diff --git a/api/v1alpha1/accesslogging_types.go b/api/v1alpha1/accesslogging_types.go
index edc19e97599..31eac69f122 100644
--- a/api/v1alpha1/accesslogging_types.go
+++ b/api/v1alpha1/accesslogging_types.go
@@ -37,7 +37,6 @@ type ProxyAccessLogSetting struct {
// If type is defined, the accesslog settings would apply to the relevant component (as-is).
// +kubebuilder:validation:Enum=Listener;Route
// +optional
- // +notImplementedHide
Type *ProxyAccessLogType `json:"type,omitempty"`
}
diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go
index 0c69d7b3097..fda00f06ebf 100644
--- a/internal/gatewayapi/listener.go
+++ b/internal/gatewayapi/listener.go
@@ -241,7 +241,6 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
},
}, nil
}
-
if envoyproxy.Spec.Telemetry.AccessLog.Disable {
return nil, nil
}
@@ -249,6 +248,16 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
irAccessLog := &ir.AccessLog{}
// translate the access log configuration to the IR
for i, accessLog := range envoyproxy.Spec.Telemetry.AccessLog.Settings {
+ var accessLogType *ir.ProxyAccessLogType
+ if accessLog.Type != nil {
+ switch *accessLog.Type {
+ case egv1a1.ProxyAccessLogTypeRoute:
+ accessLogType = ptr.To(ir.ProxyAccessLogTypeRoute)
+ case egv1a1.ProxyAccessLogTypeListener:
+ accessLogType = ptr.To(ir.ProxyAccessLogTypeListener)
+ }
+ }
+
var format egv1a1.ProxyAccessLogFormat
if accessLog.Format != nil {
format = *accessLog.Format
@@ -287,6 +296,7 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
Format: format.Text,
Path: sink.File.Path,
CELMatches: validExprs,
+ LogType: accessLogType,
}
irAccessLog.Text = append(irAccessLog.Text, al)
case egv1a1.ProxyAccessLogFormatTypeJSON:
@@ -299,6 +309,7 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
JSON: format.JSON,
Path: sink.File.Path,
CELMatches: validExprs,
+ LogType: accessLogType,
}
irAccessLog.JSON = append(irAccessLog.JSON, al)
}
@@ -329,6 +340,7 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
Traffic: traffic,
Type: sink.ALS.Type,
CELMatches: validExprs,
+ LogType: accessLogType,
}
if al.Type == egv1a1.ALSEnvoyProxyAccessLogTypeHTTP && sink.ALS.HTTP != nil {
@@ -339,7 +351,6 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
}
al.HTTP = http
}
-
switch format.Type {
case egv1a1.ProxyAccessLogFormatTypeJSON:
al.Attributes = format.JSON
@@ -367,6 +378,7 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
Settings: ds,
},
Traffic: traffic,
+ LogType: accessLogType,
}
if len(ds) == 0 {
@@ -391,7 +403,6 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
}
}
}
-
return irAccessLog, nil
}
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-types.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-types.in.yaml
new file mode 100644
index 00000000000..d0f8f158808
--- /dev/null
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-types.in.yaml
@@ -0,0 +1,216 @@
+envoyProxyForGatewayClass:
+ apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: EnvoyProxy
+ metadata:
+ namespace: envoy-gateway-system
+ name: test
+ spec:
+ telemetry:
+ accessLog:
+ settings:
+ - type: Route
+ format:
+ type: Text
+ text: |
+ this is a route log
+ sinks:
+ - type: File
+ file:
+ path: /dev/stdout
+ - type: ALS
+ als:
+ logName: accesslog
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ type: HTTP
+ - type: ALS
+ als:
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ type: TCP
+ - type: OpenTelemetry
+ openTelemetry:
+ host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ resources:
+ k8s.cluster.name: "cluster-1"
+ - type: Listener
+ format:
+ type: Text
+ text: |
+ this is a listener log
+ sinks:
+ - type: File
+ file:
+ path: /dev/stdout
+ - type: ALS
+ als:
+ logName: accesslog
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ type: HTTP
+ - type: ALS
+ als:
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ type: TCP
+ - type: OpenTelemetry
+ openTelemetry:
+ host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ resources:
+ k8s.cluster.name: "cluster-1"
+ - format:
+ type: Text
+ text: |
+ this is a Global log
+ sinks:
+ - type: File
+ file:
+ path: /dev/stdout
+ - type: ALS
+ als:
+ logName: accesslog
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ type: HTTP
+ - type: ALS
+ als:
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ type: TCP
+ - type: OpenTelemetry
+ openTelemetry:
+ host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ resources:
+ k8s.cluster.name: "cluster-1"
+ provider:
+ type: Kubernetes
+ kubernetes:
+ envoyService:
+ type: LoadBalancer
+ envoyDeployment:
+ replicas: 2
+ container:
+ env:
+ - name: env_a
+ value: env_a_value
+ - name: env_b
+ value: env_b_name
+ image: "envoyproxy/envoy:distroless-dev"
+ resources:
+ requests:
+ cpu: 100m
+ memory: 512Mi
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ pod:
+ annotations:
+ key1: val1
+ key2: val2
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: cloud.google.com/gke-nodepool
+ operator: In
+ values:
+ - router-node
+ tolerations:
+ - effect: NoSchedule
+ key: node-type
+ operator: Exists
+ value: "router"
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 3000
+ fsGroup: 2000
+ fsGroupChangePolicy: "OnRootMismatch"
+ volumes:
+ - name: certs
+ secret:
+ secretName: envoy-cert
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-1
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 80
+ allowedRoutes:
+ namespaces:
+ from: Same
+services:
+- apiVersion: v1
+ kind: Service
+ metadata:
+ name: envoy-als
+ namespace: monitoring
+ spec:
+ type: ClusterIP
+ ports:
+ - name: grpc
+ port: 9000
+ appProtocol: grpc
+ protocol: TCP
+ targetPort: 9000
+endpointSlices:
+- apiVersion: discovery.k8s.io/v1
+ kind: EndpointSlice
+ metadata:
+ name: endpointslice-envoy-als
+ namespace: monitoring
+ labels:
+ kubernetes.io/service-name: envoy-als
+ addressType: IPv4
+ ports:
+ - name: grpc
+ protocol: TCP
+ appProtocol: grpc
+ port: 9090
+ endpoints:
+ - addresses:
+ - "10.240.0.10"
+ conditions:
+ ready: true
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml
new file mode 100644
index 00000000000..476d6c7c1e1
--- /dev/null
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml
@@ -0,0 +1,398 @@
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ creationTimestamp: null
+ name: gateway-1
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: Same
+ name: http
+ port: 80
+ protocol: HTTP
+ status:
+ listeners:
+ - attachedRoutes: 0
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+infraIR:
+ envoy-gateway/gateway-1:
+ proxy:
+ config:
+ apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: EnvoyProxy
+ metadata:
+ creationTimestamp: null
+ name: test
+ namespace: envoy-gateway-system
+ spec:
+ logging: {}
+ provider:
+ kubernetes:
+ envoyDeployment:
+ container:
+ env:
+ - name: env_a
+ value: env_a_value
+ - name: env_b
+ value: env_b_name
+ image: envoyproxy/envoy:distroless-dev
+ resources:
+ requests:
+ cpu: 100m
+ memory: 512Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ runAsUser: 2000
+ pod:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: cloud.google.com/gke-nodepool
+ operator: In
+ values:
+ - router-node
+ annotations:
+ key1: val1
+ key2: val2
+ securityContext:
+ fsGroup: 2000
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 3000
+ runAsUser: 1000
+ tolerations:
+ - effect: NoSchedule
+ key: node-type
+ operator: Exists
+ value: router
+ volumes:
+ - name: certs
+ secret:
+ secretName: envoy-cert
+ replicas: 2
+ envoyService:
+ type: LoadBalancer
+ type: Kubernetes
+ telemetry:
+ accessLog:
+ settings:
+ - format:
+ text: |
+ this is a route log
+ type: Text
+ sinks:
+ - file:
+ path: /dev/stdout
+ type: File
+ - als:
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ logName: accesslog
+ type: HTTP
+ type: ALS
+ - als:
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ type: TCP
+ type: ALS
+ - openTelemetry:
+ host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ resources:
+ k8s.cluster.name: cluster-1
+ type: OpenTelemetry
+ type: Route
+ - format:
+ text: |
+ this is a listener log
+ type: Text
+ sinks:
+ - file:
+ path: /dev/stdout
+ type: File
+ - als:
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ logName: accesslog
+ type: HTTP
+ type: ALS
+ - als:
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ type: TCP
+ type: ALS
+ - openTelemetry:
+ host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ resources:
+ k8s.cluster.name: cluster-1
+ type: OpenTelemetry
+ type: Listener
+ - format:
+ text: |
+ this is a Global log
+ type: Text
+ sinks:
+ - file:
+ path: /dev/stdout
+ type: File
+ - als:
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ logName: accesslog
+ type: HTTP
+ type: ALS
+ - als:
+ backendRefs:
+ - name: envoy-als
+ namespace: monitoring
+ port: 9000
+ type: TCP
+ type: ALS
+ - openTelemetry:
+ host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ resources:
+ k8s.cluster.name: cluster-1
+ type: OpenTelemetry
+ status: {}
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-1/http
+ ports:
+ - containerPort: 10080
+ name: http-80
+ protocol: HTTP
+ servicePort: 80
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-1
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ name: envoy-gateway/gateway-1
+xdsIR:
+ envoy-gateway/gateway-1:
+ accessLog:
+ als:
+ - destination:
+ name: accesslog_als_0_1
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ logType: Route
+ name: accesslog
+ text: |
+ this is a route log
+ type: HTTP
+ - destination:
+ name: accesslog_als_0_2
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ logType: Route
+ name: envoy-gateway-system/test
+ text: |
+ this is a route log
+ type: TCP
+ - destination:
+ name: accesslog_als_1_1
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ logType: Listener
+ name: accesslog
+ text: |
+ this is a listener log
+ type: HTTP
+ - destination:
+ name: accesslog_als_1_2
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ logType: Listener
+ name: envoy-gateway-system/test
+ text: |
+ this is a listener log
+ type: TCP
+ - destination:
+ name: accesslog_als_2_1
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ name: accesslog
+ text: |
+ this is a Global log
+ type: HTTP
+ - destination:
+ name: accesslog_als_2_2
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ name: envoy-gateway-system/test
+ text: |
+ this is a Global log
+ type: TCP
+ openTelemetry:
+ - authority: otel-collector.monitoring.svc.cluster.local
+ destination:
+ name: accesslog_otel_0_3
+ settings:
+ - endpoints:
+ - host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ protocol: GRPC
+ weight: 1
+ logType: Route
+ resources:
+ k8s.cluster.name: cluster-1
+ text: |
+ this is a route log
+ - authority: otel-collector.monitoring.svc.cluster.local
+ destination:
+ name: accesslog_otel_1_3
+ settings:
+ - endpoints:
+ - host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ protocol: GRPC
+ weight: 1
+ logType: Listener
+ resources:
+ k8s.cluster.name: cluster-1
+ text: |
+ this is a listener log
+ - authority: otel-collector.monitoring.svc.cluster.local
+ destination:
+ name: accesslog_otel_2_3
+ settings:
+ - endpoints:
+ - host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ protocol: GRPC
+ weight: 1
+ resources:
+ k8s.cluster.name: cluster-1
+ text: |
+ this is a Global log
+ text:
+ - format: |
+ this is a route log
+ logType: Route
+ path: /dev/stdout
+ - format: |
+ this is a listener log
+ logType: Listener
+ path: /dev/stdout
+ - format: |
+ this is a Global log
+ path: /dev/stdout
+ http:
+ - address: 0.0.0.0
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-1/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
diff --git a/internal/ir/xds.go b/internal/ir/xds.go
index 9750680f387..213e504bc97 100644
--- a/internal/ir/xds.go
+++ b/internal/ir/xds.go
@@ -1733,6 +1733,13 @@ type RateLimitValue struct {
Unit RateLimitUnit `json:"unit" yaml:"unit"`
}
+type ProxyAccessLogType egv1a1.ProxyAccessLogType
+
+const (
+ ProxyAccessLogTypeRoute = ProxyAccessLogType(egv1a1.ProxyAccessLogTypeRoute)
+ ProxyAccessLogTypeListener = ProxyAccessLogType(egv1a1.ProxyAccessLogTypeListener)
+)
+
// AccessLog holds the access logging configuration.
// +k8s:deepcopy-gen=true
type AccessLog struct {
@@ -1745,17 +1752,19 @@ type AccessLog struct {
// TextAccessLog holds the configuration for text access logging.
// +k8s:deepcopy-gen=true
type TextAccessLog struct {
- CELMatches []string `json:"celMatches,omitempty" yaml:"celMatches,omitempty"`
- Format *string `json:"format,omitempty" yaml:"format,omitempty"`
- Path string `json:"path" yaml:"path"`
+ CELMatches []string `json:"celMatches,omitempty" yaml:"celMatches,omitempty"`
+ Format *string `json:"format,omitempty" yaml:"format,omitempty"`
+ Path string `json:"path" yaml:"path"`
+ LogType *ProxyAccessLogType `json:"logType,omitempty" yaml:"logType,omitempty"`
}
// JSONAccessLog holds the configuration for JSON access logging.
// +k8s:deepcopy-gen=true
type JSONAccessLog struct {
- CELMatches []string `json:"celMatches,omitempty" yaml:"celMatches,omitempty"`
- JSON map[string]string `json:"json,omitempty" yaml:"json,omitempty"`
- Path string `json:"path" yaml:"path"`
+ CELMatches []string `json:"celMatches,omitempty" yaml:"celMatches,omitempty"`
+ JSON map[string]string `json:"json,omitempty" yaml:"json,omitempty"`
+ Path string `json:"path" yaml:"path"`
+ LogType *ProxyAccessLogType `json:"logType,omitempty" yaml:"logType,omitempty"`
}
// ALSAccessLog holds the configuration for gRPC ALS access logging.
@@ -1769,6 +1778,7 @@ type ALSAccessLog struct {
Text *string `json:"text,omitempty" yaml:"text,omitempty"`
Attributes map[string]string `json:"attributes,omitempty" yaml:"attributes,omitempty"`
HTTP *ALSAccessLogHTTP `json:"http,omitempty" yaml:"http,omitempty"`
+ LogType *ProxyAccessLogType `json:"logType,omitempty" yaml:"logType,omitempty"`
}
// ALSAccessLogHTTP holds the configuration for HTTP ALS access logging.
@@ -1782,13 +1792,14 @@ type ALSAccessLogHTTP struct {
// OpenTelemetryAccessLog holds the configuration for OpenTelemetry access logging.
// +k8s:deepcopy-gen=true
type OpenTelemetryAccessLog struct {
- CELMatches []string `json:"celMatches,omitempty" yaml:"celMatches,omitempty"`
- Authority string `json:"authority,omitempty" yaml:"authority,omitempty"`
- Text *string `json:"text,omitempty" yaml:"text,omitempty"`
- Attributes map[string]string `json:"attributes,omitempty" yaml:"attributes,omitempty"`
- Resources map[string]string `json:"resources,omitempty" yaml:"resources,omitempty"`
- Destination RouteDestination `json:"destination,omitempty" yaml:"destination,omitempty"`
- Traffic *TrafficFeatures `json:"traffic,omitempty" yaml:"traffic,omitempty"`
+ CELMatches []string `json:"celMatches,omitempty" yaml:"celMatches,omitempty"`
+ Authority string `json:"authority,omitempty" yaml:"authority,omitempty"`
+ Text *string `json:"text,omitempty" yaml:"text,omitempty"`
+ Attributes map[string]string `json:"attributes,omitempty" yaml:"attributes,omitempty"`
+ Resources map[string]string `json:"resources,omitempty" yaml:"resources,omitempty"`
+ Destination RouteDestination `json:"destination,omitempty" yaml:"destination,omitempty"`
+ Traffic *TrafficFeatures `json:"traffic,omitempty" yaml:"traffic,omitempty"`
+ LogType *ProxyAccessLogType `json:"logType,omitempty" yaml:"logType,omitempty"`
}
// EnvoyPatchPolicy defines the intermediate representation of the EnvoyPatchPolicy resource.
diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go
index 5afb29d12ce..0d66e7de901 100644
--- a/internal/ir/zz_generated.deepcopy.go
+++ b/internal/ir/zz_generated.deepcopy.go
@@ -47,6 +47,11 @@ func (in *ALSAccessLog) DeepCopyInto(out *ALSAccessLog) {
*out = new(ALSAccessLogHTTP)
(*in).DeepCopyInto(*out)
}
+ if in.LogType != nil {
+ in, out := &in.LogType, &out.LogType
+ *out = new(ProxyAccessLogType)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ALSAccessLog.
@@ -1690,6 +1695,11 @@ func (in *JSONAccessLog) DeepCopyInto(out *JSONAccessLog) {
(*out)[key] = val
}
}
+ if in.LogType != nil {
+ in, out := &in.LogType, &out.LogType
+ *out = new(ProxyAccessLogType)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONAccessLog.
@@ -1976,6 +1986,11 @@ func (in *OpenTelemetryAccessLog) DeepCopyInto(out *OpenTelemetryAccessLog) {
*out = new(TrafficFeatures)
(*in).DeepCopyInto(*out)
}
+ if in.LogType != nil {
+ in, out := &in.LogType, &out.LogType
+ *out = new(ProxyAccessLogType)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenTelemetryAccessLog.
@@ -2980,6 +2995,11 @@ func (in *TextAccessLog) DeepCopyInto(out *TextAccessLog) {
*out = new(string)
**out = **in
}
+ if in.LogType != nil {
+ in, out := &in.LogType, &out.LogType
+ *out = new(ProxyAccessLogType)
+ **out = **in
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextAccessLog.
diff --git a/internal/xds/translator/accesslog.go b/internal/xds/translator/accesslog.go
index 8acb6e4b005..6660ba8fab6 100644
--- a/internal/xds/translator/accesslog.go
+++ b/internal/xds/translator/accesslog.go
@@ -90,15 +90,24 @@ var (
}
)
-func buildXdsAccessLog(al *ir.AccessLog, forListener bool) []*accesslog.AccessLog {
+func buildXdsAccessLog(al *ir.AccessLog, accessLogType ir.ProxyAccessLogType) []*accesslog.AccessLog {
if al == nil {
return nil
}
totalLen := len(al.Text) + len(al.JSON) + len(al.OpenTelemetry)
accessLogs := make([]*accesslog.AccessLog, 0, totalLen)
+
// handle text file access logs
for _, text := range al.Text {
+ // Filter out logs that are not Global or match the desired access log type
+ if !(text.LogType == nil || *text.LogType == accessLogType) {
+ continue
+ }
+
+ // NR is only added to listener logs originating from a global log configuration
+ defaultLogTypeForListener := accessLogType == ir.ProxyAccessLogTypeListener && text.LogType == nil
+
filelog := &fileaccesslog.FileAccessLog{
Path: text.Path,
}
@@ -131,11 +140,19 @@ func buildXdsAccessLog(al *ir.AccessLog, forListener bool) []*accesslog.AccessLo
ConfigType: &accesslog.AccessLog_TypedConfig{
TypedConfig: accesslogAny,
},
- Filter: buildAccessLogFilter(text.CELMatches, forListener),
+ Filter: buildAccessLogFilter(text.CELMatches, defaultLogTypeForListener),
})
}
// handle json file access logs
for _, json := range al.JSON {
+ // Filter out logs that are not Global or match the desired access log type
+ if !(json.LogType == nil || *json.LogType == accessLogType) {
+ continue
+ }
+
+ // NR is only added to listener logs originating from a global log configuration
+ defaultLogTypeForListener := accessLogType == ir.ProxyAccessLogTypeListener && json.LogType == nil
+
jsonFormat := &structpb.Struct{
Fields: make(map[string]*structpb.Value, len(json.JSON)),
}
@@ -174,11 +191,19 @@ func buildXdsAccessLog(al *ir.AccessLog, forListener bool) []*accesslog.AccessLo
ConfigType: &accesslog.AccessLog_TypedConfig{
TypedConfig: accesslogAny,
},
- Filter: buildAccessLogFilter(json.CELMatches, forListener),
+ Filter: buildAccessLogFilter(json.CELMatches, defaultLogTypeForListener),
})
}
// handle ALS access logs
for _, als := range al.ALS {
+ // Filter out logs that are not Global or match the desired access log type
+ if !(als.LogType == nil || *als.LogType == accessLogType) {
+ continue
+ }
+
+ // NR is only added to listener logs originating from a global log configuration
+ defaultLogTypeForListener := accessLogType == ir.ProxyAccessLogTypeListener && als.LogType == nil
+
cc := &grpcaccesslog.CommonGrpcAccessLogConfig{
LogName: als.LogName,
GrpcService: &cfgcore.GrpcService{
@@ -209,7 +234,7 @@ func buildXdsAccessLog(al *ir.AccessLog, forListener bool) []*accesslog.AccessLo
ConfigType: &accesslog.AccessLog_TypedConfig{
TypedConfig: accesslogAny,
},
- Filter: buildAccessLogFilter(als.CELMatches, forListener),
+ Filter: buildAccessLogFilter(als.CELMatches, defaultLogTypeForListener),
})
case egv1a1.ALSEnvoyProxyAccessLogTypeTCP:
alCfg := &grpcaccesslog.TcpGrpcAccessLogConfig{
@@ -222,12 +247,20 @@ func buildXdsAccessLog(al *ir.AccessLog, forListener bool) []*accesslog.AccessLo
ConfigType: &accesslog.AccessLog_TypedConfig{
TypedConfig: accesslogAny,
},
- Filter: buildAccessLogFilter(als.CELMatches, forListener),
+ Filter: buildAccessLogFilter(als.CELMatches, defaultLogTypeForListener),
})
}
}
// handle open telemetry access logs
for _, otel := range al.OpenTelemetry {
+ // Filter out logs that are not Global or match the desired access log type
+ if !(otel.LogType == nil || *otel.LogType == accessLogType) {
+ continue
+ }
+
+ // NR is only added to listener logs originating from a global log configuration
+ defaultLogTypeForListener := accessLogType == ir.ProxyAccessLogTypeListener && otel.LogType == nil
+
al := &otelaccesslog.OpenTelemetryAccessLogConfig{
CommonConfig: &grpcaccesslog.CommonGrpcAccessLogConfig{
LogName: otelLogName,
@@ -270,7 +303,7 @@ func buildXdsAccessLog(al *ir.AccessLog, forListener bool) []*accesslog.AccessLo
ConfigType: &accesslog.AccessLog_TypedConfig{
TypedConfig: accesslogAny,
},
- Filter: buildAccessLogFilter(otel.CELMatches, forListener),
+ Filter: buildAccessLogFilter(otel.CELMatches, defaultLogTypeForListener),
})
}
@@ -292,13 +325,13 @@ func celAccessLogFilter(expr string) *accesslog.AccessLogFilter {
}
}
-func buildAccessLogFilter(exprs []string, forListener bool) *accesslog.AccessLogFilter {
+func buildAccessLogFilter(exprs []string, withNoRouteMatchFilter bool) *accesslog.AccessLogFilter {
// add filter for access logs
var filters []*accesslog.AccessLogFilter
for _, expr := range exprs {
filters = append(filters, celAccessLogFilter(expr))
}
- if forListener {
+ if withNoRouteMatchFilter {
filters = append(filters, listenerAccessLogFilter)
}
diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go
index 98f7c28e372..9cc8e61f6ed 100644
--- a/internal/xds/translator/listener.go
+++ b/internal/xds/translator/listener.go
@@ -151,7 +151,7 @@ func originalIPDetectionExtensions(clientIPDetection *ir.ClientIPDetectionSettin
// TODO: Improve function parameters
func buildXdsTCPListener(name, address string, port uint32, keepalive *ir.TCPKeepalive, connection *ir.ClientConnection, accesslog *ir.AccessLog) *listenerv3.Listener {
socketOptions := buildTCPSocketOptions(keepalive)
- al := buildXdsAccessLog(accesslog, true)
+ al := buildXdsAccessLog(accesslog, ir.ProxyAccessLogTypeListener)
bufferLimitBytes := buildPerConnectionBufferLimitBytes(connection)
return &listenerv3.Listener{
Name: name,
@@ -183,7 +183,7 @@ func buildPerConnectionBufferLimitBytes(connection *ir.ClientConnection) *wrappe
func buildXdsQuicListener(name, address string, port uint32, accesslog *ir.AccessLog) *listenerv3.Listener {
xdsListener := &listenerv3.Listener{
Name: name + "-quic",
- AccessLog: buildXdsAccessLog(accesslog, true),
+ AccessLog: buildXdsAccessLog(accesslog, ir.ProxyAccessLogTypeListener),
Address: &corev3.Address{
Address: &corev3.Address_SocketAddress{
SocketAddress: &corev3.SocketAddress{
@@ -220,7 +220,7 @@ func buildXdsQuicListener(name, address string, port uint32, accesslog *ir.Acces
func (t *Translator) addHCMToXDSListener(xdsListener *listenerv3.Listener, irListener *ir.HTTPListener,
accesslog *ir.AccessLog, tracing *ir.Tracing, http3Listener bool, connection *ir.ClientConnection,
) error {
- al := buildXdsAccessLog(accesslog, false)
+ al := buildXdsAccessLog(accesslog, ir.ProxyAccessLogTypeRoute)
hcmTracing, err := buildHCMTracing(tracing)
if err != nil {
@@ -494,7 +494,7 @@ func addXdsTCPFilterChain(xdsListener *listenerv3.Listener, irRoute *ir.TCPRoute
statPrefix = strings.Join([]string{statPrefix, strconv.Itoa(int(xdsListener.Address.GetSocketAddress().GetPortValue()))}, "-")
mgr := &tcpv3.TcpProxy{
- AccessLog: buildXdsAccessLog(accesslog, false),
+ AccessLog: buildXdsAccessLog(accesslog, ir.ProxyAccessLogTypeRoute),
StatPrefix: statPrefix,
ClusterSpecifier: &tcpv3.TcpProxy_Cluster{
Cluster: clusterName,
@@ -773,7 +773,7 @@ func buildXdsUDPListener(clusterName string, udpListener *ir.UDPListener, access
udpProxy := &udpv3.UdpProxyConfig{
StatPrefix: statPrefix,
- AccessLog: buildXdsAccessLog(accesslog, false),
+ AccessLog: buildXdsAccessLog(accesslog, ir.ProxyAccessLogTypeRoute),
RouteSpecifier: &udpv3.UdpProxyConfig_Matcher{
Matcher: &matcher.Matcher{
OnNoMatch: &matcher.Matcher_OnMatch{
@@ -794,7 +794,7 @@ func buildXdsUDPListener(clusterName string, udpListener *ir.UDPListener, access
xdsListener := &listenerv3.Listener{
Name: udpListener.Name,
- AccessLog: buildXdsAccessLog(accesslog, true),
+ AccessLog: buildXdsAccessLog(accesslog, ir.ProxyAccessLogTypeListener),
Address: &corev3.Address{
Address: &corev3.Address_SocketAddress{
SocketAddress: &corev3.SocketAddress{
diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-types.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-types.yaml
new file mode 100644
index 00000000000..9bdf8d80c68
--- /dev/null
+++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-types.yaml
@@ -0,0 +1,168 @@
+accessLog:
+ als:
+ - destination:
+ name: accesslog_als_0_1
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ logType: Route
+ name: accesslog
+ text: |
+ this is a route log
+ type: HTTP
+ - destination:
+ name: accesslog_als_0_2
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ logType: Route
+ name: envoy-gateway-system/test
+ text: |
+ this is a route log
+ type: TCP
+ - destination:
+ name: accesslog_als_1_1
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ logType: Listener
+ name: accesslog
+ text: |
+ this is a listener log
+ type: HTTP
+ - destination:
+ name: accesslog_als_1_2
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ logType: Listener
+ name: envoy-gateway-system/test
+ text: |
+ this is a listener log
+ type: TCP
+ - destination:
+ name: accesslog_als_2_1
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ http:
+ requestHeaders:
+ - x-client-ip-address
+ responseHeaders:
+ - cache-control
+ responseTrailers:
+ - expires
+ name: accesslog
+ text: |
+ this is a Global log
+ type: HTTP
+ - destination:
+ name: accesslog_als_2_2
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 10.240.0.10
+ port: 9090
+ protocol: GRPC
+ name: envoy-gateway-system/test
+ text: |
+ this is a Global log
+ type: TCP
+ openTelemetry:
+ - authority: otel-collector.monitoring.svc.cluster.local
+ destination:
+ name: accesslog_otel_0_3
+ settings:
+ - endpoints:
+ - host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ protocol: GRPC
+ weight: 1
+ logType: Route
+ resources:
+ k8s.cluster.name: cluster-1
+ text: |
+ this is a route log
+ - authority: otel-collector.monitoring.svc.cluster.local
+ destination:
+ name: accesslog_otel_1_3
+ settings:
+ - endpoints:
+ - host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ protocol: GRPC
+ weight: 1
+ logType: Listener
+ resources:
+ k8s.cluster.name: cluster-1
+ text: |
+ this is a listener log
+ - authority: otel-collector.monitoring.svc.cluster.local
+ destination:
+ name: accesslog_otel_2_3
+ settings:
+ - endpoints:
+ - host: otel-collector.monitoring.svc.cluster.local
+ port: 4317
+ protocol: GRPC
+ weight: 1
+ resources:
+ k8s.cluster.name: cluster-1
+ text: |
+ this is a Global log
+ text:
+ - format: |
+ this is a route log
+ logType: Route
+ path: /dev/stdout
+ - format: |
+ this is a listener log
+ logType: Listener
+ path: /dev/stdout
+ - format: |
+ this is a Global log
+ path: /dev/stdout
+http:
+ - address: 0.0.0.0
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-1/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml
new file mode 100644
index 00000000000..71e001f31cd
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml
@@ -0,0 +1,246 @@
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: accesslog_als_0_1
+ lbPolicy: LEAST_REQUEST
+ name: accesslog_als_0_1
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: accesslog_als_0_2
+ lbPolicy: LEAST_REQUEST
+ name: accesslog_als_0_2
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: accesslog_als_1_1
+ lbPolicy: LEAST_REQUEST
+ name: accesslog_als_1_1
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: accesslog_als_1_2
+ lbPolicy: LEAST_REQUEST
+ name: accesslog_als_1_2
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: accesslog_als_2_1
+ lbPolicy: LEAST_REQUEST
+ name: accesslog_als_2_1
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: accesslog_als_2_2
+ lbPolicy: LEAST_REQUEST
+ name: accesslog_als_2_2
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ dnsRefreshRate: 30s
+ lbPolicy: LEAST_REQUEST
+ loadAssignment:
+ clusterName: accesslog_otel_0_3
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: otel-collector.monitoring.svc.cluster.local
+ portValue: 4317
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: accesslog_otel_0_3/backend/0
+ name: accesslog_otel_0_3
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ respectDnsTtl: true
+ type: STRICT_DNS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ dnsRefreshRate: 30s
+ lbPolicy: LEAST_REQUEST
+ loadAssignment:
+ clusterName: accesslog_otel_1_3
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: otel-collector.monitoring.svc.cluster.local
+ portValue: 4317
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: accesslog_otel_1_3/backend/0
+ name: accesslog_otel_1_3
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ respectDnsTtl: true
+ type: STRICT_DNS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsLookupFamily: V4_ONLY
+ dnsRefreshRate: 30s
+ lbPolicy: LEAST_REQUEST
+ loadAssignment:
+ clusterName: accesslog_otel_2_3
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: otel-collector.monitoring.svc.cluster.local
+ portValue: 4317
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: accesslog_otel_2_3/backend/0
+ name: accesslog_otel_2_3
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ respectDnsTtl: true
+ type: STRICT_DNS
+ typedExtensionProtocolOptions:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ explicitHttpConfig:
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.endpoints.yaml
new file mode 100644
index 00000000000..ab4ecca1750
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.endpoints.yaml
@@ -0,0 +1,72 @@
+- clusterName: accesslog_als_0_1
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 10.240.0.10
+ portValue: 9090
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: accesslog_als_0_1/backend/0
+- clusterName: accesslog_als_0_2
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 10.240.0.10
+ portValue: 9090
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: accesslog_als_0_2/backend/0
+- clusterName: accesslog_als_1_1
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 10.240.0.10
+ portValue: 9090
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: accesslog_als_1_1/backend/0
+- clusterName: accesslog_als_1_2
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 10.240.0.10
+ portValue: 9090
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: accesslog_als_1_2/backend/0
+- clusterName: accesslog_als_2_1
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 10.240.0.10
+ portValue: 9090
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: accesslog_als_2_1/backend/0
+- clusterName: accesslog_als_2_2
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 10.240.0.10
+ portValue: 9090
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: accesslog_als_2_2/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml
new file mode 100644
index 00000000000..727da18e09b
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml
@@ -0,0 +1,284 @@
+- accessLog:
+ - name: envoy.access_loggers.file
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ logFormat:
+ textFormatSource:
+ inlineString: |
+ this is a listener log
+ path: /dev/stdout
+ - filter:
+ responseFlagFilter:
+ flags:
+ - NR
+ name: envoy.access_loggers.file
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ logFormat:
+ textFormatSource:
+ inlineString: |
+ this is a Global log
+ path: /dev/stdout
+ - name: envoy.access_loggers.http_grpc
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig
+ additionalRequestHeadersToLog:
+ - x-client-ip-address
+ additionalResponseHeadersToLog:
+ - cache-control
+ additionalResponseTrailersToLog:
+ - expires
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ clusterName: accesslog_als_1_1
+ logName: accesslog
+ transportApiVersion: V3
+ - name: envoy.access_loggers.tcp_grpc
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ clusterName: accesslog_als_1_2
+ logName: envoy-gateway-system/test
+ transportApiVersion: V3
+ - filter:
+ responseFlagFilter:
+ flags:
+ - NR
+ name: envoy.access_loggers.http_grpc
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig
+ additionalRequestHeadersToLog:
+ - x-client-ip-address
+ additionalResponseHeadersToLog:
+ - cache-control
+ additionalResponseTrailersToLog:
+ - expires
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ clusterName: accesslog_als_2_1
+ logName: accesslog
+ transportApiVersion: V3
+ - filter:
+ responseFlagFilter:
+ flags:
+ - NR
+ name: envoy.access_loggers.tcp_grpc
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ clusterName: accesslog_als_2_2
+ logName: envoy-gateway-system/test
+ transportApiVersion: V3
+ - name: envoy.access_loggers.open_telemetry
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig
+ attributes:
+ values:
+ - key: k8s.namespace.name
+ value:
+ stringValue: '%ENVIRONMENT(ENVOY_GATEWAY_NAMESPACE)%'
+ - key: k8s.pod.name
+ value:
+ stringValue: '%ENVIRONMENT(ENVOY_POD_NAME)%'
+ body:
+ stringValue: |
+ this is a listener log
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ authority: otel-collector.monitoring.svc.cluster.local
+ clusterName: accesslog_otel_1_3
+ logName: otel_envoy_accesslog
+ transportApiVersion: V3
+ resourceAttributes:
+ values:
+ - key: k8s.cluster.name
+ value:
+ stringValue: cluster-1
+ - filter:
+ responseFlagFilter:
+ flags:
+ - NR
+ name: envoy.access_loggers.open_telemetry
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig
+ attributes:
+ values:
+ - key: k8s.namespace.name
+ value:
+ stringValue: '%ENVIRONMENT(ENVOY_GATEWAY_NAMESPACE)%'
+ - key: k8s.pod.name
+ value:
+ stringValue: '%ENVIRONMENT(ENVOY_POD_NAME)%'
+ body:
+ stringValue: |
+ this is a Global log
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ authority: otel-collector.monitoring.svc.cluster.local
+ clusterName: accesslog_otel_2_3
+ logName: otel_envoy_accesslog
+ transportApiVersion: V3
+ resourceAttributes:
+ values:
+ - key: k8s.cluster.name
+ value:
+ stringValue: cluster-1
+ address:
+ socketAddress:
+ address: 0.0.0.0
+ portValue: 10080
+ defaultFilterChain:
+ filters:
+ - name: envoy.filters.network.http_connection_manager
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ accessLog:
+ - name: envoy.access_loggers.file
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ logFormat:
+ textFormatSource:
+ inlineString: |
+ this is a route log
+ path: /dev/stdout
+ - name: envoy.access_loggers.file
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ logFormat:
+ textFormatSource:
+ inlineString: |
+ this is a Global log
+ path: /dev/stdout
+ - name: envoy.access_loggers.http_grpc
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig
+ additionalRequestHeadersToLog:
+ - x-client-ip-address
+ additionalResponseHeadersToLog:
+ - cache-control
+ additionalResponseTrailersToLog:
+ - expires
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ clusterName: accesslog_als_0_1
+ logName: accesslog
+ transportApiVersion: V3
+ - name: envoy.access_loggers.tcp_grpc
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ clusterName: accesslog_als_0_2
+ logName: envoy-gateway-system/test
+ transportApiVersion: V3
+ - name: envoy.access_loggers.http_grpc
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig
+ additionalRequestHeadersToLog:
+ - x-client-ip-address
+ additionalResponseHeadersToLog:
+ - cache-control
+ additionalResponseTrailersToLog:
+ - expires
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ clusterName: accesslog_als_2_1
+ logName: accesslog
+ transportApiVersion: V3
+ - name: envoy.access_loggers.tcp_grpc
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ clusterName: accesslog_als_2_2
+ logName: envoy-gateway-system/test
+ transportApiVersion: V3
+ - name: envoy.access_loggers.open_telemetry
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig
+ attributes:
+ values:
+ - key: k8s.namespace.name
+ value:
+ stringValue: '%ENVIRONMENT(ENVOY_GATEWAY_NAMESPACE)%'
+ - key: k8s.pod.name
+ value:
+ stringValue: '%ENVIRONMENT(ENVOY_POD_NAME)%'
+ body:
+ stringValue: |
+ this is a route log
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ authority: otel-collector.monitoring.svc.cluster.local
+ clusterName: accesslog_otel_0_3
+ logName: otel_envoy_accesslog
+ transportApiVersion: V3
+ resourceAttributes:
+ values:
+ - key: k8s.cluster.name
+ value:
+ stringValue: cluster-1
+ - name: envoy.access_loggers.open_telemetry
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig
+ attributes:
+ values:
+ - key: k8s.namespace.name
+ value:
+ stringValue: '%ENVIRONMENT(ENVOY_GATEWAY_NAMESPACE)%'
+ - key: k8s.pod.name
+ value:
+ stringValue: '%ENVIRONMENT(ENVOY_POD_NAME)%'
+ body:
+ stringValue: |
+ this is a Global log
+ commonConfig:
+ grpcService:
+ envoyGrpc:
+ authority: otel-collector.monitoring.svc.cluster.local
+ clusterName: accesslog_otel_2_3
+ logName: otel_envoy_accesslog
+ transportApiVersion: V3
+ resourceAttributes:
+ values:
+ - key: k8s.cluster.name
+ value:
+ stringValue: cluster-1
+ commonHttpProtocolOptions:
+ headersWithUnderscoresAction: REJECT_REQUEST
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+ maxConcurrentStreams: 100
+ httpFilters:
+ - name: envoy.filters.http.router
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ suppressEnvoyHeaders: true
+ mergeSlashes: true
+ normalizePath: true
+ pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT
+ rds:
+ configSource:
+ ads: {}
+ resourceApiVersion: V3
+ routeConfigName: envoy-gateway/gateway-1/http
+ serverHeaderTransformation: PASS_THROUGH
+ statPrefix: http-10080
+ useRemoteAddress: true
+ name: envoy-gateway/gateway-1/http
+ name: envoy-gateway/gateway-1/http
+ perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.routes.yaml
new file mode 100644
index 00000000000..d6d65856b58
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.routes.yaml
@@ -0,0 +1,2 @@
+- ignorePortInHostMatching: true
+ name: envoy-gateway/gateway-1/http
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 193e698722c..1b52bb566a4 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -2965,6 +2965,7 @@ _Appears in:_
| `format` | _[ProxyAccessLogFormat](#proxyaccesslogformat)_ | false | Format defines the format of accesslog.
This will be ignored if sink type is ALS. |
| `matches` | _string array_ | true | Matches defines the match conditions for accesslog in CEL expression.
An accesslog will be emitted only when one or more match conditions are evaluated to true.
Invalid [CEL](https://www.envoyproxy.io/docs/envoy/latest/xds/type/v3/cel.proto.html#common-expression-language-cel-proto) expressions will be ignored. |
| `sinks` | _[ProxyAccessLogSink](#proxyaccesslogsink) array_ | true | Sinks defines the sinks of accesslog. |
+| `type` | _[ProxyAccessLogType](#proxyaccesslogtype)_ | false | Type defines the component emitting the accesslog, such as Listener and Route.
If type not defined, the setting would apply to:
(1) All Routes.
(2) Listeners if and only if Envoy does not find a matching route for a request.
If type is defined, the accesslog settings would apply to the relevant component (as-is). |
#### ProxyAccessLogSink
diff --git a/site/content/en/latest/tasks/observability/proxy-accesslog.md b/site/content/en/latest/tasks/observability/proxy-accesslog.md
index fb0200f1739..5253e4d9bf9 100644
--- a/site/content/en/latest/tasks/observability/proxy-accesslog.md
+++ b/site/content/en/latest/tasks/observability/proxy-accesslog.md
@@ -249,3 +249,49 @@ Envoy Gateway provides additional metadata about the K8s resources that were tra
For example, details about the `HTTPRoute` and `GRPCRoute` (kind, group, name, namespace and annotations) are available
for access log formatter using the `METADATA` operator. To enrich logs, users can add log operator such as:
`%METADATA(ROUTE:envoy-gateway:resources)%` to their access log format.
+
+## Access Log Types
+
+Envoy Gateway supports configuration of different access log settings for Routes and Listeners. By default, Access Logs
+settings would be used by Routes and Listener (when no route is matched). Users that wish to define different Access Log
+settings for Listeners and Routes can use the Access Log Type field.
+
+For example, you can emit logs about connections and transport
+
+```shell
+kubectl apply -f - <This will be ignored if sink type is ALS. |
| `matches` | _string array_ | true | Matches defines the match conditions for accesslog in CEL expression.
An accesslog will be emitted only when one or more match conditions are evaluated to true.
Invalid [CEL](https://www.envoyproxy.io/docs/envoy/latest/xds/type/v3/cel.proto.html#common-expression-language-cel-proto) expressions will be ignored. |
| `sinks` | _[ProxyAccessLogSink](#proxyaccesslogsink) array_ | true | Sinks defines the sinks of accesslog. |
+| `type` | _[ProxyAccessLogType](#proxyaccesslogtype)_ | false | Type defines the component emitting the accesslog, such as Listener and Route.
If type not defined, the setting would apply to:
(1) All Routes.
(2) Listeners if and only if Envoy does not find a matching route for a request.
If type is defined, the accesslog settings would apply to the relevant component (as-is). |
#### ProxyAccessLogSink
diff --git a/test/config/gatewayclass.yaml b/test/config/gatewayclass.yaml
index fa07a159305..6e8acf3d0f8 100644
--- a/test/config/gatewayclass.yaml
+++ b/test/config/gatewayclass.yaml
@@ -68,6 +68,15 @@ spec:
namespace: monitoring
port: 8080
type: HTTP
+ - type: Listener
+ format:
+ type: Text
+ text: |
+ LISTENER ACCESS LOG %UPSTREAM_PROTOCOL% %RESPONSE_CODE%
+ sinks:
+ - type: File
+ file:
+ path: /dev/stdout
tracing:
provider:
backendRefs:
diff --git a/test/e2e/tests/accesslog.go b/test/e2e/tests/accesslog.go
index 4d7fbd11844..e95724ddde2 100644
--- a/test/e2e/tests/accesslog.go
+++ b/test/e2e/tests/accesslog.go
@@ -82,6 +82,38 @@ var FileAccessLogTest = suite.ConformanceTest{
runLogTest(t, suite, gwAddr, expectedResponse, labels, match, 0)
})
+
+ t.Run("Listener Logs", func(t *testing.T) {
+ // Ensure that Listener is emitting the log: protocol and response code should be
+ // empty in listener logs as they are upstream L7 attributes
+ expectedMatch := "LISTENER ACCESS LOG - 0"
+ ns := "gateway-conformance-infra"
+ routeNN := types.NamespacedName{Name: "accesslog-file", Namespace: ns}
+ gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns}
+ gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
+
+ expectedResponse := httputils.ExpectedResponse{
+ Request: httputils.Request{
+ Path: "/file",
+ Headers: map[string]string{
+ "connection": "close",
+ },
+ },
+ ExpectedRequest: &httputils.ExpectedRequest{
+ Request: httputils.Request{
+ Path: "/file",
+ },
+ },
+ Response: httputils.Response{
+ StatusCode: 200,
+ },
+ Namespace: ns,
+ }
+ // make sure listener is ready
+ httputils.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse)
+
+ runLogTest(t, suite, gwAddr, expectedResponse, labels, expectedMatch, 0)
+ })
},
}