Skip to content

Commit

Permalink
feat(translator): implement access log types (envoyproxy#4341)
Browse files Browse the repository at this point in the history 
* impl: access log types

Signed-off-by: Guy Daich <guy.daich@sap.com>

* clarify docs

Signed-off-by: Guy Daich <guy.daich@sap.com>

* add note on default settings override

Signed-off-by: Guy Daich <guy.daich@sap.com>

* support default log re-enablement

Signed-off-by: Guy Daich <guy.daich@sap.com>

* fix xds test to contain route

Signed-off-by: Guy Daich <guy.daich@sap.com>

---------

Signed-off-by: Guy Daich <guy.daich@sap.com>
Co-authored-by: zirain <zirain2009@gmail.com>
  • Loading branch information
@guydc @zirain
guydc and zirain authored Oct 10, 2024
1 parent 9565863 commit 4313fd6
Show file tree
Hide file tree
Showing 18 changed files with 1,764 additions and 31 deletions.
1 change: 0 additions & 1 deletion api/v1alpha1/accesslogging_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ type ProxyAccessLogSetting struct {
// If type is defined, the accesslog settings would apply to the relevant component (as-is).
// +kubebuilder:validation:Enum=Listener;Route
// +optional
// +notImplementedHide
Type *ProxyAccessLogType `json:"type,omitempty"`
}

Expand Down
27 changes: 24 additions & 3 deletions internal/gatewayapi/listener.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,14 +241,23 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
},
}, nil
}

if envoyproxy.Spec.Telemetry.AccessLog.Disable {
return nil, nil
}

irAccessLog := &ir.AccessLog{}
// translate the access log configuration to the IR
for i, accessLog := range envoyproxy.Spec.Telemetry.AccessLog.Settings {
var accessLogType *ir.ProxyAccessLogType
if accessLog.Type != nil {
switch *accessLog.Type {
case egv1a1.ProxyAccessLogTypeRoute:
accessLogType = ptr.To(ir.ProxyAccessLogTypeRoute)
case egv1a1.ProxyAccessLogTypeListener:
accessLogType = ptr.To(ir.ProxyAccessLogTypeListener)
}
}

var format egv1a1.ProxyAccessLogFormat
if accessLog.Format != nil {
format = *accessLog.Format
Expand All @@ -274,6 +283,16 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
return nil, utilerrors.NewAggregate(errs)
}

if len(accessLog.Sinks) == 0 {
al := &ir.TextAccessLog{
Format: format.Text,
CELMatches: validExprs,
LogType: accessLogType,
Path: "/dev/stdout",
}
irAccessLog.Text = append(irAccessLog.Text, al)
}

for j, sink := range accessLog.Sinks {
switch sink.Type {
case egv1a1.ProxyAccessLogSinkTypeFile:
Expand All @@ -287,6 +306,7 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
Format: format.Text,
Path: sink.File.Path,
CELMatches: validExprs,
LogType: accessLogType,
}
irAccessLog.Text = append(irAccessLog.Text, al)
case egv1a1.ProxyAccessLogFormatTypeJSON:
Expand All @@ -299,6 +319,7 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
JSON: format.JSON,
Path: sink.File.Path,
CELMatches: validExprs,
LogType: accessLogType,
}
irAccessLog.JSON = append(irAccessLog.JSON, al)
}
Expand Down Expand Up @@ -329,6 +350,7 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
Traffic: traffic,
Type: sink.ALS.Type,
CELMatches: validExprs,
LogType: accessLogType,
}

if al.Type == egv1a1.ALSEnvoyProxyAccessLogTypeHTTP && sink.ALS.HTTP != nil {
Expand All @@ -339,7 +361,6 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
}
al.HTTP = http
}

switch format.Type {
case egv1a1.ProxyAccessLogFormatTypeJSON:
al.Attributes = format.JSON
Expand Down Expand Up @@ -367,6 +388,7 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
Settings: ds,
},
Traffic: traffic,
LogType: accessLogType,
}

if len(ds) == 0 {
Expand All @@ -391,7 +413,6 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
}
}
}

return irAccessLog, nil
}

Expand Down
236 changes: 236 additions & 0 deletions internal/gatewayapi/testdata/envoyproxy-accesslog-types.in.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,236 @@
envoyProxyForGatewayClass:
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
namespace: envoy-gateway-system
name: test
spec:
telemetry:
accessLog:
settings:
- type: Route
- type: Listener
- type: Route
format:
type: Text
text: |
this is a route log
sinks:
- type: File
file:
path: /dev/stdout
- type: ALS
als:
logName: accesslog
backendRefs:
- name: envoy-als
namespace: monitoring
port: 9000
http:
requestHeaders:
- x-client-ip-address
responseHeaders:
- cache-control
responseTrailers:
- expires
type: HTTP
- type: ALS
als:
backendRefs:
- name: envoy-als
namespace: monitoring
port: 9000
type: TCP
- type: OpenTelemetry
openTelemetry:
host: otel-collector.monitoring.svc.cluster.local
port: 4317
resources:
k8s.cluster.name: "cluster-1"
- type: Listener
format:
type: Text
text: |
this is a listener log
sinks:
- type: File
file:
path: /dev/stdout
- type: ALS
als:
logName: accesslog
backendRefs:
- name: envoy-als
namespace: monitoring
port: 9000
http:
requestHeaders:
- x-client-ip-address
responseHeaders:
- cache-control
responseTrailers:
- expires
type: HTTP
- type: ALS
als:
backendRefs:
- name: envoy-als
namespace: monitoring
port: 9000
type: TCP
- type: OpenTelemetry
openTelemetry:
host: otel-collector.monitoring.svc.cluster.local
port: 4317
resources:
k8s.cluster.name: "cluster-1"
- format:
type: Text
text: |
this is a Global log
sinks:
- type: File
file:
path: /dev/stdout
- type: ALS
als:
logName: accesslog
backendRefs:
- name: envoy-als
namespace: monitoring
port: 9000
http:
requestHeaders:
- x-client-ip-address
responseHeaders:
- cache-control
responseTrailers:
- expires
type: HTTP
- type: ALS
als:
backendRefs:
- name: envoy-als
namespace: monitoring
port: 9000
type: TCP
- type: OpenTelemetry
openTelemetry:
host: otel-collector.monitoring.svc.cluster.local
port: 4317
resources:
k8s.cluster.name: "cluster-1"
provider:
type: Kubernetes
kubernetes:
envoyService:
type: LoadBalancer
envoyDeployment:
replicas: 2
container:
env:
- name: env_a
value: env_a_value
- name: env_b
value: env_b_name
image: "envoyproxy/envoy:distroless-dev"
resources:
requests:
cpu: 100m
memory: 512Mi
securityContext:
runAsUser: 2000
allowPrivilegeEscalation: false
pod:
annotations:
key1: val1
key2: val2
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: cloud.google.com/gke-nodepool
operator: In
values:
- router-node
tolerations:
- effect: NoSchedule
key: node-type
operator: Exists
value: "router"
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
fsGroupChangePolicy: "OnRootMismatch"
volumes:
- name: certs
secret:
secretName: envoy-cert
gateways:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
namespace: envoy-gateway
name: gateway-1
spec:
gatewayClassName: envoy-gateway-class
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: Same
httpRoutes:
- apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
namespace: envoy-gateway
name: httproute-1
spec:
parentRefs:
- namespace: envoy-gateway
name: gateway-1
rules:
- matches:
- path:
type: Exact
value: "/exact"
backendRefs:
- name: service-1
port: 8080
services:
- apiVersion: v1
kind: Service
metadata:
name: envoy-als
namespace: monitoring
spec:
type: ClusterIP
ports:
- name: grpc
port: 9000
appProtocol: grpc
protocol: TCP
targetPort: 9000
endpointSlices:
- apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
name: endpointslice-envoy-als
namespace: monitoring
labels:
kubernetes.io/service-name: envoy-als
addressType: IPv4
ports:
- name: grpc
protocol: TCP
appProtocol: grpc
port: 9090
endpoints:
- addresses:
- "10.240.0.10"
conditions:
ready: true
Loading

0 comments on commit 4313fd6

Please sign in to comment.