From 3890e6e9d9e62d726b47c5d819f364a2161884ef Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Tue, 15 Nov 2022 17:41:06 +0100 Subject: [PATCH 01/57] Add README documentation about syncSecrets Signed-off-by: Laurent Marchaud --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 3d617ae..c2e659d 100644 --- a/README.md +++ b/README.md @@ -111,12 +111,21 @@ spec: servicePort: 80 ``` +## Dynamic TLS certificates synchronization from Kubernetes secrets + +Downstream TLS certificates can be dynamically fetched and updated from Kubernetes secrets configured under ingresses' `spec.tls` by setting `syncSecrets` true in Yggdrasil configuration (false by default). + +In this mode, only a single `certificate` may be specified in Yggdrasil configuration. It will be used for hosts with misconfigured or invalid secret. + +**Note**: ECDSA >256 keys are not supported by envoy and will be discarded. See https://github.com/envoyproxy/envoy/issues/10855 + ## Configuration Yggdrasil can be configured using a config file e.g: ```json { "nodeName": "foo", "ingressClasses": ["multi-cluster", "multi-cluster-staging"], + "syncSecrets": false, "certificates": [ { "hosts": ["*.api.com"], @@ -185,6 +194,7 @@ The Yggdrasil-specific metrics which are available from the API are: --kube-config stringArray Path to kube config --max-ejection-percentage int32 maximal percentage of hosts ejected via outlier detection. Set to >=0 to activate outlier detection in envoy. (default -1) --node-name string envoy node name +-- --upstream-healthcheck-healthy uint32 number of successful healthchecks before the backend is considered healthy (default 3) --upstream-healthcheck-interval duration duration of the upstream health check interval (default 10s) --upstream-healthcheck-timeout duration timeout of the upstream healthchecks (default 5s) From 5a44174f3ea3d6863a2b32168b796bdaaa51449c Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Tue, 15 Nov 2022 18:09:44 +0100 Subject: [PATCH 02/57] Fix README typo Signed-off-by: Laurent Marchaud --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 434c40e..4d9164c 100644 --- a/README.md +++ b/README.md @@ -200,7 +200,6 @@ The Yggdrasil-specific metrics which are available from the API are: --kube-config stringArray Path to kube config --max-ejection-percentage int32 maximal percentage of hosts ejected via outlier detection. Set to >=0 to activate outlier detection in envoy. (default -1) --node-name string envoy node name --- --upstream-healthcheck-healthy uint32 number of successful healthchecks before the backend is considered healthy (default 3) --upstream-healthcheck-interval duration duration of the upstream health check interval (default 10s) --upstream-healthcheck-timeout duration timeout of the upstream healthchecks (default 5s) From c806f9449cc2acbc4fa339f3f877d0811cfb1c99 Mon Sep 17 00:00:00 2001 From: DewaldV Date: Tue, 22 Nov 2022 15:18:04 +0000 Subject: [PATCH 03/57] AIRSHIP-2080 Add PackAsBytes option to ExtAuthz filter --- .tool-versions | 1 + README.md | 5 +++-- cmd/root.go | 2 ++ pkg/envoy/boilerplate.go | 1 + pkg/envoy/configurator.go | 1 + 5 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 .tool-versions diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 0000000..c70536b --- /dev/null +++ b/.tool-versions @@ -0,0 +1 @@ +golang 1.17.13 diff --git a/README.md b/README.md index 3c0f02e..8039975 100644 --- a/README.md +++ b/README.md @@ -173,13 +173,13 @@ The Yggdrasil-specific metrics which are available from the API are: --envoy-listener-ipv4-address string IPv4 address by the envoy proxy to accept incoming connections (default "0.0.0.0") --envoy-port uint32 port by the envoy proxy to accept incoming connections (default 10000) --health-address string yggdrasil health API listen address (default "0.0.0.0:8081") ---help help for yggdrasil +-h, --help help for yggdrasil --host-selection-retry-attempts int Number of host selection retry attempts. Set to value >=0 to enable (default -1) ---retry-on Default comma-separated list of retry policies (default 5xx) --http-ext-authz-allow-partial-message When this field is true, Envoy will buffer the message until max_request_bytes is reached (default true) --http-ext-authz-cluster string The name of the upstream gRPC cluster --http-ext-authz-failure-mode-allow Changes filters behaviour on errors (default true) --http-ext-authz-max-request-bytes uint32 Sets the maximum size of a message body that the filter will hold in memory (default 8192) +--http-ext-authz-pack-as-bytes When this field is true, Envoy will send the body as raw bytes. (default true) --http-ext-authz-timeout duration The timeout for the gRPC request. This is the timeout for a specific request. (default 200ms) --http-grpc-logger-cluster string The name of the upstream gRPC cluster --http-grpc-logger-name string Name of the access log @@ -191,6 +191,7 @@ The Yggdrasil-specific metrics which are available from the API are: --kube-config stringArray Path to kube config --max-ejection-percentage int32 maximal percentage of hosts ejected via outlier detection. Set to >=0 to activate outlier detection in envoy. (default -1) --node-name string envoy node name +--retry-on string default comma-separated list of retry policies (default "5xx") --upstream-healthcheck-healthy uint32 number of successful healthchecks before the backend is considered healthy (default 3) --upstream-healthcheck-interval duration duration of the upstream health check interval (default 10s) --upstream-healthcheck-timeout duration timeout of the upstream healthchecks (default 5s) diff --git a/cmd/root.go b/cmd/root.go index a4ef029..7b1c8e0 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -102,6 +102,7 @@ func init() { rootCmd.PersistentFlags().Duration("http-ext-authz-timeout", 200*time.Millisecond, "The timeout for the gRPC request. This is the timeout for a specific request.") rootCmd.PersistentFlags().Uint32("http-ext-authz-max-request-bytes", 8192, "Sets the maximum size of a message body that the filter will hold in memory") rootCmd.PersistentFlags().Bool("http-ext-authz-allow-partial-message", true, "When this field is true, Envoy will buffer the message until max_request_bytes is reached") + rootCmd.PersistentFlags().Bool("http-ext-authz-pack-as-bytes", true, "When this field is true, Envoy will send the body as raw bytes.") rootCmd.PersistentFlags().Bool("http-ext-authz-failure-mode-allow", true, "Changes filters behaviour on errors") viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug")) viper.BindPFlag("address", rootCmd.PersistentFlags().Lookup("address")) @@ -131,6 +132,7 @@ func init() { viper.BindPFlag("httpExtAuthz.timeout", rootCmd.PersistentFlags().Lookup("http-ext-authz-timeout")) viper.BindPFlag("httpExtAuthz.maxRequestBytes", rootCmd.PersistentFlags().Lookup("http-ext-authz-max-request-bytes")) viper.BindPFlag("httpExtAuthz.allowPartialMessage", rootCmd.PersistentFlags().Lookup("http-ext-authz-allow-partial-message")) + viper.BindPFlag("httpExtAuthz.packAsBytes", rootCmd.PersistentFlags().Lookup("http-ext-authz-pack-as-bytes")) viper.BindPFlag("httpExtAuthz.FailureModeAllow", rootCmd.PersistentFlags().Lookup("http-ext-authz-failure-mode-allow")) } diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 7c4bcbc..af218c2 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -147,6 +147,7 @@ func makeExtAuthzConfig(cfg HttpExtAuthz) *eauthz.ExtAuthz { WithRequestBody: &eauthz.BufferSettings{ MaxRequestBytes: cfg.MaxRequestBytes, AllowPartialMessage: cfg.AllowPartialMessage, + PackAsBytes: cfg.PackAsBytes, }, FailureModeAllow: cfg.FailureModeAllow, } diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index 308acbe..e2484e6 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -34,6 +34,7 @@ type HttpExtAuthz struct { Timeout time.Duration `json:"timeout"` MaxRequestBytes uint32 `json:"maxRequestBytes"` AllowPartialMessage bool `json:"allowPartialMessage"` + PackAsBytes bool `json:"packAsBytes"` FailureModeAllow bool `json:"FailureModeAllow"` } From 80487f4f4c33d4fd03aecd6f835801d82447f13c Mon Sep 17 00:00:00 2001 From: DewaldV Date: Tue, 22 Nov 2022 15:23:02 +0000 Subject: [PATCH 04/57] AIRSHIP-2080 Leave default to false to ensure backwards compatibility --- README.md | 2 +- cmd/root.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8039975..366cedd 100644 --- a/README.md +++ b/README.md @@ -179,7 +179,7 @@ The Yggdrasil-specific metrics which are available from the API are: --http-ext-authz-cluster string The name of the upstream gRPC cluster --http-ext-authz-failure-mode-allow Changes filters behaviour on errors (default true) --http-ext-authz-max-request-bytes uint32 Sets the maximum size of a message body that the filter will hold in memory (default 8192) ---http-ext-authz-pack-as-bytes When this field is true, Envoy will send the body as raw bytes. (default true) +--http-ext-authz-pack-as-bytes When this field is true, Envoy will send the body as raw bytes. --http-ext-authz-timeout duration The timeout for the gRPC request. This is the timeout for a specific request. (default 200ms) --http-grpc-logger-cluster string The name of the upstream gRPC cluster --http-grpc-logger-name string Name of the access log diff --git a/cmd/root.go b/cmd/root.go index 7b1c8e0..8ee1c74 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -102,7 +102,7 @@ func init() { rootCmd.PersistentFlags().Duration("http-ext-authz-timeout", 200*time.Millisecond, "The timeout for the gRPC request. This is the timeout for a specific request.") rootCmd.PersistentFlags().Uint32("http-ext-authz-max-request-bytes", 8192, "Sets the maximum size of a message body that the filter will hold in memory") rootCmd.PersistentFlags().Bool("http-ext-authz-allow-partial-message", true, "When this field is true, Envoy will buffer the message until max_request_bytes is reached") - rootCmd.PersistentFlags().Bool("http-ext-authz-pack-as-bytes", true, "When this field is true, Envoy will send the body as raw bytes.") + rootCmd.PersistentFlags().Bool("http-ext-authz-pack-as-bytes", false, "When this field is true, Envoy will send the body as raw bytes.") rootCmd.PersistentFlags().Bool("http-ext-authz-failure-mode-allow", true, "Changes filters behaviour on errors") viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug")) viper.BindPFlag("address", rootCmd.PersistentFlags().Lookup("address")) From 0da2d08c56c28571409b574d432a47142a59935a Mon Sep 17 00:00:00 2001 From: DewaldV Date: Tue, 22 Nov 2022 15:31:11 +0000 Subject: [PATCH 05/57] AIRSHIP-2080 Go fmt --- pkg/envoy/boilerplate.go | 2 +- pkg/envoy/configurator.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index af218c2..a807448 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -147,7 +147,7 @@ func makeExtAuthzConfig(cfg HttpExtAuthz) *eauthz.ExtAuthz { WithRequestBody: &eauthz.BufferSettings{ MaxRequestBytes: cfg.MaxRequestBytes, AllowPartialMessage: cfg.AllowPartialMessage, - PackAsBytes: cfg.PackAsBytes, + PackAsBytes: cfg.PackAsBytes, }, FailureModeAllow: cfg.FailureModeAllow, } diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index e2484e6..58e934a 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -34,7 +34,7 @@ type HttpExtAuthz struct { Timeout time.Duration `json:"timeout"` MaxRequestBytes uint32 `json:"maxRequestBytes"` AllowPartialMessage bool `json:"allowPartialMessage"` - PackAsBytes bool `json:"packAsBytes"` + PackAsBytes bool `json:"packAsBytes"` FailureModeAllow bool `json:"FailureModeAllow"` } From addbc8b5b4c8e7c0406505dcd302f9d7d978392f Mon Sep 17 00:00:00 2001 From: DewaldV Date: Tue, 29 Nov 2022 15:31:09 +0000 Subject: [PATCH 06/57] AIRSHIP-2080 Fix names for config properties --- pkg/envoy/boilerplate.go | 4 ++-- pkg/envoy/configurator.go | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index a807448..8b051ed 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -167,8 +167,8 @@ func makeGrpcLoggerConfig(cfg HttpGrpcLogger) *gal.HttpGrpcAccessLogConfig { }, TransportApiVersion: core.ApiVersion_V3, }, - AdditionalRequestHeadersToLog: cfg.AdditionalRequestHeaders, - AdditionalResponseHeadersToLog: cfg.AdditionalResponseHeaders, + AdditionalRequestHeadersToLog: cfg.RequestHeaders, + AdditionalResponseHeadersToLog: cfg.ResponseHeaders, } } diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index 58e934a..43733cd 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -39,11 +39,11 @@ type HttpExtAuthz struct { } type HttpGrpcLogger struct { - Name string `json:"name"` - Cluster string `json:"cluster"` - Timeout time.Duration `json:"timeout"` - AdditionalRequestHeaders []string `json:"additionalRequestHeaders"` - AdditionalResponseHeaders []string `json:"additionalResponseHeaders"` + Name string `json:"name"` + Cluster string `json:"cluster"` + Timeout time.Duration `json:"timeout"` + RequestHeaders []string `json:"requestHeaders"` + ResponseHeaders []string `json:"responseHeaders"` } //KubernetesConfigurator takes a given Ingress Class and lister to find only ingresses of that class From e4e7c55e445baf9a9d94c47297be421ce4a7bb7f Mon Sep 17 00:00:00 2001 From: Mark McGarry Date: Wed, 11 Jan 2023 13:56:37 +0000 Subject: [PATCH 07/57] Add TypeConfig for tls_inspector --- pkg/envoy/boilerplate.go | 16 +++++++++++++--- pkg/envoy/configurator.go | 14 +++++++++----- pkg/envoy/configurator_test.go | 31 +++++++++++++++++++++++++------ pkg/envoy/snapshotter.go | 4 ++-- 4 files changed, 49 insertions(+), 16 deletions(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 8b051ed..1732ee0 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -15,6 +15,7 @@ import ( gal "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3" eauthz "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" hcfg "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/health_check/v3" + tlsInspector "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3" hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" auth "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" util "github.com/envoyproxy/go-control-plane/pkg/conversion" @@ -329,8 +330,14 @@ func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtua }, nil } -func makeListener(filterChains []*listener.FilterChain, envoyListenerIpv4Address string, envoyListenPort uint32) *listener.Listener { +func makeListener(filterChains []*listener.FilterChain, envoyListenerIpv4Address string, envoyListenPort uint32) (*listener.Listener, error) { + tls := &tlsInspector.TlsInspector{} + + anyTls, err := types.MarshalAny(tls) + if err != nil { + return &listener.Listener{}, fmt.Errorf("failed to marshal TLS config struct to typed struct: %s", err) + } listener := listener.Listener{ Name: "listener_0", Address: &core.Address{ @@ -344,14 +351,17 @@ func makeListener(filterChains []*listener.FilterChain, envoyListenerIpv4Address }, }, ListenerFilters: []*listener.ListenerFilter{ - {Name: "envoy.filters.listener.tls_inspector"}, + { + Name: "envoy.filters.listener.tls_inspector", + ConfigType: &listener.ListenerFilter_TypedConfig{TypedConfig: anyTls}, + }, }, FilterChains: filterChains, // Setting the TrafficDirection here for tracing TrafficDirection: core.TrafficDirection_OUTBOUND, } - return &listener + return &listener, nil } func makeAddresses(addresses []string, upstreamPort uint32) []*core.Address { diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index 43733cd..3eb3f9a 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -79,7 +79,7 @@ func NewKubernetesConfigurator(nodeID string, certificates []Certificate, ca str } //Generate creates a new snapshot -func (c *KubernetesConfigurator) Generate(ingresses []*k8s.Ingress) cache.Snapshot { +func (c *KubernetesConfigurator) Generate(ingresses []*k8s.Ingress) (cache.Snapshot, error) { c.Lock() defer c.Unlock() @@ -88,7 +88,10 @@ func (c *KubernetesConfigurator) Generate(ingresses []*k8s.Ingress) cache.Snapsh vmatch, cmatch := config.equals(c.previousConfig) clusters := c.generateClusters(config) - listeners := c.generateListeners(config) + listeners, err := c.generateListeners(config) + if err != nil { + return cache.Snapshot{}, err + } if !vmatch { c.listenerVersion = time.Now().String() @@ -104,7 +107,7 @@ func (c *KubernetesConfigurator) Generate(ingresses []*k8s.Ingress) cache.Snapsh snap := cache.Snapshot{} snap.Resources[tcache.Cluster] = cache.NewResources(c.clusterVersion, []tcache.Resource(clusters)) snap.Resources[tcache.Listener] = cache.NewResources(c.listenerVersion, []tcache.Resource(listeners)) - return snap + return snap, nil } //NodeID returns the NodeID @@ -150,14 +153,15 @@ func (c *KubernetesConfigurator) matchCertificateIndices(virtualHost *virtualHos return []int{}, errNoCertificateMatch } -func (c *KubernetesConfigurator) generateListeners(config *envoyConfiguration) []tcache.Resource { +func (c *KubernetesConfigurator) generateListeners(config *envoyConfiguration) ([]tcache.Resource, error) { var filterChains []*listener.FilterChain if len(c.certificates) > 0 { filterChains = c.generateTLSFilterChains(config) } else { filterChains = c.generateHTTPFilterChain(config) } - return []tcache.Resource{makeListener(filterChains, c.envoyListenerIpv4Address, c.envoyListenPort)} + listener, err := makeListener(filterChains, c.envoyListenerIpv4Address, c.envoyListenPort) + return []tcache.Resource{listener}, err } func (c *KubernetesConfigurator) generateHTTPFilterChain(config *envoyConfiguration) []*listener.FilterChain { diff --git a/pkg/envoy/configurator_test.go b/pkg/envoy/configurator_test.go index 5c8a7f5..a611eea 100644 --- a/pkg/envoy/configurator_test.go +++ b/pkg/envoy/configurator_test.go @@ -79,7 +79,7 @@ func TestGenerate(t *testing.T) { {Hosts: []string{"*"}, Cert: "b", Key: "c"}, }, "d", []string{"bar"}) - snapshot := configurator.Generate(ingresses) + snapshot, _ := configurator.Generate(ingresses) if len(snapshot.Resources[tcache.Listener].Items) != 1 { t.Fatalf("Num listeners: %d", len(snapshot.Resources[tcache.Listener].Items)) @@ -100,7 +100,11 @@ func TestGenerateMultipleCerts(t *testing.T) { {Hosts: []string{"*.internal.api.co.uk"}, Cert: "couk", Key: "couk"}, }, "d", []string{"bar"}) - snapshot := configurator.Generate(ingresses) + snapshot, err := configurator.Generate(ingresses) + if err != nil { + t.Fatalf("Error generating snapshot %v", err) + } + listener := snapshot.Resources[tcache.Listener].Items["listener_0"].Resource.(*listener.Listener) if len(listener.FilterChains) != 2 { @@ -121,7 +125,11 @@ func TestGenerateMultipleHosts(t *testing.T) { {Hosts: []string{"*.internal.api.com", "*.internal.api.co.uk"}, Cert: "com", Key: "com"}, }, "d", []string{"bar"}) - snapshot := configurator.Generate(ingresses) + snapshot, err := configurator.Generate(ingresses) + if err != nil { + t.Fatalf("Error generating snapshot %v", err) + } + listener := snapshot.Resources[tcache.Listener].Items["listener_0"].Resource.(*listener.Listener) if len(listener.FilterChains) != 1 { @@ -142,7 +150,11 @@ func TestGenerateNoMatchingCert(t *testing.T) { {Hosts: []string{"*.internal.api.com"}, Cert: "com", Key: "com"}, }, "d", []string{"bar"}) - snapshot := configurator.Generate(ingresses) + snapshot, err := configurator.Generate(ingresses) + if err != nil { + t.Fatalf("Error generating snapshot %v", err) + } + listener := snapshot.Resources[tcache.Listener].Items["listener_0"].Resource.(*listener.Listener) if len(listener.FilterChains) != 1 { @@ -160,7 +172,11 @@ func TestGenerateIntoTwoCerts(t *testing.T) { {Hosts: []string{"*"}, Cert: "all", Key: "all"}, }, "d", []string{"bar"}) - snapshot := configurator.Generate(ingresses) + snapshot, err := configurator.Generate(ingresses) + if err != nil { + t.Fatalf("Error generating snapshot %v", err) + } + listener := snapshot.Resources[tcache.Listener].Items["listener_0"].Resource.(*listener.Listener) if len(listener.FilterChains) != 2 { @@ -228,7 +244,10 @@ func TestGenerateListeners(t *testing.T) { for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { configurator := NewKubernetesConfigurator("a", tc.certs, "", nil) - ret := configurator.generateListeners(&envoyConfiguration{VirtualHosts: tc.virtualHost}) + ret, err := configurator.generateListeners(&envoyConfiguration{VirtualHosts: tc.virtualHost}) + if err != nil { + t.Fatalf("Error generating listeners %v", err) + } listener := ret[0].(*listener.Listener) if len(listener.FilterChains) != 1 { t.Fatalf("filterchain number missmatch") diff --git a/pkg/envoy/snapshotter.go b/pkg/envoy/snapshotter.go index f968c55..883d310 100644 --- a/pkg/envoy/snapshotter.go +++ b/pkg/envoy/snapshotter.go @@ -10,7 +10,7 @@ import ( //Configurator is an interface that implements Generate and NodeID type Configurator interface { - Generate([]*k8s.Ingress) cache.Snapshot + Generate([]*k8s.Ingress) (cache.Snapshot, error) NodeID() string } @@ -33,7 +33,7 @@ func (s *Snapshotter) snapshot() error { return err } - snapshot := s.configurator.Generate(genericIngresses) + snapshot, err := s.configurator.Generate(genericIngresses) log.Debugf("took snapshot: %+v", snapshot) From b68e6e44a874d7d49318c77dc06f14d42b7d76f2 Mon Sep 17 00:00:00 2001 From: Mark McGarry Date: Wed, 11 Jan 2023 17:05:20 +0000 Subject: [PATCH 08/57] fix typedConfig types by skipping extra convert to struct --- pkg/envoy/boilerplate.go | 66 +++++++++++++++++++-------------------- pkg/envoy/configurator.go | 36 +++++++++++++-------- pkg/envoy/http_filters.go | 19 +++++++++-- 3 files changed, 71 insertions(+), 50 deletions(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 1732ee0..980d6e5 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -17,8 +17,8 @@ import ( hcfg "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/health_check/v3" tlsInspector "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3" hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + previousHosts "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/previous_hosts/v3" auth "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - util "github.com/envoyproxy/go-control-plane/pkg/conversion" types "github.com/golang/protobuf/ptypes" any "github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/duration" @@ -74,7 +74,7 @@ func init() { } } -func makeVirtualHost(vhost *virtualHost, reselectionAttempts int64, defaultRetryOn string) *route.VirtualHost { +func makeVirtualHost(vhost *virtualHost, reselectionAttempts int64, defaultRetryOn string) (*route.VirtualHost, error) { retryOn := vhost.RetryOn if retryOn == "" { retryOn = defaultRetryOn @@ -93,10 +93,18 @@ func makeVirtualHost(vhost *virtualHost, reselectionAttempts int64, defaultRetry }, } + hosts := &previousHosts.PreviousHostsPredicate{} + + anyHosts, err := types.MarshalAny(hosts) + if err != nil { + return &route.VirtualHost{}, fmt.Errorf("failed to marshal hosts config struct to typed struct: %s", err) + } + if reselectionAttempts >= 0 { action.Route.RetryPolicy.RetryHostPredicate = []*route.RetryPolicy_RetryHostPredicate{ { - Name: "envoy.retry_host_predicates.previous_hosts", + Name: "envoy.retry_host_predicates.previous_hosts", + ConfigType: &route.RetryPolicy_RetryHostPredicate_TypedConfig{TypedConfig: anyHosts}, }, } action.Route.RetryPolicy.HostSelectionRetryMaxAttempts = reselectionAttempts @@ -115,7 +123,7 @@ func makeVirtualHost(vhost *virtualHost, reselectionAttempts int64, defaultRetry }, }, } - return &virtualHost + return &virtualHost, nil } func makeHealthConfig() *hcfg.HealthCheck { @@ -173,22 +181,17 @@ func makeGrpcLoggerConfig(cfg HttpGrpcLogger) *gal.HttpGrpcAccessLogConfig { } } -func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost) *hcm.HttpConnectionManager { +func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost) (*hcm.HttpConnectionManager, error) { // Access Logs - accessLogConfig, err := util.MessageToStruct( - &eal.FileAccessLog{ - Path: "/var/log/envoy/access.log", - AccessLogFormat: &eal.FileAccessLog_LogFormat{ - LogFormat: &core.SubstitutionFormatString{ - Format: &core.SubstitutionFormatString_JsonFormat{ - JsonFormat: jsonFormat, - }, + accessLogConfig := &eal.FileAccessLog{ + Path: "/var/log/envoy/access.log", + AccessLogFormat: &eal.FileAccessLog_LogFormat{ + LogFormat: &core.SubstitutionFormatString{ + Format: &core.SubstitutionFormatString_JsonFormat{ + JsonFormat: jsonFormat, }, }, }, - ) - if err != nil { - log.Fatalf("failed to convert access log proto message to struct: %s", err) } anyAccessLogConfig, err := types.MarshalAny(accessLogConfig) if err != nil { @@ -203,10 +206,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir } if c.httpGrpcLogger.Cluster != "" { - grpcLoggerConfig, err := util.MessageToStruct(makeGrpcLoggerConfig(c.httpGrpcLogger)) - if err != nil { - log.Fatalf("failed to convert healthcheck proto message to struct: %s", err) - } + grpcLoggerConfig := makeGrpcLoggerConfig(c.httpGrpcLogger) anyGrpcLoggerConfig, err := types.MarshalAny(grpcLoggerConfig) if err != nil { log.Fatalf("failed to marshal healthcheck config struct to typed struct: %s", err) @@ -220,10 +220,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir // HTTP Filters filterBuilder := &httpFilterBuilder{} - healthConfig, err := util.MessageToStruct(makeHealthConfig()) - if err != nil { - log.Fatalf("failed to convert healthcheck proto message to struct: %s", err) - } + healthConfig := makeHealthConfig() anyHealthConfig, err := types.MarshalAny(healthConfig) if err != nil { log.Fatalf("failed to marshal healthcheck config struct to typed struct: %s", err) @@ -235,10 +232,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir }) if c.httpExtAuthz.Cluster != "" { - extAuthzConfig, err := util.MessageToStruct(makeExtAuthzConfig(c.httpExtAuthz)) - if err != nil { - log.Fatalf("failed to convert extAuthz proto message to struct: %s", err) - } + extAuthzConfig := makeExtAuthzConfig(c.httpExtAuthz) anyExtAuthzConfig, err := types.MarshalAny(extAuthzConfig) if err != nil { log.Fatalf("failed to marshal extAuthz config struct to typed struct: %s", err) @@ -250,10 +244,15 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir }) } + filter, err := filterBuilder.Filters() + if err != nil { + return &hcm.HttpConnectionManager{}, err + } + return &hcm.HttpConnectionManager{ CodecType: hcm.HttpConnectionManager_AUTO, StatPrefix: "ingress_http", - HttpFilters: filterBuilder.Filters(), + HttpFilters: filter, UpgradeConfigs: []*hcm.HttpConnectionManager_UpgradeConfig{ { UpgradeType: "websocket", @@ -268,16 +267,15 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir Tracing: &hcm.HttpConnectionManager_Tracing{}, AccessLog: accessLoggers, UseRemoteAddress: &wrapperspb.BoolValue{Value: c.useRemoteAddress}, - } + }, nil } func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtualHosts []*route.VirtualHost) (listener.FilterChain, error) { - httpConnectionManager := c.makeConnectionManager(virtualHosts) - httpConfig, err := util.MessageToStruct(httpConnectionManager) + httpConnectionManager, err := c.makeConnectionManager(virtualHosts) if err != nil { - return listener.FilterChain{}, fmt.Errorf("failed to convert virtualHost to envoy control plane struct: %s", err) + return listener.FilterChain{}, fmt.Errorf("failed to get httpConnectionManager: %s", err) } - anyHttpConfig, err := types.MarshalAny(httpConfig) + anyHttpConfig, err := types.MarshalAny(httpConnectionManager) if err != nil { return listener.FilterChain{}, fmt.Errorf("failed to marshal HTTP config struct to typed struct: %s", err) } diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index 3eb3f9a..2f6a549 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -11,7 +11,6 @@ import ( route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" tcache "github.com/envoyproxy/go-control-plane/pkg/cache/types" cache "github.com/envoyproxy/go-control-plane/pkg/cache/v3" - util "github.com/envoyproxy/go-control-plane/pkg/conversion" types "github.com/golang/protobuf/ptypes" "github.com/uswitch/yggdrasil/pkg/k8s" ) @@ -155,27 +154,34 @@ func (c *KubernetesConfigurator) matchCertificateIndices(virtualHost *virtualHos func (c *KubernetesConfigurator) generateListeners(config *envoyConfiguration) ([]tcache.Resource, error) { var filterChains []*listener.FilterChain + var err error if len(c.certificates) > 0 { - filterChains = c.generateTLSFilterChains(config) + filterChains, err = c.generateTLSFilterChains(config) } else { - filterChains = c.generateHTTPFilterChain(config) + filterChains, err = c.generateHTTPFilterChain(config) + } + if err != nil { + return []tcache.Resource{}, err } listener, err := makeListener(filterChains, c.envoyListenerIpv4Address, c.envoyListenPort) return []tcache.Resource{listener}, err } -func (c *KubernetesConfigurator) generateHTTPFilterChain(config *envoyConfiguration) []*listener.FilterChain { +func (c *KubernetesConfigurator) generateHTTPFilterChain(config *envoyConfiguration) ([]*listener.FilterChain, error) { virtualHosts := []*route.VirtualHost{} for _, virtualHost := range config.VirtualHosts { - virtualHosts = append(virtualHosts, makeVirtualHost(virtualHost, c.hostSelectionRetryAttempts, c.defaultRetryOn)) + vhost, err := makeVirtualHost(virtualHost, c.hostSelectionRetryAttempts, c.defaultRetryOn) + if err != nil { + return nil, err + } + virtualHosts = append(virtualHosts, vhost) } - httpConnectionManager := c.makeConnectionManager(virtualHosts) - httpConfig, err := util.MessageToStruct(httpConnectionManager) + httpConnectionManager, err := c.makeConnectionManager(virtualHosts) if err != nil { - log.Fatalf("failed to convert virtualHost to envoy control plane struct: %s", err) + return nil, err } - anyHttpConfig, err := types.MarshalAny(httpConfig) + anyHttpConfig, err := types.MarshalAny(httpConnectionManager) if err != nil { log.Fatalf("failed to marshal HTTP config struct to typed struct: %s", err) } @@ -188,10 +194,10 @@ func (c *KubernetesConfigurator) generateHTTPFilterChain(config *envoyConfigurat }, }, }, - } + }, nil } -func (c *KubernetesConfigurator) generateTLSFilterChains(config *envoyConfiguration) []*listener.FilterChain { +func (c *KubernetesConfigurator) generateTLSFilterChains(config *envoyConfiguration) ([]*listener.FilterChain, error) { virtualHostsForCertificates := make([][]*route.VirtualHost, len(c.certificates)) for _, virtualHost := range config.VirtualHosts { @@ -200,7 +206,11 @@ func (c *KubernetesConfigurator) generateTLSFilterChains(config *envoyConfigurat log.Printf("Error matching certificate for '%s': %v", virtualHost.Host, err) } else { for _, idx := range certificateIndicies { - virtualHostsForCertificates[idx] = append(virtualHostsForCertificates[idx], makeVirtualHost(virtualHost, c.hostSelectionRetryAttempts, c.defaultRetryOn)) + vhost, err := makeVirtualHost(virtualHost, c.hostSelectionRetryAttempts, c.defaultRetryOn) + if err != nil { + return nil, err + } + virtualHostsForCertificates[idx] = append(virtualHostsForCertificates[idx], vhost) } } } @@ -220,7 +230,7 @@ func (c *KubernetesConfigurator) generateTLSFilterChains(config *envoyConfigurat filterChains = append(filterChains, &filterChain) } - return filterChains + return filterChains, nil } func (c *KubernetesConfigurator) generateClusters(config *envoyConfiguration) []tcache.Resource { diff --git a/pkg/envoy/http_filters.go b/pkg/envoy/http_filters.go index b94c16f..3085cef 100644 --- a/pkg/envoy/http_filters.go +++ b/pkg/envoy/http_filters.go @@ -1,7 +1,11 @@ package envoy import ( + "fmt" + + router "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + types "github.com/golang/protobuf/ptypes" ) type httpFilterBuilder struct { @@ -13,7 +17,16 @@ func (b *httpFilterBuilder) Add(filter *hcm.HttpFilter) *httpFilterBuilder { return b } -func (b *httpFilterBuilder) Filters() []*hcm.HttpFilter { - b.Add(&hcm.HttpFilter{Name: "envoy.filters.http.router"}) - return b.filters +func (b *httpFilterBuilder) Filters() ([]*hcm.HttpFilter, error) { + router := &router.Router{} + + anyRouter, err := types.MarshalAny(router) + if err != nil { + return nil, fmt.Errorf("failed to marshal router config struct to typed struct: %s", err) + } + b.Add(&hcm.HttpFilter{ + Name: "envoy.filters.http.router", + ConfigType: &hcm.HttpFilter_TypedConfig{TypedConfig: anyRouter}, + }) + return b.filters, nil } From 5b63f91a7f1ac692dcd8ec051a385d4c76f7cb0b Mon Sep 17 00:00:00 2001 From: Mark McGarry Date: Wed, 11 Jan 2023 17:05:46 +0000 Subject: [PATCH 09/57] Fix makefile docker build target --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index b9a1695..0c3963d 100644 --- a/Makefile +++ b/Makefile @@ -7,12 +7,12 @@ SOURCES := $(shell find . -iname '*.go') .PHONY: test clean all -all: build-darwin build-linux +all: build-darwin $(BIN_LINUX) build-darwin: $(SOURCES) GOARCH=$(ARCH) GOOS=darwin go build -o $(BIN_DARWIN) -build-linux: $(SOURCES) +$(BIN_LINUX): $(SOURCES) GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o $(BIN_LINUX) test: $(SOURCES) @@ -22,7 +22,7 @@ bench: $(SOURCES) go test -run=XX -bench=. $(shell go list ./... | grep -v /vendor) docker: Dockerfile $(BIN_LINUX) - docker image build -t quay.io/uswitch/yggdrasil:devel . + docker image build -t registry.airship.rvu.cloud/cloud/yggdrasil:devel . clean: rm -rf bin/ From eb2f2276689f94245ff118b97726bfc2dae91fc3 Mon Sep 17 00:00:00 2001 From: Mark McGarry Date: Wed, 11 Jan 2023 17:13:06 +0000 Subject: [PATCH 10/57] Fix build step in ci after rename in makefile --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0c3963d..d38c987 100644 --- a/Makefile +++ b/Makefile @@ -5,13 +5,15 @@ BIN_DARWIN = $(BIN)-darwin-$(ARCH) SOURCES := $(shell find . -iname '*.go') -.PHONY: test clean all +.PHONY: test clean all build-linux all: build-darwin $(BIN_LINUX) build-darwin: $(SOURCES) GOARCH=$(ARCH) GOOS=darwin go build -o $(BIN_DARWIN) +build-linux: $(BIN_LINUX) + $(BIN_LINUX): $(SOURCES) GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o $(BIN_LINUX) From 379860a76198c8137d2c09975db40130f3eaeaee Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Thu, 15 Jun 2023 18:50:54 +0200 Subject: [PATCH 11/57] chore: support envoy 1.20 to 1.26 Signed-off-by: Laurent Marchaud --- cmd/server.go | 2 +- go.mod | 16 +++++----- go.sum | 56 +++++++++++++++++++++++++--------- pkg/envoy/boilerplate.go | 37 +++++++++++----------- pkg/envoy/configurator_test.go | 32 ++----------------- pkg/envoy/http_filters.go | 9 +++--- pkg/envoy/snapshotter.go | 4 ++- 7 files changed, 79 insertions(+), 77 deletions(-) diff --git a/cmd/server.go b/cmd/server.go index fdbf1d0..14544c3 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -39,7 +39,7 @@ func (c *callbacks) OnStreamClosed(int64) {} func (c *callbacks) OnStreamRequest(int64, *discovery.DiscoveryRequest) error { return nil } -func (c *callbacks) OnStreamResponse(int64, *discovery.DiscoveryRequest, *discovery.DiscoveryResponse) { +func (c *callbacks) OnStreamResponse(context.Context, int64, *discovery.DiscoveryRequest, *discovery.DiscoveryResponse) { } func (c *callbacks) OnFetchRequest(context.Context, *discovery.DiscoveryRequest) error { c.fetchReq++ diff --git a/go.mod b/go.mod index 6d1269b..29ec00a 100644 --- a/go.mod +++ b/go.mod @@ -3,15 +3,15 @@ module github.com/uswitch/yggdrasil go 1.17 require ( - github.com/envoyproxy/go-control-plane v0.9.9 + github.com/envoyproxy/go-control-plane v0.10.3 github.com/golang/protobuf v1.5.2 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/prometheus/client_golang v0.9.0 github.com/sirupsen/logrus v1.1.1 github.com/spf13/cobra v0.0.3 github.com/spf13/viper v1.2.1 - google.golang.org/grpc v1.36.1 - google.golang.org/protobuf v1.27.1 + google.golang.org/grpc v1.45.0 + google.golang.org/protobuf v1.28.0 k8s.io/api v0.24.2 k8s.io/apimachinery v0.24.2 k8s.io/client-go v0.24.2 @@ -22,10 +22,10 @@ require ( github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 // indirect github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect - github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158 // indirect + github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect - github.com/envoyproxy/protoc-gen-validate v0.5.1-0.20210316024357-9db8e779b461 // indirect + github.com/envoyproxy/protoc-gen-validate v0.6.7 // indirect github.com/fsnotify/fsnotify v1.4.9 // indirect github.com/go-logr/logr v1.2.0 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect @@ -33,7 +33,7 @@ require ( github.com/go-openapi/swag v0.19.14 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-cmp v0.5.5 // indirect + github.com/google/go-cmp v0.5.7 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/imdario/mergo v0.3.5 // indirect @@ -52,7 +52,7 @@ require ( github.com/prometheus/client_model v0.2.1-0.20200623203004-60555c9708c7 // indirect github.com/prometheus/common v0.0.0-20170427095455-13ba4ddd0caa // indirect github.com/prometheus/procfs v0.0.0-20170519190837-65c1f6f8f0fc // indirect - github.com/spf13/afero v1.3.4 // indirect + github.com/spf13/afero v1.6.0 // indirect github.com/spf13/cast v1.3.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect @@ -64,7 +64,7 @@ require ( golang.org/x/text v0.3.7 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1 // indirect + google.golang.org/genproto v0.0.0-20220329172620-7be39ac1afc7 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect diff --git a/go.sum b/go.sum index 49b7e21..b509ae8 100644 --- a/go.sum +++ b/go.sum @@ -47,6 +47,7 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= @@ -59,6 +60,8 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0 h1:t/LhUZLVitR1Ow2YOnduCsavhwFUklBMoGVYUCqmCqk= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -66,9 +69,13 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158 h1:CevA8fI91PAnP8vpnXuB8ZYAZ5wqY86nAbxfgK8tWO4= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc h1:PYXxkRUBGUMa5xgMVMDl62vEklZvKpVaxQeN9ie7Hfk= +github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -85,11 +92,13 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9 h1:vQLjymTobffN2R0F8eTqw6q7iozfRO5Z0m+/4Vw+/uA= -github.com/envoyproxy/go-control-plane v0.9.9/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= +github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= +github.com/envoyproxy/go-control-plane v0.10.3 h1:xdCVXxEe0Y3FQith+0cj2irwZudqGYvecuLB1HtdexY= +github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.5.1-0.20210316024357-9db8e779b461 h1:wxPSeXm7IFrHnzX3nQ5LdN0fNS2sSg6T/ESs6fNj3gw= -github.com/envoyproxy/protoc-gen-validate v0.5.1-0.20210316024357-9db8e779b461/go.mod h1:xL5IroIBOR+aTp0IZk48epGwBV3+LcuaosPL0pr0hE0= +github.com/envoyproxy/protoc-gen-validate v0.6.7 h1:qcZcULcd/abmQg6dwigimCNEyi4gg31M/xaciQlDml8= +github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -117,6 +126,7 @@ github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -162,8 +172,10 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -192,12 +204,13 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:Fecb github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/iancoleman/strcase v0.0.0-20180726023541-3605ed457bf7/go.mod h1:SK73tn/9oHe+/Y0h39VT4UCxmurVJkR5NA7kMEAOgSE= +github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q= @@ -223,7 +236,7 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/lyft/protoc-gen-star v0.5.1/go.mod h1:9toiA3cC7z5uVbODF7kEQ91Xn7XNFkVUl+SrEe+ZORU= +github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -270,6 +283,7 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/prometheus/client_golang v0.9.0 h1:tXuTFVHC03mW0D+Ua1Q2d1EAVqLTuggX50V0VLICCzY= github.com/prometheus/client_golang v0.9.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.1-0.20200623203004-60555c9708c7 h1:NkLt0ne/zifxULGse6IDsHU45hKk3w6lIVs8yFSVzKU= github.com/prometheus/client_model v0.2.1-0.20200623203004-60555c9708c7/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20170427095455-13ba4ddd0caa h1:WBOqSBZzK9pqPXiewLT2aL9evdTCy4hUefz0h3iJGGI= @@ -280,11 +294,12 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/sirupsen/logrus v1.1.1 h1:VzGj7lhU7KEB9e9gMpAV/v5XT2NVSvLJhJLCWbnkgXg= github.com/sirupsen/logrus v1.1.1/go.mod h1:zrgwTnHtNr00buQ1vSptGe8m1f/BbgsPukg8qsT7A+A= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= -github.com/spf13/afero v1.3.4 h1:8q6vk3hthlpb2SouZcnBVKboxWQWMDNF38bwholZrJc= -github.com/spf13/afero v1.3.4/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= +github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY= +github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= @@ -305,8 +320,9 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -320,6 +336,7 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= +go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -353,6 +370,7 @@ golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRu golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= @@ -364,6 +382,7 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -401,6 +420,7 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= @@ -474,6 +494,7 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -532,7 +553,6 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= @@ -620,8 +640,10 @@ google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1 h1:E7wSQBXkH3T3diucK+9Z1kjn4+/9tNG7lZLr75oOhh8= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220329172620-7be39ac1afc7 h1:HOL66YCI20JvN2hVk6o2YIp9i/3RvzVUz82PqNr7fXw= +google.golang.org/genproto v0.0.0-20220329172620-7be39ac1afc7/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -640,8 +662,11 @@ google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1 h1:cmUfbeGKnz9+2DD/UYsMQXeqbHZqZDs4eQwW0sFOpBY= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -654,8 +679,9 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 980d6e5..56b3108 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -19,10 +19,11 @@ import ( hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" previousHosts "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/previous_hosts/v3" auth "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - types "github.com/golang/protobuf/ptypes" + matcherv3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" any "github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/duration" "github.com/golang/protobuf/ptypes/wrappers" + "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/wrapperspb" @@ -95,7 +96,7 @@ func makeVirtualHost(vhost *virtualHost, reselectionAttempts int64, defaultRetry hosts := &previousHosts.PreviousHostsPredicate{} - anyHosts, err := types.MarshalAny(hosts) + anyHosts, err := anypb.New(hosts) if err != nil { return &route.VirtualHost{}, fmt.Errorf("failed to marshal hosts config struct to typed struct: %s", err) } @@ -132,8 +133,10 @@ func makeHealthConfig() *hcfg.HealthCheck { Headers: []*route.HeaderMatcher{ { Name: ":path", - HeaderMatchSpecifier: &route.HeaderMatcher_ExactMatch{ - ExactMatch: "/yggdrasil/status", + HeaderMatchSpecifier: &route.HeaderMatcher_StringMatch{ + StringMatch: &matcherv3.StringMatcher{ + MatchPattern: &matcherv3.StringMatcher_Exact{Exact: "/yggdrasil/status"}, + }, }, }, }, @@ -193,7 +196,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir }, }, } - anyAccessLogConfig, err := types.MarshalAny(accessLogConfig) + anyAccessLogConfig, err := anypb.New(accessLogConfig) if err != nil { log.Fatalf("failed to marshal access log config struct to typed struct: %s", err) } @@ -206,8 +209,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir } if c.httpGrpcLogger.Cluster != "" { - grpcLoggerConfig := makeGrpcLoggerConfig(c.httpGrpcLogger) - anyGrpcLoggerConfig, err := types.MarshalAny(grpcLoggerConfig) + anyGrpcLoggerConfig, err := anypb.New(makeGrpcLoggerConfig(c.httpGrpcLogger)) if err != nil { log.Fatalf("failed to marshal healthcheck config struct to typed struct: %s", err) } @@ -220,8 +222,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir // HTTP Filters filterBuilder := &httpFilterBuilder{} - healthConfig := makeHealthConfig() - anyHealthConfig, err := types.MarshalAny(healthConfig) + anyHealthConfig, err := anypb.New(makeHealthConfig()) if err != nil { log.Fatalf("failed to marshal healthcheck config struct to typed struct: %s", err) } @@ -232,8 +233,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir }) if c.httpExtAuthz.Cluster != "" { - extAuthzConfig := makeExtAuthzConfig(c.httpExtAuthz) - anyExtAuthzConfig, err := types.MarshalAny(extAuthzConfig) + anyExtAuthzConfig, err := anypb.New(makeExtAuthzConfig(c.httpExtAuthz)) if err != nil { log.Fatalf("failed to marshal extAuthz config struct to typed struct: %s", err) } @@ -275,7 +275,7 @@ func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtua if err != nil { return listener.FilterChain{}, fmt.Errorf("failed to get httpConnectionManager: %s", err) } - anyHttpConfig, err := types.MarshalAny(httpConnectionManager) + anyHttpConfig, err := anypb.New(httpConnectionManager) if err != nil { return listener.FilterChain{}, fmt.Errorf("failed to marshal HTTP config struct to typed struct: %s", err) } @@ -294,7 +294,7 @@ func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtua }, } - anyTls, err := types.MarshalAny(tls) + anyTls, err := anypb.New(tls) if err != nil { return listener.FilterChain{}, fmt.Errorf("failed to marshal TLS config struct to typed struct: %s", err) } @@ -329,10 +329,11 @@ func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtua } func makeListener(filterChains []*listener.FilterChain, envoyListenerIpv4Address string, envoyListenPort uint32) (*listener.Listener, error) { + tlsInspectorConfig, err := anypb.New(&tlsInspector.TlsInspector{}) + if err != nil { + return &listener.Listener{}, fmt.Errorf("failed to marshal tls_inspector config struct to typed struct: %s", err) + } - tls := &tlsInspector.TlsInspector{} - - anyTls, err := types.MarshalAny(tls) if err != nil { return &listener.Listener{}, fmt.Errorf("failed to marshal TLS config struct to typed struct: %s", err) } @@ -351,7 +352,7 @@ func makeListener(filterChains []*listener.FilterChain, envoyListenerIpv4Address ListenerFilters: []*listener.ListenerFilter{ { Name: "envoy.filters.listener.tls_inspector", - ConfigType: &listener.ListenerFilter_TypedConfig{TypedConfig: anyTls}, + ConfigType: &listener.ListenerFilter_TypedConfig{TypedConfig: tlsInspectorConfig}, }, }, FilterChains: filterChains, @@ -425,7 +426,7 @@ func makeCluster(c cluster, ca string, healthCfg UpstreamHealthCheck, outlierPer var anyTls *any.Any if tls != nil { - anyTls, err = types.MarshalAny(tls) + anyTls, err = anypb.New(tls) if err != nil { log.Printf("Error marhsalling cluster TLS config: %s", err) } diff --git a/pkg/envoy/configurator_test.go b/pkg/envoy/configurator_test.go index a611eea..d21badd 100644 --- a/pkg/envoy/configurator_test.go +++ b/pkg/envoy/configurator_test.go @@ -4,31 +4,20 @@ import ( "testing" "time" - core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" tcache "github.com/envoyproxy/go-control-plane/pkg/cache/types" - util "github.com/envoyproxy/go-control-plane/pkg/conversion" - "github.com/golang/protobuf/ptypes" "github.com/uswitch/yggdrasil/pkg/k8s" ) func assertNumberOfVirtualHosts(t *testing.T, filterChain *listener.FilterChain, expected int) { - var connManager hcm.HttpConnectionManager - var dynamicAny ptypes.DynamicAny - - err := ptypes.UnmarshalAny(filterChain.Filters[0].GetTypedConfig(), &dynamicAny) + filter, err := filterChain.Filters[0].GetTypedConfig().UnmarshalNew() if err != nil { t.Fatal(err) } - structMessage, err := util.MessageToStruct(dynamicAny.Message) - if err != nil { - t.Fatal(err) - } - - err = util.StructToMessage(structMessage, &connManager) - if err != nil { + connManager, ok := filter.(*hcm.HttpConnectionManager) + if !ok { t.Fatal(err) } @@ -41,21 +30,6 @@ func assertNumberOfVirtualHosts(t *testing.T, filterChain *listener.FilterChain, } -func assertTlsCertificate(t *testing.T, filterChain listener.FilterChain, expectedCert, expectedKey string) { - certificate := filterChain.HiddenEnvoyDeprecatedTlsContext.CommonTlsContext.TlsCertificates[0] - - certFile := certificate.CertificateChain.Specifier.(*core.DataSource_InlineString) - keyFile := certificate.PrivateKey.Specifier.(*core.DataSource_InlineString) - - if certFile.InlineString != expectedCert { - t.Fatalf("certficiate chain filename: '%s' expected '%s'", certFile.InlineString, expectedCert) - } - - if keyFile.InlineString != expectedKey { - t.Fatalf("private key filename: '%s' expected '%s'", keyFile.InlineString, expectedKey) - } -} - func assertServerNames(t *testing.T, filterChain *listener.FilterChain, expectedServerNames []string) { serverNames := filterChain.FilterChainMatch.ServerNames diff --git a/pkg/envoy/http_filters.go b/pkg/envoy/http_filters.go index 3085cef..67be464 100644 --- a/pkg/envoy/http_filters.go +++ b/pkg/envoy/http_filters.go @@ -5,7 +5,7 @@ import ( router "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - types "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) type httpFilterBuilder struct { @@ -18,15 +18,14 @@ func (b *httpFilterBuilder) Add(filter *hcm.HttpFilter) *httpFilterBuilder { } func (b *httpFilterBuilder) Filters() ([]*hcm.HttpFilter, error) { - router := &router.Router{} - - anyRouter, err := types.MarshalAny(router) + httpFilterConfig, err := anypb.New(&router.Router{}) if err != nil { return nil, fmt.Errorf("failed to marshal router config struct to typed struct: %s", err) } + b.Add(&hcm.HttpFilter{ Name: "envoy.filters.http.router", - ConfigType: &hcm.HttpFilter_TypedConfig{TypedConfig: anyRouter}, + ConfigType: &hcm.HttpFilter_TypedConfig{TypedConfig: httpFilterConfig}, }) return b.filters, nil } diff --git a/pkg/envoy/snapshotter.go b/pkg/envoy/snapshotter.go index 883d310..04b1768 100644 --- a/pkg/envoy/snapshotter.go +++ b/pkg/envoy/snapshotter.go @@ -1,6 +1,8 @@ package envoy import ( + "context" + cache "github.com/envoyproxy/go-control-plane/pkg/cache/v3" "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus" @@ -37,7 +39,7 @@ func (s *Snapshotter) snapshot() error { log.Debugf("took snapshot: %+v", snapshot) - s.snapshotCache.SetSnapshot(s.configurator.NodeID(), snapshot) + s.snapshotCache.SetSnapshot(context.Background(), s.configurator.NodeID(), &snapshot) return nil } From 98bf0a03c387d49f4c9013b1cc17b0e9bb95dc69 Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Fri, 16 Jun 2023 10:44:18 +0200 Subject: [PATCH 12/57] chore: update documentation for envoy version bump Signed-off-by: Laurent Marchaud --- README.md | 2 +- docs/GETTINGSTARTED.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 366cedd..022cf4a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Yggdrasil Yggdrasil is an Envoy control plane that configures listeners and clusters based off Kubernetes ingresses from multiple Kube Clusters. This allows you to have an envoy cluster acting as a mutli-cluster loadbalancer for Kubernetes. This was something we needed as we wanted our apps to be highly available in the event of a cluster outage but did not want the solution to live inside of Kubernetes itself. -`Note:` Currently we support version 1.19.x of Envoy.
+`Note:` Currently we support versions 1.20.x to 1.26.x of Envoy.
`Note:` Yggdrasil now uses [Go modules](https://github.com/golang/go/wiki/Modules) to handle dependencies. ## Usage diff --git a/docs/GETTINGSTARTED.md b/docs/GETTINGSTARTED.md index 2341741..2c87891 100644 --- a/docs/GETTINGSTARTED.md +++ b/docs/GETTINGSTARTED.md @@ -138,7 +138,7 @@ By default, Yggdrasil will use an upstream ingress port of 443 (HTTPS), as we ar With the Yggdrasil container running, we can now configure an envoy node. Pull an envoy v1.10 docker image with the following command: ```console -$ docker pull envoyproxy/envoy:v1.19-latest +$ docker pull envoyproxy/envoy:v1.26-latest ``` Next, we will need to setup a minimal config file to create the admin listener for envoy, as well as pointing to our dynamic configuration provider - Yggdrasil: @@ -190,7 +190,7 @@ Where `` is the IP address of the Yggdrasil dock Run the envoy docker container with the following command, making sure to mount the minimal config file that you've created: ```console -$ docker run -e ENVOY_UID=0 -w /var/log/envoy/ -v /path/to/envoy.yaml:/etc/envoy/envoy.yaml -p 10000:10000 -d envoyproxy/envoy:v1.19-latest --service-node envoy-node --service-cluster envoy-node --config-path /etc/envoy/envoy.yaml +$ docker run -e ENVOY_UID=0 -w /var/log/envoy/ -v /path/to/envoy.yaml:/etc/envoy/envoy.yaml -p 10000:10000 -d envoyproxy/envoy:v1.26-latest --service-node envoy-node --service-cluster envoy-node --config-path /etc/envoy/envoy.yaml ``` The working directory for the container is set to `/var/log/envoy/` in order to create it at runtime, as Yggdrasil will configure envoy to write access logs to this directory. From f268c2294c15605fffb7251ec2eb496ac99b8d28 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Jul 2023 09:05:34 +0000 Subject: [PATCH 13/57] Bump golang.org/x/crypto from 0.0.0-20220214200702-86341886e292 to 0.1.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220214200702-86341886e292 to 0.1.0. - [Commits](https://github.com/golang/crypto/commits/v0.1.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 10 +++++----- go.sum | 23 ++++++++++++++++++----- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 29ec00a..9a537f4 100644 --- a/go.mod +++ b/go.mod @@ -56,12 +56,12 @@ require ( github.com/spf13/cast v1.3.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect - golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect + golang.org/x/crypto v0.1.0 // indirect + golang.org/x/net v0.1.0 // indirect golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect - golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect - golang.org/x/text v0.3.7 // indirect + golang.org/x/sys v0.1.0 // indirect + golang.org/x/term v0.1.0 // indirect + golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220329172620-7be39ac1afc7 // indirect diff --git a/go.sum b/go.sum index b509ae8..1c4fbdc 100644 --- a/go.sum +++ b/go.sum @@ -328,6 +328,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -345,8 +346,10 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -383,6 +386,7 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -422,8 +426,10 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -448,6 +454,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180906133057-8cf3aee42992/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -496,11 +503,15 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -509,8 +520,9 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -566,6 +578,7 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 29c2b645f66f07a479fc7f3ab047c1db931f15eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Jul 2023 09:13:14 +0000 Subject: [PATCH 14/57] Bump golang.org/x/net from 0.0.0-20220127200216-cd36cc0744dd to 0.7.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220127200216-cd36cc0744dd to 0.7.0. - [Commits](https://github.com/golang/net/commits/v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 12 ++++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 9a537f4..63134a1 100644 --- a/go.mod +++ b/go.mod @@ -57,11 +57,11 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect golang.org/x/crypto v0.1.0 // indirect - golang.org/x/net v0.1.0 // indirect + golang.org/x/net v0.7.0 // indirect golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect - golang.org/x/sys v0.1.0 // indirect - golang.org/x/term v0.1.0 // indirect - golang.org/x/text v0.4.0 // indirect + golang.org/x/sys v0.5.0 // indirect + golang.org/x/term v0.5.0 // indirect + golang.org/x/text v0.7.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220329172620-7be39ac1afc7 // indirect diff --git a/go.sum b/go.sum index 1c4fbdc..acf4133 100644 --- a/go.sum +++ b/go.sum @@ -428,8 +428,9 @@ golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -506,12 +507,14 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -521,8 +524,9 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 2676ca99a19363312ef570bbddf4d0f2d29b1ab4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Jul 2023 09:21:49 +0000 Subject: [PATCH 15/57] Bump github.com/prometheus/client_golang from 0.9.0 to 1.11.1 Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 0.9.0 to 1.11.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v0.9.0...v1.11.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- go.mod | 14 +++++------ go.sum | 79 +++++++++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 69 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index 63134a1..01f3071 100644 --- a/go.mod +++ b/go.mod @@ -6,8 +6,8 @@ require ( github.com/envoyproxy/go-control-plane v0.10.3 github.com/golang/protobuf v1.5.2 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 - github.com/prometheus/client_golang v0.9.0 - github.com/sirupsen/logrus v1.1.1 + github.com/prometheus/client_golang v1.11.1 + github.com/sirupsen/logrus v1.6.0 github.com/spf13/cobra v0.0.3 github.com/spf13/viper v1.2.1 google.golang.org/grpc v1.45.0 @@ -20,8 +20,9 @@ require ( require ( github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect - github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 // indirect + github.com/beorn7/perks v1.0.1 // indirect github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect + github.com/cespare/xxhash/v2 v2.1.1 // indirect github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.8.0 // indirect @@ -40,7 +41,7 @@ require ( github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect + github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect github.com/magiconair/properties v1.8.0 // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect @@ -50,13 +51,12 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pelletier/go-toml v1.2.0 // indirect github.com/prometheus/client_model v0.2.1-0.20200623203004-60555c9708c7 // indirect - github.com/prometheus/common v0.0.0-20170427095455-13ba4ddd0caa // indirect - github.com/prometheus/procfs v0.0.0-20170519190837-65c1f6f8f0fc // indirect + github.com/prometheus/common v0.26.0 // indirect + github.com/prometheus/procfs v0.6.0 // indirect github.com/spf13/afero v1.6.0 // indirect github.com/spf13/cast v1.3.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - golang.org/x/crypto v0.1.0 // indirect golang.org/x/net v0.7.0 // indirect golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect golang.org/x/sys v0.5.0 // indirect diff --git a/go.sum b/go.sum index acf4133..10c9f25 100644 --- a/go.sum +++ b/go.sum @@ -52,15 +52,24 @@ github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tN github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0 h1:t/LhUZLVitR1Ow2YOnduCsavhwFUklBMoGVYUCqmCqk= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= @@ -110,6 +119,12 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= @@ -123,6 +138,8 @@ github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -219,17 +236,23 @@ github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NH github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v0.0.0-20180402223658-b729f2633dfe/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -252,12 +275,15 @@ github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0Gq github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= @@ -275,25 +301,38 @@ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v0.9.0 h1:tXuTFVHC03mW0D+Ua1Q2d1EAVqLTuggX50V0VLICCzY= -github.com/prometheus/client_golang v0.9.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= +github.com/prometheus/client_golang v1.11.1 h1:+4eQaD7vAZ6DsfsxB15hbE0odUjGI5ARs9yskGu1v4s= +github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.1-0.20200623203004-60555c9708c7 h1:NkLt0ne/zifxULGse6IDsHU45hKk3w6lIVs8yFSVzKU= github.com/prometheus/client_model v0.2.1-0.20200623203004-60555c9708c7/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20170427095455-13ba4ddd0caa h1:WBOqSBZzK9pqPXiewLT2aL9evdTCy4hUefz0h3iJGGI= -github.com/prometheus/common v0.0.0-20170427095455-13ba4ddd0caa/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/procfs v0.0.0-20170519190837-65c1f6f8f0fc h1:eEx6/InsHC/w5bo5ADfs4u7uf7NXgmDDui12UF205Ag= -github.com/prometheus/procfs v0.0.0-20170519190837-65c1f6f8f0fc/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ= +github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= +github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/sirupsen/logrus v1.1.1 h1:VzGj7lhU7KEB9e9gMpAV/v5XT2NVSvLJhJLCWbnkgXg= -github.com/sirupsen/logrus v1.1.1/go.mod h1:zrgwTnHtNr00buQ1vSptGe8m1f/BbgsPukg8qsT7A+A= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= @@ -315,6 +354,7 @@ github.com/spf13/viper v1.2.1 h1:bIcUwXqLseLF3BDAZduuNfekWG87ibtFxi59Bq+oI9M= github.com/spf13/viper v1.2.1/go.mod h1:P4AexN0a+C9tGAnUFNwDMYYZv3pjFuvmeiMyKRaNVlI= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -348,8 +388,6 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -390,6 +428,7 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -397,6 +436,7 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -428,7 +468,6 @@ golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -460,9 +499,11 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180906133057-8cf3aee42992/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -474,6 +515,7 @@ golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -487,6 +529,8 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -494,6 +538,7 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -501,18 +546,17 @@ golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -524,7 +568,6 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -699,6 +742,7 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -714,6 +758,7 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= From b65dcf07847eaa4fc0fc0d50093fb663de97e5cf Mon Sep 17 00:00:00 2001 From: DewaldV Date: Wed, 12 Jul 2023 16:53:12 +0100 Subject: [PATCH 16/57] AIRSHIP-2978 Enable custom access log format configuration --- cmd/root.go | 5 +++- docs/ACCESSLOG.md | 35 ++++++++++++++++++++++++ pkg/envoy/boilerplate.go | 32 +++++++++++++++------- pkg/envoy/boilerplate_test.go | 51 +++++++++++++++++++++++++++++++++++ pkg/envoy/configurator.go | 13 ++++++--- pkg/envoy/options.go | 7 +++++ 6 files changed, 128 insertions(+), 15 deletions(-) create mode 100644 docs/ACCESSLOG.md diff --git a/cmd/root.go b/cmd/root.go index 8ee1c74..491793d 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -45,6 +45,7 @@ type config struct { UseRemoteAddress bool `json:"useRemoteAddress"` HttpExtAuthz envoy.HttpExtAuthz `json:"httpExtAuthz"` HttpGrpcLogger envoy.HttpGrpcLogger `json:"httpGrpcLogger"` + AccessLogger envoy.AccessLogger `json:"accessLogger"` } // Hasher returns node ID as an ID @@ -62,7 +63,7 @@ var rootCmd = &cobra.Command{ RunE: main, } -//Execute runs the function +// Execute runs the function func Execute() { if err := rootCmd.Execute(); err != nil { log.Fatal(err) @@ -104,6 +105,7 @@ func init() { rootCmd.PersistentFlags().Bool("http-ext-authz-allow-partial-message", true, "When this field is true, Envoy will buffer the message until max_request_bytes is reached") rootCmd.PersistentFlags().Bool("http-ext-authz-pack-as-bytes", false, "When this field is true, Envoy will send the body as raw bytes.") rootCmd.PersistentFlags().Bool("http-ext-authz-failure-mode-allow", true, "Changes filters behaviour on errors") + viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug")) viper.BindPFlag("address", rootCmd.PersistentFlags().Lookup("address")) viper.BindPFlag("healthAddress", rootCmd.PersistentFlags().Lookup("health-address")) @@ -230,6 +232,7 @@ func main(*cobra.Command, []string) error { envoy.WithHttpExtAuthzCluster(c.HttpExtAuthz), envoy.WithHttpGrpcLogger(c.HttpGrpcLogger), envoy.WithDefaultRetryOn(viper.GetString("retryOn")), + envoy.WithAccessLog(c.AccessLogger), ) snapshotter := envoy.NewSnapshotter(envoyCache, configurator, aggregator) diff --git a/docs/ACCESSLOG.md b/docs/ACCESSLOG.md new file mode 100644 index 0000000..a27e45e --- /dev/null +++ b/docs/ACCESSLOG.md @@ -0,0 +1,35 @@ +# Access Log + +The Access log format is configurable via the Yggdrasil config file only. It is defined as a json object as follows: + +```json +{ + "accessLogger": { + "format": { + "start_time": "%START_TIME(%s.%3f)%", + "bytes_received": "%BYTES_RECEIVED%", + "protocol": "%PROTOCOL%", + "response_code": "%RESPONSE_CODE%", + "bytes_sent": "%BYTES_SENT%", + "duration": "%DURATION%", + "response_flags": "%RESPONSE_FLAGS%", + "upstream_host": "%UPSTREAM_HOST%", + "upstream_cluster": "%UPSTREAM_CLUSTER%", + "upstream_local_address": "%UPSTREAM_LOCAL_ADDRESS%", + "downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%", + "downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%", + "request_method": "%REQ(:METHOD)%", + "request_path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", + "upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%", + "forwarded_for": "%REQ(X-FORWARDED-FOR)%", + "user_agent": "%REQ(USER-AGENT)%", + "request_id": "%REQ(X-REQUEST-ID)%" + } + } +} + +``` + +The config above would be the same as the default access logger config shipped with Yggdasil. Thus if no format is provided this will be the format used. + +The access log is written to `/var/log/envoy/access.log` which is not currently configurable. diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 56b3108..951a3c8 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -32,10 +32,8 @@ import ( var ( jsonFormat *structpb.Struct allowedRetryOns map[string]bool -) -func init() { - format := map[string]interface{}{ + DefaultAccessLogFormat = map[string]interface{}{ "start_time": "%START_TIME(%s.%3f)%", "bytes_received": "%BYTES_RECEIVED%", "protocol": "%PROTOCOL%", @@ -55,12 +53,9 @@ func init() { "user_agent": "%REQ(USER-AGENT)%", "request_id": "%REQ(X-REQUEST-ID)%", } - b, err := structpb.NewValue(format) - if err != nil { - log.Fatal(err) - } - jsonFormat = b.GetStructValue() +) +func init() { allowedRetryOns = map[string]bool{ "5xx": true, "gateway-error": true, @@ -184,8 +179,18 @@ func makeGrpcLoggerConfig(cfg HttpGrpcLogger) *gal.HttpGrpcAccessLogConfig { } } -func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost) (*hcm.HttpConnectionManager, error) { - // Access Logs +func makeFileAccessLog(cfg AccessLogger) *eal.FileAccessLog { + format := DefaultAccessLogFormat + if len(cfg.Format) > 0 { + format = cfg.Format + } + + b, err := structpb.NewValue(format) + if err != nil { + log.Fatal(err) + } + jsonFormat = b.GetStructValue() + accessLogConfig := &eal.FileAccessLog{ Path: "/var/log/envoy/access.log", AccessLogFormat: &eal.FileAccessLog_LogFormat{ @@ -196,6 +201,13 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir }, }, } + + return accessLogConfig +} + +func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost) (*hcm.HttpConnectionManager, error) { + // Access Logs + accessLogConfig := makeFileAccessLog(c.accessLogger) anyAccessLogConfig, err := anypb.New(accessLogConfig) if err != nil { log.Fatalf("failed to marshal access log config struct to typed struct: %s", err) diff --git a/pkg/envoy/boilerplate_test.go b/pkg/envoy/boilerplate_test.go index 93b8705..453576b 100644 --- a/pkg/envoy/boilerplate_test.go +++ b/pkg/envoy/boilerplate_test.go @@ -2,10 +2,12 @@ package envoy import ( "fmt" + "reflect" "testing" "time" core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + eal "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" "github.com/golang/protobuf/ptypes/duration" ) @@ -56,6 +58,55 @@ func TestMakeHealthChecksValidPath(t *testing.T) { } +type accessLoggerTestCase struct { + name string + format map[string]interface{} + custom bool +} + +func TestAccessLoggerConfig(t *testing.T) { + testCases := []accessLoggerTestCase{ + {name: "default log format", format: DefaultAccessLogFormat, custom: false}, + {name: "custom log format", format: map[string]interface{}{"a-key": "a-format-specifier"}, custom: true}, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + cfg := AccessLogger{} + if tc.custom { + cfg.Format = tc.format + } + + fileAccessLog := makeFileAccessLog(cfg) + if fileAccessLog.Path != "/var/log/envoy/access.log" { + t.Errorf("Expected access log to use default path but was, %s", fileAccessLog.Path) + } + + alf, ok := fileAccessLog.AccessLogFormat.(*eal.FileAccessLog_LogFormat) + if !ok { + t.Fatalf("File Access Log Format had incorrect type, should be FileAccessLog_LogFormat") + } + + lf, ok := alf.LogFormat.Format.(*core.SubstitutionFormatString_JsonFormat) + if !ok { + t.Fatalf("LogFormat had incorrect type, should be SubstitutionFormatString_JsonFormat") + } + + format := lf.JsonFormat.AsMap() + if !reflect.DeepEqual(format, tc.format) { + t.Errorf("Log format map should match configuration") + } + }) + } +} + +func TestAccessLoggerDefault(t *testing.T) { + _ = AccessLogger{ + Format: map[string]interface{}{}, + } + +} + func mustParseDuration(dur string) time.Duration { d, err := time.ParseDuration(dur) if err != nil { diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index 2f6a549..d1deeb3 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -45,7 +45,11 @@ type HttpGrpcLogger struct { ResponseHeaders []string `json:"responseHeaders"` } -//KubernetesConfigurator takes a given Ingress Class and lister to find only ingresses of that class +type AccessLogger struct { + Format map[string]interface{} `json:"format"` +} + +// KubernetesConfigurator takes a given Ingress Class and lister to find only ingresses of that class type KubernetesConfigurator struct { ingressClasses []string nodeID string @@ -60,6 +64,7 @@ type KubernetesConfigurator struct { useRemoteAddress bool httpExtAuthz HttpExtAuthz httpGrpcLogger HttpGrpcLogger + accessLogger AccessLogger defaultRetryOn string previousConfig *envoyConfiguration @@ -68,7 +73,7 @@ type KubernetesConfigurator struct { sync.Mutex } -//NewKubernetesConfigurator returns a Kubernetes configurator given a lister and ingress class +// NewKubernetesConfigurator returns a Kubernetes configurator given a lister and ingress class func NewKubernetesConfigurator(nodeID string, certificates []Certificate, ca string, ingressClasses []string, options ...option) *KubernetesConfigurator { c := &KubernetesConfigurator{ingressClasses: ingressClasses, nodeID: nodeID, certificates: certificates, trustCA: ca} for _, opt := range options { @@ -77,7 +82,7 @@ func NewKubernetesConfigurator(nodeID string, certificates []Certificate, ca str return c } -//Generate creates a new snapshot +// Generate creates a new snapshot func (c *KubernetesConfigurator) Generate(ingresses []*k8s.Ingress) (cache.Snapshot, error) { c.Lock() defer c.Unlock() @@ -109,7 +114,7 @@ func (c *KubernetesConfigurator) Generate(ingresses []*k8s.Ingress) (cache.Snaps return snap, nil } -//NodeID returns the NodeID +// NodeID returns the NodeID func (c *KubernetesConfigurator) NodeID() string { return c.nodeID diff --git a/pkg/envoy/options.go b/pkg/envoy/options.go index e0e9058..7263aef 100644 --- a/pkg/envoy/options.go +++ b/pkg/envoy/options.go @@ -71,3 +71,10 @@ func WithDefaultRetryOn(defaultRetryOn string) option { c.defaultRetryOn = defaultRetryOn } } + +// WithAccessLog configures the access log formats +func WithAccessLog(accessLogger AccessLogger) option { + return func(c *KubernetesConfigurator) { + c.accessLogger = accessLogger + } +} From 19041d82beba391f209a039b1f65e3405c00dd66 Mon Sep 17 00:00:00 2001 From: DewaldV Date: Wed, 12 Jul 2023 16:56:35 +0100 Subject: [PATCH 17/57] AIRSHIP-2978 Remove unused test and add link --- docs/ACCESSLOG.md | 2 ++ pkg/envoy/boilerplate_test.go | 7 ------- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/docs/ACCESSLOG.md b/docs/ACCESSLOG.md index a27e45e..7285fcb 100644 --- a/docs/ACCESSLOG.md +++ b/docs/ACCESSLOG.md @@ -32,4 +32,6 @@ The Access log format is configurable via the Yggdrasil config file only. It is The config above would be the same as the default access logger config shipped with Yggdasil. Thus if no format is provided this will be the format used. +[See Envoy docs for more on access log formats](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-default-format) + The access log is written to `/var/log/envoy/access.log` which is not currently configurable. diff --git a/pkg/envoy/boilerplate_test.go b/pkg/envoy/boilerplate_test.go index 453576b..42779e7 100644 --- a/pkg/envoy/boilerplate_test.go +++ b/pkg/envoy/boilerplate_test.go @@ -100,13 +100,6 @@ func TestAccessLoggerConfig(t *testing.T) { } } -func TestAccessLoggerDefault(t *testing.T) { - _ = AccessLogger{ - Format: map[string]interface{}{}, - } - -} - func mustParseDuration(dur string) time.Duration { d, err := time.ParseDuration(dur) if err != nil { From c13c01963f45ed624c2998d37e7be8a4ba6e6647 Mon Sep 17 00:00:00 2001 From: DewaldV Date: Wed, 12 Jul 2023 17:10:19 +0100 Subject: [PATCH 18/57] AIRSHIP-2978 Sort log lines --- docs/ACCESSLOG.md | 22 +++++++++++----------- pkg/envoy/boilerplate.go | 20 ++++++++++---------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/docs/ACCESSLOG.md b/docs/ACCESSLOG.md index 7285fcb..25540e2 100644 --- a/docs/ACCESSLOG.md +++ b/docs/ACCESSLOG.md @@ -6,24 +6,24 @@ The Access log format is configurable via the Yggdrasil config file only. It is { "accessLogger": { "format": { - "start_time": "%START_TIME(%s.%3f)%", "bytes_received": "%BYTES_RECEIVED%", - "protocol": "%PROTOCOL%", - "response_code": "%RESPONSE_CODE%", "bytes_sent": "%BYTES_SENT%", + "downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%", + "downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%", "duration": "%DURATION%", + "forwarded_for": "%REQ(X-FORWARDED-FOR)%", + "protocol": "%PROTOCOL%", + "request_id": "%REQ(X-REQUEST-ID)%", + "request_method": "%REQ(:METHOD)%", + "request_path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", + "response_code": "%RESPONSE_CODE%", "response_flags": "%RESPONSE_FLAGS%", - "upstream_host": "%UPSTREAM_HOST%", + "start_time": "%START_TIME(%s.%3f)%", "upstream_cluster": "%UPSTREAM_CLUSTER%", + "upstream_host": "%UPSTREAM_HOST%", "upstream_local_address": "%UPSTREAM_LOCAL_ADDRESS%", - "downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%", - "downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%", - "request_method": "%REQ(:METHOD)%", - "request_path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", "upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%", - "forwarded_for": "%REQ(X-FORWARDED-FOR)%", - "user_agent": "%REQ(USER-AGENT)%", - "request_id": "%REQ(X-REQUEST-ID)%" + "user_agent": "%REQ(USER-AGENT)%" } } } diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 951a3c8..50041ce 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -34,24 +34,24 @@ var ( allowedRetryOns map[string]bool DefaultAccessLogFormat = map[string]interface{}{ - "start_time": "%START_TIME(%s.%3f)%", "bytes_received": "%BYTES_RECEIVED%", - "protocol": "%PROTOCOL%", - "response_code": "%RESPONSE_CODE%", "bytes_sent": "%BYTES_SENT%", + "downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%", + "downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%", "duration": "%DURATION%", + "forwarded_for": "%REQ(X-FORWARDED-FOR)%", + "protocol": "%PROTOCOL%", + "request_id": "%REQ(X-REQUEST-ID)%", + "request_method": "%REQ(:METHOD)%", + "request_path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", + "response_code": "%RESPONSE_CODE%", "response_flags": "%RESPONSE_FLAGS%", - "upstream_host": "%UPSTREAM_HOST%", + "start_time": "%START_TIME(%s.%3f)%", "upstream_cluster": "%UPSTREAM_CLUSTER%", + "upstream_host": "%UPSTREAM_HOST%", "upstream_local_address": "%UPSTREAM_LOCAL_ADDRESS%", - "downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%", - "downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%", - "request_method": "%REQ(:METHOD)%", - "request_path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", "upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%", - "forwarded_for": "%REQ(X-FORWARDED-FOR)%", "user_agent": "%REQ(USER-AGENT)%", - "request_id": "%REQ(X-REQUEST-ID)%", } ) From aee97665b3c732bdf7720c710bfd4ef40289e5fa Mon Sep 17 00:00:00 2001 From: DewaldV Date: Thu, 13 Jul 2023 14:13:35 +0100 Subject: [PATCH 19/57] AIRSHIP-2978 Add config dump endpoint for testing --- cmd/root.go | 4 +++- cmd/server.go | 39 ++++++++++++++++++++++++++++++++++++++- pkg/envoy/config_dump.go | 26 ++++++++++++++++++++++++++ pkg/envoy/configurator.go | 5 +++-- pkg/envoy/snapshotter.go | 15 ++++++++++----- 5 files changed, 80 insertions(+), 9 deletions(-) create mode 100644 pkg/envoy/config_dump.go diff --git a/cmd/root.go b/cmd/root.go index 491793d..68a9f66 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -83,6 +83,7 @@ func init() { rootCmd.PersistentFlags().StringSlice("ingress-classes", nil, "Ingress classes to watch") rootCmd.PersistentFlags().StringArrayVar(&kubeConfig, "kube-config", nil, "Path to kube config") rootCmd.PersistentFlags().Bool("debug", false, "Log at debug level") + rootCmd.PersistentFlags().Bool("config-dump", false, "Enabled config dump endpoint") rootCmd.PersistentFlags().Uint32("upstream-port", 443, "port used to connect to the upstream ingresses") rootCmd.PersistentFlags().String("envoy-listener-ipv4-address", "0.0.0.0", "IPv4 address by the envoy proxy to accept incoming connections") rootCmd.PersistentFlags().Uint32("envoy-port", 10000, "port by the envoy proxy to accept incoming connections") @@ -107,6 +108,7 @@ func init() { rootCmd.PersistentFlags().Bool("http-ext-authz-failure-mode-allow", true, "Changes filters behaviour on errors") viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug")) + viper.BindPFlag("configDump", rootCmd.PersistentFlags().Lookup("config-dump")) viper.BindPFlag("address", rootCmd.PersistentFlags().Lookup("address")) viper.BindPFlag("healthAddress", rootCmd.PersistentFlags().Lookup("health-address")) viper.BindPFlag("nodeName", rootCmd.PersistentFlags().Lookup("node-name")) @@ -240,7 +242,7 @@ func main(*cobra.Command, []string) error { go aggregator.Run() envoyServer := server.NewServer(ctx, envoyCache, &callbacks{}) - go runEnvoyServer(envoyServer, viper.GetString("address"), viper.GetString("healthAddress"), ctx.Done()) + go runEnvoyServer(envoyServer, snapshotter, viper.GetBool("configDump"), viper.GetString("address"), viper.GetString("healthAddress"), ctx.Done()) <-stopCh return nil diff --git a/cmd/server.go b/cmd/server.go index 14544c3..89df418 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -2,6 +2,7 @@ package cmd import ( "context" + "encoding/json" "fmt" "net" "net/http" @@ -16,6 +17,8 @@ import ( "github.com/prometheus/client_golang/prometheus/promhttp" log "github.com/sirupsen/logrus" "google.golang.org/grpc" + + "github.com/uswitch/yggdrasil/pkg/envoy" ) type callbacks struct { @@ -49,7 +52,7 @@ func (c *callbacks) OnFetchResponse(*discovery.DiscoveryRequest, *discovery.Disc c.fetchResp++ } -func runEnvoyServer(envoyServer server.Server, address string, healthAddress string, stopCh <-chan struct{}) { +func runEnvoyServer(envoyServer server.Server, snapshotter *envoy.Snapshotter, enableConfigDump bool, address string, healthAddress string, stopCh <-chan struct{}) { grpcServer := grpc.NewServer( grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor), @@ -76,6 +79,9 @@ func runEnvoyServer(envoyServer server.Server, address string, healthAddress str healthMux.Handle("/metrics", promhttp.Handler()) healthMux.HandleFunc("/healthz", health) + if enableConfigDump { + healthMux.HandleFunc("/configdump", handleConfigDump(snapshotter)) + } go func() { if err = grpcServer.Serve(lis); err != nil { @@ -97,3 +103,34 @@ func runEnvoyServer(envoyServer server.Server, address string, healthAddress str func health(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) } + +type ConfigDumpError struct { + Error error + Message string +} + +func handleConfigDump(snapshotter *envoy.Snapshotter) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodGet { + w.WriteHeader(http.StatusMethodNotAllowed) + return + } + + snapshot, err := snapshotter.ConfigDump() + if err != nil { + respErr := ConfigDumpError{ + Error: err, + Message: "Unable to get current snapshot from snapshotter, see error for details.", + } + + w.Header().Add("Content-Type", "application/json") + w.WriteHeader(http.StatusInternalServerError) + json.NewEncoder(w).Encode(respErr) + return + } + + w.Header().Add("Content-Type", "application/json") + w.WriteHeader(http.StatusOK) + json.NewEncoder(w).Encode(snapshot) + } +} diff --git a/pkg/envoy/config_dump.go b/pkg/envoy/config_dump.go new file mode 100644 index 0000000..3c18c02 --- /dev/null +++ b/pkg/envoy/config_dump.go @@ -0,0 +1,26 @@ +package envoy + +import ( + types "github.com/envoyproxy/go-control-plane/pkg/cache/types" + resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" +) + +type EnvoySnapshot struct { + Listeners map[string]types.Resource + Clusters map[string]types.Resource +} + +func (s *Snapshotter) ConfigDump() (EnvoySnapshot, error) { + snapshot, err := s.CurrentSnapshot() + if err != nil { + return EnvoySnapshot{}, err + } + + listeners := snapshot.GetResources(resource.ListenerType) + clusters := snapshot.GetResources(resource.ClusterType) + + return EnvoySnapshot{ + Listeners: listeners, + Clusters: clusters, + }, nil +} diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index d1deeb3..fc1292e 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -11,7 +11,8 @@ import ( route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" tcache "github.com/envoyproxy/go-control-plane/pkg/cache/types" cache "github.com/envoyproxy/go-control-plane/pkg/cache/v3" - types "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" + "github.com/uswitch/yggdrasil/pkg/k8s" ) @@ -186,7 +187,7 @@ func (c *KubernetesConfigurator) generateHTTPFilterChain(config *envoyConfigurat if err != nil { return nil, err } - anyHttpConfig, err := types.MarshalAny(httpConnectionManager) + anyHttpConfig, err := anypb.New(httpConnectionManager) if err != nil { log.Fatalf("failed to marshal HTTP config struct to typed struct: %s", err) } diff --git a/pkg/envoy/snapshotter.go b/pkg/envoy/snapshotter.go index 04b1768..e0c6acf 100644 --- a/pkg/envoy/snapshotter.go +++ b/pkg/envoy/snapshotter.go @@ -10,21 +10,21 @@ import ( "github.com/uswitch/yggdrasil/pkg/k8s" ) -//Configurator is an interface that implements Generate and NodeID +// Configurator is an interface that implements Generate and NodeID type Configurator interface { Generate([]*k8s.Ingress) (cache.Snapshot, error) NodeID() string } -//Snapshotter watches for Ingress changes and updates the -//config snapshot +// Snapshotter watches for Ingress changes and updates the +// config snapshot type Snapshotter struct { snapshotCache cache.SnapshotCache configurator Configurator aggregator *k8s.Aggregator } -//NewSnapshotter returns a new Snapshotter +// NewSnapshotter returns a new Snapshotter func NewSnapshotter(snapshotCache cache.SnapshotCache, config Configurator, aggregator *k8s.Aggregator) *Snapshotter { return &Snapshotter{snapshotCache: snapshotCache, configurator: config, aggregator: aggregator} } @@ -40,10 +40,15 @@ func (s *Snapshotter) snapshot() error { log.Debugf("took snapshot: %+v", snapshot) s.snapshotCache.SetSnapshot(context.Background(), s.configurator.NodeID(), &snapshot) + return nil } -//Run will periodically refresh the snapshot +func (s *Snapshotter) CurrentSnapshot() (cache.ResourceSnapshot, error) { + return s.snapshotCache.GetSnapshot(s.configurator.NodeID()) +} + +// Run will periodically refresh the snapshot func (s *Snapshotter) Run(a *k8s.Aggregator) { log.Infof("started snapshotter") hadChanges := false From caf804cecba25d06acbc3e95849419515f0b5921 Mon Sep 17 00:00:00 2001 From: DewaldV Date: Thu, 13 Jul 2023 14:21:55 +0100 Subject: [PATCH 20/57] AIRSHIP-2978 Improve docs for config dump flag --- README.md | 1 + cmd/root.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 022cf4a..47cb738 100644 --- a/README.md +++ b/README.md @@ -169,6 +169,7 @@ The Yggdrasil-specific metrics which are available from the API are: --ca string trustedCA --cert string certfile --config string config file +--config-dump Enable config dump endpoint at /configdump on the health-address HTTP server --debug Log at debug level --envoy-listener-ipv4-address string IPv4 address by the envoy proxy to accept incoming connections (default "0.0.0.0") --envoy-port uint32 port by the envoy proxy to accept incoming connections (default 10000) diff --git a/cmd/root.go b/cmd/root.go index 68a9f66..8f769d1 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -83,7 +83,7 @@ func init() { rootCmd.PersistentFlags().StringSlice("ingress-classes", nil, "Ingress classes to watch") rootCmd.PersistentFlags().StringArrayVar(&kubeConfig, "kube-config", nil, "Path to kube config") rootCmd.PersistentFlags().Bool("debug", false, "Log at debug level") - rootCmd.PersistentFlags().Bool("config-dump", false, "Enabled config dump endpoint") + rootCmd.PersistentFlags().Bool("config-dump", false, "Enable config dump endpoint at /configdump on the health-address HTTP server") rootCmd.PersistentFlags().Uint32("upstream-port", 443, "port used to connect to the upstream ingresses") rootCmd.PersistentFlags().String("envoy-listener-ipv4-address", "0.0.0.0", "IPv4 address by the envoy proxy to accept incoming connections") rootCmd.PersistentFlags().Uint32("envoy-port", 10000, "port by the envoy proxy to accept incoming connections") From d7f9cbbe5bed163c8a7d30bb17eb87945f482619 Mon Sep 17 00:00:00 2001 From: Mark McGarry Date: Fri, 1 Dec 2023 12:52:42 +0000 Subject: [PATCH 21/57] airship-3070: migrate to github actions --- .drone.yml | 40 -------------------------- .github/rvu/labels.yaml | 1 + .github/workflows/push.yaml | 57 +++++++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 40 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/rvu/labels.yaml create mode 100644 .github/workflows/push.yaml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index a68bc8d..0000000 --- a/.drone.yml +++ /dev/null @@ -1,40 +0,0 @@ -workspace: - base: /go - path: src/github.com/uswitch/yggdrasil - -pipeline: - test: - image: golang:1.17 - environment: - - GO111MODULE=on - commands: - - make test - - build: - image: golang:1.17 - environment: - - GO111MODULE=on - commands: - - make build-linux - - docker-latest: - image: plugins/docker - repo: quay.io/uswitch/yggdrasil - registry: quay.io - secrets: [ docker_username, docker_password ] - tags: - - latest - - ${DRONE_COMMIT_SHA} - when: - event: push - branch: master - - docker-tagged: - image: plugins/docker - repo: quay.io/uswitch/yggdrasil - registry: quay.io - secrets: [ docker_username, docker_password ] - tags: - - ${DRONE_TAG} - when: - event: tag diff --git a/.github/rvu/labels.yaml b/.github/rvu/labels.yaml new file mode 100644 index 0000000..7b192d6 --- /dev/null +++ b/.github/rvu/labels.yaml @@ -0,0 +1 @@ +service.rvu.co.uk/brand: airship diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml new file mode 100644 index 0000000..e9bac1d --- /dev/null +++ b/.github/workflows/push.yaml @@ -0,0 +1,57 @@ +name: push +on: push +permissions: + contents: read + id-token: write +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 + with: + go-version: "1.17" + - run: make test + build: + runs-on: ubuntu-latest + needs: test + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 + with: + go-version: "1.17" + - run: make build-linux + - uses: actions/upload-artifact@v3 + with: + name: bin + path: bin/ + docker-build-push: + if: github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/v') + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/download-artifact@v3 + with: + name: bin + path: bin/ + - name: Login to Quay.io + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSWORD }} + - id: meta + uses: docker/metadata-action@v5 + with: + images: quay.io/uswitch/yggdrasil + tags: | + type=semver,pattern={{version}} + type=sha,prefix=,format=long, + - uses: docker/build-push-action@v5 + with: + context: . + labels: ${{ steps.meta.outputs.labels }} + push: true + tags: ${{ steps.meta.outputs.tags }} + From 0d38c9969d0e87ab53b308454a452a397cf24494 Mon Sep 17 00:00:00 2001 From: Mark McGarry Date: Wed, 6 Dec 2023 14:35:50 +0000 Subject: [PATCH 22/57] fix file exec permissions in docker entrypoint --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3010abd..4463ff7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ FROM scratch -ADD bin/yggdrasil-linux-amd64 yggdrasil +COPY --chmod=755 bin/yggdrasil-linux-amd64 yggdrasil ENTRYPOINT ["/yggdrasil"] From 5577d6f6eb4e4dc5017d804272296e23f10ab2d9 Mon Sep 17 00:00:00 2001 From: meghaniankov Date: Tue, 30 Jan 2024 16:29:40 +0000 Subject: [PATCH 23/57] add zipkin tracing provider config --- pkg/envoy/boilerplate.go | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 50041ce..d677d1d 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -11,6 +11,7 @@ import ( endpoint "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + tracing "github.com/envoyproxy/go-control-plane/envoy/config/trace/v3" eal "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" gal "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3" eauthz "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" @@ -205,6 +206,16 @@ func makeFileAccessLog(cfg AccessLogger) *eal.FileAccessLog { return accessLogConfig } +func makeZipkinTracingProvider() *tracing.ZipkinConfig { + zipkinTracingProviderConfig := &tracing.ZipkinConfig{ + CollectorCluster: "zipkin", + CollectorEndpoint: "/api/v2/spans", + CollectorEndpointVersion: tracing.ZipkinConfig_HTTP_JSON, + } + + return zipkinTracingProviderConfig +} + func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost) (*hcm.HttpConnectionManager, error) { // Access Logs accessLogConfig := makeFileAccessLog(c.accessLogger) @@ -261,6 +272,8 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir return &hcm.HttpConnectionManager{}, err } + zipkinTracingProvider, err := anypb.New(makeZipkinTracingProvider()) + return &hcm.HttpConnectionManager{ CodecType: hcm.HttpConnectionManager_AUTO, StatPrefix: "ingress_http", @@ -276,7 +289,12 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir VirtualHosts: virtualHosts, }, }, - Tracing: &hcm.HttpConnectionManager_Tracing{}, + Tracing: &hcm.HttpConnectionManager_Tracing{ + Provider: &tracing.Tracing_Http{ + Name: "config.trace.v3.Tracing.Http", + ConfigType: &tracing.Tracing_Http_TypedConfig{TypedConfig: zipkinTracingProvider}, + }, + }, AccessLog: accessLoggers, UseRemoteAddress: &wrapperspb.BoolValue{Value: c.useRemoteAddress}, }, nil From 78811f69012eca99e3ce5ac8712c854befd005e5 Mon Sep 17 00:00:00 2001 From: meghaniankov Date: Tue, 30 Jan 2024 16:34:16 +0000 Subject: [PATCH 24/57] temp build image on any branch --- .github/workflows/push.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index e9bac1d..b67249d 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -26,7 +26,6 @@ jobs: name: bin path: bin/ docker-build-push: - if: github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/v') needs: build runs-on: ubuntu-latest steps: From 6d5c95c68d70c38b41f9b1062fdd4436d552f2b8 Mon Sep 17 00:00:00 2001 From: meghaniankov Date: Wed, 31 Jan 2024 12:14:34 +0000 Subject: [PATCH 25/57] make tracing provider config optional --- cmd/root.go | 2 ++ pkg/envoy/boilerplate.go | 27 ++++++++++++++++++--------- pkg/envoy/configurator.go | 5 +++-- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 1743115..120b437 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -91,6 +91,7 @@ func init() { rootCmd.PersistentFlags().Int32("max-ejection-percentage", -1, "maximal percentage of hosts ejected via outlier detection. Set to >=0 to activate outlier detection in envoy.") rootCmd.PersistentFlags().Int64("host-selection-retry-attempts", -1, "Number of host selection retry attempts. Set to value >=0 to enable") rootCmd.PersistentFlags().String("retry-on", "5xx", "default comma-separated list of retry policies") + rootCmd.PersistentFlags().String("tracing-provider", "", "HTTP Connection Manager tracing provider block to include") rootCmd.PersistentFlags().Duration("upstream-healthcheck-interval", 10*time.Second, "duration of the upstream health check interval") rootCmd.PersistentFlags().Duration("upstream-healthcheck-timeout", 5*time.Second, "timeout of the upstream healthchecks") rootCmd.PersistentFlags().Uint32("upstream-healthcheck-healthy", 3, "number of successful healthchecks before the backend is considered healthy") @@ -123,6 +124,7 @@ func init() { viper.BindPFlag("maxEjectionPercentage", rootCmd.PersistentFlags().Lookup("max-ejection-percentage")) viper.BindPFlag("hostSelectionRetryAttempts", rootCmd.PersistentFlags().Lookup("host-selection-retry-attempts")) viper.BindPFlag("retryOn", rootCmd.PersistentFlags().Lookup("retry-on")) + viper.BindPFlag("tracingProvider", rootCmd.PersistentFlags().Lookup("tracing-provider")) viper.BindPFlag("upstreamHealthCheck.interval", rootCmd.PersistentFlags().Lookup("upstream-healthcheck-interval")) viper.BindPFlag("upstreamHealthCheck.timeout", rootCmd.PersistentFlags().Lookup("upstream-healthcheck-timeout")) viper.BindPFlag("upstreamHealthCheck.healthyThreshold", rootCmd.PersistentFlags().Lookup("upstream-healthcheck-healthy")) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index d677d1d..ca1f735 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -216,7 +216,7 @@ func makeZipkinTracingProvider() *tracing.ZipkinConfig { return zipkinTracingProviderConfig } -func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost) (*hcm.HttpConnectionManager, error) { +func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost, tracingProvider string) (*hcm.HttpConnectionManager, error) { // Access Logs accessLogConfig := makeFileAccessLog(c.accessLogger) anyAccessLogConfig, err := anypb.New(accessLogConfig) @@ -272,7 +272,21 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir return &hcm.HttpConnectionManager{}, err } - zipkinTracingProvider, err := anypb.New(makeZipkinTracingProvider()) + tracingProviderConfig := &hcm.HttpConnectionManager_Tracing{} + + if tracingProvider == "zipkin" { + zipkinTracingProvider, err := anypb.New(makeZipkinTracingProvider()) + if err != nil { + log.Fatal(err) + } + + tracingProviderConfig = &hcm.HttpConnectionManager_Tracing{ + Provider: &tracing.Tracing_Http{ + Name: "config.trace.v3.Tracing.Http", + ConfigType: &tracing.Tracing_Http_TypedConfig{TypedConfig: zipkinTracingProvider}, + }, + } + } return &hcm.HttpConnectionManager{ CodecType: hcm.HttpConnectionManager_AUTO, @@ -289,19 +303,14 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir VirtualHosts: virtualHosts, }, }, - Tracing: &hcm.HttpConnectionManager_Tracing{ - Provider: &tracing.Tracing_Http{ - Name: "config.trace.v3.Tracing.Http", - ConfigType: &tracing.Tracing_Http_TypedConfig{TypedConfig: zipkinTracingProvider}, - }, - }, + Tracing: tracingProviderConfig, AccessLog: accessLoggers, UseRemoteAddress: &wrapperspb.BoolValue{Value: c.useRemoteAddress}, }, nil } func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtualHosts []*route.VirtualHost) (listener.FilterChain, error) { - httpConnectionManager, err := c.makeConnectionManager(virtualHosts) + httpConnectionManager, err := c.makeConnectionManager(virtualHosts, c.tracingProvider) if err != nil { return listener.FilterChain{}, fmt.Errorf("failed to get httpConnectionManager: %s", err) } diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index fc13a9a..ebeae64 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -69,6 +69,7 @@ type KubernetesConfigurator struct { httpGrpcLogger HttpGrpcLogger accessLogger AccessLogger defaultRetryOn string + tracingProvider string previousConfig *envoyConfiguration listenerVersion string @@ -85,7 +86,7 @@ func NewKubernetesConfigurator(nodeID string, certificates []Certificate, ca str return c } -//Generate creates a new snapshot +// Generate creates a new snapshot func (c *KubernetesConfigurator) Generate(ingresses []*k8s.Ingress, secrets []*v1.Secret) (cache.Snapshot, error) { c.Lock() defer c.Unlock() @@ -236,7 +237,7 @@ func (c *KubernetesConfigurator) generateHTTPFilterChain(config *envoyConfigurat virtualHosts = append(virtualHosts, vhost) } - httpConnectionManager, err := c.makeConnectionManager(virtualHosts) + httpConnectionManager, err := c.makeConnectionManager(virtualHosts, c.tracingProvider) if err != nil { return nil, err } From 5a75ea89d847c9f7026be2d8d470483624d38b29 Mon Sep 17 00:00:00 2001 From: meghaniankov Date: Wed, 31 Jan 2024 15:32:23 +0000 Subject: [PATCH 26/57] fix tracing-provider config --- cmd/root.go | 1 + pkg/envoy/boilerplate.go | 6 +++--- pkg/envoy/configurator.go | 2 +- pkg/envoy/options.go | 7 +++++++ 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 120b437..441e5fb 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -243,6 +243,7 @@ func main(*cobra.Command, []string) error { envoy.WithSyncSecrets(c.SyncSecrets), envoy.WithDefaultRetryOn(viper.GetString("retryOn")), envoy.WithAccessLog(c.AccessLogger), + envoy.WithTracingProvider(viper.GetString("tracingProvider")), ) snapshotter := envoy.NewSnapshotter(envoyCache, configurator, aggregator) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index ca1f735..aec1a58 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -216,7 +216,7 @@ func makeZipkinTracingProvider() *tracing.ZipkinConfig { return zipkinTracingProviderConfig } -func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost, tracingProvider string) (*hcm.HttpConnectionManager, error) { +func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost) (*hcm.HttpConnectionManager, error) { // Access Logs accessLogConfig := makeFileAccessLog(c.accessLogger) anyAccessLogConfig, err := anypb.New(accessLogConfig) @@ -274,7 +274,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir tracingProviderConfig := &hcm.HttpConnectionManager_Tracing{} - if tracingProvider == "zipkin" { + if c.tracingProvider == "zipkin" { zipkinTracingProvider, err := anypb.New(makeZipkinTracingProvider()) if err != nil { log.Fatal(err) @@ -310,7 +310,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir } func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtualHosts []*route.VirtualHost) (listener.FilterChain, error) { - httpConnectionManager, err := c.makeConnectionManager(virtualHosts, c.tracingProvider) + httpConnectionManager, err := c.makeConnectionManager(virtualHosts) if err != nil { return listener.FilterChain{}, fmt.Errorf("failed to get httpConnectionManager: %s", err) } diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index ebeae64..fc3be3c 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -237,7 +237,7 @@ func (c *KubernetesConfigurator) generateHTTPFilterChain(config *envoyConfigurat virtualHosts = append(virtualHosts, vhost) } - httpConnectionManager, err := c.makeConnectionManager(virtualHosts, c.tracingProvider) + httpConnectionManager, err := c.makeConnectionManager(virtualHosts) if err != nil { return nil, err } diff --git a/pkg/envoy/options.go b/pkg/envoy/options.go index 4ccef75..7cc4e68 100644 --- a/pkg/envoy/options.go +++ b/pkg/envoy/options.go @@ -85,3 +85,10 @@ func WithAccessLog(accessLogger AccessLogger) option { c.accessLogger = accessLogger } } + +// WithTracingProvider configures the tracing provider for HTTP connection manager +func WithTracingProvider(tracingProvider string) option { + return func(c *KubernetesConfigurator) { + c.tracingProvider = tracingProvider + } +} From c83d6704445fef03ae8cd41f601bc367009981b9 Mon Sep 17 00:00:00 2001 From: meghaniankov Date: Wed, 31 Jan 2024 16:12:39 +0000 Subject: [PATCH 27/57] refactor --- pkg/envoy/boilerplate.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index aec1a58..0e804e0 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -272,7 +272,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir return &hcm.HttpConnectionManager{}, err } - tracingProviderConfig := &hcm.HttpConnectionManager_Tracing{} + tracingConfig := &hcm.HttpConnectionManager_Tracing{} if c.tracingProvider == "zipkin" { zipkinTracingProvider, err := anypb.New(makeZipkinTracingProvider()) @@ -280,7 +280,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir log.Fatal(err) } - tracingProviderConfig = &hcm.HttpConnectionManager_Tracing{ + tracingConfig = &hcm.HttpConnectionManager_Tracing{ Provider: &tracing.Tracing_Http{ Name: "config.trace.v3.Tracing.Http", ConfigType: &tracing.Tracing_Http_TypedConfig{TypedConfig: zipkinTracingProvider}, @@ -303,7 +303,7 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir VirtualHosts: virtualHosts, }, }, - Tracing: tracingProviderConfig, + Tracing: tracingConfig, AccessLog: accessLoggers, UseRemoteAddress: &wrapperspb.BoolValue{Value: c.useRemoteAddress}, }, nil From addab84034ccdb1887c28f05894d7390a6735e28 Mon Sep 17 00:00:00 2001 From: meghaniankov Date: Thu, 1 Feb 2024 11:56:48 +0000 Subject: [PATCH 28/57] refactor --- pkg/envoy/boilerplate.go | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 0e804e0..d2579df 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -277,14 +277,12 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir if c.tracingProvider == "zipkin" { zipkinTracingProvider, err := anypb.New(makeZipkinTracingProvider()) if err != nil { - log.Fatal(err) + log.Fatalf("failed to set zipkin tracing provider config: %s", err) } - tracingConfig = &hcm.HttpConnectionManager_Tracing{ - Provider: &tracing.Tracing_Http{ - Name: "config.trace.v3.Tracing.Http", - ConfigType: &tracing.Tracing_Http_TypedConfig{TypedConfig: zipkinTracingProvider}, - }, + tracingConfig.Provider = &tracing.Tracing_Http{ + Name: "config.trace.v3.Tracing.Http", + ConfigType: &tracing.Tracing_Http_TypedConfig{TypedConfig: zipkinTracingProvider}, } } From 8774f42f2324b5d330c8fa79cb26f7c018b4665d Mon Sep 17 00:00:00 2001 From: meghaniankov Date: Thu, 1 Feb 2024 11:57:41 +0000 Subject: [PATCH 29/57] docker-build-push on master or tag only --- .github/workflows/push.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index b67249d..e9bac1d 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -26,6 +26,7 @@ jobs: name: bin path: bin/ docker-build-push: + if: github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/v') needs: build runs-on: ubuntu-latest steps: From 4566964c11d3ef67bdb925c8cc47c63db6be9dd2 Mon Sep 17 00:00:00 2001 From: meghaniankov Date: Thu, 1 Feb 2024 12:14:23 +0000 Subject: [PATCH 30/57] add tracing-provider flag details on README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4c6a376..6d2d405 100644 --- a/README.md +++ b/README.md @@ -202,6 +202,7 @@ The Yggdrasil-specific metrics which are available from the API are: --max-ejection-percentage int32 maximal percentage of hosts ejected via outlier detection. Set to >=0 to activate outlier detection in envoy. (default -1) --node-name string envoy node name --retry-on string default comma-separated list of retry policies (default "5xx") +--tracing-provider name of HTTP Connection Manager tracing provider to include - currently only zipkin config is supported --upstream-healthcheck-healthy uint32 number of successful healthchecks before the backend is considered healthy (default 3) --upstream-healthcheck-interval duration duration of the upstream health check interval (default 10s) --upstream-healthcheck-timeout duration timeout of the upstream healthchecks (default 5s) From 5502acc8455aa445d342f445ae296a480ef31206 Mon Sep 17 00:00:00 2001 From: meghaniankov Date: Fri, 2 Feb 2024 11:24:21 +0000 Subject: [PATCH 31/57] add prefix v to images pushed to quay in gha --- .github/workflows/push.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index e9bac1d..cb1f515 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -47,7 +47,7 @@ jobs: images: quay.io/uswitch/yggdrasil tags: | type=semver,pattern={{version}} - type=sha,prefix=,format=long, + type=sha,prefix=v,format=long, - uses: docker/build-push-action@v5 with: context: . From 0c0577f2d5f388c3043d1a9ff4960ce350b6dc8a Mon Sep 17 00:00:00 2001 From: meghaniankov Date: Fri, 2 Feb 2024 11:35:50 +0000 Subject: [PATCH 32/57] change tag pattern to raw to use exact tag created --- .github/workflows/push.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index cb1f515..4b4e37c 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -46,8 +46,8 @@ jobs: with: images: quay.io/uswitch/yggdrasil tags: | - type=semver,pattern={{version}} - type=sha,prefix=v,format=long, + type=semver,pattern={{raw}} + type=sha,prefix=,format=long, - uses: docker/build-push-action@v5 with: context: . From 09b7382a10c0c029b3823b5a62b90c5c18076c83 Mon Sep 17 00:00:00 2001 From: Guillaume LEGRAIN Date: Wed, 3 Jul 2024 10:38:58 +0200 Subject: [PATCH 33/57] Add config to gitignore --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index b8a95f6..addeb98 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,7 @@ bin/ command testing +ca/ +config/ +envoy/ + From 6e53828e207e88381758f0e1984259dbf8cc5067 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Mon, 12 Sep 2022 17:31:45 +0200 Subject: [PATCH 34/57] feat(weight-annotation): Annotation to add load-balancing weight --- README.md | 5 +++++ pkg/envoy/boilerplate.go | 7 ++++--- pkg/envoy/ingress_translator.go | 31 +++++++++++++++++++++------- pkg/envoy/ingress_translator_test.go | 26 +++++++++++++---------- 4 files changed, 48 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 6d2d405..3790981 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,7 @@ Yggdrasil allows for some customisation of the route and cluster config per Ingr |--------------------------------------------------------------|----------| | [yggdrasil.uswitch.com/healthcheck-path](#health-check-path) | string | | [yggdrasil.uswitch.com/timeout](#timeout) | duration | +| [yggdrasil.uswitch.com/weight](#weight) | uint32 | | [yggdrasil.uswitch.com/retry-on](#retries) | string | ### Health Check Path @@ -90,6 +91,9 @@ Allows for adjusting the timeout in envoy. Currently this will set the following * [config.route.v3.RetryPolicy.PerTryTimeout](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-retrypolicy-per-try-timeout) * [config.cluster.v3.Cluster.ConnectTimeout](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout) +### Weight +Allows for adjusting the [load balancer weights](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/endpoint/v3/endpoint_components.proto#config-endpoint-v3-lbendpoint) in envoy. + ### Retries Allows overwriting the default retry policy's [config.route.v3.RetryPolicy.RetryOn](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-retrypolicy-retry-on) set by the `--retry-on` flag (default 5xx). Accepts a comma-separated list of retry-on policies. @@ -105,6 +109,7 @@ metadata: annotations: yggdrasil.uswitch.com/healthcheck-path: /healthz yggdrasil.uswitch.com/timeout: 30s + yggdrasil.uswitch.com/weight: "12" yggdrasil.uswitch.com/retry-on: gateway-error,connect-failure spec: rules: diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index d2579df..a79306b 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -400,14 +400,14 @@ func makeListener(filterChains []*listener.FilterChain, envoyListenerIpv4Address return &listener, nil } -func makeAddresses(addresses []string, upstreamPort uint32) []*core.Address { +func makeAddresses(addresses []LBHost, upstreamPort uint32) []*core.Address { envoyAddresses := []*core.Address{} for _, address := range addresses { envoyAddress := &core.Address{ Address: &core.Address_SocketAddress{ SocketAddress: &core.SocketAddress{ - Address: address, + Address: address.Host, PortSpecifier: &core.SocketAddress_PortValue{ PortValue: upstreamPort, }, @@ -475,7 +475,8 @@ func makeCluster(c cluster, ca string, healthCfg UpstreamHealthCheck, outlierPer for idx, address := range addresses { endpoints[idx] = &endpoint.LbEndpoint{ - HostIdentifier: &endpoint.LbEndpoint_Endpoint{Endpoint: &endpoint.Endpoint{Address: address}}, + HostIdentifier: &endpoint.LbEndpoint_Endpoint{Endpoint: &endpoint.Endpoint{Address: address}}, + LoadBalancingWeight: &wrappers.UInt32Value{Value: c.Hosts[idx].Weight}, } } diff --git a/pkg/envoy/ingress_translator.go b/pkg/envoy/ingress_translator.go index fca04dc..d3bf555 100644 --- a/pkg/envoy/ingress_translator.go +++ b/pkg/envoy/ingress_translator.go @@ -7,6 +7,7 @@ import ( "fmt" "regexp" "sort" + "strconv" "strings" "time" @@ -90,12 +91,17 @@ func (v *virtualHost) Equals(other *virtualHost) bool { v.RetryOn == other.RetryOn } +type LBHost struct { + Host string + Weight uint32 +} + type cluster struct { Name string VirtualHost string HealthCheckPath string Timeout time.Duration - Hosts []string + Hosts []LBHost } func (c *cluster) identity() string { @@ -127,8 +133,12 @@ func (c *cluster) Equals(other *cluster) bool { return false } - sort.Strings(c.Hosts) - sort.Strings(other.Hosts) + sort.Slice(c.Hosts[:], func(i, j int) bool { + return c.Hosts[i].Host < c.Hosts[j].Host + }) + sort.Slice(other.Hosts[:], func(i, j int) bool { + return other.Hosts[i].Host < other.Hosts[j].Host + }) for i, host := range c.Hosts { if host != other.Hosts[i] { @@ -197,15 +207,15 @@ func newEnvoyIngress(host string) *envoyIngress { cluster: &cluster{ Name: clusterName, VirtualHost: host, - Hosts: []string{}, + Hosts: []LBHost{}, Timeout: (30 * time.Second), HealthCheckPath: "", }, } } -func (ing *envoyIngress) addUpstream(host string) { - ing.cluster.Hosts = append(ing.cluster.Hosts, host) +func (ing *envoyIngress) addUpstream(host string, weight uint32) { + ing.cluster.Hosts = append(ing.cluster.Hosts, LBHost{host, weight}) } func (ing *envoyIngress) addHealthCheckPath(path string) { @@ -311,7 +321,14 @@ func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v } envoyIngress := envoyIngresses[ruleHost] - envoyIngress.addUpstream(j) + + if weight64, err := strconv.ParseUint(i.Annotations["yggdrasil.uswitch.com/weight"], 10, 32); err == nil { + if weight64 != 0 { + envoyIngress.addUpstream(j, uint32(weight64)) + } + } else { + envoyIngress.addUpstream(j, 1) + } if i.Annotations["yggdrasil.uswitch.com/healthcheck-path"] != "" { envoyIngress.addHealthCheckPath(i.Annotations["yggdrasil.uswitch.com/healthcheck-path"]) diff --git a/pkg/envoy/ingress_translator_test.go b/pkg/envoy/ingress_translator_test.go index b904220..a2d8a6e 100644 --- a/pkg/envoy/ingress_translator_test.go +++ b/pkg/envoy/ingress_translator_test.go @@ -131,8 +131,8 @@ func TestVirtualHostEquality(t *testing.T) { } func TestClusterEquality(t *testing.T) { - a := &cluster{Name: "foo", Hosts: []string{"host1", "host2"}} - b := &cluster{Name: "foo", Hosts: []string{"host1", "host2"}} + a := &cluster{Name: "foo", Hosts: []LBHost{{"host1", 1}, {"host2", 1}}} + b := &cluster{Name: "foo", Hosts: []LBHost{{"host1", 1}, {"host2", 1}}} if !a.Equals(b) { t.Error() @@ -142,17 +142,17 @@ func TestClusterEquality(t *testing.T) { t.Error("cluster is equals nil, expect not to be equal") } - c := &cluster{Name: "bar", Hosts: []string{"host1", "host2"}} + c := &cluster{Name: "bar", Hosts: []LBHost{{"host1", 1}, {"host2", 1}}} if a.Equals(c) { t.Error("clusters have different names, expected not to be equal") } - d := &cluster{Name: "foo", Hosts: []string{"host1"}} // missing host2 + d := &cluster{Name: "foo", Hosts: []LBHost{{"host1", 1}}} // missing host2 if a.Equals(d) { t.Error("clusters have different hosts, should be different") } - e := &cluster{Name: "foo", Hosts: []string{"bad1", "bad2"}} + e := &cluster{Name: "foo", Hosts: []LBHost{{"bad1", 1}, {"bad2", 1}}} if a.Equals(e) { t.Error("cluster hosts are different, shouldn't be equal") } @@ -162,7 +162,7 @@ func TestClusterEquality(t *testing.T) { t.Error("no hosts set") } - g := &cluster{Name: "foo", Hosts: []string{"host1", "host2"}, Timeout: (5 * time.Second)} + g := &cluster{Name: "foo", Hosts: []LBHost{{"host1", 1}, {"host2", 1}}, Timeout: (5 * time.Second)} if a.Equals(g) { t.Error("clusters with different timeout values should not be equal") } @@ -268,8 +268,12 @@ func TestGeneratesForSingleIngress(t *testing.T) { if c.Clusters[0].Name != "foo_app_com" { t.Errorf("expected cluster to be named after ingress host, was %s", c.Clusters[0].Name) } - if c.Clusters[0].Hosts[0] != "foo.cluster.com" { - t.Errorf("expected cluster host for foo.cluster.com, was %s", c.Clusters[0].Hosts[0]) + if c.Clusters[0].Hosts[0].Host != "foo.cluster.com" { + t.Errorf("expected cluster host for foo.cluster.com, was %s", c.Clusters[0].Hosts[0].Host) + } + + if c.Clusters[0].Hosts[0].Weight != 1 { + t.Errorf("expected cluster host's weight for 1, was %s", c.Clusters[0].Hosts[0].Weight) } if c.VirtualHosts[0].UpstreamCluster != c.Clusters[0].Name { @@ -304,10 +308,10 @@ func TestGeneratesForMultipleIngressSharingSpecHost(t *testing.T) { if len(c.Clusters[0].Hosts) != 2 { t.Errorf("expected 2 host, was %d", len(c.Clusters[0].Hosts)) } - if c.Clusters[0].Hosts[0] != "foo.com" { + if c.Clusters[0].Hosts[0].Host != "foo.com" { t.Errorf("expected cluster host for foo.com, was %s", c.Clusters[0].Hosts[0]) } - if c.Clusters[0].Hosts[1] != "bar.com" { + if c.Clusters[0].Hosts[1].Host != "bar.com" { t.Errorf("expected cluster host for bar.com, was %s", c.Clusters[0].Hosts[1]) } @@ -340,7 +344,7 @@ func TestFilterNonMatchingIngresses(t *testing.T) { func TestIngressWithIP(t *testing.T) { ingress := newIngressIP("app.com", "127.0.0.1") c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}) - if c.Clusters[0].Hosts[0] != "127.0.0.1" { + if c.Clusters[0].Hosts[0].Host != "127.0.0.1" { t.Errorf("expected cluster host to be IP address, was %s", c.Clusters[0].Hosts[0]) } } From 21a96c7f0cecb717a716672a2a970e4e405879fd Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Mon, 20 Jun 2022 18:23:12 +0200 Subject: [PATCH 35/57] Set tls1.2 as minimum downstream proto Signed-off-by: Laurent Marchaud --- pkg/envoy/boilerplate.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index a79306b..62a92e0 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -329,6 +329,9 @@ func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtua }, }, }, + TlsParams: &auth.TlsParameters{ + TlsMinimumProtocolVersion: auth.TlsParameters_TLSv1_2, + }, } anyTls, err := anypb.New(tls) From fcc0193b2f01bb2854c41864d585d01bf1fa796c Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Mon, 12 Sep 2022 17:47:30 +0200 Subject: [PATCH 36/57] feat(split-time): splits timeout annotation into 3 different ones The new annotations got the priority, the simple 'timeout' annotation still sets the 3 timeouts but if there is, at least one of the new ones, it's overwriting the values set by the simple annotation. --- pkg/envoy/ingress_translator.go | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/pkg/envoy/ingress_translator.go b/pkg/envoy/ingress_translator.go index d3bf555..39ed4e2 100644 --- a/pkg/envoy/ingress_translator.go +++ b/pkg/envoy/ingress_translator.go @@ -228,6 +228,18 @@ func (ing *envoyIngress) addTimeout(timeout time.Duration) { ing.vhost.PerTryTimeout = timeout } +func (ing *envoyIngress) setClusterTimeout(timeout time.Duration) { + ing.cluster.Timeout = timeout +} + +func (ing *envoyIngress) setRouteTimeout(timeout time.Duration) { + ing.vhost.Timeout = timeout +} + +func (ing *envoyIngress) setPerTryTimeout(timeout time.Duration) { + ing.vhost.PerTryTimeout = timeout +} + // hostMatch returns true if tlsHost and ruleHost match, with wildcard support // // *.a.b ruleHost accepts tlsHost *.a.b but not a.a.b or a.b or a.a.a.b @@ -341,6 +353,27 @@ func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v } } + if i.Annotations["yggdrasil.uswitch.com/cluster-timeout"] != "" { + timeout, err := time.ParseDuration(i.Annotations["yggdrasil.uswitch.com/cluster-timeout"]) + if err == nil { + envoyIngress.setClusterTimeout(timeout) + } + } + + if i.Annotations["yggdrasil.uswitch.com/route-timeout"] != "" { + timeout, err := time.ParseDuration(i.Annotations["yggdrasil.uswitch.com/route-timeout"]) + if err == nil { + envoyIngress.setRouteTimeout(timeout) + } + } + + if i.Annotations["yggdrasil.uswitch.com/per-try-timeout"] != "" { + timeout, err := time.ParseDuration(i.Annotations["yggdrasil.uswitch.com/per-try-timeout"]) + if err == nil { + envoyIngress.setPerTryTimeout(timeout) + } + } + envoyIngress.addRetryOn(i) if syncSecrets && envoyIngress.vhost.TlsKey == "" && envoyIngress.vhost.TlsCert == "" { From bc7f82abed7a9fdbcda602e9854d8cf46da5c52b Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 13 Sep 2022 14:33:44 +0200 Subject: [PATCH 37/57] feat(split-timeout): Docs --- README.md | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 3790981..9efc971 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,10 @@ Yggdrasil allows for some customisation of the route and cluster config per Ingr | Name | type | |--------------------------------------------------------------|----------| | [yggdrasil.uswitch.com/healthcheck-path](#health-check-path) | string | -| [yggdrasil.uswitch.com/timeout](#timeout) | duration | +| [yggdrasil.uswitch.com/timeout](#timeouts) | duration | +| [yggdrasil.uswitch.com/cluster-timeout](#timeouts) | duration | +| [yggdrasil.uswitch.com/route-timeout](#timeouts) | duration | +| [yggdrasil.uswitch.com/per-try-timeout](#timeouts) | duration | | [yggdrasil.uswitch.com/weight](#weight) | uint32 | | [yggdrasil.uswitch.com/retry-on](#retries) | string | @@ -84,12 +87,17 @@ Specifies a path to configure a [HTTP health check](https://www.envoyproxy.io/do * [config.core.v3.HealthCheck.HttpHealthCheck.Path](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/core/v3/health_check.proto#envoy-v3-api-field-config-core-v3-healthcheck-httphealthcheck-path) -### Timeout -Allows for adjusting the timeout in envoy. Currently this will set the following timeouts to this value: +### Timeouts +Allows for adjusting the timeout in envoy. + +The `yggdrasil.uswitch.com/cluster-timeout` annotation will set the [config.cluster.v3.Cluster.ConnectTimeout](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout) + +The `yggdrasil.uswitch.com/route-timeout` annotation will set the [config.route.v3.RouteAction.Timeout](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-timeout) + +the `yggdrasil.uswitch.com/per-try-timeout` annotation will set the [config.route.v3.RetryPolicy.PerTryTimeout](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-retrypolicy-per-try-timeout) + +The `yggdrasil.uswitch.com/timeout` annotation will set all of the above with the same value. This annotation has the lowest priority, if it set with one of the other TO annotation, the specific one will override the general annotation. -* [config.route.v3.RouteAction.Timeout](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-timeout) -* [config.route.v3.RetryPolicy.PerTryTimeout](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-retrypolicy-per-try-timeout) -* [config.cluster.v3.Cluster.ConnectTimeout](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout) ### Weight Allows for adjusting the [load balancer weights](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/endpoint/v3/endpoint_components.proto#config-endpoint-v3-lbendpoint) in envoy. From 71a5eb3921d3e53da4608d019a94f170d9f6e800 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 13 Sep 2022 15:45:56 +0200 Subject: [PATCH 38/57] feat(split-timeout): Default Timeouts flags and config --- cmd/root.go | 8 ++++++++ pkg/envoy/configurator.go | 9 ++++++++- pkg/envoy/ingress_translator.go | 12 ++++++------ pkg/envoy/options.go | 7 +++++++ 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 441e5fb..afe7332 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -46,6 +46,7 @@ type config struct { UseRemoteAddress bool `json:"useRemoteAddress"` HttpExtAuthz envoy.HttpExtAuthz `json:"httpExtAuthz"` HttpGrpcLogger envoy.HttpGrpcLogger `json:"httpGrpcLogger"` + DefaultTimeouts envoy.DefaultTimeouts `json:"defaultTimeouts"` AccessLogger envoy.AccessLogger `json:"accessLogger"` } @@ -109,6 +110,9 @@ func init() { rootCmd.PersistentFlags().Bool("http-ext-authz-pack-as-bytes", false, "When this field is true, Envoy will send the body as raw bytes.") rootCmd.PersistentFlags().Bool("http-ext-authz-failure-mode-allow", true, "Changes filters behaviour on errors") + rootCmd.PersistentFlags().Duration("default-route-timeout", 15*time.Second, "Default timeout of the routes") + rootCmd.PersistentFlags().Duration("default-cluster-timeout", 30*time.Second, "Default timeout of the cluster") + rootCmd.PersistentFlags().Duration("default-per-try-timeout", 5*time.Second, "Default timeout of PerTry") viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug")) viper.BindPFlag("configDump", rootCmd.PersistentFlags().Lookup("config-dump")) viper.BindPFlag("address", rootCmd.PersistentFlags().Lookup("address")) @@ -141,6 +145,9 @@ func init() { viper.BindPFlag("httpExtAuthz.allowPartialMessage", rootCmd.PersistentFlags().Lookup("http-ext-authz-allow-partial-message")) viper.BindPFlag("httpExtAuthz.packAsBytes", rootCmd.PersistentFlags().Lookup("http-ext-authz-pack-as-bytes")) viper.BindPFlag("httpExtAuthz.FailureModeAllow", rootCmd.PersistentFlags().Lookup("http-ext-authz-failure-mode-allow")) + viper.BindPFlag("defaultTimeouts.Route", rootCmd.PersistentFlags().Lookup("default-route-timeout")) + viper.BindPFlag("defaultTimeouts.Cluster", rootCmd.PersistentFlags().Lookup("default-cluster-timeout")) + viper.BindPFlag("defaultTimeouts.PerTry", rootCmd.PersistentFlags().Lookup("default-per-try-timeout")) } func initConfig() { @@ -241,6 +248,7 @@ func main(*cobra.Command, []string) error { envoy.WithHttpExtAuthzCluster(c.HttpExtAuthz), envoy.WithHttpGrpcLogger(c.HttpGrpcLogger), envoy.WithSyncSecrets(c.SyncSecrets), + envoy.WithDefaultTimeouts(c.DefaultTimeouts), envoy.WithDefaultRetryOn(viper.GetString("retryOn")), envoy.WithAccessLog(c.AccessLogger), envoy.WithTracingProvider(viper.GetString("tracingProvider")), diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index fc3be3c..f659c58 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -30,6 +30,12 @@ type UpstreamHealthCheck struct { HealthyThreshold uint32 `json:"healtyThreshold"` } +type DefaultTimeouts struct { + Cluster time.Duration + Route time.Duration + PerTry time.Duration +} + type HttpExtAuthz struct { Cluster string `json:"cluster"` Timeout time.Duration `json:"timeout"` @@ -67,6 +73,7 @@ type KubernetesConfigurator struct { useRemoteAddress bool httpExtAuthz HttpExtAuthz httpGrpcLogger HttpGrpcLogger + defaultTimeouts DefaultTimeouts accessLogger AccessLogger defaultRetryOn string tracingProvider string @@ -92,7 +99,7 @@ func (c *KubernetesConfigurator) Generate(ingresses []*k8s.Ingress, secrets []*v defer c.Unlock() validIngresses := validIngressFilter(classFilter(ingresses, c.ingressClasses)) - config := translateIngresses(validIngresses, c.syncSecrets, secrets) + config := translateIngresses(validIngresses, c.syncSecrets, secrets, c.defaultTimeouts) vmatch, cmatch := config.equals(c.previousConfig) diff --git a/pkg/envoy/ingress_translator.go b/pkg/envoy/ingress_translator.go index 39ed4e2..d44348b 100644 --- a/pkg/envoy/ingress_translator.go +++ b/pkg/envoy/ingress_translator.go @@ -195,20 +195,20 @@ type envoyIngress struct { cluster *cluster } -func newEnvoyIngress(host string) *envoyIngress { +func newEnvoyIngress(host string, timeouts DefaultTimeouts) *envoyIngress { clusterName := strings.Replace(host, ".", "_", -1) return &envoyIngress{ vhost: &virtualHost{ Host: host, UpstreamCluster: clusterName, - Timeout: (15 * time.Second), - PerTryTimeout: (5 * time.Second), + Timeout: timeouts.Route, + PerTryTimeout: timeouts.PerTry, }, cluster: &cluster{ Name: clusterName, VirtualHost: host, Hosts: []LBHost{}, - Timeout: (30 * time.Second), + Timeout: timeouts.Cluster, HealthCheckPath: "", }, } @@ -320,7 +320,7 @@ func (envoyIng *envoyIngress) addRetryOn(ingress *k8s.Ingress) { } } -func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v1.Secret) *envoyConfiguration { +func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v1.Secret, timeouts DefaultTimeouts) *envoyConfiguration { cfg := &envoyConfiguration{} envoyIngresses := map[string]*envoyIngress{} @@ -329,7 +329,7 @@ func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v for _, ruleHost := range i.RulesHosts { _, ok := envoyIngresses[ruleHost] if !ok { - envoyIngresses[ruleHost] = newEnvoyIngress(ruleHost) + envoyIngresses[ruleHost] = newEnvoyIngress(ruleHost, timeouts) } envoyIngress := envoyIngresses[ruleHost] diff --git a/pkg/envoy/options.go b/pkg/envoy/options.go index 7cc4e68..0cca3d8 100644 --- a/pkg/envoy/options.go +++ b/pkg/envoy/options.go @@ -72,6 +72,13 @@ func WithSyncSecrets(syncSecrets bool) option { } } +// WithDefaultTimeouts configures the default timeouts +func WithDefaultTimeouts(defaultTimeouts DefaultTimeouts) option { + return func(c *KubernetesConfigurator) { + c.defaultTimeouts = defaultTimeouts + } +} + // WithDefaultRetryOn configures the default retry policy func WithDefaultRetryOn(defaultRetryOn string) option { return func(c *KubernetesConfigurator) { From 386e28ace41b9ba62b167eb1d66b3a715997e7c3 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Thu, 15 Sep 2022 13:32:49 +0200 Subject: [PATCH 39/57] feat(split-timeout): fix comment and default TO for cluster --- pkg/envoy/options.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/envoy/options.go b/pkg/envoy/options.go index 0cca3d8..6980fab 100644 --- a/pkg/envoy/options.go +++ b/pkg/envoy/options.go @@ -2,7 +2,7 @@ package envoy type option func(c *KubernetesConfigurator) -// WithEWithEnvoyListenerIpv4AddressnvoyPort configures envoy IPv4 listen address into a KubernetesConfigurator +// WithEnvoyListenerIpv4Address configures envoy IPv4 listen address into a KubernetesConfigurator func WithEnvoyListenerIpv4Address(address string) option { return func(c *KubernetesConfigurator) { c.envoyListenerIpv4Address = address From c08770587c7b1b9f50ac7db5a28720a8968dfc77 Mon Sep 17 00:00:00 2001 From: Lowaiz <43639116+Lowaiz@users.noreply.github.com> Date: Mon, 19 Sep 2022 13:25:09 +0200 Subject: [PATCH 40/57] Update README.md Applying @Aluxima suggestion Co-authored-by: Laurent Marchaud <16262531+Aluxima@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9efc971..9b65aed 100644 --- a/README.md +++ b/README.md @@ -96,7 +96,7 @@ The `yggdrasil.uswitch.com/route-timeout` annotation will set the [config.route. the `yggdrasil.uswitch.com/per-try-timeout` annotation will set the [config.route.v3.RetryPolicy.PerTryTimeout](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-retrypolicy-per-try-timeout) -The `yggdrasil.uswitch.com/timeout` annotation will set all of the above with the same value. This annotation has the lowest priority, if it set with one of the other TO annotation, the specific one will override the general annotation. +The `yggdrasil.uswitch.com/timeout` annotation will set all of the above with the same value. This annotation has the lowest priority, if set with one of the other TO annotations, the specific one will override the general annotation. ### Weight From 1eff785cf20dcda387b0bcaf6c5ead71623afc67 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 20 Sep 2022 11:23:40 +0200 Subject: [PATCH 41/57] feat(split-timeout): Fix tests --- pkg/envoy/ingress_translator_test.go | 50 ++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 10 deletions(-) diff --git a/pkg/envoy/ingress_translator_test.go b/pkg/envoy/ingress_translator_test.go index a2d8a6e..0cbd345 100644 --- a/pkg/envoy/ingress_translator_test.go +++ b/pkg/envoy/ingress_translator_test.go @@ -204,8 +204,13 @@ func TestEqualityVirtualHosts(t *testing.T) { func TestEquals(t *testing.T) { ingress := newGenericIngress("foo.app.com", "foo.cluster.com") ingress2 := newGenericIngress("bar.app.com", "foo.bar.com") - c := translateIngresses([]*k8s.Ingress{ingress, ingress2}, false, []*v1.Secret{}) - c2 := translateIngresses([]*k8s.Ingress{ingress, ingress2}, false, []*v1.Secret{}) + timeouts := DefaultTimeouts{ + Cluster: 30 * time.Second, + Route: 15 * time.Second, + PerTry: 5 * time.Second, + } + c := translateIngresses([]*k8s.Ingress{ingress, ingress2}, false, []*v1.Secret{}, timeouts) + c2 := translateIngresses([]*k8s.Ingress{ingress, ingress2}, false, []*v1.Secret{}, timeouts) vmatch, cmatch := c.equals(c2) if vmatch != true { @@ -221,8 +226,13 @@ func TestNotEquals(t *testing.T) { ingress2 := newGenericIngress("foo.app.com", "bar.cluster.com") ingress3 := newGenericIngress("foo.baz.com", "bar.cluster.com") ingress4 := newGenericIngress("foo.howdy.com", "bar.cluster.com") - c := translateIngresses([]*k8s.Ingress{ingress, ingress3, ingress2}, false, []*v1.Secret{}) - c2 := translateIngresses([]*k8s.Ingress{ingress, ingress2, ingress4}, false, []*v1.Secret{}) + timeouts := DefaultTimeouts{ + Cluster: 30 * time.Second, + Route: 15 * time.Second, + PerTry: 5 * time.Second, + } + c := translateIngresses([]*k8s.Ingress{ingress, ingress3, ingress2}, false, []*v1.Secret{}, timeouts) + c2 := translateIngresses([]*k8s.Ingress{ingress, ingress2, ingress4}, false, []*v1.Secret{}, timeouts) vmatch, cmatch := c.equals(c2) if vmatch == true { @@ -237,8 +247,13 @@ func TestNotEquals(t *testing.T) { func TestPartialEquals(t *testing.T) { ingress := newGenericIngress("foo.app.com", "bar.cluster.com") ingress2 := newGenericIngress("foo.app.com", "foo.cluster.com") - c := translateIngresses([]*k8s.Ingress{ingress2}, false, []*v1.Secret{}) - c2 := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}) + timeouts := DefaultTimeouts{ + Cluster: 30 * time.Second, + Route: 15 * time.Second, + PerTry: 5 * time.Second, + } + c := translateIngresses([]*k8s.Ingress{ingress2}, false, []*v1.Secret{}, timeouts) + c2 := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts) vmatch, cmatch := c2.equals(c) if vmatch != true { @@ -252,7 +267,12 @@ func TestPartialEquals(t *testing.T) { func TestGeneratesForSingleIngress(t *testing.T) { ingress := newGenericIngress("foo.app.com", "foo.cluster.com") - c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}) + timeouts := DefaultTimeouts{ + Cluster: 30 * time.Second, + Route: 15 * time.Second, + PerTry: 5 * time.Second, + } + c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts) if len(c.VirtualHosts) != 1 { t.Error("expected 1 virtual host") @@ -273,7 +293,7 @@ func TestGeneratesForSingleIngress(t *testing.T) { } if c.Clusters[0].Hosts[0].Weight != 1 { - t.Errorf("expected cluster host's weight for 1, was %s", c.Clusters[0].Hosts[0].Weight) + t.Errorf("expected cluster host's weight for 1, was %d", c.Clusters[0].Hosts[0].Weight) } if c.VirtualHosts[0].UpstreamCluster != c.Clusters[0].Name { @@ -288,7 +308,12 @@ func TestGeneratesForSingleIngress(t *testing.T) { func TestGeneratesForMultipleIngressSharingSpecHost(t *testing.T) { fooIngress := newGenericIngress("app.com", "foo.com") barIngress := newGenericIngress("app.com", "bar.com") - c := translateIngresses([]*k8s.Ingress{fooIngress, barIngress}, false, []*v1.Secret{}) + timeouts := DefaultTimeouts{ + Cluster: 30 * time.Second, + Route: 15 * time.Second, + PerTry: 5 * time.Second, + } + c := translateIngresses([]*k8s.Ingress{fooIngress, barIngress}, false, []*v1.Secret{}, timeouts) if len(c.VirtualHosts) != 1 { t.Error("expected 1 virtual host") @@ -343,7 +368,12 @@ func TestFilterNonMatchingIngresses(t *testing.T) { func TestIngressWithIP(t *testing.T) { ingress := newIngressIP("app.com", "127.0.0.1") - c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}) + timeouts := DefaultTimeouts{ + Cluster: 30 * time.Second, + Route: 15 * time.Second, + PerTry: 5 * time.Second, + } + c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts) if c.Clusters[0].Hosts[0].Host != "127.0.0.1" { t.Errorf("expected cluster host to be IP address, was %s", c.Clusters[0].Hosts[0]) } From 98ea1b7449bbb440965a2b287e15f91ee4f6eacc Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Thu, 17 Nov 2022 18:24:04 +0100 Subject: [PATCH 42/57] Use http2 for upstream proxy, add paramters --- pkg/envoy/boilerplate.go | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 62a92e0..779e2a8 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -20,6 +20,7 @@ import ( hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" previousHosts "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/previous_hosts/v3" auth "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_extension_http "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" matcherv3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" any "github.com/golang/protobuf/ptypes/any" "github.com/golang/protobuf/ptypes/duration" @@ -483,6 +484,39 @@ func makeCluster(c cluster, ca string, healthCfg UpstreamHealthCheck, outlierPer } } + // httpOptions := &envoy_extension_http.HttpProtocolOptions{ + // CommonHttpProtocolOptions: &core.HttpProtocolOptions{ + // IdleTimeout: &duration.Duration{Seconds: 60}, + // MaxConnectionDuration: &durationpb.Duration{Seconds: 60}, + // }, + // UpstreamProtocolOptions: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_{ + // ExplicitHttpConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig{ + // ProtocolConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{ + // HttpProtocolOptions: &core.Http1ProtocolOptions{}, + // }, + // }, + // }, + // } + httpOptions := &envoy_extension_http.HttpProtocolOptions{ + CommonHttpProtocolOptions: &core.HttpProtocolOptions{ + IdleTimeout: &duration.Duration{Seconds: 60}, + MaxConnectionDuration: &durationpb.Duration{Seconds: 60}, + }, + UpstreamProtocolOptions: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{ + Http2ProtocolOptions: &core.Http2ProtocolOptions{ + MaxConcurrentStreams: &wrapperspb.UInt32Value{Value: 128}, + }, + }, + }, + }, + } + httpOptionsPb, err := anypb.New(httpOptions) + if err != nil { + log.Printf("Error marshaling httpOptions: %s", err) + } + cluster := &v3cluster.Cluster{ ClusterDiscoveryType: &v3cluster.Cluster_Type{Type: v3cluster.Cluster_STRICT_DNS}, Name: c.Name, @@ -493,7 +527,11 @@ func makeCluster(c cluster, ca string, healthCfg UpstreamHealthCheck, outlierPer {LbEndpoints: endpoints}, }, }, - HealthChecks: healthChecks, + HealthChecks: healthChecks, + MaxRequestsPerConnection: &wrapperspb.UInt32Value{Value: 10000}, + TypedExtensionProtocolOptions: map[string]*anypb.Any{ + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": httpOptionsPb, + }, } if outlierPercentage >= 0 { cluster.OutlierDetection = &v3cluster.OutlierDetection{ From 40155dcca79526c195c764243c10bb13f1bc6b53 Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Wed, 23 Nov 2022 17:05:30 +0100 Subject: [PATCH 43/57] Add support for envoy 1.24 Signed-off-by: Laurent Marchaud --- pkg/envoy/boilerplate.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 779e2a8..ad1e6cf 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -499,8 +499,9 @@ func makeCluster(c cluster, ca string, healthCfg UpstreamHealthCheck, outlierPer // } httpOptions := &envoy_extension_http.HttpProtocolOptions{ CommonHttpProtocolOptions: &core.HttpProtocolOptions{ - IdleTimeout: &duration.Duration{Seconds: 60}, - MaxConnectionDuration: &durationpb.Duration{Seconds: 60}, + IdleTimeout: &duration.Duration{Seconds: 60}, + MaxConnectionDuration: &durationpb.Duration{Seconds: 60}, + MaxRequestsPerConnection: &wrapperspb.UInt32Value{Value: 10000}, }, UpstreamProtocolOptions: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_{ ExplicitHttpConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig{ @@ -514,7 +515,7 @@ func makeCluster(c cluster, ca string, healthCfg UpstreamHealthCheck, outlierPer } httpOptionsPb, err := anypb.New(httpOptions) if err != nil { - log.Printf("Error marshaling httpOptions: %s", err) + log.Fatalf("Error marshaling httpOptions: %s", err) } cluster := &v3cluster.Cluster{ @@ -527,8 +528,7 @@ func makeCluster(c cluster, ca string, healthCfg UpstreamHealthCheck, outlierPer {LbEndpoints: endpoints}, }, }, - HealthChecks: healthChecks, - MaxRequestsPerConnection: &wrapperspb.UInt32Value{Value: 10000}, + HealthChecks: healthChecks, TypedExtensionProtocolOptions: map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": httpOptionsPb, }, From 3612b11a0b5b64365c7d6c6c2ed8e7c7576cbf50 Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Tue, 6 Dec 2022 15:42:01 +0100 Subject: [PATCH 44/57] Raise default circuit breaker limits --- pkg/envoy/boilerplate.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index ad1e6cf..98db66b 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -532,6 +532,16 @@ func makeCluster(c cluster, ca string, healthCfg UpstreamHealthCheck, outlierPer TypedExtensionProtocolOptions: map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": httpOptionsPb, }, + CircuitBreakers: &v3cluster.CircuitBreakers{ + Thresholds: []*v3cluster.CircuitBreakers_Thresholds{ + &v3cluster.CircuitBreakers_Thresholds{ + Priority: core.RoutingPriority_DEFAULT, + MaxConnections: wrapperspb.UInt32(32768), + MaxRequests: wrapperspb.UInt32(32768), + MaxPendingRequests: wrapperspb.UInt32(32768), + }, + }, + }, } if outlierPercentage >= 0 { cluster.OutlierDetection = &v3cluster.OutlierDetection{ From ec3c605db1b18522957d5020e0843f84c8bd505e Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Fri, 16 Dec 2022 11:43:28 +0100 Subject: [PATCH 45/57] Add configurable listener ALPN protocols to enable downstream http2 Signed-off-by: Laurent Marchaud --- cmd/root.go | 4 ++++ pkg/envoy/boilerplate.go | 1 + pkg/envoy/configurator.go | 1 + pkg/envoy/options.go | 7 +++++++ 4 files changed, 13 insertions(+) diff --git a/cmd/root.go b/cmd/root.go index afe7332..84489d2 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -47,6 +47,7 @@ type config struct { HttpExtAuthz envoy.HttpExtAuthz `json:"httpExtAuthz"` HttpGrpcLogger envoy.HttpGrpcLogger `json:"httpGrpcLogger"` DefaultTimeouts envoy.DefaultTimeouts `json:"defaultTimeouts"` + AlpnProtocols []string `json:"alpnProtocols"` AccessLogger envoy.AccessLogger `json:"accessLogger"` } @@ -113,6 +114,7 @@ func init() { rootCmd.PersistentFlags().Duration("default-route-timeout", 15*time.Second, "Default timeout of the routes") rootCmd.PersistentFlags().Duration("default-cluster-timeout", 30*time.Second, "Default timeout of the cluster") rootCmd.PersistentFlags().Duration("default-per-try-timeout", 5*time.Second, "Default timeout of PerTry") + rootCmd.PersistentFlags().StringSlice("alpn-protocols", []string{}, "exposed listener ALPN protocols") viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug")) viper.BindPFlag("configDump", rootCmd.PersistentFlags().Lookup("config-dump")) viper.BindPFlag("address", rootCmd.PersistentFlags().Lookup("address")) @@ -148,6 +150,7 @@ func init() { viper.BindPFlag("defaultTimeouts.Route", rootCmd.PersistentFlags().Lookup("default-route-timeout")) viper.BindPFlag("defaultTimeouts.Cluster", rootCmd.PersistentFlags().Lookup("default-cluster-timeout")) viper.BindPFlag("defaultTimeouts.PerTry", rootCmd.PersistentFlags().Lookup("default-per-try-timeout")) + viper.BindPFlag("alpnProtocols", rootCmd.PersistentFlags().Lookup("alpn-protocols")) } func initConfig() { @@ -252,6 +255,7 @@ func main(*cobra.Command, []string) error { envoy.WithDefaultRetryOn(viper.GetString("retryOn")), envoy.WithAccessLog(c.AccessLogger), envoy.WithTracingProvider(viper.GetString("tracingProvider")), + envoy.WithAlpnProtocols(viper.GetStringSlice("alpnProtocols")), ) snapshotter := envoy.NewSnapshotter(envoyCache, configurator, aggregator) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 98db66b..2493eea 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -320,6 +320,7 @@ func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtua tls := &auth.DownstreamTlsContext{} tls.CommonTlsContext = &auth.CommonTlsContext{ + AlpnProtocols: c.alpnProtocols, TlsCertificates: []*auth.TlsCertificate{ { CertificateChain: &core.DataSource{ diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index f659c58..d1d4aa6 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -77,6 +77,7 @@ type KubernetesConfigurator struct { accessLogger AccessLogger defaultRetryOn string tracingProvider string + alpnProtocols []string previousConfig *envoyConfiguration listenerVersion string diff --git a/pkg/envoy/options.go b/pkg/envoy/options.go index 6980fab..a819597 100644 --- a/pkg/envoy/options.go +++ b/pkg/envoy/options.go @@ -99,3 +99,10 @@ func WithTracingProvider(tracingProvider string) option { c.tracingProvider = tracingProvider } } + +// WithAlpnProtocols configures the the exposed listener ALPN protocols +func WithAlpnProtocols(alpnProtocols []string) option { + return func(c *KubernetesConfigurator) { + c.alpnProtocols = alpnProtocols + } +} From e1381f3873be54df7119f7df7b44861e344417e7 Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Mon, 30 Jan 2023 17:04:18 +0100 Subject: [PATCH 46/57] Allow matching :* Signed-off-by: Laurent Marchaud --- pkg/envoy/boilerplate.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 2493eea..9bfe300 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -302,9 +302,10 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir VirtualHosts: virtualHosts, }, }, - Tracing: tracingConfig, - AccessLog: accessLoggers, - UseRemoteAddress: &wrapperspb.BoolValue{Value: c.useRemoteAddress}, + Tracing: tracingConfig, + AccessLog: accessLoggers, + UseRemoteAddress: &wrapperspb.BoolValue{Value: c.useRemoteAddress}, + StripMatchingHostPort: true, }, nil } From 19a49679d677dcd33f5f2a67d95b1b7988702039 Mon Sep 17 00:00:00 2001 From: Mathilde Leroi Date: Wed, 5 Apr 2023 15:06:08 +0200 Subject: [PATCH 47/57] Adds multiple envoy listener ipv4 adresses --- README.md | 2 +- cmd/root.go | 6 +++--- pkg/envoy/boilerplate.go | 27 +++++++++++++++++++++++---- pkg/envoy/configurator.go | 2 +- pkg/envoy/options.go | 4 ++-- 5 files changed, 30 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 9b65aed..e0e65ad 100644 --- a/README.md +++ b/README.md @@ -193,7 +193,7 @@ The Yggdrasil-specific metrics which are available from the API are: --config string config file --config-dump Enable config dump endpoint at /configdump on the health-address HTTP server --debug Log at debug level ---envoy-listener-ipv4-address string IPv4 address by the envoy proxy to accept incoming connections (default "0.0.0.0") +--envoy-listener-ipv4-address strings IPv4 addresses by the envoy proxy to accept incoming connections (default "0.0.0.0") --envoy-port uint32 port by the envoy proxy to accept incoming connections (default 10000) --health-address string yggdrasil health API listen address (default "0.0.0.0:8081") -h, --help help for yggdrasil diff --git a/cmd/root.go b/cmd/root.go index 84489d2..ce1dda7 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -38,7 +38,7 @@ type config struct { Certificates []envoy.Certificate `json:"certificates"` TrustCA string `json:"trustCA"` UpstreamPort uint32 `json:"upstreamPort"` - EnvoyListenerIpv4Address string `json:"envoyListenerIpv4Address"` + EnvoyListenerIpv4Address []string `json:"envoyListenerIpv4Address"` EnvoyPort uint32 `json:"envoyPort"` MaxEjectionPercentage uint32 `json:"maxEjectionPercentage"` HostSelectionRetryAttempts int64 `json:"hostSelectionRetryAttempts"` @@ -88,7 +88,7 @@ func init() { rootCmd.PersistentFlags().Bool("debug", false, "Log at debug level") rootCmd.PersistentFlags().Bool("config-dump", false, "Enable config dump endpoint at /configdump on the health-address HTTP server") rootCmd.PersistentFlags().Uint32("upstream-port", 443, "port used to connect to the upstream ingresses") - rootCmd.PersistentFlags().String("envoy-listener-ipv4-address", "0.0.0.0", "IPv4 address by the envoy proxy to accept incoming connections") + rootCmd.PersistentFlags().StringSlice("envoy-listener-ipv4-address", []string{"0.0.0.0"}, "IPv4 address by the envoy proxy to accept incoming connections") rootCmd.PersistentFlags().Uint32("envoy-port", 10000, "port by the envoy proxy to accept incoming connections") rootCmd.PersistentFlags().Int32("max-ejection-percentage", -1, "maximal percentage of hosts ejected via outlier detection. Set to >=0 to activate outlier detection in envoy.") rootCmd.PersistentFlags().Int64("host-selection-retry-attempts", -1, "Number of host selection retry attempts. Set to value >=0 to enable") @@ -242,7 +242,7 @@ func main(*cobra.Command, []string) error { viper.GetString("trustCA"), viper.GetStringSlice("ingressClasses"), envoy.WithUpstreamPort(uint32(viper.GetInt32("upstreamPort"))), - envoy.WithEnvoyListenerIpv4Address(viper.GetString("envoyListenerIpv4Address")), + envoy.WithEnvoyListenerIpv4Address(viper.GetStringSlice("envoyListenerIpv4Address")), envoy.WithEnvoyPort(uint32(viper.GetInt32("envoyPort"))), envoy.WithOutlierPercentage(viper.GetInt32("maxEjectionPercentage")), envoy.WithHostSelectionRetryAttempts(viper.GetInt64("hostSelectionRetryAttempts")), diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 9bfe300..aa45ae5 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -371,27 +371,46 @@ func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtua }, nil } -func makeListener(filterChains []*listener.FilterChain, envoyListenerIpv4Address string, envoyListenPort uint32) (*listener.Listener, error) { +func makeListener(filterChains []*listener.FilterChain, envoyListenerIpv4Address []string, envoyListenPort uint32) (*listener.Listener, error) { tlsInspectorConfig, err := anypb.New(&tlsInspector.TlsInspector{}) if err != nil { return &listener.Listener{}, fmt.Errorf("failed to marshal tls_inspector config struct to typed struct: %s", err) } - if err != nil { - return &listener.Listener{}, fmt.Errorf("failed to marshal TLS config struct to typed struct: %s", err) + additional_addresses := make([]*listener.AdditionalAddress, len(envoyListenerIpv4Address)-1) + for i, address := range envoyListenerIpv4Address { + /// Skip the first address as it will be the principal address of the listener + if i == 0 { + continue + } + additional_address := listener.AdditionalAddress{ + Address: &core.Address{ + Address: &core.Address_SocketAddress{ + SocketAddress: &core.SocketAddress{ + Address: address, + PortSpecifier: &core.SocketAddress_PortValue{ + PortValue: envoyListenPort, + }, + }, + }, + }, + } + additional_addresses[i-1] = &additional_address } + listener := listener.Listener{ Name: "listener_0", Address: &core.Address{ Address: &core.Address_SocketAddress{ SocketAddress: &core.SocketAddress{ - Address: envoyListenerIpv4Address, + Address: envoyListenerIpv4Address[0], PortSpecifier: &core.SocketAddress_PortValue{ PortValue: envoyListenPort, }, }, }, }, + AdditionalAddresses: additional_addresses, ListenerFilters: []*listener.ListenerFilter{ { Name: "envoy.filters.listener.tls_inspector", diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index d1d4aa6..caacedb 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -66,7 +66,7 @@ type KubernetesConfigurator struct { trustCA string upstreamPort uint32 envoyListenPort uint32 - envoyListenerIpv4Address string + envoyListenerIpv4Address []string outlierPercentage int32 hostSelectionRetryAttempts int64 upstreamHealthCheck UpstreamHealthCheck diff --git a/pkg/envoy/options.go b/pkg/envoy/options.go index a819597..9395afe 100644 --- a/pkg/envoy/options.go +++ b/pkg/envoy/options.go @@ -3,9 +3,9 @@ package envoy type option func(c *KubernetesConfigurator) // WithEnvoyListenerIpv4Address configures envoy IPv4 listen address into a KubernetesConfigurator -func WithEnvoyListenerIpv4Address(address string) option { +func WithEnvoyListenerIpv4Address(addresses []string) option { return func(c *KubernetesConfigurator) { - c.envoyListenerIpv4Address = address + c.envoyListenerIpv4Address = addresses } } From 13f2f78d321afda95e98db2389560af2f32690cb Mon Sep 17 00:00:00 2001 From: Guillaume LEGRAIN Date: Mon, 13 May 2024 10:15:42 +0200 Subject: [PATCH 48/57] replace deprecated ioutils with os. --- cmd/root.go | 7 +++---- envoy | 1 + 2 files changed, 4 insertions(+), 4 deletions(-) create mode 160000 envoy diff --git a/cmd/root.go b/cmd/root.go index ce1dda7..ec9e713 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -4,7 +4,6 @@ import ( "context" "flag" "fmt" - "io/ioutil" "os" "os/signal" "syscall" @@ -222,12 +221,12 @@ func main(*cobra.Command, []string) error { certPath := certificate.Cert keyPath := certificate.Key - certBytes, err := ioutil.ReadFile(certPath) + certBytes, err := os.ReadFile(certPath) if err != nil { log.Fatalf("Failed to read %s: %v", certPath, err) } - keyBytes, err := ioutil.ReadFile(keyPath) + keyBytes, err := os.ReadFile(keyPath) if err != nil { log.Fatalf("Failed to read %s: %v", keyPath, err) } @@ -296,7 +295,7 @@ func createSources(clusters []clusterConfig) ([]*kubernetes.Clientset, error) { var token string if cluster.TokenPath != "" { - bytes, err := ioutil.ReadFile(cluster.TokenPath) + bytes, err := os.ReadFile(cluster.TokenPath) if err != nil { return sources, err } diff --git a/envoy b/envoy new file mode 160000 index 0000000..db32ac3 --- /dev/null +++ b/envoy @@ -0,0 +1 @@ +Subproject commit db32ac3356e48f45b80344f5278c816ab8cc1e85 From 94798ec3e104e2fec922827bd1e8ca95d5028faf Mon Sep 17 00:00:00 2001 From: Guillaume LEGRAIN Date: Mon, 13 May 2024 16:46:44 +0200 Subject: [PATCH 49/57] Correct deduplication and healthcheck for wildcard --- launch.json | 22 +++++++++++++++++ pkg/envoy/boilerplate.go | 2 +- pkg/envoy/ingress_translator.go | 42 ++++++++++++++++++++++++++++++++- 3 files changed, 64 insertions(+), 2 deletions(-) create mode 100644 launch.json diff --git a/launch.json b/launch.json new file mode 100644 index 0000000..865a30c --- /dev/null +++ b/launch.json @@ -0,0 +1,22 @@ +{ + // Use IntelliSense to learn about possible attributes. + // Hover to view descriptions of existing attributes. + // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 + "version": "0.2.0", + "configurations": [ + { + "name": "Launch Package", + "type": "go", + "request": "launch", + "mode": "auto", + "program": "main.go", + "args": ["--config=./config/config.json", + "--upstream-port=443", + "--ca=/etc/ssl/certs/", + "--envoy-port=443", + "--envoy-listener-ipv4-address=127.0.0.1", + "--max-ejection-percentage=100", + "--retry-on", "connect-failure,5xx"] + } + ] +} \ No newline at end of file diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index aa45ae5..1bf6f58 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -494,7 +494,7 @@ func makeCluster(c cluster, ca string, healthCfg UpstreamHealthCheck, outlierPer } } - healthChecks := makeHealthChecks(c.VirtualHost, c.HealthCheckPath, healthCfg) + healthChecks := makeHealthChecks(c.HealthCheckHost, c.HealthCheckPath, healthCfg) endpoints := make([]*endpoint.LbEndpoint, len(addresses)) diff --git a/pkg/envoy/ingress_translator.go b/pkg/envoy/ingress_translator.go index d44348b..0496cf8 100644 --- a/pkg/envoy/ingress_translator.go +++ b/pkg/envoy/ingress_translator.go @@ -100,6 +100,7 @@ type cluster struct { Name string VirtualHost string HealthCheckPath string + HealthCheckHost string // with Wildcard, the HealthCheck host can be different than the VirtualHost Timeout time.Duration Hosts []LBHost } @@ -125,6 +126,10 @@ func (c *cluster) Equals(other *cluster) bool { return false } + if c.HealthCheckHost != other.HealthCheckHost { + return false + } + if c.HealthCheckPath != other.HealthCheckPath { return false } @@ -210,18 +215,36 @@ func newEnvoyIngress(host string, timeouts DefaultTimeouts) *envoyIngress { Hosts: []LBHost{}, Timeout: timeouts.Cluster, HealthCheckPath: "", + HealthCheckHost: host, }, } } func (ing *envoyIngress) addUpstream(host string, weight uint32) { - ing.cluster.Hosts = append(ing.cluster.Hosts, LBHost{host, weight}) + // Check if the host is already in the list + // If we wan't to avoid using a for loop, maybe we could implement a Map for a faster lookup. + // time complexity O(1) vs 0(n) for each iteration. + for _, h := range ing.cluster.Hosts { + if h.Host == host { + // Host found, so we don't add the duplicate + logrus.Debugf("Duplicate host found for upstream, not adding : %s for cluster : %s", host, ing.cluster.Name) + return + } + } + + // No duplicate found, append the new host + ing.cluster.Hosts = append(ing.cluster.Hosts, LBHost{Host: host, Weight: weight}) + logrus.Debugf("Host added on upstream list : %s for cluster : %s", host, ing.cluster.Name) } func (ing *envoyIngress) addHealthCheckPath(path string) { ing.cluster.HealthCheckPath = path } +func (ing *envoyIngress) addHealthCheckHost(host string) { + ing.cluster.HealthCheckHost = host +} + func (ing *envoyIngress) addTimeout(timeout time.Duration) { ing.cluster.Timeout = timeout ing.vhost.Timeout = timeout @@ -320,6 +343,12 @@ func (envoyIng *envoyIngress) addRetryOn(ingress *k8s.Ingress) { } } +// isWildcard checks if the given host rule is a wildcard. +func isWildcard(ruleHost string) bool { + // Check if the ruleHost starts with '*.' + return strings.HasPrefix(ruleHost, "*.") +} + func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v1.Secret, timeouts DefaultTimeouts) *envoyConfiguration { cfg := &envoyConfiguration{} envoyIngresses := map[string]*envoyIngress{} @@ -327,6 +356,9 @@ func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v for _, i := range ingresses { for _, j := range i.Upstreams { for _, ruleHost := range i.RulesHosts { + + isWildcard := isWildcard(ruleHost) + _, ok := envoyIngresses[ruleHost] if !ok { envoyIngresses[ruleHost] = newEnvoyIngress(ruleHost, timeouts) @@ -342,6 +374,14 @@ func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v envoyIngress.addUpstream(j, 1) } + if isWildcard { + if i.Annotations["yggdrasil.uswitch.com/healthcheck-host"] != "" { + envoyIngress.addHealthCheckHost(i.Annotations["yggdrasil.uswitch.com/healthcheck-host"]) + } else { + logrus.Warnf("Be careful, healthcheck can't work for wildcard host : %s", envoyIngress.cluster.HealthCheckHost) + } + } + if i.Annotations["yggdrasil.uswitch.com/healthcheck-path"] != "" { envoyIngress.addHealthCheckPath(i.Annotations["yggdrasil.uswitch.com/healthcheck-path"]) } From e2efcb02e97c527cbb76d563a9204312a81cedbe Mon Sep 17 00:00:00 2001 From: Guillaume LEGRAIN Date: Tue, 21 May 2024 16:01:44 +0200 Subject: [PATCH 50/57] Add annotation on README --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index e0e65ad..79fd8c0 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,7 @@ Yggdrasil allows for some customisation of the route and cluster config per Ingr | Name | type | |--------------------------------------------------------------|----------| | [yggdrasil.uswitch.com/healthcheck-path](#health-check-path) | string | +| [yggdrasil.uswitch.com/healthcheck-host](#health-check-host) | string | | [yggdrasil.uswitch.com/timeout](#timeouts) | duration | | [yggdrasil.uswitch.com/cluster-timeout](#timeouts) | duration | | [yggdrasil.uswitch.com/route-timeout](#timeouts) | duration | @@ -85,6 +86,9 @@ Yggdrasil allows for some customisation of the route and cluster config per Ingr ### Health Check Path Specifies a path to configure a [HTTP health check](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/core/v3/health_check.proto#config-core-v3-healthcheck-httphealthcheck) to. Envoy will not route to clusters that fail health checks. +### Health Check Host +Permit to change the host of the healthcheck when using wildcard. Example: healthcheck for `*.my-app.example.com` can't work natively, you can configure a specific path with `yggdrasil.uswitch.com/healthcheck-host: health.my-app.example.com`. + * [config.core.v3.HealthCheck.HttpHealthCheck.Path](https://www.envoyproxy.io/docs/envoy/v1.19.0/api-v3/config/core/v3/health_check.proto#envoy-v3-api-field-config-core-v3-healthcheck-httphealthcheck-path) ### Timeouts From 0f050b060387504a642db0b33e28a8fc985e1abe Mon Sep 17 00:00:00 2001 From: Guillaume LEGRAIN Date: Tue, 21 May 2024 16:05:44 +0200 Subject: [PATCH 51/57] Ignoring launch.json --- .gitignore | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index addeb98..3b35ec8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ bin/ command testing -ca/ -config/ -envoy/ - +ca +config +envoy +launch.json \ No newline at end of file From c63dc041a58d61df9f4a11bedd8aa64692e755dc Mon Sep 17 00:00:00 2001 From: Guillaume LEGRAIN Date: Tue, 21 May 2024 16:24:40 +0200 Subject: [PATCH 52/57] Add a validation on the subdomain to be sure healthcheck is no't on a domain different than the our ingress --- pkg/envoy/ingress_translator.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/envoy/ingress_translator.go b/pkg/envoy/ingress_translator.go index 0496cf8..9ba7276 100644 --- a/pkg/envoy/ingress_translator.go +++ b/pkg/envoy/ingress_translator.go @@ -349,6 +349,13 @@ func isWildcard(ruleHost string) bool { return strings.HasPrefix(ruleHost, "*.") } +func validateSubdomain(ruleHost, host string) bool { + if strings.HasPrefix(ruleHost, "*.") { + ruleHost = ruleHost[2:] + } + return strings.HasSuffix(host, ruleHost) +} + func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v1.Secret, timeouts DefaultTimeouts) *envoyConfiguration { cfg := &envoyConfiguration{} envoyIngresses := map[string]*envoyIngress{} @@ -377,6 +384,10 @@ func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v if isWildcard { if i.Annotations["yggdrasil.uswitch.com/healthcheck-host"] != "" { envoyIngress.addHealthCheckHost(i.Annotations["yggdrasil.uswitch.com/healthcheck-host"]) + if !validateSubdomain(ruleHost, envoyIngress.cluster.HealthCheckHost) { + logrus.Warnf("Healthcheck %s is not on the same subdomain for %s, annotation will be skipped", envoyIngress.cluster.HealthCheckHost, ruleHost) + envoyIngress.cluster.HealthCheckHost = ruleHost + } } else { logrus.Warnf("Be careful, healthcheck can't work for wildcard host : %s", envoyIngress.cluster.HealthCheckHost) } From c4efbea2e6c4db22653996bdc7aded1505f291b6 Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Mon, 12 Jun 2023 11:28:34 +0200 Subject: [PATCH 53/57] Add yggdrasil.uswitch.com/upstream-http-version annotation Signed-off-by: Laurent Marchaud --- pkg/envoy/boilerplate.go | 58 +++++++++++++++++++-------------- pkg/envoy/ingress_translator.go | 14 ++++++++ 2 files changed, 47 insertions(+), 25 deletions(-) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 1bf6f58..2fdbfd6 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -505,35 +505,43 @@ func makeCluster(c cluster, ca string, healthCfg UpstreamHealthCheck, outlierPer } } - // httpOptions := &envoy_extension_http.HttpProtocolOptions{ - // CommonHttpProtocolOptions: &core.HttpProtocolOptions{ - // IdleTimeout: &duration.Duration{Seconds: 60}, - // MaxConnectionDuration: &durationpb.Duration{Seconds: 60}, - // }, - // UpstreamProtocolOptions: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_{ - // ExplicitHttpConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig{ - // ProtocolConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{ - // HttpProtocolOptions: &core.Http1ProtocolOptions{}, - // }, - // }, - // }, - // } - httpOptions := &envoy_extension_http.HttpProtocolOptions{ - CommonHttpProtocolOptions: &core.HttpProtocolOptions{ - IdleTimeout: &duration.Duration{Seconds: 60}, - MaxConnectionDuration: &durationpb.Duration{Seconds: 60}, - MaxRequestsPerConnection: &wrapperspb.UInt32Value{Value: 10000}, - }, - UpstreamProtocolOptions: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{ - Http2ProtocolOptions: &core.Http2ProtocolOptions{ - MaxConcurrentStreams: &wrapperspb.UInt32Value{Value: 128}, + var httpOptions *envoy_extension_http.HttpProtocolOptions + if c.HttpVersion == "1.1" { + + httpOptions = &envoy_extension_http.HttpProtocolOptions{ + CommonHttpProtocolOptions: &core.HttpProtocolOptions{ + IdleTimeout: &duration.Duration{Seconds: 60}, + MaxConnectionDuration: &durationpb.Duration{Seconds: 60}, + MaxRequestsPerConnection: &wrapperspb.UInt32Value{Value: 10000}, + }, + UpstreamProtocolOptions: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{ + HttpProtocolOptions: &core.Http1ProtocolOptions{}, }, }, }, - }, + } + } else { // TODO be more specific, handle default version + httpOptions = &envoy_extension_http.HttpProtocolOptions{ + CommonHttpProtocolOptions: &core.HttpProtocolOptions{ + IdleTimeout: &duration.Duration{Seconds: 60}, + MaxConnectionDuration: &durationpb.Duration{Seconds: 60}, + MaxRequestsPerConnection: &wrapperspb.UInt32Value{Value: 10000}, + }, + UpstreamProtocolOptions: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_extension_http.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{ + Http2ProtocolOptions: &core.Http2ProtocolOptions{ + AllowConnect: true, + MaxConcurrentStreams: &wrapperspb.UInt32Value{Value: 128}, + }, + }, + }, + }, + } } + httpOptionsPb, err := anypb.New(httpOptions) if err != nil { log.Fatalf("Error marshaling httpOptions: %s", err) diff --git a/pkg/envoy/ingress_translator.go b/pkg/envoy/ingress_translator.go index 9ba7276..0c5eeab 100644 --- a/pkg/envoy/ingress_translator.go +++ b/pkg/envoy/ingress_translator.go @@ -101,6 +101,7 @@ type cluster struct { VirtualHost string HealthCheckPath string HealthCheckHost string // with Wildcard, the HealthCheck host can be different than the VirtualHost + HttpVersion string Timeout time.Duration Hosts []LBHost } @@ -138,6 +139,10 @@ func (c *cluster) Equals(other *cluster) bool { return false } + if c.HttpVersion != other.HttpVersion { + return false + } + sort.Slice(c.Hosts[:], func(i, j int) bool { return c.Hosts[i].Host < c.Hosts[j].Host }) @@ -263,6 +268,10 @@ func (ing *envoyIngress) setPerTryTimeout(timeout time.Duration) { ing.vhost.PerTryTimeout = timeout } +func (ing *envoyIngress) setUpstreamHttpVersion(version string) { + ing.cluster.HttpVersion = version +} + // hostMatch returns true if tlsHost and ruleHost match, with wildcard support // // *.a.b ruleHost accepts tlsHost *.a.b but not a.a.b or a.b or a.a.a.b @@ -425,6 +434,11 @@ func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v } } + if i.Annotations["yggdrasil.uswitch.com/upstream-http-version"] != "" { + // TODO validate, add error path + envoyIngress.setUpstreamHttpVersion(i.Annotations["yggdrasil.uswitch.com/upstream-http-version"]) + } + envoyIngress.addRetryOn(i) if syncSecrets && envoyIngress.vhost.TlsKey == "" && envoyIngress.vhost.TlsCert == "" { From 821ce3a44d32c8887ebe54f9263aae644546ebb8 Mon Sep 17 00:00:00 2001 From: Guillaume Legrain <30684712+SoulKyu@users.noreply.github.com> Date: Wed, 19 Jun 2024 13:33:15 +0200 Subject: [PATCH 54/57] remove healthcheck for bad configure ingress with wildcard (#8) * remove healthcheck for bad configure ingress with wildcard * fix: reorder code for a more comprehensive way --- pkg/envoy/ingress_translator.go | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/pkg/envoy/ingress_translator.go b/pkg/envoy/ingress_translator.go index 0c5eeab..807758e 100644 --- a/pkg/envoy/ingress_translator.go +++ b/pkg/envoy/ingress_translator.go @@ -246,10 +246,18 @@ func (ing *envoyIngress) addHealthCheckPath(path string) { ing.cluster.HealthCheckPath = path } +func (ing *envoyIngress) removeHealthCheckPath() { + ing.cluster.HealthCheckPath = "" +} + func (ing *envoyIngress) addHealthCheckHost(host string) { ing.cluster.HealthCheckHost = host } +func (ing *envoyIngress) removeHealthCheckHost() { + ing.cluster.HealthCheckHost = "" +} + func (ing *envoyIngress) addTimeout(timeout time.Duration) { ing.cluster.Timeout = timeout ing.vhost.Timeout = timeout @@ -390,22 +398,24 @@ func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v envoyIngress.addUpstream(j, 1) } + if i.Annotations["yggdrasil.uswitch.com/healthcheck-path"] != "" { + envoyIngress.addHealthCheckPath(i.Annotations["yggdrasil.uswitch.com/healthcheck-path"]) + } + if isWildcard { if i.Annotations["yggdrasil.uswitch.com/healthcheck-host"] != "" { - envoyIngress.addHealthCheckHost(i.Annotations["yggdrasil.uswitch.com/healthcheck-host"]) - if !validateSubdomain(ruleHost, envoyIngress.cluster.HealthCheckHost) { + if validateSubdomain(ruleHost, envoyIngress.cluster.HealthCheckHost) { + envoyIngress.addHealthCheckHost(i.Annotations["yggdrasil.uswitch.com/healthcheck-host"]) + } else { logrus.Warnf("Healthcheck %s is not on the same subdomain for %s, annotation will be skipped", envoyIngress.cluster.HealthCheckHost, ruleHost) - envoyIngress.cluster.HealthCheckHost = ruleHost + envoyIngress.removeHealthCheckPath() } } else { - logrus.Warnf("Be careful, healthcheck can't work for wildcard host : %s", envoyIngress.cluster.HealthCheckHost) + logrus.Warnf("Be careful, healthcheck can't work for wildcard host : %s", ruleHost) + envoyIngress.removeHealthCheckPath() } } - if i.Annotations["yggdrasil.uswitch.com/healthcheck-path"] != "" { - envoyIngress.addHealthCheckPath(i.Annotations["yggdrasil.uswitch.com/healthcheck-path"]) - } - if i.Annotations["yggdrasil.uswitch.com/timeout"] != "" { timeout, err := time.ParseDuration(i.Annotations["yggdrasil.uswitch.com/timeout"]) if err == nil { From e7d67d691de7e0aa74efcafd10c03ed4309026a7 Mon Sep 17 00:00:00 2001 From: Guillaume Legrain <30684712+SoulKyu@users.noreply.github.com> Date: Wed, 19 Jun 2024 13:41:26 +0200 Subject: [PATCH 55/57] Feat/custom log file (#9) * remove healthcheck for bad configure ingress with wildcard * feat: add a way to configure log path --- README.md | 2 ++ cmd/root.go | 5 ++++ pkg/envoy/boilerplate.go | 13 ++++++----- pkg/envoy/configurator.go | 35 ++++++++++++++++++++++------ pkg/envoy/configurator_test.go | 12 +++++----- pkg/envoy/ingress_translator.go | 4 +++- pkg/envoy/ingress_translator_test.go | 18 +++++++------- 7 files changed, 60 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 79fd8c0..076d661 100644 --- a/README.md +++ b/README.md @@ -147,6 +147,7 @@ Yggdrasil can be configured using a config file e.g: { "nodeName": "foo", "ingressClasses": ["multi-cluster", "multi-cluster-staging"], + "accessLog": "/var/log/envoy/", "syncSecrets": false, "certificates": [ { @@ -197,6 +198,7 @@ The Yggdrasil-specific metrics which are available from the API are: --config string config file --config-dump Enable config dump endpoint at /configdump on the health-address HTTP server --debug Log at debug level +--access-log path for the file logs --envoy-listener-ipv4-address strings IPv4 addresses by the envoy proxy to accept incoming connections (default "0.0.0.0") --envoy-port uint32 port by the envoy proxy to accept incoming connections (default 10000) --health-address string yggdrasil health API listen address (default "0.0.0.0:8081") diff --git a/cmd/root.go b/cmd/root.go index ec9e713..ae73a40 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -34,6 +34,7 @@ type config struct { NodeName string `json:"nodeName"` Clusters []clusterConfig `json:"clusters"` SyncSecrets bool `json:"syncSecrets"` + AccessLog string `json:"accessLog"` Certificates []envoy.Certificate `json:"certificates"` TrustCA string `json:"trustCA"` UpstreamPort uint32 `json:"upstreamPort"` @@ -79,6 +80,7 @@ func init() { rootCmd.PersistentFlags().String("address", "0.0.0.0:8080", "yggdrasil envoy control plane listen address") rootCmd.PersistentFlags().String("health-address", "0.0.0.0:8081", "yggdrasil health API listen address") rootCmd.PersistentFlags().String("node-name", "", "envoy node name") + rootCmd.PersistentFlags().String("access-log", "/var/log/envoy/", "envoy default access log file") rootCmd.PersistentFlags().String("cert", "", "certfile") rootCmd.PersistentFlags().String("key", "", "keyfile") rootCmd.PersistentFlags().String("ca", "", "trustedCA") @@ -119,6 +121,7 @@ func init() { viper.BindPFlag("address", rootCmd.PersistentFlags().Lookup("address")) viper.BindPFlag("healthAddress", rootCmd.PersistentFlags().Lookup("health-address")) viper.BindPFlag("nodeName", rootCmd.PersistentFlags().Lookup("node-name")) + viper.BindPFlag("accessLog", rootCmd.PersistentFlags().Lookup("access-log")) viper.BindPFlag("ingressClasses", rootCmd.PersistentFlags().Lookup("ingress-classes")) viper.BindPFlag("cert", rootCmd.PersistentFlags().Lookup("cert")) viper.BindPFlag("key", rootCmd.PersistentFlags().Lookup("key")) @@ -240,6 +243,7 @@ func main(*cobra.Command, []string) error { c.Certificates, viper.GetString("trustCA"), viper.GetStringSlice("ingressClasses"), + viper.GetString("accessLog"), envoy.WithUpstreamPort(uint32(viper.GetInt32("upstreamPort"))), envoy.WithEnvoyListenerIpv4Address(viper.GetStringSlice("envoyListenerIpv4Address")), envoy.WithEnvoyPort(uint32(viper.GetInt32("envoyPort"))), @@ -256,6 +260,7 @@ func main(*cobra.Command, []string) error { envoy.WithTracingProvider(viper.GetString("tracingProvider")), envoy.WithAlpnProtocols(viper.GetStringSlice("alpnProtocols")), ) + configurator.ValidateAndFormatPath() snapshotter := envoy.NewSnapshotter(envoyCache, configurator, aggregator) go snapshotter.Run(aggregator) diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go index 2fdbfd6..bf1aee0 100644 --- a/pkg/envoy/boilerplate.go +++ b/pkg/envoy/boilerplate.go @@ -3,6 +3,7 @@ package envoy import ( "fmt" "log" + "path/filepath" "strings" cal "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" @@ -181,7 +182,7 @@ func makeGrpcLoggerConfig(cfg HttpGrpcLogger) *gal.HttpGrpcAccessLogConfig { } } -func makeFileAccessLog(cfg AccessLogger) *eal.FileAccessLog { +func makeFileAccessLog(cfg AccessLogger, accessLog string) *eal.FileAccessLog { format := DefaultAccessLogFormat if len(cfg.Format) > 0 { format = cfg.Format @@ -194,7 +195,7 @@ func makeFileAccessLog(cfg AccessLogger) *eal.FileAccessLog { jsonFormat = b.GetStructValue() accessLogConfig := &eal.FileAccessLog{ - Path: "/var/log/envoy/access.log", + Path: filepath.Join(accessLog, "access.log"), AccessLogFormat: &eal.FileAccessLog_LogFormat{ LogFormat: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_JsonFormat{ @@ -217,9 +218,9 @@ func makeZipkinTracingProvider() *tracing.ZipkinConfig { return zipkinTracingProviderConfig } -func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost) (*hcm.HttpConnectionManager, error) { +func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.VirtualHost, accessLog string) (*hcm.HttpConnectionManager, error) { // Access Logs - accessLogConfig := makeFileAccessLog(c.accessLogger) + accessLogConfig := makeFileAccessLog(c.accessLogger, accessLog) anyAccessLogConfig, err := anypb.New(accessLogConfig) if err != nil { log.Fatalf("failed to marshal access log config struct to typed struct: %s", err) @@ -309,8 +310,8 @@ func (c *KubernetesConfigurator) makeConnectionManager(virtualHosts []*route.Vir }, nil } -func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtualHosts []*route.VirtualHost) (listener.FilterChain, error) { - httpConnectionManager, err := c.makeConnectionManager(virtualHosts) +func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtualHosts []*route.VirtualHost, accessLog string) (listener.FilterChain, error) { + httpConnectionManager, err := c.makeConnectionManager(virtualHosts, accessLog) if err != nil { return listener.FilterChain{}, fmt.Errorf("failed to get httpConnectionManager: %s", err) } diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go index caacedb..40903fe 100644 --- a/pkg/envoy/configurator.go +++ b/pkg/envoy/configurator.go @@ -3,6 +3,7 @@ package envoy import ( "errors" "log" + "path/filepath" "strings" "sync" "time" @@ -62,6 +63,7 @@ type KubernetesConfigurator struct { ingressClasses []string nodeID string syncSecrets bool + accessLog string certificates []Certificate trustCA string upstreamPort uint32 @@ -86,21 +88,40 @@ type KubernetesConfigurator struct { } // NewKubernetesConfigurator returns a Kubernetes configurator given a lister and ingress class -func NewKubernetesConfigurator(nodeID string, certificates []Certificate, ca string, ingressClasses []string, options ...option) *KubernetesConfigurator { - c := &KubernetesConfigurator{ingressClasses: ingressClasses, nodeID: nodeID, certificates: certificates, trustCA: ca} +func NewKubernetesConfigurator(nodeID string, certificates []Certificate, ca string, ingressClasses []string, accessLog string, options ...option) *KubernetesConfigurator { + c := &KubernetesConfigurator{ingressClasses: ingressClasses, nodeID: nodeID, certificates: certificates, trustCA: ca, accessLog: accessLog} for _, opt := range options { opt(c) } return c } +func (c *KubernetesConfigurator) ValidateAndFormatPath() { + if c.accessLog == "" { + logrus.Fatal("accessLog path cannot be empty") + } + + // Clean the path and make it absolute + c.accessLog = filepath.Clean(c.accessLog) + absolutePath, err := filepath.Abs(c.accessLog) + if err != nil { + logrus.Fatalf("invalid path: %v", err) + } + c.accessLog = absolutePath + + // Ensure the path ends with a directory separator if it's a directory + if strings.HasSuffix(c.accessLog, string(filepath.Separator)) { + c.accessLog = string(filepath.Separator) + } +} + // Generate creates a new snapshot func (c *KubernetesConfigurator) Generate(ingresses []*k8s.Ingress, secrets []*v1.Secret) (cache.Snapshot, error) { c.Lock() defer c.Unlock() validIngresses := validIngressFilter(classFilter(ingresses, c.ingressClasses)) - config := translateIngresses(validIngresses, c.syncSecrets, secrets, c.defaultTimeouts) + config := translateIngresses(validIngresses, c.syncSecrets, secrets, c.defaultTimeouts, c.accessLog) vmatch, cmatch := config.equals(c.previousConfig) @@ -212,7 +233,7 @@ func (c *KubernetesConfigurator) generateDynamicTLSFilterChains(config *envoyCon Cert: virtualHost.TlsCert, Key: virtualHost.TlsKey, } - filterChain, err := c.makeFilterChain(certificate, []*route.VirtualHost{envoyVhost}) + filterChain, err := c.makeFilterChain(certificate, []*route.VirtualHost{envoyVhost}, config.AccessLog) if err != nil { logrus.Warnf("error making filter chain: %v", err) } @@ -225,7 +246,7 @@ func (c *KubernetesConfigurator) generateDynamicTLSFilterChains(config *envoyCon Cert: c.certificates[0].Cert, Key: c.certificates[0].Key, } - if defaultFC, err := c.makeFilterChain(defaultCert, allVhosts); err != nil { + if defaultFC, err := c.makeFilterChain(defaultCert, allVhosts, config.AccessLog); err != nil { logrus.Warnf("error making default filter chain: %v", err) } else { filterChains = append(filterChains, &defaultFC) @@ -245,7 +266,7 @@ func (c *KubernetesConfigurator) generateHTTPFilterChain(config *envoyConfigurat virtualHosts = append(virtualHosts, vhost) } - httpConnectionManager, err := c.makeConnectionManager(virtualHosts) + httpConnectionManager, err := c.makeConnectionManager(virtualHosts, config.AccessLog) if err != nil { return nil, err } @@ -291,7 +312,7 @@ func (c *KubernetesConfigurator) generateTLSFilterChains(config *envoyConfigurat continue } - filterChain, err := c.makeFilterChain(certificate, virtualHosts) + filterChain, err := c.makeFilterChain(certificate, virtualHosts, config.AccessLog) if err != nil { log.Printf("error making filter chain: %v", err) } diff --git a/pkg/envoy/configurator_test.go b/pkg/envoy/configurator_test.go index b50d91b..9727829 100644 --- a/pkg/envoy/configurator_test.go +++ b/pkg/envoy/configurator_test.go @@ -52,7 +52,7 @@ func TestGenerate(t *testing.T) { configurator := NewKubernetesConfigurator("a", []Certificate{ {Hosts: []string{"*"}, Cert: "b", Key: "c"}, - }, "d", []string{"bar"}) + }, "d", []string{"bar"}, "/var/log/envoy/") snapshot, _ := configurator.Generate(ingresses, []*v1.Secret{}) @@ -73,7 +73,7 @@ func TestGenerateMultipleCerts(t *testing.T) { configurator := NewKubernetesConfigurator("a", []Certificate{ {Hosts: []string{"*.internal.api.com"}, Cert: "com", Key: "com"}, {Hosts: []string{"*.internal.api.co.uk"}, Cert: "couk", Key: "couk"}, - }, "d", []string{"bar"}) + }, "d", []string{"bar"}, "/var/log/envoy/") snapshot, err := configurator.Generate(ingresses, []*v1.Secret{}) if err != nil { @@ -98,7 +98,7 @@ func TestGenerateMultipleHosts(t *testing.T) { configurator := NewKubernetesConfigurator("a", []Certificate{ {Hosts: []string{"*.internal.api.com", "*.internal.api.co.uk"}, Cert: "com", Key: "com"}, - }, "d", []string{"bar"}) + }, "d", []string{"bar"}, "/var/log/envoy/") snapshot, err := configurator.Generate(ingresses, []*v1.Secret{}) if err != nil { @@ -123,7 +123,7 @@ func TestGenerateNoMatchingCert(t *testing.T) { configurator := NewKubernetesConfigurator("a", []Certificate{ {Hosts: []string{"*.internal.api.com"}, Cert: "com", Key: "com"}, - }, "d", []string{"bar"}) + }, "d", []string{"bar"}, "/var/log/envoy/") snapshot, err := configurator.Generate(ingresses, []*v1.Secret{}) if err != nil { @@ -145,7 +145,7 @@ func TestGenerateIntoTwoCerts(t *testing.T) { configurator := NewKubernetesConfigurator("a", []Certificate{ {Hosts: []string{"*.internal.api.com"}, Cert: "com", Key: "com"}, {Hosts: []string{"*"}, Cert: "all", Key: "all"}, - }, "d", []string{"bar"}) + }, "d", []string{"bar"}, "/var/log/envoy/") snapshot, err := configurator.Generate(ingresses, []*v1.Secret{}) if err != nil { @@ -218,7 +218,7 @@ func TestGenerateListeners(t *testing.T) { } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { - configurator := NewKubernetesConfigurator("a", tc.certs, "", nil) + configurator := NewKubernetesConfigurator("a", tc.certs, "", nil, "/var/log/envoy/") ret, err := configurator.generateListeners(&envoyConfiguration{VirtualHosts: tc.virtualHost}) if err != nil { t.Fatalf("Error generating listeners %v", err) diff --git a/pkg/envoy/ingress_translator.go b/pkg/envoy/ingress_translator.go index 807758e..6133537 100644 --- a/pkg/envoy/ingress_translator.go +++ b/pkg/envoy/ingress_translator.go @@ -65,6 +65,7 @@ func VirtualHostsEquals(a, b []*virtualHost) bool { type envoyConfiguration struct { VirtualHosts []*virtualHost Clusters []*cluster + AccessLog string } type virtualHost struct { @@ -373,7 +374,7 @@ func validateSubdomain(ruleHost, host string) bool { return strings.HasSuffix(host, ruleHost) } -func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v1.Secret, timeouts DefaultTimeouts) *envoyConfiguration { +func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v1.Secret, timeouts DefaultTimeouts, accessLog string) *envoyConfiguration { cfg := &envoyConfiguration{} envoyIngresses := map[string]*envoyIngress{} @@ -471,6 +472,7 @@ func translateIngresses(ingresses []*k8s.Ingress, syncSecrets bool, secrets []*v for _, ingress := range envoyIngresses { cfg.Clusters = append(cfg.Clusters, ingress.cluster) cfg.VirtualHosts = append(cfg.VirtualHosts, ingress.vhost) + cfg.AccessLog = accessLog } numVhosts.Set(float64(len(cfg.VirtualHosts))) diff --git a/pkg/envoy/ingress_translator_test.go b/pkg/envoy/ingress_translator_test.go index 0cbd345..72d69bf 100644 --- a/pkg/envoy/ingress_translator_test.go +++ b/pkg/envoy/ingress_translator_test.go @@ -209,8 +209,8 @@ func TestEquals(t *testing.T) { Route: 15 * time.Second, PerTry: 5 * time.Second, } - c := translateIngresses([]*k8s.Ingress{ingress, ingress2}, false, []*v1.Secret{}, timeouts) - c2 := translateIngresses([]*k8s.Ingress{ingress, ingress2}, false, []*v1.Secret{}, timeouts) + c := translateIngresses([]*k8s.Ingress{ingress, ingress2}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") + c2 := translateIngresses([]*k8s.Ingress{ingress, ingress2}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") vmatch, cmatch := c.equals(c2) if vmatch != true { @@ -231,8 +231,8 @@ func TestNotEquals(t *testing.T) { Route: 15 * time.Second, PerTry: 5 * time.Second, } - c := translateIngresses([]*k8s.Ingress{ingress, ingress3, ingress2}, false, []*v1.Secret{}, timeouts) - c2 := translateIngresses([]*k8s.Ingress{ingress, ingress2, ingress4}, false, []*v1.Secret{}, timeouts) + c := translateIngresses([]*k8s.Ingress{ingress, ingress3, ingress2}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") + c2 := translateIngresses([]*k8s.Ingress{ingress, ingress2, ingress4}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") vmatch, cmatch := c.equals(c2) if vmatch == true { @@ -252,8 +252,8 @@ func TestPartialEquals(t *testing.T) { Route: 15 * time.Second, PerTry: 5 * time.Second, } - c := translateIngresses([]*k8s.Ingress{ingress2}, false, []*v1.Secret{}, timeouts) - c2 := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts) + c := translateIngresses([]*k8s.Ingress{ingress2}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") + c2 := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") vmatch, cmatch := c2.equals(c) if vmatch != true { @@ -272,7 +272,7 @@ func TestGeneratesForSingleIngress(t *testing.T) { Route: 15 * time.Second, PerTry: 5 * time.Second, } - c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts) + c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") if len(c.VirtualHosts) != 1 { t.Error("expected 1 virtual host") @@ -313,7 +313,7 @@ func TestGeneratesForMultipleIngressSharingSpecHost(t *testing.T) { Route: 15 * time.Second, PerTry: 5 * time.Second, } - c := translateIngresses([]*k8s.Ingress{fooIngress, barIngress}, false, []*v1.Secret{}, timeouts) + c := translateIngresses([]*k8s.Ingress{fooIngress, barIngress}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") if len(c.VirtualHosts) != 1 { t.Error("expected 1 virtual host") @@ -373,7 +373,7 @@ func TestIngressWithIP(t *testing.T) { Route: 15 * time.Second, PerTry: 5 * time.Second, } - c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts) + c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") if c.Clusters[0].Hosts[0].Host != "127.0.0.1" { t.Errorf("expected cluster host to be IP address, was %s", c.Clusters[0].Hosts[0]) } From e74820f4db34f2557fe8f9790e1eee4530f92677 Mon Sep 17 00:00:00 2001 From: Guillaume LEGRAIN Date: Thu, 4 Jul 2024 16:57:12 +0200 Subject: [PATCH 56/57] test: correct address as a list --- pkg/envoy/boilerplate_test.go | 2 +- pkg/envoy/configurator_test.go | 12 ++++++------ pkg/envoy/ingress_translator_test.go | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/pkg/envoy/boilerplate_test.go b/pkg/envoy/boilerplate_test.go index 42779e7..27e8ffb 100644 --- a/pkg/envoy/boilerplate_test.go +++ b/pkg/envoy/boilerplate_test.go @@ -77,7 +77,7 @@ func TestAccessLoggerConfig(t *testing.T) { cfg.Format = tc.format } - fileAccessLog := makeFileAccessLog(cfg) + fileAccessLog := makeFileAccessLog(cfg, "/var/log/envoy/") if fileAccessLog.Path != "/var/log/envoy/access.log" { t.Errorf("Expected access log to use default path but was, %s", fileAccessLog.Path) } diff --git a/pkg/envoy/configurator_test.go b/pkg/envoy/configurator_test.go index 9727829..a69a0ca 100644 --- a/pkg/envoy/configurator_test.go +++ b/pkg/envoy/configurator_test.go @@ -52,7 +52,7 @@ func TestGenerate(t *testing.T) { configurator := NewKubernetesConfigurator("a", []Certificate{ {Hosts: []string{"*"}, Cert: "b", Key: "c"}, - }, "d", []string{"bar"}, "/var/log/envoy/") + }, "d", []string{"bar"}, "/var/log/envoy/", func(c *KubernetesConfigurator) { c.envoyListenerIpv4Address = []string{"1.1.1.1"} }) snapshot, _ := configurator.Generate(ingresses, []*v1.Secret{}) @@ -73,7 +73,7 @@ func TestGenerateMultipleCerts(t *testing.T) { configurator := NewKubernetesConfigurator("a", []Certificate{ {Hosts: []string{"*.internal.api.com"}, Cert: "com", Key: "com"}, {Hosts: []string{"*.internal.api.co.uk"}, Cert: "couk", Key: "couk"}, - }, "d", []string{"bar"}, "/var/log/envoy/") + }, "d", []string{"bar"}, "/var/log/envoy/", func(c *KubernetesConfigurator) { c.envoyListenerIpv4Address = []string{"1.1.1.1"} }) snapshot, err := configurator.Generate(ingresses, []*v1.Secret{}) if err != nil { @@ -98,7 +98,7 @@ func TestGenerateMultipleHosts(t *testing.T) { configurator := NewKubernetesConfigurator("a", []Certificate{ {Hosts: []string{"*.internal.api.com", "*.internal.api.co.uk"}, Cert: "com", Key: "com"}, - }, "d", []string{"bar"}, "/var/log/envoy/") + }, "d", []string{"bar"}, "/var/log/envoy/", func(c *KubernetesConfigurator) { c.envoyListenerIpv4Address = []string{"1.1.1.1"} }) snapshot, err := configurator.Generate(ingresses, []*v1.Secret{}) if err != nil { @@ -123,7 +123,7 @@ func TestGenerateNoMatchingCert(t *testing.T) { configurator := NewKubernetesConfigurator("a", []Certificate{ {Hosts: []string{"*.internal.api.com"}, Cert: "com", Key: "com"}, - }, "d", []string{"bar"}, "/var/log/envoy/") + }, "d", []string{"bar"}, "/var/log/envoy/", func(c *KubernetesConfigurator) { c.envoyListenerIpv4Address = []string{"1.1.1.1"} }) snapshot, err := configurator.Generate(ingresses, []*v1.Secret{}) if err != nil { @@ -145,7 +145,7 @@ func TestGenerateIntoTwoCerts(t *testing.T) { configurator := NewKubernetesConfigurator("a", []Certificate{ {Hosts: []string{"*.internal.api.com"}, Cert: "com", Key: "com"}, {Hosts: []string{"*"}, Cert: "all", Key: "all"}, - }, "d", []string{"bar"}, "/var/log/envoy/") + }, "d", []string{"bar"}, "/var/log/envoy/", func(c *KubernetesConfigurator) { c.envoyListenerIpv4Address = []string{"1.1.1.1"} }) snapshot, err := configurator.Generate(ingresses, []*v1.Secret{}) if err != nil { @@ -218,7 +218,7 @@ func TestGenerateListeners(t *testing.T) { } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { - configurator := NewKubernetesConfigurator("a", tc.certs, "", nil, "/var/log/envoy/") + configurator := NewKubernetesConfigurator("a", tc.certs, "", nil, "/var/log/envoy/", func(c *KubernetesConfigurator) { c.envoyListenerIpv4Address = []string{"1.1.1.1"} }) ret, err := configurator.generateListeners(&envoyConfiguration{VirtualHosts: tc.virtualHost}) if err != nil { t.Fatalf("Error generating listeners %v", err) diff --git a/pkg/envoy/ingress_translator_test.go b/pkg/envoy/ingress_translator_test.go index 72d69bf..94322c1 100644 --- a/pkg/envoy/ingress_translator_test.go +++ b/pkg/envoy/ingress_translator_test.go @@ -334,10 +334,10 @@ func TestGeneratesForMultipleIngressSharingSpecHost(t *testing.T) { t.Errorf("expected 2 host, was %d", len(c.Clusters[0].Hosts)) } if c.Clusters[0].Hosts[0].Host != "foo.com" { - t.Errorf("expected cluster host for foo.com, was %s", c.Clusters[0].Hosts[0]) + t.Errorf("expected cluster host for foo.com, was %v", c.Clusters[0].Hosts[0]) } if c.Clusters[0].Hosts[1].Host != "bar.com" { - t.Errorf("expected cluster host for bar.com, was %s", c.Clusters[0].Hosts[1]) + t.Errorf("expected cluster host for bar.com, was %v", c.Clusters[0].Hosts[1]) } if c.VirtualHosts[0].UpstreamCluster != c.Clusters[0].Name { @@ -375,7 +375,7 @@ func TestIngressWithIP(t *testing.T) { } c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") if c.Clusters[0].Hosts[0].Host != "127.0.0.1" { - t.Errorf("expected cluster host to be IP address, was %s", c.Clusters[0].Hosts[0]) + t.Errorf("expected cluster host to be IP address, was %v", c.Clusters[0].Hosts[0]) } } From e26ab462aa7e50e0b104531400a914a2c53b0c82 Mon Sep 17 00:00:00 2001 From: Laurent Marchaud Date: Thu, 4 Jul 2024 19:31:10 +0200 Subject: [PATCH 57/57] Fix tests Signed-off-by: Laurent Marchaud --- pkg/envoy/ingress_translator_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/envoy/ingress_translator_test.go b/pkg/envoy/ingress_translator_test.go index 94322c1..7119217 100644 --- a/pkg/envoy/ingress_translator_test.go +++ b/pkg/envoy/ingress_translator_test.go @@ -334,10 +334,10 @@ func TestGeneratesForMultipleIngressSharingSpecHost(t *testing.T) { t.Errorf("expected 2 host, was %d", len(c.Clusters[0].Hosts)) } if c.Clusters[0].Hosts[0].Host != "foo.com" { - t.Errorf("expected cluster host for foo.com, was %v", c.Clusters[0].Hosts[0]) + t.Errorf("expected cluster host for foo.com, was %v", c.Clusters[0].Hosts[0].Host) } if c.Clusters[0].Hosts[1].Host != "bar.com" { - t.Errorf("expected cluster host for bar.com, was %v", c.Clusters[0].Hosts[1]) + t.Errorf("expected cluster host for bar.com, was %v", c.Clusters[0].Hosts[1].Host) } if c.VirtualHosts[0].UpstreamCluster != c.Clusters[0].Name { @@ -375,7 +375,7 @@ func TestIngressWithIP(t *testing.T) { } c := translateIngresses([]*k8s.Ingress{ingress}, false, []*v1.Secret{}, timeouts, "/var/log/envoy/") if c.Clusters[0].Hosts[0].Host != "127.0.0.1" { - t.Errorf("expected cluster host to be IP address, was %v", c.Clusters[0].Hosts[0]) + t.Errorf("expected cluster host to be IP address, was %v", c.Clusters[0].Hosts[0].Host) } }