide": false, + "refId": "C", + "type": "math" + } + ], + "title": "Success Rate", + "type": "gauge" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 36 + }, + "id": 35, + "panels": [], + "title": "Status Updater", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "How long a status update takes to finish for all Kind.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "super-light-blue", + "mode": "thresholds" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 6, + "x": 0, + "y": 37 + }, + "id": 61, + "options": { + "displayMode": "basic", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(le) (status_update_duration_seconds_bucket{namespace=\"$Namespace\"})", + "format": "heatmap", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{le}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Duration Bucket", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "#EAB839", + "value": 0.2 + }, + { + "color": "red", + "value": 0.5 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 6, + "x": 6, + "y": 37 + }, + "id": 82, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_duration_seconds_sum{namespace=\"$Namespace\"}", + "format": "time_series", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Avg Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "#EAB839", + "value": 0.1 + }, + { + "color": "red", + "value": 0.5 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 6, + "x": 12, + "y": 37 + }, + "id": 83, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "max" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_duration_seconds_sum{namespace=\"$Namespace\"}", + "format": "time_series", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Max Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "yellow", + "value": 0.01 + }, + { + "color": "red", + "value": 0.1 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 6, + "x": 18, + "y": 37 + }, + "id": 84, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "logmin" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_duration_seconds_sum{namespace=\"$Namespace\"}", + "format": "time_series", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Min Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of status updates by object kind.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": true, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "fieldMinMax": false, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 10, + "x": 0, + "y": 46 + }, + "id": 56, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red" + }, + { + "color": "#EAB839", + "value": 50 + }, + { + "color": "green", + "value": 85 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 14, + "x": 10, + "y": 46 + }, + "id": 105, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (status_update_success_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (status_update_success_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "($B / $A) * 100", + "hide": false, + "refId": "Rate:", + "type": "math" + } + ], + "title": "Success Rate", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of status updates that succeeded by object kind.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": true, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 54 + }, + "id": 57, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_success_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Success", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of status updates that are no-ops by object kind. This is a subset of successful status updates.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": true, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 54 + }, + "id": 59, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_noop_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "No-ops", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of status updates that failed by object kind.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": true, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 54 + }, + "id": 58, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "status_update_failed_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Fail", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of status update conflicts encountered by object kind.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": true, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 54 + }, + "id": 60, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "status_update_conflict_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Conflict", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 62 + }, + "id": 126, + "panels": [], + "title": "xDS Server", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "super-light-green", + "mode": "shades" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 10, + "x": 0, + "y": 63 + }, + "id": 127, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "value_and_name", + "wideLayout": false + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_snapshot_creation_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Total", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_snapshot_creation_success{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Success", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "xds_snapshot_creation_failed{namespace=\"$Namespace\"} OR on() vector(0)", + "hide": false, + "instant": false, + "legendFormat": "Fail", + "range": true, + "refId": "C" + } + ], + "title": "Creation Status", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red" + }, + { + "color": "orange", + "value": 70 + }, + { + "color": "green", + "value": 85 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 10, + "y": 63 + }, + "id": 148, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum(xds_snapshot_creation_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum(xds_snapshot_creation_success{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "($B / $A) * 100", + "hide": false, + "refId": "C", + "type": "math" + } + ], + "title": "Creation Success Rate", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 15, + "y": 63 + }, + "id": 149, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "max(xds_delta_stream_duration_seconds_bucket{namespace=\"$Namespace\"})", + "format": "heatmap", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Finished Stream", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Maximum duration seconds for finished xDS delta stream connection.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 20, + "y": 63 + }, + "id": 150, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "max" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_delta_stream_duration_seconds_sum{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Max Duration", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Minimum duration seconds for finished xDS delta stream connection.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 20, + "y": 67 + }, + "id": 151, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "min" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_delta_stream_duration_seconds_sum{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Min Duration", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of xds snapshot cache updates by node id.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 3, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 71 + }, + "id": 152, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_snapshot_update_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{nodeID}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Update Total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red" + }, + { + "color": "orange", + "value": 70 + }, + { + "color": "green", + "value": 85 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 5, + "x": 10, + "y": 71 + }, + "id": 155, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum(xds_snapshot_update_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum(xds_snapshot_update_success{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "($B / $A) * 100", + "hide": false, + "refId": "C", + "type": "math" + } + ], + "title": "Update Success Rate", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of xds snapshot cache updates that succeed by node id.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 5, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 9, + "x": 15, + "y": 71 + }, + "id": 153, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_snapshot_update_success{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{nodeID}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Update Success", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of xds snapshot cache updates that failed by node id.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 5, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 9, + "x": 15, + "y": 76 + }, + "id": 154, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "xds_snapshot_update_failed{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{nodeID}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Update Fail", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 81 + }, + "id": 156, + "panels": [], + "title": "Infrastructure Manager", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 82 + }, + "id": 199, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(le) (resource_apply_duration_seconds_bucket{namespace=\"$Namespace\"})", + "format": "heatmap", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{le}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Apply Duration Bucket", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.3 + }, + { + "color": "red", + "value": 0.5 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 82 + }, + "id": 220, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (resource_apply_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Avg Apply Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.3 + }, + { + "color": "red", + "value": 0.5 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 82 + }, + "id": 221, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "max" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (resource_apply_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Max Apply Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.3 + }, + { + "color": "red", + "value": 0.5 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 82 + }, + "id": 222, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "logmin" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (resource_apply_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Min Apply Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of applied resources sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 90 + }, + "id": 157, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (resource_apply_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Applied Resources", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of applied resources sumed by infra name.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 90 + }, + "id": 178, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(name) (resource_apply_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Applied Infrastructures", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of applied resources that succeed sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 10, + "x": 0, + "y": 97 + }, + "id": 229, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_apply_success{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Success Applied Resources", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of applied resources that failed sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 10, + "x": 10, + "y": 97 + }, + "id": 230, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_apply_failed{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Fail Applied Resources", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 104 + }, + "id": 223, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(le) (resource_delete_duration_seconds_bucket{namespace=\"$Namespace\"})", + "format": "heatmap", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{le}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Delete Duration Bucket", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.1 + }, + { + "color": "red", + "value": 0.3 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 104 + }, + "id": 224, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Avg Delete Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.1 + }, + { + "color": "red", + "value": 0.3 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 104 + }, + "id": 225, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "max" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Max Delete Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.1 + }, + { + "color": "red", + "value": 0.3 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 104 + }, + "id": 226, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "logmin" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Min Delete Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of deleted resources sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 112 + }, + "id": 227, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Deleted Resources", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of deleted resources sumed by infra name.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 112 + }, + "id": 228, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(name) (resource_delete_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Deleted Infrastructures", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of deleted resources that succeed sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 10, + "x": 0, + "y": 119 + }, + "id": 232, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_success{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Success Deleted Resources", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of deleted resources that failed sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 10, + "x": 10, + "y": 119 + }, + "id": 233, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_failed{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Fail Deleted Resources", + "type": "stat" + } + ], + "refresh": "5s", + "schemaVersion": 39, + "tags": [ + "Control Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "selected": false, + "text": "envoy-gateway-system", + "value": "envoy-gateway-system" + }, + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "definition": "label_values(watchable_depth,namespace)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "Namespace", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(watchable_depth,namespace)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "allValue": ".*", + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "definition": "label_values(watchable_depth,runner)", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "Runner", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(watchable_depth,runner)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": {}, + "timezone": "browser", + "title": "Envoy Gateway Global", + "uid": "bdn8lriao7myoa", + "version": 1, + "weekStart": "" + } + envoy-gateway-resource.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy Gateway Memory and CPU Usage", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 6, + "links": [], + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(container_cpu_usage_seconds_total{container=\"envoy-gateway\"}[5m]))", + "fullMetaSearch": false, + "includeNullMetadata": false, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Envoy Gateway CPU Usage (m)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(namespace) (container_memory_working_set_bytes{container=\"envoy-gateway\"}/1024/1024)", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Envoy Gateway Memory Usage (MiB)", + "type": "timeseries" + } + ], + "schemaVersion": 39, + "tags": [ + "Control Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": {}, + "timezone": "", + "title": "Envoy Gateway Resources", + "uid": "edq1b2tldspa8d", + "version": 2, + "weekStart": "" + } + envoy-global.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy proxy monitoring Dashboard with service level templates.", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 11022, + "graphTooltip": 0, + "id": 3, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 3, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#299c46", + "value": 2 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 0, + "y": 0 + }, + "id": 37, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum(envoy_server_live)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Live servers", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 5, + "y": 0 + }, + "id": 39, + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "avg by(pod) (envoy_server_uptime{namespace=~\"$Namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Avg uptime per node", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 10, + "y": 0 + }, + "id": 43, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum by(pod) (envoy_server_memory_heap_size{namespace=~\"$Namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Heap Size", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 15, + "y": 0 + }, + "id": 41, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum by(pod) (envoy_server_memory_allocated{namespace=~\"$Namespace\"})", + "hide": false, + "instant": false, + "range": true, + "refId": "B" + } + ], + "title": "Allocated Memory", + "type": "stat" + }, + { + "collapsed": false, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 7 + }, + "id": 24, + "panels": [], + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "refId": "A" + } + ], + "title": "DownStream", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 3, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_http_downstream_rq_total[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Envoy HTTP Downstream Rq total", + "range": true, + "refId": "A" + } + ], + "title": "Downstream RPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 8 + }, + "id": 9, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_http_downstream_cx_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Downstream CPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 8 + }, + "id": 16, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.9, sum by(le) (rate(envoy_http_downstream_rq_time_bucket[5m])))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{service}} 90%", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "histogram_quantile(0.5, sum by(le) (rate(envoy_http_downstream_rq_time_bucket[5m])))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{service}} 50% ", + "range": true, + "refId": "B" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "histogram_quantile(0.99, sum by(le) (rate(envoy_http_downstream_rq_time_bucket[5m])))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{service}} 99%", + "range": true, + "refId": "C" + } + ], + "title": "Downstream Latency", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 8 + }, + "id": 4, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum by(namespace) (envoy_listener_downstream_cx_active{namespace=~\"$Namespace\"})", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "refId": "A" + } + ], + "title": "Downstream Total Connections", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 32, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_tcp_downstream_cx_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "TCP Downstream CPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 16 + }, + "id": 31, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_tcp_downstream_cx_rx_bytes_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "TCP Downstream Bytes Rx/second", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 16 + }, + "id": 33, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_tcp_downstream_cx_tx_bytes_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "TCP Downstream Bytes Tx/Second", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 22, + "panels": [], + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "refId": "A" + } + ], + "title": "UpStream", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Displays the number of Requests per Second being performed against each Upstream.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 25 + }, + "id": 2, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_cluster_upstream_rq_total{namespace=~\"$Namespace\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Upstream RPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 25 + }, + "id": 14, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_cx_total{namespace=~\"$Namespace\",}[5m])) by (namespace)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Upstream CPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 25 + }, + "id": 10, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.99, sum(rate(envoy_cluster_upstream_rq_time_bucket{namespace=~\"$Namespace\"}[5m])) by (le, namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}} 99%", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.9, sum(rate(envoy_cluster_upstream_rq_time_bucket{namespace=~\"$Namespace\"}[5m])) by (le, namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}} 90%", + "range": true, + "refId": "C" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.5, sum(rate(envoy_cluster_upstream_rq_time_bucket{namespace=~\"$Namespace\"}[5m])) by (le, namespace))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{namespace}} 50% ", + "range": true, + "refId": "B" + } + ], + "title": "Upstream Latency", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 25 + }, + "id": 15, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(envoy_cluster_upstream_cx_active{namespace=~\"$Namespace\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream Total Connections", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 33 + }, + "id": 34, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_cluster_upstream_cx_rx_bytes_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream Bytes Rx/Second", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 33 + }, + "id": 35, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_cluster_upstream_cx_rx_bytes_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream Bytes Tx/Second", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 28, + "panels": [], + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "refId": "A" + } + ], + "title": "Upstream Response Codes", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 42 + }, + "id": 5, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "exemplar": false, + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_response_code_class=~\"2\"}[5m]))", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "Value", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 2xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 42 + }, + "id": 11, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_response_code_class=~\"3\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "value", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 3xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 42 + }, + "id": 12, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_response_code_class=\"4\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Value", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 4xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 42 + }, + "id": 13, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_response_code_class=\"5\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Value", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 5xx Responses", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 50 + }, + "id": 26, + "panels": [], + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "refId": "A" + } + ], + "title": "Total", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 51 + }, + "id": 17, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "avg(envoy_cluster_membership_healthy{namespace=~\"$Namespace\"}) by (namespace) / avg(envoy_cluster_membership_total{namespace=~\"$Namespace\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Endpoint Percentage Health", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 51 + }, + "id": 19, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (envoy_cluster_membership_total{namespace=~\"$Namespace\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Total Endpoints", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 51 + }, + "id": 18, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (envoy_cluster_membership_healthy{namespace=~\"$Namespace\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Healthy Endpoints", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 51 + }, + "id": 20, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum by(namespace) (envoy_cluster_membership_total{namespace=~\"$Namespace\"}) - sum by(namespace) (envoy_cluster_membership_healthy{namespace=~\"$Namespace\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Unhealthy Endpoints", + "type": "timeseries" + } + ], + "refresh": "10s", + "schemaVersion": 39, + "tags": [ + "Data Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "selected": true, + "text": [ + "All" + ], + "value": [ + "$__all" + ] + }, + "datasource": { + "uid": "$datasource" + }, + "definition": "", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "Namespace", + "options": [], + "query": "label_values(envoy_cluster_upstream_rq_time_bucket,namespace)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Envoy Global", + "uid": "heHhNSFf6Na8vIZWRs8H", + "version": 1, + "weekStart": "" + } + envoy-pod-resource.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy Pod Memory and CPU Usage", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 4, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by(pod) (container_memory_working_set_bytes{container=~\"envoy\"}/1000000)", + "instant": false, + "range": true, + "refId": "A" + } + ], + "title": "Memory Working Set Envoy Pods(mb)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "editorMode": "builder", + "expr": "sum by(pod) (rate(container_cpu_usage_seconds_total{container=\"envoy\"}[5m]))", + "instant": false, + "range": true, + "refId": "A" + } + ], + "title": "CPU Usage Envoy Pods", + "type": "timeseries" + } + ], + "refresh": "", + "schemaVersion": 39, + "tags": [ + "Data Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": {}, + "timezone": "", + "title": "Envoy Pod Resources", + "uid": "f2279235-80b7-4c85-84f4-f25a3bf3eac0", + "version": 1, + "weekStart": "" + } +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fluent-bit + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list + - watch +--- +# Source: gateway-addons-helm/charts/grafana/templates/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm + name: grafana-clusterrole +rules: [] +--- +# Source: gateway-addons-helm/charts/prometheus/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus +rules: + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - get +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fluent-bit + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluent-bit +subjects: + - kind: ServiceAccount + name: fluent-bit + namespace: monitoring +--- +# Source: gateway-addons-helm/charts/grafana/templates/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: grafana-clusterrolebinding + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm +subjects: + - kind: ServiceAccount + name: grafana + namespace: monitoring +roleRef: + kind: ClusterRole + name: grafana-clusterrole + apiGroup: rbac.authorization.k8s.io +--- +# Source: gateway-addons-helm/charts/prometheus/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus +subjects: + - kind: ServiceAccount + name: prometheus + namespace: monitoring +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus +--- +# Source: gateway-addons-helm/charts/grafana/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: grafana + namespace: monitoring + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm +rules: [] +--- +# Source: gateway-addons-helm/charts/grafana/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: grafana + namespace: monitoring + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: grafana +subjects: +- kind: ServiceAccount + name: grafana + namespace: monitoring +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: fluent-bit + namespace: monitoring + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 2020 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm +--- +# Source: gateway-addons-helm/charts/grafana/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: grafana + namespace: monitoring + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm +spec: + type: LoadBalancer + ports: + - name: service + port: 80 + protocol: TCP + targetPort: 3000 + selector: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm +--- +# Source: gateway-addons-helm/charts/loki/templates/service-memberlist.yaml +apiVersion: v1 +kind: Service +metadata: + name: loki-memberlist + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp + port: 7946 + targetPort: http-memberlist + protocol: TCP + selector: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/part-of: memberlist +--- +# Source: gateway-addons-helm/charts/loki/templates/single-binary/service-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: loki-headless + namespace: monitoring + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm + variant: headless + prometheus.io/service-monitor: "false" +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + targetPort: http-metrics + protocol: TCP + selector: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm +--- +# Source: gateway-addons-helm/charts/loki/templates/single-binary/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: loki + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: http-metrics + port: 3100 + targetPort: http-metrics + protocol: TCP + - name: grpc + port: 9095 + targetPort: grpc + protocol: TCP + selector: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/component: single-binary +--- +# Source: gateway-addons-helm/charts/prometheus/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus + namespace: monitoring +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + sessionAffinity: None + type: "LoadBalancer" +--- +# Source: gateway-addons-helm/charts/tempo/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: tempo + namespace: monitoring + labels: + helm.sh/chart: tempo-1.3.1 + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.1" + app.kubernetes.io/managed-by: Helm +spec: + type: LoadBalancer + ports: + - name: tempo-prom-metrics + port: 3100 + targetPort: 3100 + - name: tempo-jaeger-thrift-compact + port: 6831 + protocol: UDP + targetPort: 6831 + - name: tempo-jaeger-thrift-binary + port: 6832 + protocol: UDP + targetPort: 6832 + - name: tempo-jaeger-thrift-http + port: 14268 + protocol: TCP + targetPort: 14268 + - name: grpc-tempo-jaeger + port: 14250 + protocol: TCP + targetPort: 14250 + - name: tempo-zipkin + port: 9411 + protocol: TCP + targetPort: 9411 + - name: tempo-otlp-legacy + port: 55680 + protocol: TCP + targetPort: 55680 + - name: tempo-otlp-http-legacy + port: 55681 + protocol: TCP + targetPort: 4318 + - name: grpc-tempo-otlp + port: 4317 + protocol: TCP + targetPort: 4317 + - name: tempo-otlp-http + port: 4318 + protocol: TCP + targetPort: 4318 + - name: tempo-opencensus + port: 55678 + protocol: TCP + targetPort: 55678 + selector: + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: fluent-bit + namespace: monitoring + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + template: + metadata: + annotations: + checksum/config: 03d122555879033ccf6443369f73463490b100f195550b1483d337f497c749e3 + checksum/luascripts: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + fluentbit.io/exclude: "true" + prometheus.io/path: /api/v1/metrics/prometheus + prometheus.io/port: "2020" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + spec: + serviceAccountName: fluent-bit + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - name: fluent-bit + image: "cr.fluentbit.io/fluent/fluent-bit:2.1.4" + imagePullPolicy: Always + ports: + - name: http + containerPort: 2020 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: /api/v1/health + port: http + volumeMounts: + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + - mountPath: /fluent-bit/etc/custom_parsers.conf + name: config + subPath: custom_parsers.conf + - mountPath: /var/log + name: varlog + - mountPath: /var/lib/docker/containers + name: varlibdockercontainers + readOnly: true + - mountPath: /etc/machine-id + name: etcmachineid + readOnly: true + volumes: + - name: config + configMap: + name: fluent-bit + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /etc/machine-id + type: File + name: etcmachineid +--- +# Source: gateway-addons-helm/charts/grafana/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grafana + namespace: monitoring + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + annotations: + checksum/config: fb83d9a834484a53eeac493c30f6d1f333707950c42350afddcbc340c63abaf9 + checksum/sc-dashboard-provider-config: 593c0a8778b83f11fe80ccb21dfb20bc46705e2be3178df1dc4c89d164c8cd9c + checksum/secret: bed677784356b2af7fb0d87455db21f077853059b594101a4f6532bfbd962a7f + kubectl.kubernetes.io/default-container: grafana + spec: + + serviceAccountName: grafana + automountServiceAccountToken: true + securityContext: + fsGroup: 472 + runAsGroup: 472 + runAsNonRoot: true + runAsUser: 472 + enableServiceLinks: true + containers: + - name: grafana + image: "docker.io/grafana/grafana:11.0.0" + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: config + mountPath: "/etc/grafana/grafana.ini" + subPath: grafana.ini + - name: storage + mountPath: "/var/lib/grafana" + - name: dashboards-envoy-gateway + mountPath: "/var/lib/grafana/dashboards/envoy-gateway" + - name: config + mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" + subPath: "datasources.yaml" + - name: config + mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" + subPath: "dashboardproviders.yaml" + ports: + - name: grafana + containerPort: 3000 + protocol: TCP + - name: gossip-tcp + containerPort: 9094 + protocol: TCP + - name: gossip-udp + containerPort: 9094 + protocol: UDP + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: grafana + key: admin-user + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: grafana + key: admin-password + - name: GF_PATHS_DATA + value: /var/lib/grafana/ + - name: GF_PATHS_LOGS + value: /var/log/grafana + - name: GF_PATHS_PLUGINS + value: /var/lib/grafana/plugins + - name: GF_PATHS_PROVISIONING + value: /etc/grafana/provisioning + livenessProbe: + failureThreshold: 10 + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + readinessProbe: + httpGet: + path: /api/health + port: 3000 + volumes: + - name: config + configMap: + name: grafana + - name: dashboards-envoy-gateway + configMap: + name: grafana-dashboards + - name: storage + emptyDir: {} +--- +# Source: gateway-addons-helm/charts/prometheus/templates/deploy.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus + namespace: monitoring +spec: + selector: + matchLabels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + replicas: 1 + revisionHistoryLimit: 10 + strategy: + type: Recreate + rollingUpdate: null + template: + metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + spec: + enableServiceLinks: true + serviceAccountName: prometheus + containers: + - name: prometheus-server-configmap-reload + image: "quay.io/prometheus-operator/prometheus-config-reloader:v0.73.2" + imagePullPolicy: "IfNotPresent" + args: + - --watched-dir=/etc/config + - --reload-url=http://127.0.0.1:9090/-/reload + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + + - name: prometheus-server + image: "prom/prometheus:v2.52.0" + imagePullPolicy: "IfNotPresent" + args: + - --storage.tsdb.retention.time=15d + - --config.file=/etc/config/prometheus.yml + - --storage.tsdb.path=/data + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + - --web.enable-lifecycle + ports: + - containerPort: 9090 + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 4 + failureThreshold: 3 + successThreshold: 1 + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 + failureThreshold: 3 + successThreshold: 1 + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: /data + subPath: "" + dnsPolicy: ClusterFirst + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + terminationGracePeriodSeconds: 300 + volumes: + - name: config-volume + configMap: + name: prometheus + - name: storage-volume + emptyDir: + {} +--- +# Source: gateway-addons-helm/charts/loki/templates/single-binary/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: loki + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: single-binary + app.kubernetes.io/part-of: memberlist +spec: + replicas: 1 + podManagementPolicy: Parallel + updateStrategy: + rollingUpdate: + partition: 0 + serviceName: loki-headless + revisionHistoryLimit: 10 + + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Delete + selector: + matchLabels: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/component: single-binary + template: + metadata: + annotations: + checksum/config: 39a9cea617408d4add363b9ca660a8889e48b866eba2e8c8e4bfc10870b29162 + labels: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/component: single-binary + app.kubernetes.io/part-of: memberlist + spec: + serviceAccountName: loki + automountServiceAccountToken: true + enableServiceLinks: true + + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + terminationGracePeriodSeconds: 30 + containers: + - name: loki + image: docker.io/grafana/loki:2.7.3 + imagePullPolicy: IfNotPresent + args: + - -config.file=/etc/loki/config/config.yaml + - -target=all + ports: + - name: http-metrics + containerPort: 3100 + protocol: TCP + - name: grpc + containerPort: 9095 + protocol: TCP + - name: http-memberlist + containerPort: 7946 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 30 + timeoutSeconds: 1 + volumeMounts: + - name: tmp + mountPath: /tmp + - name: config + mountPath: /etc/loki/config + - name: runtime-config + mountPath: /etc/loki/runtime-config + - name: storage + mountPath: /var/loki + resources: + {} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/component: single-binary + topologyKey: kubernetes.io/hostname + + volumes: + - name: tmp + emptyDir: {} + - name: config + configMap: + name: loki + - name: runtime-config + configMap: + name: loki-runtime + volumeClaimTemplates: + - metadata: + name: storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "10Gi" +--- +# Source: gateway-addons-helm/charts/tempo/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: tempo + namespace: monitoring + labels: + helm.sh/chart: tempo-1.3.1 + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.1" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + serviceName: tempo-headless + template: + metadata: + labels: + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + annotations: + checksum/config: 0898f7ca87563d700c35d7ea1824cd042cf93fb2f05e254d12a854aa97a5c5e5 + spec: + serviceAccountName: tempo + automountServiceAccountToken: true + containers: + - args: + - -config.file=/conf/tempo.yaml + - -mem-ballast-size-mbs=1024 + image: grafana/tempo:2.1.1 + imagePullPolicy: IfNotPresent + name: tempo + ports: + - containerPort: 3100 + name: prom-metrics + - containerPort: 6831 + name: jaeger-thrift-c + protocol: UDP + - containerPort: 6832 + name: jaeger-thrift-b + protocol: UDP + - containerPort: 14268 + name: jaeger-thrift-h + - containerPort: 14250 + name: jaeger-grpc + - containerPort: 9411 + name: zipkin + - containerPort: 55680 + name: otlp-legacy + - containerPort: 4317 + name: otlp-grpc + - containerPort: 55681 + name: otlp-httplegacy + - containerPort: 4318 + name: otlp-http + - containerPort: 55678 + name: opencensus + resources: + {} + env: + volumeMounts: + - mountPath: /conf + name: tempo-conf + volumes: + - configMap: + name: tempo + name: tempo-conf + updateStrategy: + type: + RollingUpdate +--- +# Source: gateway-addons-helm/charts/grafana/templates/tests/test-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm + name: grafana-test + namespace: monitoring + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" +--- +# Source: gateway-addons-helm/charts/grafana/templates/tests/test-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-test + namespace: monitoring + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm +data: + run.sh: |- + @test "Test Health" { + url="http://grafana/api/health" + + code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^ HTTP/{print $2}') + [ "$code" == "200" ] + } +--- +# Source: gateway-addons-helm/charts/grafana/templates/tests/test.yaml +apiVersion: v1 +kind: Pod +metadata: + name: grafana-test + labels: + helm.sh/chart: grafana-8.0.0 + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "11.0.0" + app.kubernetes.io/managed-by: Helm + annotations: + "helm.sh/hook": test-success + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" + namespace: monitoring +spec: + serviceAccountName: grafana-test + containers: + - name: gateway-addons-helm-test + image: "docker.io/bats/bats:v1.4.1" + imagePullPolicy: "IfNotPresent" + command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + volumes: + - name: tests + configMap: + name: grafana-test + restartPolicy: Never diff --git a/test/helm/gateway-addons-helm/e2e.in.yaml b/test/helm/gateway-addons-helm/e2e.in.yaml new file mode 100644 index 00000000000..93ce0d8d622 --- /dev/null +++ b/test/helm/gateway-addons-helm/e2e.in.yaml @@ -0,0 +1,4 @@ +grafana: + enabled: false +opentelemetry-collector: + enabled: true diff --git a/test/helm/gateway-addons-helm/e2e.out.yaml b/test/helm/gateway-addons-helm/e2e.out.yaml new file mode 100644 index 00000000000..e53828af9b3 --- /dev/null +++ b/test/helm/gateway-addons-helm/e2e.out.yaml @@ -0,0 +1,10321 @@ +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fluent-bit + namespace: monitoring + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +--- +# Source: gateway-addons-helm/charts/loki/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: loki + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: true +--- +# Source: gateway-addons-helm/charts/opentelemetry-collector/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: otel-collector + namespace: monitoring + labels: + helm.sh/chart: opentelemetry-collector-0.73.1 + app.kubernetes.io/name: opentelemetry-collector + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "0.88.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: gateway-addons-helm/charts/prometheus/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus + namespace: monitoring + annotations: + {} +--- +# Source: gateway-addons-helm/charts/tempo/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tempo + namespace: monitoring + labels: + helm.sh/chart: tempo-1.3.1 + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.1" + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: true +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: fluent-bit + namespace: monitoring + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +data: + custom_parsers.conf: | + [PARSER] + Name docker_no_time + Format json + Time_Keep Off + Time_Key time + Time_Format %Y-%m-%dT%H:%M:%S.%L + + fluent-bit.conf: | + [SERVICE] + Daemon Off + Flush 1 + Log_Level info + Parsers_File parsers.conf + Parsers_File custom_parsers.conf + HTTP_Server On + HTTP_Listen 0.0.0.0 + HTTP_Port 2020 + Health_Check On + + [INPUT] + Name tail + Path /var/log/containers/*.log + multiline.parser docker, cri + Tag kube.* + Mem_Buf_Limit 5MB + Skip_Long_Lines On + + [FILTER] + Name kubernetes + Match kube.* + Merge_Log On + Keep_Log Off + K8S-Logging.Parser On + K8S-Logging.Exclude On + + [FILTER] + Name grep + Match kube.* + Regex $kubernetes['container_name'] ^envoy$ + + [FILTER] + Name parser + Match kube.* + Key_Name log + Parser envoy + Reserve_Data True + + [OUTPUT] + Name loki + Match kube.* + Host loki.monitoring.svc.cluster.local + Port 3100 + Labels job=fluentbit, app=$kubernetes['labels']['app'], k8s_namespace_name=$kubernetes['namespace_name'], k8s_pod_name=$kubernetes['pod_name'], k8s_container_name=$kubernetes['container_name'] +--- +# Source: gateway-addons-helm/charts/loki/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: loki + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm +data: + config.yaml: | + auth_enabled: false + common: + compactor_address: 'loki' + path_prefix: /var/loki + replication_factor: 1 + storage: + filesystem: + chunks_directory: /var/loki/chunks + rules_directory: /var/loki/rules + limits_config: + enforce_metric_name: false + max_cache_freshness_per_query: 10m + reject_old_samples: true + reject_old_samples_max_age: 168h + split_queries_by_interval: 15m + memberlist: + join_members: + - loki-memberlist + query_range: + align_queries_with_step: true + ruler: + storage: + type: local + runtime_config: + file: /etc/loki/runtime-config/runtime-config.yaml + schema_config: + configs: + - from: "2022-01-11" + index: + period: 24h + prefix: loki_index_ + object_store: filesystem + schema: v12 + store: boltdb-shipper + server: + grpc_listen_port: 9095 + http_listen_port: 3100 + storage_config: + hedging: + at: 250ms + max_per_second: 20 + up_to: 3 + table_manager: + retention_deletes_enabled: false + retention_period: 0 +--- +# Source: gateway-addons-helm/charts/loki/templates/runtime-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: loki-runtime + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm +data: + runtime-config.yaml: | + + {} +--- +# Source: gateway-addons-helm/charts/opentelemetry-collector/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: otel-collector + namespace: monitoring + labels: + helm.sh/chart: opentelemetry-collector-0.73.1 + app.kubernetes.io/name: opentelemetry-collector + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "0.88.0" + app.kubernetes.io/managed-by: Helm +data: + relay: | + exporters: + debug: {} + logging: + verbosity: detailed + loki: + endpoint: http://loki.monitoring.svc:3100/loki/api/v1/push + otlp: + endpoint: tempo.monitoring.svc:4317 + tls: + insecure: true + prometheus: + endpoint: 0.0.0.0:19001 + extensions: + health_check: {} + memory_ballast: + size_in_percentage: 40 + processors: + attributes: + actions: + - action: insert + key: loki.attribute.labels + value: k8s.pod.name, k8s.namespace.name + batch: {} + memory_limiter: + check_interval: 5s + limit_percentage: 80 + spike_limit_percentage: 25 + receivers: + jaeger: + protocols: + grpc: + endpoint: ${env:MY_POD_IP}:14250 + thrift_compact: + endpoint: ${env:MY_POD_IP}:6831 + thrift_http: + endpoint: ${env:MY_POD_IP}:14268 + otlp: + protocols: + grpc: + endpoint: ${env:MY_POD_IP}:4317 + http: + endpoint: ${env:MY_POD_IP}:4318 + prometheus: + config: + scrape_configs: + - job_name: opentelemetry-collector + scrape_interval: 10s + static_configs: + - targets: + - ${env:MY_POD_IP}:8888 + zipkin: + endpoint: ${env:MY_POD_IP}:9411 + service: + extensions: + - health_check + pipelines: + logs: + exporters: + - loki + processors: + - attributes + receivers: + - otlp + metrics: + exporters: + - prometheus + processors: + - memory_limiter + - batch + receivers: + - otlp + traces: + exporters: + - otlp + processors: + - memory_limiter + - batch + receivers: + - otlp + telemetry: + metrics: + address: ${env:MY_POD_IP}:8888 +--- +# Source: gateway-addons-helm/charts/prometheus/templates/cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus + namespace: monitoring +data: + allow-snippet-annotations: "false" + alerting_rules.yml: | + {} + alerts: | + {} + prometheus.yml: | + global: + evaluation_interval: 1m + scrape_interval: 15s + scrape_timeout: 10s + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + - /etc/config/rules + - /etc/config/alerts + scrape_configs: + - job_name: prometheus + static_configs: + - targets: + - localhost:9090 + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-apiservers + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: default;kubernetes;https + source_labels: + - __meta_kubernetes_namespace + - __meta_kubernetes_service_name + - __meta_kubernetes_endpoint_port_name + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-nodes + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - replacement: kubernetes.default.svc:443 + target_label: __address__ + - regex: (.+) + replacement: /api/v1/nodes/$1/proxy/metrics + source_labels: + - __meta_kubernetes_node_name + target_label: __metrics_path__ + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-nodes-cadvisor + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - replacement: kubernetes.default.svc:443 + target_label: __address__ + - regex: (.+) + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + source_labels: + - __meta_kubernetes_node_name + target_label: __metrics_path__ + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecure_skip_verify: true + - honor_labels: true + job_name: kubernetes-service-endpoints + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scrape + - action: drop + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + source_labels: + - __address__ + - __meta_kubernetes_service_annotation_prometheus_io_port + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_service_name + target_label: service + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: node + - honor_labels: true + job_name: kubernetes-service-endpoints-slow + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: (.+?)(?::\d+)?;(\d+) + replacement: $1:$2 + source_labels: + - __address__ + - __meta_kubernetes_service_annotation_prometheus_io_port + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_service_name + target_label: service + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: node + scrape_interval: 5m + scrape_timeout: 30s + - honor_labels: true + job_name: prometheus-pushgateway + kubernetes_sd_configs: + - role: service + relabel_configs: + - action: keep + regex: pushgateway + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_probe + - honor_labels: true + job_name: kubernetes-services + kubernetes_sd_configs: + - role: service + metrics_path: /probe + params: + module: + - http_2xx + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_service_annotation_prometheus_io_probe + - source_labels: + - __address__ + target_label: __param_target + - replacement: blackbox + target_label: __address__ + - source_labels: + - __param_target + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - source_labels: + - __meta_kubernetes_service_name + target_label: service + - honor_labels: true + job_name: kubernetes-pods + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scrape + - action: drop + regex: true + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}) + replacement: '[$2]:$1' + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_port + - __meta_kubernetes_pod_ip + target_label: __address__ + - action: replace + regex: (\d+);((([0-9]+?)(\.|$)){4}) + replacement: $2:$1 + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_port + - __meta_kubernetes_pod_ip + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: drop + regex: Pending|Succeeded|Failed|Completed + source_labels: + - __meta_kubernetes_pod_phase + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: node + - honor_labels: true + job_name: kubernetes-pods-slow + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: keep + regex: true + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow + - action: replace + regex: (https?) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_scheme + target_label: __scheme__ + - action: replace + regex: (.+) + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_path + target_label: __metrics_path__ + - action: replace + regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}) + replacement: '[$2]:$1' + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_port + - __meta_kubernetes_pod_ip + target_label: __address__ + - action: replace + regex: (\d+);((([0-9]+?)(\.|$)){4}) + replacement: $2:$1 + source_labels: + - __meta_kubernetes_pod_annotation_prometheus_io_port + - __meta_kubernetes_pod_ip + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) + replacement: __param_$1 + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - action: replace + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: drop + regex: Pending|Succeeded|Failed|Completed + source_labels: + - __meta_kubernetes_pod_phase + - action: replace + source_labels: + - __meta_kubernetes_pod_node_name + target_label: node + scrape_interval: 5m + scrape_timeout: 30s + recording_rules.yml: | + {} + rules: | + {} +--- +# Source: gateway-addons-helm/charts/tempo/templates/configmap-tempo.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: tempo + namespace: monitoring + labels: + helm.sh/chart: tempo-1.3.1 + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.1" + app.kubernetes.io/managed-by: Helm +data: + overrides.yaml: | + overrides: + {} + tempo.yaml: | + multitenancy_enabled: false + usage_report: + reporting_enabled: true + compactor: + compaction: + block_retention: 24h + distributor: + receivers: + jaeger: + protocols: + grpc: + endpoint: 0.0.0.0:14250 + thrift_binary: + endpoint: 0.0.0.0:6832 + thrift_compact: + endpoint: 0.0.0.0:6831 + thrift_http: + endpoint: 0.0.0.0:14268 + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:4317 + http: + endpoint: 0.0.0.0:4318 + ingester: + {} + server: + http_listen_port: 3100 + storage: + trace: + backend: local + local: + path: /var/tempo/traces + wal: + path: /var/tempo/wal + querier: + {} + query_frontend: + {} + overrides: + per_tenant_override_config: /conf/overrides.yaml +--- +# Source: gateway-addons-helm/templates/dashboards_config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboards + namespace: 'monitoring' +data: + envoy-clusters.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy proxy monitoring Dashboard with cluster and service level templates. ", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 11021, + "graphTooltip": 0, + "id": 2, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 3, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#299c46", + "value": 2 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 5, + "x": 0, + "y": 0 + }, + "id": 9, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(envoy_server_live{})", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Live servers", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 5, + "y": 0 + }, + "id": 12, + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "avg(envoy_server_uptime)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Avg uptime per node", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 5, + "x": 9, + "y": 0 + }, + "id": 11, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "SUM(envoy_server_memory_allocated{})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Allocated Memory", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 14, + "y": 0 + }, + "id": 13, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "SUM(envoy_server_memory_heap_size)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Heap Size", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 3, + "x": 18, + "y": 0 + }, + "id": 19, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "(sum(envoy_cluster_membership_healthy{envoy_cluster_name=~\"$cluster\"}) - sum(envoy_cluster_membership_total{envoy_cluster_name=~\"$cluster\"}))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Unhealthy Clusters", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "text": "NOT WELL" + }, + "1": { + "text": "OK" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "#299c46", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 3, + "x": 21, + "y": 0 + }, + "id": 20, + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "(sum(envoy_cluster_membership_total{envoy_cluster_name=~\"$cluster\"})-sum(envoy_cluster_membership_healthy{envoy_cluster_name=~\"$cluster\"})) == bool 0", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Cluster State", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 5 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(envoy_cluster_upstream_cx_active{envoy_cluster_name=~\"$cluster\"}) by (envoy_cluster_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Total active connections", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "__systemRef": "hideSeriesFrom", + "matcher": { + "id": "byNames", + "options": { + "mode": "exclude", + "names": [ + "httproute/default/backend/rule/0" + ], + "prefix": "All except:", + "readOnly": true + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": false, + "tooltip": false, + "viz": true + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 5 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "editorMode": "code", + "expr": "sum(irate(envoy_cluster_upstream_rq_total{envoy_cluster_name=~\"$cluster\"}[5m])) by (envoy_cluster_name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Total requests", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 12 + }, + "id": 15, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(irate(envoy_cluster_upstream_cx_rx_bytes_total{envoy_cluster_name=~\"$cluster\"}[5m])) by (envoy_cluster_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{envoy_cluster_name}} - in", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(irate(envoy_cluster_upstream_cx_tx_bytes_total{envoy_cluster_name=~\"$cluster\"}[5m])) by (envoy_cluster_name)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{envoy_cluster_name}} - out", + "range": true, + "refId": "B" + } + ], + "title": "Upstream Network Traffic", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 12 + }, + "id": 17, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum(irate(envoy_http_downstream_cx_rx_bytes_total{envoy_http_conn_manager_prefix=~\"http\"}[5m]))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{service}} - in", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum(irate(envoy_http_downstream_cx_tx_bytes_total{envoy_http_conn_manager_prefix=~\"http\"}[5m]))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{service}} - out", + "range": true, + "refId": "B" + } + ], + "title": "Downstream Network Traffic", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 19 + }, + "id": 22, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.99, sum(rate(envoy_cluster_upstream_rq_time_bucket{envoy_cluster_name=~\"$cluster\"}[5m])) by (le, envoy_cluster_name))", + "instant": false, + "legendFormat": "{{envoy_cluster_name}} 99%", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.9, sum(rate(envoy_cluster_upstream_rq_time_bucket{envoy_cluster_name=~\"$cluster\"}[5m])) by (le, envoy_cluster_name))", + "hide": false, + "instant": false, + "legendFormat": "{{envoy_cluster_name}} 90%", + "range": true, + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.5, sum(rate(envoy_cluster_upstream_rq_time_bucket{envoy_cluster_name=~\"$cluster\"}[5m])) by (le, envoy_cluster_name))", + "hide": false, + "instant": false, + "legendFormat": "{{envoy_cluster_name}} 50%", + "range": true, + "refId": "C" + } + ], + "title": "Upstream Latency", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 19 + }, + "id": 24, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_response_code_class=~\"2\", envoy_cluster_name=~\"$cluster\"}[5m])) by (envoy_cluster_name)", + "instant": false, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 2xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 19 + }, + "id": 28, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_cluster_name=~\"$cluster\",envoy_response_code_class=~\"4\"}[1m])) by (envoy_cluster_name)", + "instant": false, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 4xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 27 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(envoy_cluster_membership_healthy{envoy_cluster_name=~\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "healthy", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "$datasource" + }, + "expr": "sum(envoy_cluster_membership_total{envoy_cluster_name=~\"$cluster\",service=~\"$service\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "total", + "refId": "B" + } + ], + "title": "Downstream members", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 27 + }, + "id": 30, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_cluster_name=~\"$cluster\",envoy_response_code_class=~\"5\"}[5m])) by (envoy_cluster_name)", + "instant": false, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 5xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 27 + }, + "id": 26, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_cluster_name=~\"$cluster\",envoy_response_code_class=~\"3\"}[5m])) by (envoy_cluster_name)", + "instant": false, + "legendFormat": "{{envoy_cluster_name}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 3xx Responses", + "type": "timeseries" + } + ], + "refresh": "30s", + "schemaVersion": 39, + "tags": [ + "Data Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": false, + "text": "httproute/default/backend/rule/0", + "value": "httproute/default/backend/rule/0" + }, + "datasource": { + "uid": "$datasource" + }, + "definition": "label_values(envoy_cluster_name)", + "hide": 0, + "includeAll": true, + "label": "Cluster", + "multi": false, + "name": "cluster", + "options": [], + "query": { + "query": "label_values(envoy_cluster_name)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Envoy Clusters", + "uid": "8WkEOMnANKE6PW5hhpVv", + "version": 1, + "weekStart": "" + } + envoy-gateway-global.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy Gateway monitoring Dashboard with exported metrics.", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 1, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [], + "title": "Watching Components", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "How long in seconds a subscribed watchable is handled.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 7, + "x": 0, + "y": 1 + }, + "id": 1, + "maxPerRow": 3, + "options": { + "displayMode": "basic", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "11.0.0", + "repeat": "Runner", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(le) (watchable_subscribed_duration_seconds_bucket{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "format": "heatmap", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{le}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Duration Bucket: $Runner", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 7, + "y": 1 + }, + "id": 24, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "value_and_name", + "wideLayout": false + }, + "pluginVersion": "11.0.0", + "repeat": "Runner", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "exemplar": false, + "expr": "avg by(runner) (watchable_subscribed_duration_seconds_sum{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "format": "time_series", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Avg", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "max by(runner) (watchable_subscribed_duration_seconds_sum{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Max", + "range": true, + "refId": "B", + "useBackend": false + } + ], + "title": "Duration Status", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Current depth of watchable map.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "super-light-blue", + "mode": "shades" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 2, + "x": 10, + "y": 1 + }, + "id": 7, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "value", + "wideLayout": false + }, + "pluginVersion": "11.0.0", + "repeat": "Runner", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(runner) (watchable_depth{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Depth", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Success" + }, + "properties": [ + { + "id": "displayName", + "value": "Success" + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 7, + "x": 12, + "y": 1 + }, + "id": 10, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "value_and_name", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "repeat": "Runner", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(runner) (watchable_subscribed_total{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Total", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(runner) (watchable_subscribed_errors_total{runner=~\"$Runner\", namespace=\"$Namespace\"}) OR vector(0)", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Errors", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "$A-$B", + "hide": false, + "refId": "Success", + "type": "math" + } + ], + "title": "Statistics", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "semi-dark-red", + "value": null + }, + { + "color": "#EAB839", + "value": 30 + }, + { + "color": "semi-dark-green", + "value": 70 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 19, + "y": 1 + }, + "id": 23, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "11.0.0", + "repeat": "Runner", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(runner) (watchable_subscribed_total{runner=~\"$Runner\", namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(runner) (watchable_subscribed_errors_total{runner=~\"$Runner\", namespace=\"$Namespace\"}) OR vector(0)", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "(($A-$B) / $A) * 100", + "hide": false, + "refId": "C", + "type": "math" + } + ], + "title": "Success Rate", + "type": "gauge" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 36 + }, + "id": 35, + "panels": [], + "title": "Status Updater", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "How long a status update takes to finish for all Kind.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "super-light-blue", + "mode": "thresholds" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 6, + "x": 0, + "y": 37 + }, + "id": 61, + "options": { + "displayMode": "basic", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(le) (status_update_duration_seconds_bucket{namespace=\"$Namespace\"})", + "format": "heatmap", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{le}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Duration Bucket", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "#EAB839", + "value": 0.2 + }, + { + "color": "red", + "value": 0.5 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 6, + "x": 6, + "y": 37 + }, + "id": 82, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_duration_seconds_sum{namespace=\"$Namespace\"}", + "format": "time_series", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Avg Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "#EAB839", + "value": 0.1 + }, + { + "color": "red", + "value": 0.5 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 6, + "x": 12, + "y": 37 + }, + "id": 83, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "max" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_duration_seconds_sum{namespace=\"$Namespace\"}", + "format": "time_series", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Max Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "yellow", + "value": 0.01 + }, + { + "color": "red", + "value": 0.1 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 6, + "x": 18, + "y": 37 + }, + "id": 84, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "logmin" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_duration_seconds_sum{namespace=\"$Namespace\"}", + "format": "time_series", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Min Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of status updates by object kind.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": true, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "fieldMinMax": false, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 10, + "x": 0, + "y": 46 + }, + "id": 56, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red" + }, + { + "color": "#EAB839", + "value": 50 + }, + { + "color": "green", + "value": 85 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 14, + "x": 10, + "y": 46 + }, + "id": 105, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (status_update_success_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (status_update_success_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "($B / $A) * 100", + "hide": false, + "refId": "Rate:", + "type": "math" + } + ], + "title": "Success Rate", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of status updates that succeeded by object kind.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": true, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 54 + }, + "id": 57, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_success_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Success", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of status updates that are no-ops by object kind. This is a subset of successful status updates.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": true, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 54 + }, + "id": 59, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "status_update_noop_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{kind}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "No-ops", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of status updates that failed by object kind.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": true, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 54 + }, + "id": 58, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "status_update_failed_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Fail", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of status update conflicts encountered by object kind.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": true, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 54 + }, + "id": 60, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "status_update_conflict_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Conflict", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 62 + }, + "id": 126, + "panels": [], + "title": "xDS Server", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "super-light-green", + "mode": "shades" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 10, + "x": 0, + "y": 63 + }, + "id": 127, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "value_and_name", + "wideLayout": false + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_snapshot_creation_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Total", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_snapshot_creation_success{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "hide": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "Success", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "xds_snapshot_creation_failed{namespace=\"$Namespace\"} OR on() vector(0)", + "hide": false, + "instant": false, + "legendFormat": "Fail", + "range": true, + "refId": "C" + } + ], + "title": "Creation Status", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red" + }, + { + "color": "orange", + "value": 70 + }, + { + "color": "green", + "value": 85 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 10, + "y": 63 + }, + "id": 148, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum(xds_snapshot_creation_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum(xds_snapshot_creation_success{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "($B / $A) * 100", + "hide": false, + "refId": "C", + "type": "math" + } + ], + "title": "Creation Success Rate", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 15, + "y": 63 + }, + "id": 149, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "max(xds_delta_stream_duration_seconds_bucket{namespace=\"$Namespace\"})", + "format": "heatmap", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Finished Stream", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Maximum duration seconds for finished xDS delta stream connection.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 20, + "y": 63 + }, + "id": 150, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "max" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_delta_stream_duration_seconds_sum{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Max Duration", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Minimum duration seconds for finished xDS delta stream connection.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 20, + "y": 67 + }, + "id": 151, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "min" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_delta_stream_duration_seconds_sum{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Min Duration", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of xds snapshot cache updates by node id.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 3, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 71 + }, + "id": 152, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_snapshot_update_total{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{nodeID}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Update Total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red" + }, + { + "color": "orange", + "value": 70 + }, + { + "color": "green", + "value": 85 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 5, + "x": 10, + "y": 71 + }, + "id": 155, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum(xds_snapshot_update_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum(xds_snapshot_update_success{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "hide": true, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "B", + "useBackend": false + }, + { + "datasource": { + "type": "__expr__", + "uid": "__expr__" + }, + "expression": "($B / $A) * 100", + "hide": false, + "refId": "C", + "type": "math" + } + ], + "title": "Update Success Rate", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of xds snapshot cache updates that succeed by node id.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 5, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 9, + "x": 15, + "y": 71 + }, + "id": 153, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "xds_snapshot_update_success{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{nodeID}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Update Success", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Number of xds snapshot cache updates that failed by node id.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 5, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 9, + "x": 15, + "y": 76 + }, + "id": 154, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "xds_snapshot_update_failed{namespace=\"$Namespace\"}", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{nodeID}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Update Fail", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 81 + }, + "id": 156, + "panels": [], + "title": "Infrastructure Manager", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 82 + }, + "id": 199, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(le) (resource_apply_duration_seconds_bucket{namespace=\"$Namespace\"})", + "format": "heatmap", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{le}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Apply Duration Bucket", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.3 + }, + { + "color": "red", + "value": 0.5 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 82 + }, + "id": 220, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (resource_apply_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Avg Apply Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.3 + }, + { + "color": "red", + "value": 0.5 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 82 + }, + "id": 221, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "max" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (resource_apply_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Max Apply Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.3 + }, + { + "color": "red", + "value": 0.5 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 82 + }, + "id": 222, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "logmin" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (resource_apply_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Min Apply Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of applied resources sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 90 + }, + "id": 157, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(kind) (resource_apply_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Applied Resources", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of applied resources sumed by infra name.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 90 + }, + "id": 178, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(name) (resource_apply_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Applied Infrastructures", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of applied resources that succeed sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 10, + "x": 0, + "y": 97 + }, + "id": 229, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_apply_success{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Success Applied Resources", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of applied resources that failed sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 10, + "x": 10, + "y": 97 + }, + "id": 230, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_apply_failed{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Fail Applied Resources", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 104 + }, + "id": 223, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(le) (resource_delete_duration_seconds_bucket{namespace=\"$Namespace\"})", + "format": "heatmap", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "{{le}}", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Delete Duration Bucket", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.1 + }, + { + "color": "red", + "value": 0.3 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 104 + }, + "id": 224, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Avg Delete Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.1 + }, + { + "color": "red", + "value": 0.3 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 104 + }, + "id": 225, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "max" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Max Delete Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "orange", + "value": 0.1 + }, + { + "color": "red", + "value": 0.3 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 104 + }, + "id": 226, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "logmin" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_duration_seconds_sum{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Min Delete Duration", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of deleted resources sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 112 + }, + "id": 227, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Deleted Resources", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of deleted resources sumed by infra name.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 112 + }, + "id": 228, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(name) (resource_delete_total{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Total Deleted Infrastructures", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of deleted resources that succeed sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 10, + "x": 0, + "y": 119 + }, + "id": 232, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_success{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Success Deleted Resources", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Total number of deleted resources that failed sumed by kind (include No-ops).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 10, + "x": 10, + "y": 119 + }, + "id": 233, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(kind) (resource_delete_failed{namespace=\"$Namespace\"})", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Fail Deleted Resources", + "type": "stat" + } + ], + "refresh": "5s", + "schemaVersion": 39, + "tags": [ + "Control Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "selected": false, + "text": "envoy-gateway-system", + "value": "envoy-gateway-system" + }, + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "definition": "label_values(watchable_depth,namespace)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "Namespace", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(watchable_depth,namespace)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "allValue": ".*", + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "definition": "label_values(watchable_depth,runner)", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "Runner", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(watchable_depth,runner)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": {}, + "timezone": "browser", + "title": "Envoy Gateway Global", + "uid": "bdn8lriao7myoa", + "version": 1, + "weekStart": "" + } + envoy-gateway-resource.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy Gateway Memory and CPU Usage", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 6, + "links": [], + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(container_cpu_usage_seconds_total{container=\"envoy-gateway\"}[5m]))", + "fullMetaSearch": false, + "includeNullMetadata": false, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Envoy Gateway CPU Usage (m)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "disableTextWrap": false, + "editorMode": "code", + "expr": "sum by(namespace) (container_memory_working_set_bytes{container=\"envoy-gateway\"}/1024/1024)", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A", + "useBackend": false + } + ], + "title": "Envoy Gateway Memory Usage (MiB)", + "type": "timeseries" + } + ], + "schemaVersion": 39, + "tags": [ + "Control Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": {}, + "timezone": "", + "title": "Envoy Gateway Resources", + "uid": "edq1b2tldspa8d", + "version": 2, + "weekStart": "" + } + envoy-global.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy proxy monitoring Dashboard with service level templates.", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 11022, + "graphTooltip": 0, + "id": 3, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 3, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#299c46", + "value": 2 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 0, + "y": 0 + }, + "id": 37, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum(envoy_server_live)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Live servers", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 5, + "y": 0 + }, + "id": 39, + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "avg by(pod) (envoy_server_uptime{namespace=~\"$Namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Avg uptime per node", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 10, + "y": 0 + }, + "id": 43, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum by(pod) (envoy_server_memory_heap_size{namespace=~\"$Namespace\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Heap Size", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 5, + "x": 15, + "y": 0 + }, + "id": 41, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum by(pod) (envoy_server_memory_allocated{namespace=~\"$Namespace\"})", + "hide": false, + "instant": false, + "range": true, + "refId": "B" + } + ], + "title": "Allocated Memory", + "type": "stat" + }, + { + "collapsed": false, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 7 + }, + "id": 24, + "panels": [], + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "refId": "A" + } + ], + "title": "DownStream", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 3, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_http_downstream_rq_total[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Envoy HTTP Downstream Rq total", + "range": true, + "refId": "A" + } + ], + "title": "Downstream RPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 8 + }, + "id": 9, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_http_downstream_cx_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Downstream CPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 8 + }, + "id": 16, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.9, sum by(le) (rate(envoy_http_downstream_rq_time_bucket[5m])))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{service}} 90%", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "histogram_quantile(0.5, sum by(le) (rate(envoy_http_downstream_rq_time_bucket[5m])))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{service}} 50% ", + "range": true, + "refId": "B" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "histogram_quantile(0.99, sum by(le) (rate(envoy_http_downstream_rq_time_bucket[5m])))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{service}} 99%", + "range": true, + "refId": "C" + } + ], + "title": "Downstream Latency", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 8 + }, + "id": 4, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum by(namespace) (envoy_listener_downstream_cx_active{namespace=~\"$Namespace\"})", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "refId": "A" + } + ], + "title": "Downstream Total Connections", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 32, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_tcp_downstream_cx_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "TCP Downstream CPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 16 + }, + "id": 31, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_tcp_downstream_cx_rx_bytes_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "TCP Downstream Bytes Rx/second", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 16 + }, + "id": 33, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_tcp_downstream_cx_tx_bytes_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "TCP Downstream Bytes Tx/Second", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 22, + "panels": [], + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "refId": "A" + } + ], + "title": "UpStream", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "Displays the number of Requests per Second being performed against each Upstream.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 25 + }, + "id": 2, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_cluster_upstream_rq_total{namespace=~\"$Namespace\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Upstream RPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 25 + }, + "id": 14, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_cx_total{namespace=~\"$Namespace\",}[5m])) by (namespace)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Upstream CPS", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 25 + }, + "id": 10, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.99, sum(rate(envoy_cluster_upstream_rq_time_bucket{namespace=~\"$Namespace\"}[5m])) by (le, namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}} 99%", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.9, sum(rate(envoy_cluster_upstream_rq_time_bucket{namespace=~\"$Namespace\"}[5m])) by (le, namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}} 90%", + "range": true, + "refId": "C" + }, + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "histogram_quantile(0.5, sum(rate(envoy_cluster_upstream_rq_time_bucket{namespace=~\"$Namespace\"}[5m])) by (le, namespace))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{namespace}} 50% ", + "range": true, + "refId": "B" + } + ], + "title": "Upstream Latency", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 25 + }, + "id": 15, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(envoy_cluster_upstream_cx_active{namespace=~\"$Namespace\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream Total Connections", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 33 + }, + "id": 34, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_cluster_upstream_cx_rx_bytes_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream Bytes Rx/Second", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 33 + }, + "id": 35, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (rate(envoy_cluster_upstream_cx_rx_bytes_total{namespace=~\"$Namespace\"}[5m]))", + "instant": false, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Upstream Bytes Tx/Second", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 28, + "panels": [], + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "refId": "A" + } + ], + "title": "Upstream Response Codes", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 42 + }, + "id": 5, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "builder", + "exemplar": false, + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_response_code_class=~\"2\"}[5m]))", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "Value", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 2xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 42 + }, + "id": 11, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_response_code_class=~\"3\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "value", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 3xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 42 + }, + "id": 12, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_response_code_class=\"4\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Value", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 4xx Responses", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 42 + }, + "id": 13, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum(rate(envoy_cluster_upstream_rq_xx{envoy_response_code_class=\"5\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Value", + "range": true, + "refId": "A" + } + ], + "title": "Upstream 5xx Responses", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 50 + }, + "id": 26, + "panels": [], + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "refId": "A" + } + ], + "title": "Total", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 51 + }, + "id": 17, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "avg(envoy_cluster_membership_healthy{namespace=~\"$Namespace\"}) by (namespace) / avg(envoy_cluster_membership_total{namespace=~\"$Namespace\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Endpoint Percentage Health", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 51 + }, + "id": 19, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (envoy_cluster_membership_total{namespace=~\"$Namespace\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Total Endpoints", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 51 + }, + "id": 18, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "builder", + "expr": "sum by(namespace) (envoy_cluster_membership_healthy{namespace=~\"$Namespace\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Healthy Endpoints", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 51 + }, + "id": 20, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "uid": "$datasource" + }, + "editorMode": "code", + "expr": "sum by(namespace) (envoy_cluster_membership_total{namespace=~\"$Namespace\"}) - sum by(namespace) (envoy_cluster_membership_healthy{namespace=~\"$Namespace\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Unhealthy Endpoints", + "type": "timeseries" + } + ], + "refresh": "10s", + "schemaVersion": 39, + "tags": [ + "Data Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "selected": true, + "text": [ + "All" + ], + "value": [ + "$__all" + ] + }, + "datasource": { + "uid": "$datasource" + }, + "definition": "", + "hide": 0, + "includeAll": true, + "multi": true, + "name": "Namespace", + "options": [], + "query": "label_values(envoy_cluster_upstream_rq_time_bucket,namespace)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Envoy Global", + "uid": "heHhNSFf6Na8vIZWRs8H", + "version": 1, + "weekStart": "" + } + envoy-pod-resource.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Envoy Pod Memory and CPU Usage", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 4, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "sum by(pod) (container_memory_working_set_bytes{container=~\"envoy\"}/1000000)", + "instant": false, + "range": true, + "refId": "A" + } + ], + "title": "Memory Working Set Envoy Pods(mb)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "maxHeight": 600, + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "editorMode": "builder", + "expr": "sum by(pod) (rate(container_cpu_usage_seconds_total{container=\"envoy\"}[5m]))", + "instant": false, + "range": true, + "refId": "A" + } + ], + "title": "CPU Usage Envoy Pods", + "type": "timeseries" + } + ], + "refresh": "", + "schemaVersion": 39, + "tags": [ + "Data Plane" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timeRangeUpdatedDuringEditOrView": false, + "timepicker": {}, + "timezone": "", + "title": "Envoy Pod Resources", + "uid": "f2279235-80b7-4c85-84f4-f25a3bf3eac0", + "version": 1, + "weekStart": "" + } +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fluent-bit + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list + - watch +--- +# Source: gateway-addons-helm/charts/prometheus/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus +rules: + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - get +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fluent-bit + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluent-bit +subjects: + - kind: ServiceAccount + name: fluent-bit + namespace: monitoring +--- +# Source: gateway-addons-helm/charts/prometheus/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus +subjects: + - kind: ServiceAccount + name: prometheus + namespace: monitoring +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: fluent-bit + namespace: monitoring + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 2020 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm +--- +# Source: gateway-addons-helm/charts/loki/templates/service-memberlist.yaml +apiVersion: v1 +kind: Service +metadata: + name: loki-memberlist + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp + port: 7946 + targetPort: http-memberlist + protocol: TCP + selector: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/part-of: memberlist +--- +# Source: gateway-addons-helm/charts/loki/templates/single-binary/service-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: loki-headless + namespace: monitoring + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm + variant: headless + prometheus.io/service-monitor: "false" +spec: + clusterIP: None + ports: + - name: http-metrics + port: 3100 + targetPort: http-metrics + protocol: TCP + selector: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm +--- +# Source: gateway-addons-helm/charts/loki/templates/single-binary/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: loki + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: http-metrics + port: 3100 + targetPort: http-metrics + protocol: TCP + - name: grpc + port: 9095 + targetPort: grpc + protocol: TCP + selector: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/component: single-binary +--- +# Source: gateway-addons-helm/charts/opentelemetry-collector/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: otel-collector + namespace: monitoring + labels: + helm.sh/chart: opentelemetry-collector-0.73.1 + app.kubernetes.io/name: opentelemetry-collector + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "0.88.0" + app.kubernetes.io/managed-by: Helm + component: standalone-collector +spec: + type: ClusterIP + ports: + + - name: jaeger-compact + port: 6831 + targetPort: 6831 + protocol: UDP + - name: jaeger-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + - name: jaeger-thrift + port: 14268 + targetPort: 14268 + protocol: TCP + - name: otlp + port: 4317 + targetPort: 4317 + protocol: TCP + appProtocol: grpc + - name: otlp-http + port: 4318 + targetPort: 4318 + protocol: TCP + - name: zipkin + port: 9411 + targetPort: 9411 + protocol: TCP + selector: + app.kubernetes.io/name: opentelemetry-collector + app.kubernetes.io/instance: gateway-addons-helm + component: standalone-collector + internalTrafficPolicy: Cluster +--- +# Source: gateway-addons-helm/charts/prometheus/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus + namespace: monitoring +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + sessionAffinity: None + type: "LoadBalancer" +--- +# Source: gateway-addons-helm/charts/tempo/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: tempo + namespace: monitoring + labels: + helm.sh/chart: tempo-1.3.1 + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.1" + app.kubernetes.io/managed-by: Helm +spec: + type: LoadBalancer + ports: + - name: tempo-prom-metrics + port: 3100 + targetPort: 3100 + - name: tempo-jaeger-thrift-compact + port: 6831 + protocol: UDP + targetPort: 6831 + - name: tempo-jaeger-thrift-binary + port: 6832 + protocol: UDP + targetPort: 6832 + - name: tempo-jaeger-thrift-http + port: 14268 + protocol: TCP + targetPort: 14268 + - name: grpc-tempo-jaeger + port: 14250 + protocol: TCP + targetPort: 14250 + - name: tempo-zipkin + port: 9411 + protocol: TCP + targetPort: 9411 + - name: tempo-otlp-legacy + port: 55680 + protocol: TCP + targetPort: 55680 + - name: tempo-otlp-http-legacy + port: 55681 + protocol: TCP + targetPort: 4318 + - name: grpc-tempo-otlp + port: 4317 + protocol: TCP + targetPort: 4317 + - name: tempo-otlp-http + port: 4318 + protocol: TCP + targetPort: 4318 + - name: tempo-opencensus + port: 55678 + protocol: TCP + targetPort: 55678 + selector: + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm +--- +# Source: gateway-addons-helm/charts/fluent-bit/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: fluent-bit + namespace: monitoring + labels: + helm.sh/chart: fluent-bit-0.30.4 + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.4" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + template: + metadata: + annotations: + checksum/config: 03d122555879033ccf6443369f73463490b100f195550b1483d337f497c749e3 + checksum/luascripts: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + fluentbit.io/exclude: "true" + prometheus.io/path: /api/v1/metrics/prometheus + prometheus.io/port: "2020" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/name: fluent-bit + app.kubernetes.io/instance: gateway-addons-helm + spec: + serviceAccountName: fluent-bit + hostNetwork: false + dnsPolicy: ClusterFirst + containers: + - name: fluent-bit + image: "cr.fluentbit.io/fluent/fluent-bit:2.1.4" + imagePullPolicy: Always + ports: + - name: http + containerPort: 2020 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: /api/v1/health + port: http + volumeMounts: + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + - mountPath: /fluent-bit/etc/custom_parsers.conf + name: config + subPath: custom_parsers.conf + - mountPath: /var/log + name: varlog + - mountPath: /var/lib/docker/containers + name: varlibdockercontainers + readOnly: true + - mountPath: /etc/machine-id + name: etcmachineid + readOnly: true + volumes: + - name: config + configMap: + name: fluent-bit + - hostPath: + path: /var/log + name: varlog + - hostPath: + path: /var/lib/docker/containers + name: varlibdockercontainers + - hostPath: + path: /etc/machine-id + type: File + name: etcmachineid +--- +# Source: gateway-addons-helm/charts/opentelemetry-collector/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: otel-collector + namespace: monitoring + labels: + helm.sh/chart: opentelemetry-collector-0.73.1 + app.kubernetes.io/name: opentelemetry-collector + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "0.88.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/name: opentelemetry-collector + app.kubernetes.io/instance: gateway-addons-helm + component: standalone-collector + strategy: + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 077be33cb293f9c37d065397da8156bf9f33a42ad56a3d5876f39de72c874023 + + labels: + app.kubernetes.io/name: opentelemetry-collector + app.kubernetes.io/instance: gateway-addons-helm + component: standalone-collector + + spec: + + serviceAccountName: otel-collector + securityContext: + {} + containers: + - name: opentelemetry-collector + command: + - /otelcol-contrib + - --config=/conf/relay.yaml + securityContext: + {} + image: "otel/opentelemetry-collector-contrib:0.88.0" + imagePullPolicy: IfNotPresent + ports: + + - name: jaeger-compact + containerPort: 6831 + protocol: UDP + - name: jaeger-grpc + containerPort: 14250 + protocol: TCP + - name: jaeger-thrift + containerPort: 14268 + protocol: TCP + - name: otlp + containerPort: 4317 + protocol: TCP + - name: otlp-http + containerPort: 4318 + protocol: TCP + - name: zipkin + containerPort: 9411 + protocol: TCP + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + livenessProbe: + httpGet: + path: / + port: 13133 + readinessProbe: + httpGet: + path: / + port: 13133 + volumeMounts: + - mountPath: /conf + name: opentelemetry-collector-configmap + volumes: + - name: opentelemetry-collector-configmap + configMap: + name: otel-collector + items: + - key: relay + path: relay.yaml + hostNetwork: false +--- +# Source: gateway-addons-helm/charts/prometheus/templates/deploy.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + name: prometheus + namespace: monitoring +spec: + selector: + matchLabels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + replicas: 1 + revisionHistoryLimit: 10 + strategy: + type: Recreate + rollingUpdate: null + template: + metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: prometheus + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: v2.52.0 + helm.sh/chart: prometheus-25.21.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: prometheus + spec: + enableServiceLinks: true + serviceAccountName: prometheus + containers: + - name: prometheus-server-configmap-reload + image: "quay.io/prometheus-operator/prometheus-config-reloader:v0.73.2" + imagePullPolicy: "IfNotPresent" + args: + - --watched-dir=/etc/config + - --reload-url=http://127.0.0.1:9090/-/reload + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + + - name: prometheus-server + image: "prom/prometheus:v2.52.0" + imagePullPolicy: "IfNotPresent" + args: + - --storage.tsdb.retention.time=15d + - --config.file=/etc/config/prometheus.yml + - --storage.tsdb.path=/data + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + - --web.enable-lifecycle + ports: + - containerPort: 9090 + readinessProbe: + httpGet: + path: /-/ready + port: 9090 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 4 + failureThreshold: 3 + successThreshold: 1 + livenessProbe: + httpGet: + path: /-/healthy + port: 9090 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 10 + failureThreshold: 3 + successThreshold: 1 + volumeMounts: + - name: config-volume + mountPath: /etc/config + - name: storage-volume + mountPath: /data + subPath: "" + dnsPolicy: ClusterFirst + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + terminationGracePeriodSeconds: 300 + volumes: + - name: config-volume + configMap: + name: prometheus + - name: storage-volume + emptyDir: + {} +--- +# Source: gateway-addons-helm/charts/loki/templates/single-binary/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: loki + labels: + helm.sh/chart: loki-4.8.0 + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.7.3" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: single-binary + app.kubernetes.io/part-of: memberlist +spec: + replicas: 1 + podManagementPolicy: Parallel + updateStrategy: + rollingUpdate: + partition: 0 + serviceName: loki-headless + revisionHistoryLimit: 10 + + persistentVolumeClaimRetentionPolicy: + whenDeleted: Delete + whenScaled: Delete + selector: + matchLabels: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/component: single-binary + template: + metadata: + annotations: + checksum/config: 39a9cea617408d4add363b9ca660a8889e48b866eba2e8c8e4bfc10870b29162 + labels: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/component: single-binary + app.kubernetes.io/part-of: memberlist + spec: + serviceAccountName: loki + automountServiceAccountToken: true + enableServiceLinks: true + + securityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + terminationGracePeriodSeconds: 30 + containers: + - name: loki + image: docker.io/grafana/loki:2.7.3 + imagePullPolicy: IfNotPresent + args: + - -config.file=/etc/loki/config/config.yaml + - -target=all + ports: + - name: http-metrics + containerPort: 3100 + protocol: TCP + - name: grpc + containerPort: 9095 + protocol: TCP + - name: http-memberlist + containerPort: 7946 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 30 + timeoutSeconds: 1 + volumeMounts: + - name: tmp + mountPath: /tmp + - name: config + mountPath: /etc/loki/config + - name: runtime-config + mountPath: /etc/loki/runtime-config + - name: storage + mountPath: /var/loki + resources: + {} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: loki + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/component: single-binary + topologyKey: kubernetes.io/hostname + + volumes: + - name: tmp + emptyDir: {} + - name: config + configMap: + name: loki + - name: runtime-config + configMap: + name: loki-runtime + volumeClaimTemplates: + - metadata: + name: storage + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "10Gi" +--- +# Source: gateway-addons-helm/charts/tempo/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: tempo + namespace: monitoring + labels: + helm.sh/chart: tempo-1.3.1 + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + app.kubernetes.io/version: "2.1.1" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + serviceName: tempo-headless + template: + metadata: + labels: + app.kubernetes.io/name: tempo + app.kubernetes.io/instance: gateway-addons-helm + annotations: + checksum/config: 0898f7ca87563d700c35d7ea1824cd042cf93fb2f05e254d12a854aa97a5c5e5 + spec: + serviceAccountName: tempo + automountServiceAccountToken: true + containers: + - args: + - -config.file=/conf/tempo.yaml + - -mem-ballast-size-mbs=1024 + image: grafana/tempo:2.1.1 + imagePullPolicy: IfNotPresent + name: tempo + ports: + - containerPort: 3100 + name: prom-metrics + - containerPort: 6831 + name: jaeger-thrift-c + protocol: UDP + - containerPort: 6832 + name: jaeger-thrift-b + protocol: UDP + - containerPort: 14268 + name: jaeger-thrift-h + - containerPort: 14250 + name: jaeger-grpc + - containerPort: 9411 + name: zipkin + - containerPort: 55680 + name: otlp-legacy + - containerPort: 4317 + name: otlp-grpc + - containerPort: 55681 + name: otlp-httplegacy + - containerPort: 4318 + name: otlp-http + - containerPort: 55678 + name: opencensus + resources: + {} + env: + volumeMounts: + - mountPath: /conf + name: tempo-conf + volumes: + - configMap: + name: tempo + name: tempo-conf + updateStrategy: + type: + RollingUpdate diff --git a/test/helm/control-plane-with-pdb.in.yaml b/test/helm/gateway-helm/control-plane-with-pdb.in.yaml similarity index 100% rename from test/helm/control-plane-with-pdb.in.yaml rename to test/helm/gateway-helm/control-plane-with-pdb.in.yaml diff --git a/test/helm/control-plane-with-pdb.out.yaml b/test/helm/gateway-helm/control-plane-with-pdb.out.yaml similarity index 89% rename from test/helm/control-plane-with-pdb.out.yaml rename to test/helm/gateway-helm/control-plane-with-pdb.out.yaml index 806bdfa4df8..63d999c0b5c 100644 --- a/test/helm/control-plane-with-pdb.out.yaml +++ b/test/helm/gateway-helm/control-plane-with-pdb.out.yaml @@ -11,7 +11,7 @@ spec: matchLabels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm --- # Source: gateway-helm/templates/envoy-gateway-deployment.yaml apiVersion: v1 @@ -22,7 +22,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm --- @@ -35,7 +35,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm data: @@ -70,7 +70,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role rules: - apiGroups: - "" @@ -188,11 +188,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: eg-gateway-helm-envoy-gateway-rolebinding + name: gateway-helm-envoy-gateway-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -202,12 +202,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -247,12 +247,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-leader-election-role + name: gateway-helm-leader-election-role namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -292,18 +292,18 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-infra-manager' + name: 'gateway-helm-infra-manager' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -313,18 +313,18 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-leader-election-rolebinding + name: gateway-helm-leader-election-rolebinding namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-leader-election-role' + name: 'gateway-helm-leader-election-role' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -340,14 +340,14 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: selector: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm ports: - name: grpc port: 18000 @@ -355,6 +355,9 @@ spec: - name: ratelimit port: 18001 targetPort: 18001 + - name: wasm + port: 18002 + targetPort: 18002 - name: metrics port: 19001 targetPort: 19001 @@ -369,7 +372,7 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: @@ -378,7 +381,7 @@ spec: matchLabels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm template: metadata: annotations: @@ -387,7 +390,7 @@ spec: labels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm spec: containers: - args: @@ -415,6 +418,8 @@ spec: name: grpc - containerPort: 18001 name: ratelimit + - containerPort: 18002 + name: wasm - containerPort: 19001 name: metrics readinessProbe: @@ -457,12 +462,12 @@ spec: apiVersion: v1 kind: ServiceAccount metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -472,12 +477,12 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -496,12 +501,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -509,22 +514,22 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' subjects: - kind: ServiceAccount - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' namespace: 'envoy-gateway-system' --- # Source: gateway-helm/templates/certgen.yaml apiVersion: batch/v1 kind: Job metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -559,5 +564,5 @@ spec: runAsGroup: 65534 runAsNonRoot: true runAsUser: 65534 - serviceAccountName: eg-gateway-helm-certgen + serviceAccountName: gateway-helm-certgen ttlSecondsAfterFinished: 30 diff --git a/test/helm/default-config.in.yaml b/test/helm/gateway-helm/default-config.in.yaml similarity index 100% rename from test/helm/default-config.in.yaml rename to test/helm/gateway-helm/default-config.in.yaml diff --git a/test/helm/default-config.out.yaml b/test/helm/gateway-helm/default-config.out.yaml similarity index 89% rename from test/helm/default-config.out.yaml rename to test/helm/gateway-helm/default-config.out.yaml index b1181bbdc87..e01d1c025e4 100644 --- a/test/helm/default-config.out.yaml +++ b/test/helm/gateway-helm/default-config.out.yaml @@ -8,7 +8,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm --- @@ -21,7 +21,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm data: @@ -56,7 +56,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role rules: - apiGroups: - "" @@ -174,11 +174,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: eg-gateway-helm-envoy-gateway-rolebinding + name: gateway-helm-envoy-gateway-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -188,12 +188,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -233,12 +233,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-leader-election-role + name: gateway-helm-leader-election-role namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -278,18 +278,18 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-infra-manager' + name: 'gateway-helm-infra-manager' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -299,18 +299,18 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-leader-election-rolebinding + name: gateway-helm-leader-election-rolebinding namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-leader-election-role' + name: 'gateway-helm-leader-election-role' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -326,14 +326,14 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: selector: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm ports: - name: grpc port: 18000 @@ -341,6 +341,9 @@ spec: - name: ratelimit port: 18001 targetPort: 18001 + - name: wasm + port: 18002 + targetPort: 18002 - name: metrics port: 19001 targetPort: 19001 @@ -355,7 +358,7 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: @@ -364,7 +367,7 @@ spec: matchLabels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm template: metadata: annotations: @@ -373,7 +376,7 @@ spec: labels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm spec: containers: - args: @@ -401,6 +404,8 @@ spec: name: grpc - containerPort: 18001 name: ratelimit + - containerPort: 18002 + name: wasm - containerPort: 19001 name: metrics readinessProbe: @@ -443,12 +448,12 @@ spec: apiVersion: v1 kind: ServiceAccount metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -458,12 +463,12 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -482,12 +487,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -495,22 +500,22 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' subjects: - kind: ServiceAccount - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' namespace: 'envoy-gateway-system' --- # Source: gateway-helm/templates/certgen.yaml apiVersion: batch/v1 kind: Job metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -545,5 +550,5 @@ spec: runAsGroup: 65534 runAsNonRoot: true runAsUser: 65534 - serviceAccountName: eg-gateway-helm-certgen + serviceAccountName: gateway-helm-certgen ttlSecondsAfterFinished: 30 diff --git a/test/helm/deployment-custom-topology.in.yaml b/test/helm/gateway-helm/deployment-custom-topology.in.yaml similarity index 100% rename from test/helm/deployment-custom-topology.in.yaml rename to test/helm/gateway-helm/deployment-custom-topology.in.yaml diff --git a/test/helm/deployment-custom-topology.out.yaml b/test/helm/gateway-helm/deployment-custom-topology.out.yaml similarity index 89% rename from test/helm/deployment-custom-topology.out.yaml rename to test/helm/gateway-helm/deployment-custom-topology.out.yaml index 6cf0c0f154b..47b89266c24 100644 --- a/test/helm/deployment-custom-topology.out.yaml +++ b/test/helm/gateway-helm/deployment-custom-topology.out.yaml @@ -8,7 +8,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm --- @@ -21,7 +21,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm data: @@ -56,7 +56,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role rules: - apiGroups: - "" @@ -174,11 +174,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: eg-gateway-helm-envoy-gateway-rolebinding + name: gateway-helm-envoy-gateway-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -188,12 +188,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -233,12 +233,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-leader-election-role + name: gateway-helm-leader-election-role namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -278,18 +278,18 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-infra-manager' + name: 'gateway-helm-infra-manager' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -299,18 +299,18 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-leader-election-rolebinding + name: gateway-helm-leader-election-rolebinding namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-leader-election-role' + name: 'gateway-helm-leader-election-role' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -326,14 +326,14 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: selector: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm ports: - name: grpc port: 18000 @@ -341,6 +341,9 @@ spec: - name: ratelimit port: 18001 targetPort: 18001 + - name: wasm + port: 18002 + targetPort: 18002 - name: metrics port: 19001 targetPort: 19001 @@ -355,7 +358,7 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: @@ -364,7 +367,7 @@ spec: matchLabels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm template: metadata: annotations: @@ -373,7 +376,7 @@ spec: labels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm spec: affinity: nodeAffinity: @@ -429,6 +432,8 @@ spec: name: grpc - containerPort: 18001 name: ratelimit + - containerPort: 18002 + name: wasm - containerPort: 19001 name: metrics readinessProbe: @@ -471,12 +476,12 @@ spec: apiVersion: v1 kind: ServiceAccount metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -486,12 +491,12 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -510,12 +515,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -523,22 +528,22 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' subjects: - kind: ServiceAccount - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' namespace: 'envoy-gateway-system' --- # Source: gateway-helm/templates/certgen.yaml apiVersion: batch/v1 kind: Job metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -573,5 +578,5 @@ spec: runAsGroup: 65534 runAsNonRoot: true runAsUser: 65534 - serviceAccountName: eg-gateway-helm-certgen + serviceAccountName: gateway-helm-certgen ttlSecondsAfterFinished: 30 diff --git a/test/helm/deployment-images-config.in.yaml b/test/helm/gateway-helm/deployment-images-config.in.yaml similarity index 100% rename from test/helm/deployment-images-config.in.yaml rename to test/helm/gateway-helm/deployment-images-config.in.yaml diff --git a/test/helm/deployment-images-config.out.yaml b/test/helm/gateway-helm/deployment-images-config.out.yaml similarity index 89% rename from test/helm/deployment-images-config.out.yaml rename to test/helm/gateway-helm/deployment-images-config.out.yaml index 415b9508ece..3cba2b4a50b 100644 --- a/test/helm/deployment-images-config.out.yaml +++ b/test/helm/gateway-helm/deployment-images-config.out.yaml @@ -8,7 +8,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm --- @@ -21,7 +21,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm data: @@ -56,7 +56,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role rules: - apiGroups: - "" @@ -174,11 +174,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: eg-gateway-helm-envoy-gateway-rolebinding + name: gateway-helm-envoy-gateway-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -188,12 +188,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -233,12 +233,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-leader-election-role + name: gateway-helm-leader-election-role namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -278,18 +278,18 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-infra-manager' + name: 'gateway-helm-infra-manager' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -299,18 +299,18 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-leader-election-rolebinding + name: gateway-helm-leader-election-rolebinding namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-leader-election-role' + name: 'gateway-helm-leader-election-role' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -326,14 +326,14 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: selector: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm ports: - name: grpc port: 18000 @@ -341,6 +341,9 @@ spec: - name: ratelimit port: 18001 targetPort: 18001 + - name: wasm + port: 18002 + targetPort: 18002 - name: metrics port: 19001 targetPort: 19001 @@ -355,7 +358,7 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: @@ -364,7 +367,7 @@ spec: matchLabels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm template: metadata: annotations: @@ -373,7 +376,7 @@ spec: labels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm spec: containers: - args: @@ -401,6 +404,8 @@ spec: name: grpc - containerPort: 18001 name: ratelimit + - containerPort: 18002 + name: wasm - containerPort: 19001 name: metrics readinessProbe: @@ -445,12 +450,12 @@ spec: apiVersion: v1 kind: ServiceAccount metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -460,12 +465,12 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -484,12 +489,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -497,22 +502,22 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' subjects: - kind: ServiceAccount - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' namespace: 'envoy-gateway-system' --- # Source: gateway-helm/templates/certgen.yaml apiVersion: batch/v1 kind: Job metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -549,5 +554,5 @@ spec: runAsGroup: 65534 runAsNonRoot: true runAsUser: 65534 - serviceAccountName: eg-gateway-helm-certgen + serviceAccountName: gateway-helm-certgen ttlSecondsAfterFinished: 30 diff --git a/test/helm/envoy-gateway-config.in.yaml b/test/helm/gateway-helm/envoy-gateway-config.in.yaml similarity index 100% rename from test/helm/envoy-gateway-config.in.yaml rename to test/helm/gateway-helm/envoy-gateway-config.in.yaml diff --git a/test/helm/envoy-gateway-config.out.yaml b/test/helm/gateway-helm/envoy-gateway-config.out.yaml similarity index 89% rename from test/helm/envoy-gateway-config.out.yaml rename to test/helm/gateway-helm/envoy-gateway-config.out.yaml index 46f33d794da..b80001eb80b 100644 --- a/test/helm/envoy-gateway-config.out.yaml +++ b/test/helm/gateway-helm/envoy-gateway-config.out.yaml @@ -8,7 +8,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm --- @@ -21,7 +21,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm data: @@ -58,7 +58,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role rules: - apiGroups: - "" @@ -176,11 +176,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: eg-gateway-helm-envoy-gateway-rolebinding + name: gateway-helm-envoy-gateway-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -190,12 +190,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -235,12 +235,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-leader-election-role + name: gateway-helm-leader-election-role namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -280,18 +280,18 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-infra-manager' + name: 'gateway-helm-infra-manager' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -301,18 +301,18 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-leader-election-rolebinding + name: gateway-helm-leader-election-rolebinding namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-leader-election-role' + name: 'gateway-helm-leader-election-role' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -328,14 +328,14 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: selector: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm ports: - name: grpc port: 18000 @@ -343,6 +343,9 @@ spec: - name: ratelimit port: 18001 targetPort: 18001 + - name: wasm + port: 18002 + targetPort: 18002 - name: metrics port: 19001 targetPort: 19001 @@ -357,7 +360,7 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: @@ -366,7 +369,7 @@ spec: matchLabels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm template: metadata: annotations: @@ -375,7 +378,7 @@ spec: labels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm spec: containers: - args: @@ -403,6 +406,8 @@ spec: name: grpc - containerPort: 18001 name: ratelimit + - containerPort: 18002 + name: wasm - containerPort: 19001 name: metrics readinessProbe: @@ -445,12 +450,12 @@ spec: apiVersion: v1 kind: ServiceAccount metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -460,12 +465,12 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -484,12 +489,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -497,22 +502,22 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' subjects: - kind: ServiceAccount - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' namespace: 'envoy-gateway-system' --- # Source: gateway-helm/templates/certgen.yaml apiVersion: batch/v1 kind: Job metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -547,5 +552,5 @@ spec: runAsGroup: 65534 runAsNonRoot: true runAsUser: 65534 - serviceAccountName: eg-gateway-helm-certgen + serviceAccountName: gateway-helm-certgen ttlSecondsAfterFinished: 30 diff --git a/test/helm/global-images-config.in.yaml b/test/helm/gateway-helm/global-images-config.in.yaml similarity index 100% rename from test/helm/global-images-config.in.yaml rename to test/helm/gateway-helm/global-images-config.in.yaml diff --git a/test/helm/global-images-config.out.yaml b/test/helm/gateway-helm/global-images-config.out.yaml similarity index 89% rename from test/helm/global-images-config.out.yaml rename to test/helm/gateway-helm/global-images-config.out.yaml index 5ed2ebb7537..4537cf99b49 100644 --- a/test/helm/global-images-config.out.yaml +++ b/test/helm/gateway-helm/global-images-config.out.yaml @@ -8,7 +8,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm --- @@ -21,7 +21,7 @@ metadata: labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm data: @@ -60,7 +60,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role rules: - apiGroups: - "" @@ -178,11 +178,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: eg-gateway-helm-envoy-gateway-rolebinding + name: gateway-helm-envoy-gateway-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: eg-gateway-helm-envoy-gateway-role + name: gateway-helm-envoy-gateway-role subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -192,12 +192,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -237,12 +237,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-leader-election-role + name: gateway-helm-leader-election-role namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm rules: @@ -282,18 +282,18 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-infra-manager + name: gateway-helm-infra-manager namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-infra-manager' + name: 'gateway-helm-infra-manager' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -303,18 +303,18 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-leader-election-rolebinding + name: gateway-helm-leader-election-rolebinding namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-leader-election-role' + name: 'gateway-helm-leader-election-role' subjects: - kind: ServiceAccount name: 'envoy-gateway' @@ -330,14 +330,14 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: selector: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm ports: - name: grpc port: 18000 @@ -345,6 +345,9 @@ spec: - name: ratelimit port: 18001 targetPort: 18001 + - name: wasm + port: 18002 + targetPort: 18002 - name: metrics port: 19001 targetPort: 19001 @@ -359,7 +362,7 @@ metadata: control-plane: envoy-gateway helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm spec: @@ -368,7 +371,7 @@ spec: matchLabels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm template: metadata: annotations: @@ -377,7 +380,7 @@ spec: labels: control-plane: envoy-gateway app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm spec: containers: - args: @@ -405,6 +408,8 @@ spec: name: grpc - containerPort: 18001 name: ratelimit + - containerPort: 18002 + name: wasm - containerPort: 19001 name: metrics readinessProbe: @@ -449,12 +454,12 @@ spec: apiVersion: v1 kind: ServiceAccount metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -464,12 +469,12 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -488,12 +493,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -501,22 +506,22 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' subjects: - kind: ServiceAccount - name: 'eg-gateway-helm-certgen' + name: 'gateway-helm-certgen' namespace: 'envoy-gateway-system' --- # Source: gateway-helm/templates/certgen.yaml apiVersion: batch/v1 kind: Job metadata: - name: eg-gateway-helm-certgen + name: gateway-helm-certgen namespace: 'envoy-gateway-system' labels: helm.sh/chart: gateway-helm-v0.0.0-latest app.kubernetes.io/name: gateway-helm - app.kubernetes.io/instance: eg + app.kubernetes.io/instance: gateway-helm app.kubernetes.io/version: "latest" app.kubernetes.io/managed-by: Helm annotations: @@ -553,5 +558,5 @@ spec: runAsGroup: 65534 runAsNonRoot: true runAsUser: 65534 - serviceAccountName: eg-gateway-helm-certgen + serviceAccountName: gateway-helm-certgen ttlSecondsAfterFinished: 30 diff --git a/tools/crd-ref-docs/templates/gv_list.tpl b/tools/crd-ref-docs/templates/gv_list.tpl index a4d3dadf18c..84a0f75a9d2 100644 --- a/tools/crd-ref-docs/templates/gv_list.tpl +++ b/tools/crd-ref-docs/templates/gv_list.tpl @@ -1,7 +1,10 @@ {{- define "gvList" -}} {{- $groupVersions := . -}} -# API Reference ++++ +title = "API Reference" ++++ + ## Packages {{- range $groupVersions }} diff --git a/tools/docker/envoy-gateway/Dockerfile b/tools/docker/envoy-gateway/Dockerfile index 074320308eb..79b85852c9c 100644 --- a/tools/docker/envoy-gateway/Dockerfile +++ b/tools/docker/envoy-gateway/Dockerfile @@ -1,8 +1,13 @@ +FROM busybox as source +# Create the data directory for eg +RUN mkdir -p /var/lib/eg + # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details FROM gcr.io/distroless/static:nonroot@sha256:e9ac71e2b8e279a8372741b7a0293afda17650d926900233ec3a7b2b7c22a246 ARG TARGETPLATFORM COPY $TARGETPLATFORM/envoy-gateway /usr/local/bin/ +COPY --from=source --chown=65532:65532 /var/lib /var/lib USER 65532:65532 diff --git a/tools/hack/docs-headings.sh b/tools/hack/docs-headings.sh deleted file mode 100755 index 4f61928065b..00000000000 --- a/tools/hack/docs-headings.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -if [ "$#" -ne 1 ]; then - echo "Usage: $0 " - exit 1 -fi - -input_file=$1 - -temp_file=$(mktemp) - -sed -n ' -/^# / { - s/^# \(.*\)/+++\ntitle = "\1"\n+++\n/ - p - d -} -p -' "$input_file" > "$temp_file" - -mv "$temp_file" "$input_file" diff --git a/tools/linter/yamllint/.yamllint b/tools/linter/yamllint/.yamllint index 45705c71c68..4a9e282a263 100644 --- a/tools/linter/yamllint/.yamllint +++ b/tools/linter/yamllint/.yamllint @@ -8,6 +8,7 @@ ignore: | charts/gateway-helm/ charts/gateway-addons-helm/ bin/install.yaml + test/helm/ rules: braces: diff --git a/tools/make/common.mk b/tools/make/common.mk index 84865267e6c..3dd383e7ee4 100644 --- a/tools/make/common.mk +++ b/tools/make/common.mk @@ -119,7 +119,7 @@ export USAGE_OPTIONS .PHONY: generate generate: ## Generate go code from templates and tags -generate: kube-generate docs-api helm-generate helm-template go.generate +generate: kube-generate docs-api helm-generate go.generate ## help: Show this help info. .PHONY: help diff --git a/tools/make/docs.mk b/tools/make/docs.mk index 8c50a5b9878..a8c59c29999 100644 --- a/tools/make/docs.mk +++ b/tools/make/docs.mk @@ -4,7 +4,7 @@ RELEASE_VERSIONS ?= $(foreach v,$(wildcard ${ROOT_DIR}/docs/*),$(notdir ${v})) ##@ Docs .PHONY: docs -docs: docs.clean helm-readme-gen docs-api docs-api-headings ## Generate Envoy Gateway Docs Sources +docs: docs.clean helm-readme-gen docs-api ## Generate Envoy Gateway Docs Sources @$(LOG_TARGET) cd $(ROOT_DIR)/site && npm install cd $(ROOT_DIR)/site && npm run build:production @@ -32,7 +32,7 @@ docs.clean: rm -f site/.hugo_build.lock .PHONY: docs-api -docs-api: docs-api-gen helm-readme-gen docs-api-headings +docs-api: docs-api-gen helm-readme-gen .PHONY: helm-readme-gen helm-readme-gen: @@ -77,12 +77,6 @@ docs-api-gen: $(tools/crd-ref-docs) # below line copy command for sync English api doc into Chinese cp site/content/en/latest/api/extension_types.md site/content/zh/latest/api/extension_types.md -.PHONY: docs-api-headings # Required since sphinx mst does not link to h4 headings. -docs-api-headings: - @$(LOG_TARGET) - tools/hack/docs-headings.sh site/content/en/latest/api/extension_types.md - tools/hack/docs-headings.sh site/content/zh/latest/api/extension_types.md - .PHONY: docs-release-prepare docs-release-prepare: @$(LOG_TARGET) diff --git a/tools/make/helm.mk b/tools/make/helm.mk index d23305a6743..94d2b9c3f93 100644 --- a/tools/make/helm.mk +++ b/tools/make/helm.mk @@ -10,7 +10,6 @@ IMAGE_PULL_POLICY ?= IfNotPresent OCI_REGISTRY ?= oci://docker.io/envoyproxy CHART_NAME ?= gateway-helm CHART_VERSION ?= ${RELEASE_VERSION} -RELEASE_NAMESPACE ?= envoy-gateway-system ##@ Helm .PHONY: helm-package @@ -41,20 +40,6 @@ helm-push.%: helm-package.% $(eval CHART_NAME := $(COMMAND)) helm push ${OUTPUT_DIR}/charts/${CHART_NAME}-${CHART_VERSION}.tgz ${OCI_REGISTRY} -.PHONY: helm-install -helm-install: ## Install envoy gateway relevant helm charts from OCI registry. -helm-install: - @for chart in $(CHARTS); do \ - $(LOG_TARGET); \ - $(MAKE) $(addprefix helm-install., $$(basename $${chart})); \ - done - -.PHONY: helm-install.% -helm-install.%: helm-generate.% - $(eval COMMAND := $(word 1,$(subst ., ,$*))) - $(eval CHART_NAME := $(COMMAND)) - helm install eg ${OCI_REGISTRY}/${CHART_NAME} --version ${CHART_VERSION} -n ${RELEASE_NAMESPACE} --create-namespace - .PHONY: helm-generate helm-generate: @for chart in $(CHARTS); do \ @@ -70,15 +55,15 @@ helm-generate.%: GatewayImage=${IMAGE}:${TAG} GatewayImagePullPolicy=${IMAGE_PULL_POLICY} \ envsubst < charts/${CHART_NAME}/values.tmpl.yaml > ./charts/${CHART_NAME}/values.yaml; \ fi - helm dependency update charts/${CHART_NAME} # Update dependencies for add-ons chart. + helm dependency update charts/${CHART_NAME} helm lint charts/${CHART_NAME} - -HELM_VALUES := $(wildcard test/helm/*.in.yaml) - -helm-template: ## Template envoy gateway helm chart.z - @$(LOG_TARGET) - @for file in $(HELM_VALUES); do \ + $(call log, "Run helm template for chart: ${CHART_NAME}!"); + @for file in $(wildcard test/helm/${CHART_NAME}/*.in.yaml); do \ filename=$$(basename $${file}); \ output="$${filename%.in.*}.out.yaml"; \ - helm template eg charts/${CHART_NAME} -f $${file} > test/helm/$$output --namespace=${RELEASE_NAMESPACE}; \ + if [ ${CHART_NAME} == "gateway-addons-helm" ]; then \ + helm template ${CHART_NAME} charts/${CHART_NAME} -f $${file} > test/helm/${CHART_NAME}/$$output --namespace=monitoring; \ + else \ + helm template ${CHART_NAME} charts/${CHART_NAME} -f $${file} > test/helm/${CHART_NAME}/$$output --namespace=envoy-gateway-system; \ + fi; \ done diff --git a/tools/make/kube.mk b/tools/make/kube.mk index 81d63e9cc25..ddbe3fdd5d1 100644 --- a/tools/make/kube.mk +++ b/tools/make/kube.mk @@ -10,9 +10,13 @@ GATEWAY_RELEASE_URL ?= https://github.com/kubernetes-sigs/gateway-api/releases/d WAIT_TIMEOUT ?= 15m -FLUENT_BIT_CHART_VERSION ?= 0.30.4 -OTEL_COLLECTOR_CHART_VERSION ?= 0.73.1 -TEMPO_CHART_VERSION ?= 1.3.1 +BENCHMARK_TIMEOUT ?= 60m +BENCHMARK_CPU_LIMITS ?= 1000 # unit: 'm' +BENCHMARK_MEMORY_LIMITS ?= 1024 # unit: 'Mi' +BENCHMARK_RPS ?= 10000 +BENCHMARK_CONNECTIONS ?= 100 +BENCHMARK_DURATION ?= 60 + E2E_RUN_TEST ?= E2E_RUN_EG_UPGRADE_TESTS ?= false E2E_CLEANUP ?= true @@ -34,9 +38,9 @@ CONTROLLERGEN_OBJECT_FLAGS := object:headerFile="$(ROOT_DIR)/tools/boilerplate/ .PHONY: manifests manifests: $(tools/controller-gen) generate-gwapi-manifests ## Generate WebhookConfiguration and CustomResourceDefinition objects. - @$(LOG_TARGET) $(tools/controller-gen) crd:allowDangerousTypes=true paths="./..." output:crd:artifacts:config=charts/gateway-helm/crds/generated + .PHONY: generate-gwapi-manifests generate-gwapi-manifests: generate-gwapi-manifests: ## Generate GWAPI manifests and make it consistent with the go mod version. @@ -63,10 +67,18 @@ ifndef ignore-not-found endif .PHONY: kube-deploy -kube-deploy: manifests helm-generate ## Install Envoy Gateway into the Kubernetes cluster specified in ~/.kube/config. +kube-deploy: manifests helm-generate.gateway-helm ## Install Envoy Gateway into the Kubernetes cluster specified in ~/.kube/config. @$(LOG_TARGET) helm install eg charts/gateway-helm --set deployment.envoyGateway.imagePullPolicy=$(IMAGE_PULL_POLICY) -n envoy-gateway-system --create-namespace --debug --timeout='$(WAIT_TIMEOUT)' --wait --wait-for-jobs +.PHONY: kube-deploy-for-benchmark-test +kube-deploy-for-benchmark-test: manifests helm-generate ## Install Envoy Gateway for benchmark test purpose only. + @$(LOG_TARGET) + helm install eg charts/gateway-helm --set deployment.envoyGateway.imagePullPolicy=$(IMAGE_PULL_POLICY) \ + --set deployment.envoyGateway.resources.limits.cpu=$(BENCHMARK_CPU_LIMITS)m \ + --set deployment.envoyGateway.resources.limits.memory=$(BENCHMARK_MEMORY_LIMITS)Mi \ + -n envoy-gateway-system --create-namespace --debug --timeout='$(WAIT_TIMEOUT)' --wait --wait-for-jobs + .PHONY: kube-undeploy kube-undeploy: manifests ## Uninstall the Envoy Gateway into the Kubernetes cluster specified in ~/.kube/config. @$(LOG_TARGET) @@ -103,6 +115,9 @@ conformance: create-cluster kube-install-image kube-deploy run-conformance delet .PHONY: experimental-conformance ## Create a kind cluster, deploy EG into it, run Gateway API experimental conformance, and clean up. experimental-conformance: create-cluster kube-install-image kube-deploy run-experimental-conformance delete-cluster ## Create a kind cluster, deploy EG into it, run Gateway API conformance, and clean up. +.PHONY: benchmark +benchmark: create-cluster kube-install-image kube-deploy-for-benchmark-test run-benchmark delete-cluster ## Create a kind cluster, deploy EG into it, run Envoy Gateway benchmark test, and clean up. + .PHONY: e2e e2e: create-cluster kube-install-image kube-deploy install-ratelimit run-e2e delete-cluster @@ -141,54 +156,41 @@ else endif endif -.PHONY: install-e2e-telemetry -install-e2e-telemetry: prepare-helm-repo install-fluent-bit install-loki install-tempo install-otel-collector install-prometheus - @$(LOG_TARGET) - kubectl rollout status daemonset fluent-bit -n monitoring --timeout 5m - kubectl rollout status statefulset loki -n monitoring --timeout 5m - kubectl rollout status statefulset tempo -n monitoring --timeout 5m - kubectl rollout status deployment otel-collector -n monitoring --timeout 5m - kubectl rollout status deployment prometheus -n monitoring --timeout 5m - -.PHONY: uninstall-e2e-telemetry -uninstall-e2e-telemetry: +.PHONY: run-benchmark +run-benchmark: install-benchmark-server ## Run benchmark tests @$(LOG_TARGET) - kubectl delete -f examples/loki/loki.yaml -n monitoring --ignore-not-found - helm delete $(shell helm list -n monitoring -q) -n monitoring - -.PHONY: prepare-helm-repo -prepare-helm-repo: - @$(LOG_TARGET) - helm repo add fluent https://fluent.github.io/helm-charts - helm repo add grafana https://grafana.github.io/helm-charts - helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts - helm repo add prometheus-community https://prometheus-community.github.io/helm-charts - helm repo update - -.PHONY: install-fluent-bit -install-fluent-bit: - @$(LOG_TARGET) - helm upgrade --install fluent-bit fluent/fluent-bit -f examples/fluent-bit/helm-values.yaml -n monitoring --create-namespace --version $(FLUENT_BIT_CHART_VERSION) + mkdir -p $(OUTPUT_DIR)/benchmark + kubectl wait --timeout=$(WAIT_TIMEOUT) -n benchmark-test deployment/nighthawk-test-server --for=condition=Available + kubectl wait --timeout=$(WAIT_TIMEOUT) -n envoy-gateway-system deployment/envoy-gateway --for=condition=Available + kubectl apply -f test/benchmark/config/gatewayclass.yaml + go test -v -tags benchmark -timeout $(BENCHMARK_TIMEOUT) ./test/benchmark --rps=$(BENCHMARK_RPS) --connections=$(BENCHMARK_CONNECTIONS) --duration=$(BENCHMARK_DURATION) --report-save-path=benchmark_report.md -.PHONY: install-loki -install-loki: +.PHONY: install-benchmark-server +install-benchmark-server: ## Install nighthawk server for benchmark test @$(LOG_TARGET) - kubectl apply -f examples/loki/loki.yaml -n monitoring + kubectl create namespace benchmark-test + kubectl -n benchmark-test create configmap test-server-config --from-file=test/benchmark/config/nighthawk-test-server-config.yaml -o yaml + kubectl apply -f test/benchmark/config/nighthawk-test-server.yaml -.PHONY: install-tempo -install-tempo: +.PHONY: uninstall-benchmark-server +uninstall-benchmark-server: ## Uninstall nighthawk server for benchmark test @$(LOG_TARGET) - helm upgrade --install tempo grafana/tempo -f examples/tempo/helm-values.yaml -n monitoring --create-namespace --version $(TEMPO_CHART_VERSION) + kubectl delete job -n benchmark-test -l benchmark-test/client=true + kubectl delete -f test/benchmark/config/nighthawk-test-server.yaml + kubectl delete configmap test-server-config -n benchmark-test + kubectl delete namespace benchmark-test -.PHONY: install-prometheus -install-prometheus: +.PHONY: install-e2e-telemetry +install-e2e-telemetry: helm-generate.gateway-addons-helm @$(LOG_TARGET) - helm upgrade --install prometheus prometheus-community/prometheus -f examples/prometheus/helm-values.yaml -n monitoring --create-namespace + helm upgrade -i eg-addons charts/gateway-addons-helm --set grafana.enabled=false,opentelemetry-collector.enabled=true -n monitoring --create-namespace --timeout='$(WAIT_TIMEOUT)' --wait --wait-for-jobs + # Change loki service type from ClusterIP to LoadBalancer + kubectl patch service loki -n monitoring -p '{"spec": {"type": "LoadBalancer"}}' -.PHONY: install-otel-collector -install-otel-collector: +.PHONY: uninstall-e2e-telemetry +uninstall-e2e-telemetry: @$(LOG_TARGET) - helm upgrade --install otel-collector open-telemetry/opentelemetry-collector -f examples/otel-collector/helm-values.yaml -n monitoring --create-namespace --version $(OTEL_COLLECTOR_CHART_VERSION) + helm delete $(shell helm list -n monitoring -q) -n monitoring .PHONY: create-cluster create-cluster: $(tools/kind) ## Create a kind cluster suitable for running Gateway API conformance. @@ -222,7 +224,7 @@ delete-cluster: $(tools/kind) ## Delete kind cluster. $(tools/kind) delete cluster --name envoy-gateway .PHONY: generate-manifests -generate-manifests: helm-generate ## Generate Kubernetes release manifests. +generate-manifests: helm-generate.gateway-helm ## Generate Kubernetes release manifests. @$(LOG_TARGET) @$(call log, "Generating kubernetes manifests") mkdir -p $(OUTPUT_DIR)/ diff --git a/tools/src/buf/go.mod b/tools/src/buf/go.mod index 4c56f149bce..bdca3173c2c 100644 --- a/tools/src/buf/go.mod +++ b/tools/src/buf/go.mod @@ -2,12 +2,12 @@ module local go 1.22.4 -require github.com/bufbuild/buf v1.33.0 +require github.com/bufbuild/buf v1.34.0 require ( - buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.1-20240508200655-46a4cf4ba109.1 // indirect - buf.build/gen/go/bufbuild/registry/connectrpc/go v1.16.2-20240606161333-696c2cfeae8c.1 // indirect - buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.34.1-20240606161333-696c2cfeae8c.1 // indirect + buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.2-20240508200655-46a4cf4ba109.2 // indirect + buf.build/gen/go/bufbuild/registry/connectrpc/go v1.16.2-20240610164129-660609bc46d3.1 // indirect + buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.34.2-20240610164129-660609bc46d3.2 // indirect connectrpc.com/connect v1.16.2 // indirect connectrpc.com/otelconnect v0.7.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect @@ -22,23 +22,24 @@ require ( github.com/distribution/reference v0.6.0 // indirect github.com/docker/cli v26.1.4+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v26.1.4+incompatible // indirect + github.com/docker/docker v27.0.0+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.2 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/felixge/fgprof v0.9.4 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-chi/chi/v5 v5.0.12 // indirect + github.com/go-chi/chi/v5 v5.0.13 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gofrs/uuid/v5 v5.2.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/google/cel-go v0.20.1 // indirect - github.com/google/go-containerregistry v0.19.1 // indirect - github.com/google/pprof v0.0.0-20240528025155-186aa0362fba // indirect + github.com/google/go-containerregistry v0.19.2 // indirect + github.com/google/pprof v0.0.0-20240618054019-d3b898a103f8 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jdx/go-netrc v1.0.0 // indirect - github.com/klauspost/compress v1.17.8 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect @@ -52,7 +53,7 @@ require ( github.com/rs/cors v1.11.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect - github.com/spf13/cobra v1.8.0 // indirect + github.com/spf13/cobra v1.8.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect github.com/vbatts/tar-split v0.11.5 // indirect @@ -66,15 +67,15 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.24.0 // indirect - golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect + golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect golang.org/x/mod v0.18.0 // indirect golang.org/x/net v0.26.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.21.0 // indirect golang.org/x/term v0.21.0 // indirect golang.org/x/text v0.16.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/tools/src/buf/go.sum b/tools/src/buf/go.sum index 624ef7c6905..6b67bac010b 100644 --- a/tools/src/buf/go.sum +++ b/tools/src/buf/go.sum @@ -1,10 +1,9 @@ -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.1-20240401165935-b983156c5e99.1/go.mod h1:XF+P8+RmfdufmIYpGUC+6bF7S+IlmHDEnCrO3OXaUAQ= -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.1-20240508200655-46a4cf4ba109.1 h1:LEXWFH/xZ5oOWrC3oOtHbUyBdzRWMCPpAQmKC9v05mA= -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.1-20240508200655-46a4cf4ba109.1/go.mod h1:XF+P8+RmfdufmIYpGUC+6bF7S+IlmHDEnCrO3OXaUAQ= -buf.build/gen/go/bufbuild/registry/connectrpc/go v1.16.2-20240606161333-696c2cfeae8c.1 h1:J/IxoC5LijfcHUh87Am1XHp+eyqd9TAYKzimDSuN9p4= -buf.build/gen/go/bufbuild/registry/connectrpc/go v1.16.2-20240606161333-696c2cfeae8c.1/go.mod h1:kAi136n1j61b2WcTc9HewyA3cNmxAIEy1+cnTWWxL30= -buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.34.1-20240606161333-696c2cfeae8c.1 h1:1Kbs41Eas72MI6pCx931SctvL/jS7KXw3tesOrJfbAM= -buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.34.1-20240606161333-696c2cfeae8c.1/go.mod h1:8ONhsyCTLQ9kBslWnMgPrXTcxzCkKlxZqN9ewUveui8= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.2-20240508200655-46a4cf4ba109.2 h1:cFrEG/pJch6t62+jqndcPXeTNkYcztS4tBRgNkR+drw= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.2-20240508200655-46a4cf4ba109.2/go.mod h1:ylS4c28ACSI59oJrOdW4pHS4n0Hw4TgSPHn8rpHl4Yw= +buf.build/gen/go/bufbuild/registry/connectrpc/go v1.16.2-20240610164129-660609bc46d3.1 h1:PmSlGbLLyhKIAm46ROmzdGVaaYgDdFsQNA+VftjuCLs= +buf.build/gen/go/bufbuild/registry/connectrpc/go v1.16.2-20240610164129-660609bc46d3.1/go.mod h1:4ptL49VoWyYwajT6j4zu5vmQ/k/om4tGMB9atY2FhEo= +buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.34.2-20240610164129-660609bc46d3.2 h1:y1+UxFIWzj/eF2RCPqt9egR7Rt9vgQkXNUzSdmR6iEU= +buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.34.2-20240610164129-660609bc46d3.2/go.mod h1:psseUmlKRo9v5LZJtR/aTpdTLuyp9o3X7rnLT87SZEo= connectrpc.com/connect v1.16.2 h1:ybd6y+ls7GOlb7Bh5C8+ghA6SvCBajHwxssO2CGFjqE= connectrpc.com/connect v1.16.2/go.mod h1:n2kgwskMHXC+lVqb18wngEpF95ldBHXjZYJussz5FRc= connectrpc.com/otelconnect v0.7.0 h1:ZH55ZZtcJOTKWWLy3qmL4Pam4RzRWBJFOqTPyAqCXkY= @@ -15,8 +14,8 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= -github.com/bufbuild/buf v1.33.0 h1:LVjW7eGlYohGehEUA1vX/YOL051wkYJus5c5P2es+9o= -github.com/bufbuild/buf v1.33.0/go.mod h1:1KPS3Cwbfxc+rPP6k+a2zhfQT2Qlak3x1K28R582p6U= +github.com/bufbuild/buf v1.34.0 h1:rZSVfYS5SakOe6ds9PDjbHVwOc+vBGVWNW9Ei+Rg/+c= +github.com/bufbuild/buf v1.34.0/go.mod h1:Fj+KBmY2ODYD2Ld02w4LH9Y3WiRH2203IjGJbKYK5Hc= github.com/bufbuild/protocompile v0.14.0 h1:z3DW4IvXE5G/uTOnSQn+qwQQxvhckkTWLS/0No/o7KU= github.com/bufbuild/protocompile v0.14.0/go.mod h1:N6J1NYzkspJo3ZwyL4Xjvli86XOj1xq4qAasUFxGups= github.com/bufbuild/protoplugin v0.0.0-20240323223605-e2735f6c31ee h1:E6ET8YUcYJ1lAe6ctR3as7yqzW2BNItDFnaB5zQq/8M= @@ -40,7 +39,6 @@ github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= @@ -54,8 +52,8 @@ github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwen github.com/docker/cli v26.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= -github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.0.0+incompatible h1:JRugTYuelmWlW0M3jakcIadDx2HUoUO6+Tf2C5jVfwA= +github.com/docker/docker v27.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -69,8 +67,8 @@ github.com/felixge/fgprof v0.9.4 h1:ocDNwMFlnA0NU0zSB3I52xkO4sFXk80VK9lXjLClu88= github.com/felixge/fgprof v0.9.4/go.mod h1:yKl+ERSa++RYOs32d8K6WEXCB4uXdLls4ZaZPpayhMM= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/go-chi/chi/v5 v5.0.12 h1:9euLV5sTrTNTRUU9POmDUvfxyj6LAABLUcEWO+JJb4s= -github.com/go-chi/chi/v5 v5.0.12/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= +github.com/go-chi/chi/v5 v5.0.13 h1:JlH2F2M8qnwl0N1+JFFzlX9TlKJYas3aPXdiuTmJL+w= +github.com/go-chi/chi/v5 v5.0.13/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -85,20 +83,18 @@ github.com/gofrs/uuid/v5 v5.2.0 h1:qw1GMx6/y8vhVsx626ImfKMuS5CvJmhIKKtuyvfajMM= github.com/gofrs/uuid/v5 v5.2.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84= github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= -github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-containerregistry v0.19.2 h1:TannFKE1QSajsP6hPWb5oJNgKe1IKjHukIKDUmvsV6w= +github.com/google/go-containerregistry v0.19.2/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= -github.com/google/pprof v0.0.0-20240528025155-186aa0362fba h1:ql1qNgCyOB7iAEk8JTNM+zJrgIbnyCKX/wdlyPufP5g= -github.com/google/pprof v0.0.0-20240528025155-186aa0362fba/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240618054019-d3b898a103f8 h1:ASJ/LAqdCHOyMYI+dwNxn7Rd8FscNkMyTr1KZU1JI/M= +github.com/google/pprof v0.0.0-20240618054019-d3b898a103f8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= @@ -112,8 +108,8 @@ github.com/jhump/protoreflect v1.16.0/go.mod h1:oYPd7nPvcBw/5wlDfm/AVmU9zH9BgqGC github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= -github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -151,8 +147,8 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= @@ -186,8 +182,8 @@ go.opentelemetry.io/otel/sdk/metric v1.19.0 h1:EJoTO5qysMsYCa+w4UghwFV/ptQgqSL/8 go.opentelemetry.io/otel/sdk/metric v1.19.0/go.mod h1:XjG0jQyFJrv2PbMvwND7LwCEhsJzCzV5210euduKcKY= go.opentelemetry.io/otel/trace v1.25.0 h1:tqukZGLwQYRIFtSQM2u2+yfMVTgGVeqRLPUYx1Dq6RM= go.opentelemetry.io/otel/trace v1.25.0/go.mod h1:hCCs70XM/ljO+BeQkyFnbK28SBIJ/Emuha+ccrCRT7I= -go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= -go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -201,8 +197,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= +golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= @@ -247,14 +243,12 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc= +google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=