From 6ae3a65a2e56e3ab93a69821511b683540f9ad52 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Wed, 17 Apr 2024 18:14:43 +0300 Subject: [PATCH 01/19] Initial work --- Makefile | 2 +- api/v1beta1/kafkacluster_types.go | 4 ++-- charts/kafka-operator/crds/kafkaclusters.yaml | 3 +++ .../kafka.banzaicloud.io_kafkaclusters.yaml | 3 +++ pkg/resources/kafka/kafka.go | 1 + pkg/util/contour/common.go | 21 +++++++++++++++++++ pkg/util/util.go | 8 +++++++ 7 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 pkg/util/contour/common.go diff --git a/Makefile b/Makefile index d202e3195..43b4a44f1 100644 --- a/Makefile +++ b/Makefile @@ -113,7 +113,7 @@ manager: generate fmt vet ## Generate (kubebuilder) and build manager binary. # Run against the configured Kubernetes cluster in ~/.kube/config run: generate fmt vet - go run ./main.go + go run ./main.go --cert-manager-enabled=false --disable-cert-signing-support --disable-webhooks # Install CRDs into a cluster by manually creating or replacing the CRD depending on whether is currently existing # Apply is not applicable as the last-applied-configuration annotation would exceed the size limit enforced by the api server diff --git a/api/v1beta1/kafkacluster_types.go b/api/v1beta1/kafkacluster_types.go index 7db76b78e..38023d8cc 100644 --- a/api/v1beta1/kafkacluster_types.go +++ b/api/v1beta1/kafkacluster_types.go @@ -155,7 +155,7 @@ type KafkaClusterSpec struct { RollingUpgradeConfig RollingUpgradeConfig `json:"rollingUpgradeConfig"` // Selector for broker pods that need to be recycled/reconciled TaintedBrokersSelector *metav1.LabelSelector `json:"taintedBrokersSelector,omitempty"` - // +kubebuilder:validation:Enum=envoy;istioingress + // +kubebuilder:validation:Enum=envoy;contour;istioingress // IngressController specifies the type of the ingress controller to be used for external listeners. The `istioingress` ingress controller type requires the `spec.istioControlPlane` field to be populated as well. IngressController string `json:"ingressController,omitempty"` // IstioControlPlane is a reference to the IstioControlPlane resource for envoy configuration. It must be specified if istio ingress is used. @@ -673,7 +673,7 @@ type ExternalListenerConfig struct { // IngressControllerTargetPort defines the container port that the ingress controller uses for handling external traffic. // If not defined, 29092 will be used as the default IngressControllerTargetPort value. IngressControllerTargetPort *int32 `json:"ingressControllerTargetPort,omitempty"` - // +kubebuilder:validation:Enum=LoadBalancer;NodePort + // +kubebuilder:validation:Enum=LoadBalancer;NodePort;ClusterIP;ExternalName // accessMethod defines the method which the external listener is exposed through. // Two types are supported LoadBalancer and NodePort. // The recommended and default is the LoadBalancer. diff --git a/charts/kafka-operator/crds/kafkaclusters.yaml b/charts/kafka-operator/crds/kafkaclusters.yaml index ea63d643f..7513661b3 100644 --- a/charts/kafka-operator/crds/kafkaclusters.yaml +++ b/charts/kafka-operator/crds/kafkaclusters.yaml @@ -18817,6 +18817,7 @@ spec: as well. enum: - envoy + - contour - istioingress type: string istioControlPlane: @@ -19171,6 +19172,8 @@ spec: enum: - LoadBalancer - NodePort + - ClusterIP + - ExternalName type: string anyCastPort: description: configuring AnyCastPort allows kafka cluster diff --git a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml index ea63d643f..7513661b3 100644 --- a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml +++ b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml @@ -18817,6 +18817,7 @@ spec: as well. enum: - envoy + - contour - istioingress type: string istioControlPlane: @@ -19171,6 +19172,8 @@ spec: enum: - LoadBalancer - NodePort + - ClusterIP + - ExternalName type: string anyCastPort: description: configuring AnyCastPort allows kafka cluster diff --git a/pkg/resources/kafka/kafka.go b/pkg/resources/kafka/kafka.go index 826f2100a..cfabeefca 100644 --- a/pkg/resources/kafka/kafka.go +++ b/pkg/resources/kafka/kafka.go @@ -1332,6 +1332,7 @@ func (r *Reconciler) createExternalListenerStatuses(log logr.Logger) (map[string // optionally add all brokers service to the top of the list if eListener.GetAccessMethod() != corev1.ServiceTypeNodePort { + fmt.Println("-------------------------------") if foundLBService == nil { foundLBService, err = getServiceFromExternalListener(r.Client, r.KafkaCluster, eListener.Name, iConfigName) if err != nil { diff --git a/pkg/util/contour/common.go b/pkg/util/contour/common.go new file mode 100644 index 000000000..226c9eca6 --- /dev/null +++ b/pkg/util/contour/common.go @@ -0,0 +1,21 @@ +// Copyright © 2019 Cisco Systems, Inc. and/or its affiliates +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package contour + +const ( + + // IngressControllerName name for contour ingress service + IngressControllerName = "contour" +) diff --git a/pkg/util/util.go b/pkg/util/util.go index a070aaa7c..d23281436 100644 --- a/pkg/util/util.go +++ b/pkg/util/util.go @@ -54,6 +54,7 @@ import ( "github.com/banzaicloud/koperator/api/v1beta1" "github.com/banzaicloud/koperator/pkg/errorfactory" "github.com/banzaicloud/koperator/pkg/util/cert" + "github.com/banzaicloud/koperator/pkg/util/contour" envoyutils "github.com/banzaicloud/koperator/pkg/util/envoy" "github.com/banzaicloud/koperator/pkg/util/istioingress" properties "github.com/banzaicloud/koperator/properties/pkg" @@ -322,6 +323,13 @@ func GetIngressConfigs(kafkaClusterSpec v1beta1.KafkaClusterSpec, }, } } + case contour.IngressControllerName: + ingressConfigs = map[string]v1beta1.IngressConfig{ + IngressConfigGlobalName: { + IngressServiceSettings: eListenerConfig.IngressServiceSettings, + EnvoyConfig: &kafkaClusterSpec.EnvoyConfig, + }, + } default: return nil, "", errors.NewWithDetails("not supported ingress type", "name", kafkaClusterSpec.GetIngressController()) } From 3c00fd8f5f8d68c6ee96bf5e8f2044f2ef5e30a4 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Tue, 23 Apr 2024 16:33:00 +0300 Subject: [PATCH 02/19] First take --- api/v1beta1/kafkacluster_types.go | 2 +- controllers/kafkacluster_controller.go | 10 ++ go.mod | 1 + go.sum | 2 + main.go | 3 + .../clusterIpExternalAccess.go | 114 +++++++++++++++++ .../clusteripexternalaccess/service.go | 116 ++++++++++++++++++ pkg/resources/kafka/kafka.go | 10 +- pkg/util/contour/common.go | 4 + 9 files changed, 260 insertions(+), 2 deletions(-) create mode 100644 pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go create mode 100644 pkg/resources/clusteripexternalaccess/service.go diff --git a/api/v1beta1/kafkacluster_types.go b/api/v1beta1/kafkacluster_types.go index 38023d8cc..1d9a1f4d2 100644 --- a/api/v1beta1/kafkacluster_types.go +++ b/api/v1beta1/kafkacluster_types.go @@ -673,7 +673,7 @@ type ExternalListenerConfig struct { // IngressControllerTargetPort defines the container port that the ingress controller uses for handling external traffic. // If not defined, 29092 will be used as the default IngressControllerTargetPort value. IngressControllerTargetPort *int32 `json:"ingressControllerTargetPort,omitempty"` - // +kubebuilder:validation:Enum=LoadBalancer;NodePort;ClusterIP;ExternalName + // +kubebuilder:validation:Enum=LoadBalancer;NodePort;ClusterIP // accessMethod defines the method which the external listener is exposed through. // Two types are supported LoadBalancer and NodePort. // The recommended and default is the LoadBalancer. diff --git a/controllers/kafkacluster_controller.go b/controllers/kafkacluster_controller.go index badf8f053..fee0980db 100644 --- a/controllers/kafkacluster_controller.go +++ b/controllers/kafkacluster_controller.go @@ -22,6 +22,7 @@ import ( "emperror.dev/errors" "github.com/go-logr/logr" + contour "github.com/projectcontour/contour/apis/projectcontour/v1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" policyv1 "k8s.io/api/policy/v1" @@ -41,6 +42,7 @@ import ( "github.com/banzaicloud/koperator/pkg/kafkaclient" "github.com/banzaicloud/koperator/pkg/pki" "github.com/banzaicloud/koperator/pkg/resources" + "github.com/banzaicloud/koperator/pkg/resources/clusteripexternalaccess" "github.com/banzaicloud/koperator/pkg/resources/cruisecontrol" "github.com/banzaicloud/koperator/pkg/resources/cruisecontrolmonitoring" "github.com/banzaicloud/koperator/pkg/resources/envoy" @@ -116,6 +118,7 @@ func (r *KafkaClusterReconciler) Reconcile(ctx context.Context, request ctrl.Req envoy.New(r.Client, instance), istioingress.New(r.Client, instance), nodeportexternalaccess.New(r.Client, instance), + clusteripexternalaccess.New(r.Client, instance), kafkamonitoring.New(r.Client, instance), cruisecontrolmonitoring.New(r.Client, instance), kafka.New(r.Client, r.DirectClient, instance, r.KafkaClientProvider), @@ -363,6 +366,7 @@ func SetupKafkaClusterWithManager(mgr ctrl.Manager) *ctrl.Builder { kafkaWatches(builder) envoyWatches(builder) + contourWatches(builder) cruiseControlWatches(builder) builder.WithEventFilter( @@ -415,6 +419,12 @@ func envoyWatches(builder *ctrl.Builder) *ctrl.Builder { Owns(&corev1.ConfigMap{}) } +func contourWatches(builder *ctrl.Builder) *ctrl.Builder { + return builder. + Owns(&corev1.Service{}). + Owns(&contour.HTTPProxy{}) +} + func cruiseControlWatches(builder *ctrl.Builder) *ctrl.Builder { return builder. Owns(&corev1.Service{}). diff --git a/go.mod b/go.mod index be99ba78c..56e54eaaa 100644 --- a/go.mod +++ b/go.mod @@ -21,6 +21,7 @@ require ( github.com/onsi/ginkgo/v2 v2.13.1 github.com/onsi/gomega v1.30.0 github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 + github.com/projectcontour/contour v1.26.0 github.com/prometheus/common v0.45.0 github.com/stretchr/testify v1.8.4 go.uber.org/mock v0.3.0 diff --git a/go.sum b/go.sum index 726c25bc9..c309c4806 100644 --- a/go.sum +++ b/go.sum @@ -241,6 +241,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/projectcontour/contour v1.26.0 h1:uCgDqkxeTUrHI3AhcP/LMGpmoAr4hR9jT9zYlfXn3pY= +github.com/projectcontour/contour v1.26.0/go.mod h1:w5eSvTFrA9wBHgsuz0s+/QqOsnObnk3KzTylC/R1uHw= github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= diff --git a/main.go b/main.go index bb8c7e9da..1b866022a 100644 --- a/main.go +++ b/main.go @@ -59,6 +59,7 @@ import ( "github.com/banzaicloud/koperator/pkg/scale" "github.com/banzaicloud/koperator/pkg/util" "github.com/banzaicloud/koperator/pkg/webhooks" + contour "github.com/projectcontour/contour/apis/projectcontour/v1" // +kubebuilder:scaffold:imports ) @@ -77,6 +78,8 @@ func init() { _ = banzaiistiov1alpha1.AddToScheme(scheme) _ = istioclientv1beta1.AddToScheme(scheme) + + _ = contour.AddToScheme(scheme) // +kubebuilder:scaffold:scheme } diff --git a/pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go b/pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go new file mode 100644 index 000000000..87ea7324f --- /dev/null +++ b/pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go @@ -0,0 +1,114 @@ +// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package clusteripexternalaccess + +import ( + "context" + "fmt" + + "emperror.dev/errors" + "github.com/go-logr/logr" + corev1 "k8s.io/api/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/banzaicloud/koperator/api/v1beta1" + "github.com/banzaicloud/koperator/pkg/k8sutil" + "github.com/banzaicloud/koperator/pkg/resources" + "github.com/banzaicloud/koperator/pkg/util" + contourutils "github.com/banzaicloud/koperator/pkg/util/contour" +) + +const ( + componentName = "clusterIpExternalAccess" +) + +// Reconciler implements the Component Reconciler +type Reconciler struct { + resources.Reconciler +} + +// New creates a new reconciler for NodePort based external access +func New(client client.Client, cluster *v1beta1.KafkaCluster) *Reconciler { + return &Reconciler{ + Reconciler: resources.Reconciler{ + Client: client, + KafkaCluster: cluster, + }, + } +} + +// Reconcile implements the reconcile logic for NodePort based external access +func (r *Reconciler) Reconcile(log logr.Logger) error { + log = log.WithValues("component", componentName) + log.V(1).Info("Reconciling") + if r.KafkaCluster.Spec.GetIngressController() == contourutils.IngressControllerName { + // create ClusterIP services for discovery service and brokers + for _, eListener := range r.KafkaCluster.Spec.ListenersConfig.ExternalListeners { + // create per ingressConfig services ClusterIP + ingressConfigs, defaultControllerName, err := util.GetIngressConfigs(r.KafkaCluster.Spec, eListener) + if err != nil { + return err + } + for name, ingressConfig := range ingressConfigs { + if !util.IsIngressConfigInUse(name, defaultControllerName, r.KafkaCluster, log) { + continue + } + // TODO cleanup when RemoveUnusedIngressResources + clusterService := r.clusterService(log, eListener, ingressConfig, name, defaultControllerName) + err = k8sutil.Reconcile(log, r.Client, clusterService, r.KafkaCluster) + if err != nil { + return err + } + } + + // create per broker services ClusterIP + for _, broker := range r.KafkaCluster.Spec.Brokers { + service := r.brokerService(log, broker.Id, eListener) + if eListener.GetAccessMethod() == corev1.ServiceTypeClusterIP { + err = k8sutil.Reconcile(log, r.Client, service, r.KafkaCluster) + if err != nil { + return err + } + } else if r.KafkaCluster.Spec.RemoveUnusedIngressResources { + // Cleaning up unused nodeport services + removeService := service.(client.Object) + if err := r.Delete(context.Background(), removeService); client.IgnoreNotFound(err) != nil { + return errors.Wrap(err, "error when removing unused nodeport services") + } + log.V(1).Info(fmt.Sprintf("Deleted nodePort service '%s' for external listener '%s'", removeService.GetName(), eListener.Name)) + } + } + } + + // create IngressRoutes for each ingressConfig + externalListenerStatues := r.KafkaCluster.Status.ListenerStatuses.ExternalListeners + for name, statusList := range externalListenerStatues { + + for _, status := range statusList { + // create HTTPProxy for each external listener + ingressRoute := r.ingressRoute(log, status, name, 10) + err := k8sutil.Reconcile(log, r.Client, ingressRoute, r.KafkaCluster) + if err != nil { + return err + } + } + } + + } + + log.V(1).Info("Reconciled") + + return nil +} diff --git a/pkg/resources/clusteripexternalaccess/service.go b/pkg/resources/clusteripexternalaccess/service.go new file mode 100644 index 000000000..3871f52e4 --- /dev/null +++ b/pkg/resources/clusteripexternalaccess/service.go @@ -0,0 +1,116 @@ +// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package clusteripexternalaccess + +import ( + "fmt" + "strconv" + "strings" + + "github.com/go-logr/logr" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/intstr" + + apiutil "github.com/banzaicloud/koperator/api/util" + "github.com/banzaicloud/koperator/api/v1beta1" + "github.com/banzaicloud/koperator/pkg/resources/templates" + "github.com/banzaicloud/koperator/pkg/util" + contourutils "github.com/banzaicloud/koperator/pkg/util/contour" + "github.com/banzaicloud/koperator/pkg/util/kafka" + contour "github.com/projectcontour/contour/apis/projectcontour/v1" +) + +// TODO handle deletion gracefully from status +func (r *Reconciler) brokerService(_ logr.Logger, id int32, + extListener v1beta1.ExternalListenerConfig) runtime.Object { + + service := &corev1.Service{ + ObjectMeta: templates.ObjectMetaWithAnnotations( + fmt.Sprintf(kafka.NodePortServiceTemplate, r.KafkaCluster.GetName(), id, extListener.Name), + apiutil.MergeLabels(apiutil.LabelsForKafka(r.KafkaCluster.Name), map[string]string{v1beta1.BrokerIdLabelKey: fmt.Sprintf("%d", id)}), + extListener.GetServiceAnnotations(), r.KafkaCluster), + Spec: corev1.ServiceSpec{ + Selector: apiutil.MergeLabels(apiutil.LabelsForKafka(r.KafkaCluster.Name), + map[string]string{v1beta1.BrokerIdLabelKey: fmt.Sprintf("%d", id)}), + Type: corev1.ServiceTypeClusterIP, + Ports: []corev1.ServicePort{{ + Name: fmt.Sprintf("broker-%d", id), + Port: extListener.ContainerPort, + TargetPort: intstr.FromInt(int(extListener.ContainerPort)), + Protocol: corev1.ProtocolTCP, + }, + }, + ExternalTrafficPolicy: extListener.ExternalTrafficPolicy, + }, + } + + return service +} + +func (r *Reconciler) clusterService(log logr.Logger, extListener v1beta1.ExternalListenerConfig, + ingressConfig v1beta1.IngressConfig, ingressConfigName, defaultIngressConfigName string) runtime.Object { + + var serviceName string = util.GenerateEnvoyResourceName(contourutils.ContourServiceName, contourutils.ContourServiceNameWithScope, + extListener, ingressConfig, ingressConfigName, r.KafkaCluster.GetName()) + + service := &corev1.Service{ + ObjectMeta: templates.ObjectMetaWithAnnotations( + serviceName, + apiutil.LabelsForKafka(r.KafkaCluster.Name), + extListener.GetServiceAnnotations(), r.KafkaCluster), + Spec: corev1.ServiceSpec{ + Selector: apiutil.MergeLabels(apiutil.LabelsForKafka(r.KafkaCluster.Name)), + Type: corev1.ServiceTypeClusterIP, + Ports: []corev1.ServicePort{{ + Name: "tcp-all-broker", + Port: *extListener.AnyCastPort, + TargetPort: intstr.FromInt(int(*extListener.AnyCastPort)), + Protocol: corev1.ProtocolTCP, + }, + }, + ExternalTrafficPolicy: extListener.ExternalTrafficPolicy, + }, + } + + return service +} + +// generate ingressroute resource based on status and listener name +func (r *Reconciler) ingressRoute(log logr.Logger, status v1beta1.ListenerStatus, listenerName string, id int32) runtime.Object { + + address := status.Address + fqdn := strings.Split(address, ":")[0] + port := strings.Split(address, ":")[1] + + portInt, _ := strconv.Atoi(port) + ingressRoute := &contour.HTTPProxy{ + ObjectMeta: templates.ObjectMeta(fqdn, + apiutil.LabelsForKafka(r.KafkaCluster.Name), r.KafkaCluster), + Spec: contour.HTTPProxySpec{ + VirtualHost: &contour.VirtualHost{ + Fqdn: fqdn, + }, + TCPProxy: &contour.TCPProxy{ + Services: []contour.Service{{ + Name: fmt.Sprintf(kafka.NodePortServiceTemplate, r.KafkaCluster.GetName(), id, listenerName), + Port: portInt, + }}, + }, + }, + } + + return ingressRoute +} diff --git a/pkg/resources/kafka/kafka.go b/pkg/resources/kafka/kafka.go index cfabeefca..cd9b34423 100644 --- a/pkg/resources/kafka/kafka.go +++ b/pkg/resources/kafka/kafka.go @@ -53,6 +53,7 @@ import ( "github.com/banzaicloud/koperator/pkg/scale" "github.com/banzaicloud/koperator/pkg/util" certutil "github.com/banzaicloud/koperator/pkg/util/cert" + contourutils "github.com/banzaicloud/koperator/pkg/util/contour" envoyutils "github.com/banzaicloud/koperator/pkg/util/envoy" istioingressutils "github.com/banzaicloud/koperator/pkg/util/istioingress" "github.com/banzaicloud/koperator/pkg/util/kafka" @@ -1287,6 +1288,8 @@ func (r *Reconciler) getBrokerHost(log logr.Logger, defaultHost string, broker v } else { brokerHost = fmt.Sprintf("%s-%d-%s.%s%s", r.KafkaCluster.Name, broker.Id, eListener.Name, r.KafkaCluster.Namespace, brokerHost) } + } else if eListener.GetAccessMethod() == corev1.ServiceTypeClusterIP { + brokerHost = fmt.Sprintf("b-%d-%s-%s", broker.Id, r.KafkaCluster.Name, eListener.Name) } if eListener.TLSEnabled() { brokerHost = iConfig.EnvoyConfig.GetBrokerHostname(broker.Id) @@ -1332,7 +1335,6 @@ func (r *Reconciler) createExternalListenerStatuses(log logr.Logger) (map[string // optionally add all brokers service to the top of the list if eListener.GetAccessMethod() != corev1.ServiceTypeNodePort { - fmt.Println("-------------------------------") if foundLBService == nil { foundLBService, err = getServiceFromExternalListener(r.Client, r.KafkaCluster, eListener.Name, iConfigName) if err != nil { @@ -1511,6 +1513,12 @@ func getServiceFromExternalListener(client client.Client, cluster *v1beta1.Kafka } else { iControllerServiceName = fmt.Sprintf(envoyutils.EnvoyServiceNameWithScope, eListenerName, ingressConfigName, cluster.GetName()) } + case contourutils.IngressControllerName: + if ingressConfigName == util.IngressConfigGlobalName { + iControllerServiceName = fmt.Sprintf(contourutils.ContourServiceName, eListenerName, cluster.GetName()) + } else { + iControllerServiceName = fmt.Sprintf(contourutils.ContourServiceNameWithScope, eListenerName, ingressConfigName, cluster.GetName()) + } } err := client.Get(context.TODO(), types.NamespacedName{Name: iControllerServiceName, Namespace: cluster.GetNamespace()}, foundLBService) diff --git a/pkg/util/contour/common.go b/pkg/util/contour/common.go index 226c9eca6..67add039a 100644 --- a/pkg/util/contour/common.go +++ b/pkg/util/contour/common.go @@ -16,6 +16,10 @@ package contour const ( + // EnvoyServiceName name for loadbalancer service + ContourServiceName = "contour-loadbalancer-%s-%s" + // EnvoyServiceNameWithScope name for loadbalancer service + ContourServiceNameWithScope = "countour-loadbalancer-%s-%s-%s" // IngressControllerName name for contour ingress service IngressControllerName = "contour" ) From 03924da1e656bfc389411d6b6b9b8cf7a7b21c92 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Mon, 29 Apr 2024 10:38:20 +0300 Subject: [PATCH 03/19] Convert to heptio contour --- api/v1beta1/kafkacluster_types.go | 31 +++- api/v1beta1/zz_generated.deepcopy.go | 21 +++ controllers/kafkacluster_controller.go | 4 +- go.mod | 12 +- go.sum | 155 +++++++++++++++++- main.go | 2 +- .../clusteripexternalaccess/service.go | 9 +- pkg/resources/kafka/kafka.go | 2 - pkg/util/util.go | 31 +++- 9 files changed, 242 insertions(+), 25 deletions(-) diff --git a/api/v1beta1/kafkacluster_types.go b/api/v1beta1/kafkacluster_types.go index 1d9a1f4d2..dc39670e0 100644 --- a/api/v1beta1/kafkacluster_types.go +++ b/api/v1beta1/kafkacluster_types.go @@ -167,13 +167,14 @@ type KafkaClusterSpec struct { // when false, they will be kept so the Kafka cluster remains available for those Kafka clients which are still using the previous ingress setting. // +kubebuilder:default=false // +optional - RemoveUnusedIngressResources bool `json:"removeUnusedIngressResources,omitempty"` - PropagateLabels bool `json:"propagateLabels,omitempty"` - CruiseControlConfig CruiseControlConfig `json:"cruiseControlConfig"` - EnvoyConfig EnvoyConfig `json:"envoyConfig,omitempty"` - MonitoringConfig MonitoringConfig `json:"monitoringConfig,omitempty"` - AlertManagerConfig *AlertManagerConfig `json:"alertManagerConfig,omitempty"` - IstioIngressConfig IstioIngressConfig `json:"istioIngressConfig,omitempty"` + RemoveUnusedIngressResources bool `json:"removeUnusedIngressResources,omitempty"` + PropagateLabels bool `json:"propagateLabels,omitempty"` + CruiseControlConfig CruiseControlConfig `json:"cruiseControlConfig"` + EnvoyConfig EnvoyConfig `json:"envoyConfig,omitempty"` + ContourIngressConfig ContourIngressConfig `json:"contourIngressConfig,omitempty"` + MonitoringConfig MonitoringConfig `json:"monitoringConfig,omitempty"` + AlertManagerConfig *AlertManagerConfig `json:"alertManagerConfig,omitempty"` + IstioIngressConfig IstioIngressConfig `json:"istioIngressConfig,omitempty"` // Envs defines environment variables for Kafka broker Pods. // Adding the "+" prefix to the name prepends the value to that environment variable instead of overwriting it. // Add the "+" suffix to append. @@ -696,8 +697,20 @@ type Config struct { type IngressConfig struct { IngressServiceSettings `json:",inline"` - IstioIngressConfig *IstioIngressConfig `json:"istioIngressConfig,omitempty"` - EnvoyConfig *EnvoyConfig `json:"envoyConfig,omitempty"` + IstioIngressConfig *IstioIngressConfig `json:"istioIngressConfig,omitempty"` + EnvoyConfig *EnvoyConfig `json:"envoyConfig,omitempty"` + ContourIngressConfig *ContourIngressConfig `json:"contourIngressConfig,omitempty"` +} + +type ContourIngressConfig struct { + // TLS secret used for Contour IngressRoute resource + TLSSecretName string `json:"tlsSecretName"` + // ContourIngressClass is the IngressClass that Contour should use to route traffic to the Kafka cluster. + ContourIngressClass string `json:"contourIngressClass"` + // Broker hostname template for Contour IngressRoute resource to generate broker hostnames. + BrokerFQDNTemplate string `json:"brokerFQDNTemplate"` + // AnyCastFQDNTemplate is the template used to generate the anycast FQDN for the Kafka cluster. + AnyCastFQDNTemplate string `json:"anyCastFQDNTemplate"` } // InternalListenerConfig defines the internal listener config for Kafka diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 1910dab51..3a9c90f2c 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -258,6 +258,21 @@ func (in *Config) DeepCopy() *Config { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContourIngressConfig) DeepCopyInto(out *ContourIngressConfig) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContourIngressConfig. +func (in *ContourIngressConfig) DeepCopy() *ContourIngressConfig { + if in == nil { + return nil + } + out := new(ContourIngressConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CruiseControlConfig) DeepCopyInto(out *CruiseControlConfig) { *out = *in @@ -612,6 +627,11 @@ func (in *IngressConfig) DeepCopyInto(out *IngressConfig) { *out = new(EnvoyConfig) (*in).DeepCopyInto(*out) } + if in.ContourIngressConfig != nil { + in, out := &in.ContourIngressConfig, &out.ContourIngressConfig + *out = new(ContourIngressConfig) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressConfig. @@ -856,6 +876,7 @@ func (in *KafkaClusterSpec) DeepCopyInto(out *KafkaClusterSpec) { } in.CruiseControlConfig.DeepCopyInto(&out.CruiseControlConfig) in.EnvoyConfig.DeepCopyInto(&out.EnvoyConfig) + out.ContourIngressConfig = in.ContourIngressConfig out.MonitoringConfig = in.MonitoringConfig if in.AlertManagerConfig != nil { in, out := &in.AlertManagerConfig, &out.AlertManagerConfig diff --git a/controllers/kafkacluster_controller.go b/controllers/kafkacluster_controller.go index fee0980db..37aa4322c 100644 --- a/controllers/kafkacluster_controller.go +++ b/controllers/kafkacluster_controller.go @@ -22,7 +22,7 @@ import ( "emperror.dev/errors" "github.com/go-logr/logr" - contour "github.com/projectcontour/contour/apis/projectcontour/v1" + contour "github.com/heptio/contour/apis/contour/v1beta1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" policyv1 "k8s.io/api/policy/v1" @@ -422,7 +422,7 @@ func envoyWatches(builder *ctrl.Builder) *ctrl.Builder { func contourWatches(builder *ctrl.Builder) *ctrl.Builder { return builder. Owns(&corev1.Service{}). - Owns(&contour.HTTPProxy{}) + Owns(&contour.IngressRoute{}) } func cruiseControlWatches(builder *ctrl.Builder) *ctrl.Builder { diff --git a/go.mod b/go.mod index 56e54eaaa..43ac5313b 100644 --- a/go.mod +++ b/go.mod @@ -18,10 +18,10 @@ require ( github.com/envoyproxy/go-control-plane v0.11.1 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 github.com/go-logr/logr v1.3.0 + github.com/heptio/contour v0.15.3 github.com/onsi/ginkgo/v2 v2.13.1 github.com/onsi/gomega v1.30.0 github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 - github.com/projectcontour/contour v1.26.0 github.com/prometheus/common v0.45.0 github.com/stretchr/testify v1.8.4 go.uber.org/mock v0.3.0 @@ -38,15 +38,25 @@ require ( ) require ( + github.com/BurntSushi/toml v1.0.0 // indirect + github.com/client9/misspell v0.3.4 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect + github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc // indirect github.com/imdario/mergo v0.3.12 // indirect + github.com/kisielk/errcheck v1.5.0 // indirect github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect + github.com/mdempsky/unconvert v0.0.0-20190325185700-2f5dc3378ed3 // indirect github.com/stretchr/objx v0.5.0 // indirect + golang.org/x/mod v0.14.0 // indirect golang.org/x/tools v0.15.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 // indirect + honnef.co/go/tools v0.0.1-2019.2.3 // indirect + k8s.io/code-generator v0.28.4 // indirect + k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect + mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f // indirect ) require ( diff --git a/go.sum b/go.sum index c309c4806..d8906eee6 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,15 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.37.4/go.mod h1:NHPJ89PdicEuT9hdPXMROBD91xc5uRDxsMtSB16k7hw= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= emperror.dev/errors v0.8.0/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= +github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= +github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/IBM/sarama v1.42.1 h1:wugyWa15TDEHh2kvq2gAy1IHLjEjuYOYgXz/ruC/OSQ= github.com/IBM/sarama v1.42.1/go.mod h1:Xxho9HkHd4K/MDUo/T/sOqwtX/17D33++E9Wib6hUdQ= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -17,8 +22,13 @@ github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBa github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= +github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/adobe/go-cruise-control v0.6.1-adbe h1:dTarO7nW+JrFdIIKHVvayoosUdszhTj63upa44Ytj2A= github.com/adobe/go-cruise-control v0.6.1-adbe/go.mod h1:S2hrm4FrQTvwg/MNzm2P1W1U2TuSw9YI/AQ9kDQiScY= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/banzaicloud/istio-client-go v0.0.17 h1:wiplbM7FDiIHopujInAnin3zuovtVcphtKy9En39q5I= github.com/banzaicloud/istio-client-go v0.0.17/go.mod h1:rpnEYYGHzisx8nARl2d30Oq38EeCX0/PPaxMaREfE9I= github.com/banzaicloud/istio-operator/api/v2 v2.17.2 h1:dvzPxXWALiCjaxseE/oK4yWfGAlmM/BQtJT4uaEbBWg= @@ -28,6 +38,7 @@ github.com/banzaicloud/k8s-objectmatcher v1.8.0/go.mod h1:p2LSNAjlECf07fbhDyebTk github.com/banzaicloud/operator-tools v0.28.10 h1:mm+LvL31GV9BL//zs/CTKVcFdHHyZ+KIbuNoXrOo3gA= github.com/banzaicloud/operator-tools v0.28.10/go.mod h1:PhwQ6bn1blX+SuH5ALj3Fwvvmsi1KdAwke8NufILY8I= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A= @@ -44,6 +55,7 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cisco-open/cluster-registry-controller/api v0.2.12 h1:dxKVG3T75RAU8f0kmeLRh82Ao4koTFIPZEodUTBhg14= github.com/cisco-open/cluster-registry-controller/api v0.2.12/go.mod h1:zRJ4y4xZlEq1AkOm8pd6qpH7WQ9yinLaE3SA30TWh74= +github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= @@ -54,25 +66,34 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= +github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-resiliency v1.4.0 h1:3OK9bWpPk5q6pbFAaYSEwD9CLUSHG8bnZuqX2yMt3B0= github.com/eapache/go-resiliency v1.4.0/go.mod h1:5yPzW0MIvSe0JDsv0v+DvcjEv2FyD6iZYSs1ZI+iQho= +github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 h1:Oy0F4ALJ04o5Qqpdz8XLIpNA3WM/iSIXqxtqo7UGVws= github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3/go.mod h1:YvSRo5mw33fLEx1+DlK6L2VV43tJt5Eyel9n9XBcR+0= github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= +github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/envoyproxy/go-control-plane v0.8.2/go.mod h1:EWRTAFN6uuDZIa6KOuUfrOMJ7ySgXZ44rVKiTWjKe34= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM= github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= +github.com/envoyproxy/protoc-gen-validate v0.0.0-20190405222122-d6164de49109/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/envoyproxy/protoc-gen-validate v0.0.14/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= +github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.1.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -91,6 +112,8 @@ github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbS github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3A65HN+7CMjSDP/gofXL4CZt1V4= github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -109,37 +132,60 @@ github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dp github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M= github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= +github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/btree v0.0.0-20160524151835-7d79101e329e/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= +github.com/gophercloud/gophercloud v0.0.0-20190126172459-c818fa66e4c8/go.mod h1:3WdhXV3rUYy9p6AUW8d94kr+HS62Y4VL9mBnFxsD8q4= +github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc h1:cJlkeAx1QYgO5N80aF5xRGstVsRQwgLR7uA2FnP1ZjY= +github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= +github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= +github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -148,7 +194,10 @@ github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/heptio/contour v0.15.3 h1:M0ztO+SWEE5Ah/f/PcIiM1b2Z+vWj6TNZKpblF3TNUY= +github.com/heptio/contour v0.15.3/go.mod h1:PGqkM8XCX1hOtZalNeTqxuHQLl6+q2gWXiQ+g1B0Vno= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= @@ -156,7 +205,10 @@ github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/iancoleman/orderedmap v0.2.0 h1:sq1N/TFpYH++aViPcaKjys3bDClUEU7s5B+z6jq8pNA= github.com/iancoleman/orderedmap v0.2.0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= +github.com/iancoleman/strcase v0.0.0-20190422225806-e506e3ef7365/go.mod h1:SK73tn/9oHe+/Y0h39VT4UCxmurVJkR5NA7kMEAOgSE= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= @@ -175,14 +227,22 @@ github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJk github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= +github.com/kisielk/errcheck v1.5.0 h1:e8esj/e4R+SAOwFwN+n3zr0nYeCyeweozKfO23MvHzY= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -194,6 +254,7 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/luciferinlove/protobuf v1.5.2-bzc h1:gqDhIaLi4fSgPX8fhirNqShQCz5K8PREqgzERy2hKOg= github.com/luciferinlove/protobuf v1.5.2-bzc/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/lyft/protoc-gen-star v0.4.10/go.mod h1:mE8fbna26u7aEA2QCVvvfBU/ZrPgocG1206xAFPcs94= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= @@ -202,8 +263,11 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= +github.com/mdempsky/unconvert v0.0.0-20190325185700-2f5dc3378ed3 h1:ONMmGu9qiY0FW95o5V7LBwZaMg58Sb9pUYtTD4/rgks= +github.com/mdempsky/unconvert v0.0.0-20190325185700-2f5dc3378ed3/go.mod h1:9+3Wp2ccIz73BJqVfc7n2+1A+mzvnEwtDTqEjeRngBQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= @@ -220,53 +284,75 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU= github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0/go.mod h1:lAVhWwbNaveeJmxrxuSTxMgKpF6DjnuVpn6T8WiBwYQ= +github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ= github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/projectcontour/contour v1.26.0 h1:uCgDqkxeTUrHI3AhcP/LMGpmoAr4hR9jT9zYlfXn3pY= -github.com/projectcontour/contour v1.26.0/go.mod h1:w5eSvTFrA9wBHgsuz0s+/QqOsnObnk3KzTylC/R1uHw= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM= github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190403104016-ea9eea638872/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI= github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= +github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -296,6 +382,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= @@ -308,7 +395,10 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -321,8 +411,10 @@ golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -332,9 +424,14 @@ golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -352,10 +449,14 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -364,9 +465,16 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190508220229-2d0786266e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -392,6 +500,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -399,15 +509,25 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190325161752-5a8dccf5b48a/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190719005602-e377ae9d6386/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= +golang.org/x/tools v0.0.0-20191002234911-9ade4c73f2af/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= @@ -420,11 +540,16 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g= @@ -433,7 +558,9 @@ google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 h1: google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5/go.mod h1:5DZzOUPCLYL3mNkQ0ms0F3EuUNZ7py1Bqeq6sxzI7/Q= google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 h1:o4LtQxebKIJ4vkzyhtD2rfUNZ20Zf0ik5YVP5E7G7VE= google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -442,13 +569,16 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= @@ -464,33 +594,54 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= +honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= istio.io/api v1.19.0-alpha.1 h1:piKxgZ1Y9abNin/zw9cp6AFKhhC3Z2UmJRTN0Tm5FEY= istio.io/api v1.19.0-alpha.1/go.mod h1:dDMe1TsOtrRoUlBzdxqNolWXpXPQjLfbcXvqPMtQ6eo= +istio.io/gogo-genproto v0.0.0-20190614210408-e88dc8b0e4db/go.mod h1:eIDJ6jNk/IeJz6ODSksHl5Aiczy5JUq6vFhJWI5OtiI= +k8s.io/api v0.0.0-20190620084959-7cf5895f2711/go.mod h1:TBhBqb1AWbBQbW3XRusr7n7E4v2+5ZY8r8sAMnyFC5A= k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY= k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0= k8s.io/apiextensions-apiserver v0.28.4 h1:AZpKY/7wQ8n+ZYDtNHbAJBb+N4AXXJvyZx6ww6yAJvU= k8s.io/apiextensions-apiserver v0.28.4/go.mod h1:pgQIZ1U8eJSMQcENew/0ShUTlePcSGFq6dxSxf2mwPM= +k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719/go.mod h1:I4A+glKBHiTgiEjQiCCQfCAIcIMFGt291SmsvcrFzJA= k8s.io/apimachinery v0.0.0-20190704094733-8f6ac2502e51/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0= k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8= k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg= +k8s.io/client-go v0.0.0-20190620085101-78d2af792bab/go.mod h1:E95RaSlHr79aHaX0aGSwcPNfygDiPKOVXdmivCIZT0k= k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY= k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4= +k8s.io/code-generator v0.0.0-20190311093542-50b561225d70/go.mod h1:MYiN+ZJZ9HkETbgVZdWw2AsuAi9PZ4V80cwfuf2axe8= +k8s.io/code-generator v0.28.4 h1:tcOSNIZQvuAvXhOwpbuJkKbAABJQeyCcQBCN/3uI18c= +k8s.io/code-generator v0.28.4/go.mod h1:OQAfl6bZikQ/tK6faJ18Vyzo54rUII2NmjurHyiN1g4= k8s.io/component-base v0.28.4 h1:c/iQLWPdUgI90O+T9TeECg8o7N3YJTiuz2sKxILYcYo= k8s.io/component-base v0.28.4/go.mod h1:m9hR0uvqXDybiGL2nf/3Lf0MerAfQXzkfWhUY58JUbU= +k8s.io/gengo v0.0.0-20190116091435-f8a0810f38af/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= +k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f h1:eeEUOoGYWhOz7EyXqhlR2zHKNw2mNJ9vzJmub6YN6kk= k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3oVhZz7sSzSiPnVZayjIX0= +k8s.io/utils v0.0.0-20190607212802-c55fbcfc754a/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f h1:Cq7MalBHYACRd6EesksG1Q8EoIAKOsiZviGKbOLIej4= +mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/gateway-api v0.8.0 h1:isQQ3Jx2qFP7vaA3ls0846F0Amp9Eq14P08xbSwVbQg= diff --git a/main.go b/main.go index 1b866022a..7b378b041 100644 --- a/main.go +++ b/main.go @@ -59,7 +59,7 @@ import ( "github.com/banzaicloud/koperator/pkg/scale" "github.com/banzaicloud/koperator/pkg/util" "github.com/banzaicloud/koperator/pkg/webhooks" - contour "github.com/projectcontour/contour/apis/projectcontour/v1" + contour "github.com/heptio/contour/apis/contour/v1beta1" // +kubebuilder:scaffold:imports ) diff --git a/pkg/resources/clusteripexternalaccess/service.go b/pkg/resources/clusteripexternalaccess/service.go index 3871f52e4..7725d562f 100644 --- a/pkg/resources/clusteripexternalaccess/service.go +++ b/pkg/resources/clusteripexternalaccess/service.go @@ -30,7 +30,7 @@ import ( "github.com/banzaicloud/koperator/pkg/util" contourutils "github.com/banzaicloud/koperator/pkg/util/contour" "github.com/banzaicloud/koperator/pkg/util/kafka" - contour "github.com/projectcontour/contour/apis/projectcontour/v1" + contour "github.com/heptio/contour/apis/contour/v1beta1" ) // TODO handle deletion gracefully from status @@ -96,12 +96,15 @@ func (r *Reconciler) ingressRoute(log logr.Logger, status v1beta1.ListenerStatus port := strings.Split(address, ":")[1] portInt, _ := strconv.Atoi(port) - ingressRoute := &contour.HTTPProxy{ + ingressRoute := &contour.IngressRoute{ ObjectMeta: templates.ObjectMeta(fqdn, apiutil.LabelsForKafka(r.KafkaCluster.Name), r.KafkaCluster), - Spec: contour.HTTPProxySpec{ + Spec: contour.IngressRouteSpec{ VirtualHost: &contour.VirtualHost{ Fqdn: fqdn, + TLS: &contour.TLS{ + SecretName: "heptio-contour/cluster-ssl-corp", + }, }, TCPProxy: &contour.TCPProxy{ Services: []contour.Service{{ diff --git a/pkg/resources/kafka/kafka.go b/pkg/resources/kafka/kafka.go index cd9b34423..a8339c422 100644 --- a/pkg/resources/kafka/kafka.go +++ b/pkg/resources/kafka/kafka.go @@ -1288,8 +1288,6 @@ func (r *Reconciler) getBrokerHost(log logr.Logger, defaultHost string, broker v } else { brokerHost = fmt.Sprintf("%s-%d-%s.%s%s", r.KafkaCluster.Name, broker.Id, eListener.Name, r.KafkaCluster.Namespace, brokerHost) } - } else if eListener.GetAccessMethod() == corev1.ServiceTypeClusterIP { - brokerHost = fmt.Sprintf("b-%d-%s-%s", broker.Id, r.KafkaCluster.Name, eListener.Name) } if eListener.TLSEnabled() { brokerHost = iConfig.EnvoyConfig.GetBrokerHostname(broker.Id) diff --git a/pkg/util/util.go b/pkg/util/util.go index d23281436..e2ee62501 100644 --- a/pkg/util/util.go +++ b/pkg/util/util.go @@ -324,11 +324,32 @@ func GetIngressConfigs(kafkaClusterSpec v1beta1.KafkaClusterSpec, } } case contour.IngressControllerName: - ingressConfigs = map[string]v1beta1.IngressConfig{ - IngressConfigGlobalName: { - IngressServiceSettings: eListenerConfig.IngressServiceSettings, - EnvoyConfig: &kafkaClusterSpec.EnvoyConfig, - }, + if eListenerConfig.Config != nil { + defaultIngressConfigName = eListenerConfig.Config.DefaultIngressConfig + ingressConfigs = make(map[string]v1beta1.IngressConfig, len(eListenerConfig.Config.IngressConfig)) + for k, iConf := range eListenerConfig.Config.IngressConfig { + if iConf.ContourIngressConfig != nil { + err := mergo.Merge(iConf.ContourIngressConfig, kafkaClusterSpec.ContourIngressConfig) + if err != nil { + return nil, "", errors.WrapWithDetails(err, + "could not merge global envoy config with local one", "envoyConfig", k) + } + err = mergo.Merge(&iConf.IngressServiceSettings, eListenerConfig.IngressServiceSettings) + if err != nil { + return nil, "", errors.WrapWithDetails(err, + "could not merge global loadbalancer config with local one", + "externalListenerName", eListenerConfig.Name) + } + ingressConfigs[k] = iConf + } + } + } else { + ingressConfigs = map[string]v1beta1.IngressConfig{ + IngressConfigGlobalName: { + IngressServiceSettings: eListenerConfig.IngressServiceSettings, + ContourIngressConfig: &kafkaClusterSpec.ContourIngressConfig, + }, + } } default: return nil, "", errors.NewWithDetails("not supported ingress type", "name", kafkaClusterSpec.GetIngressController()) From e348856f5addcaaa4a1dbd7903301bcaa2864d77 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Tue, 30 Apr 2024 14:47:45 +0300 Subject: [PATCH 04/19] Created valid ingressroutes --- api/v1beta1/kafkacluster_types.go | 8 +++ charts/kafka-operator/crds/kafkaclusters.yaml | 51 ++++++++++++++- .../kafka.banzaicloud.io_kafkaclusters.yaml | 51 ++++++++++++++- controllers/kafkacluster_controller.go | 7 ++- .../clusterIpExternalAccess.go | 62 ++++++++++--------- .../clusteripexternalaccess/service.go | 29 ++++----- pkg/resources/kafka/kafka.go | 24 +++++-- 7 files changed, 178 insertions(+), 54 deletions(-) diff --git a/api/v1beta1/kafkacluster_types.go b/api/v1beta1/kafkacluster_types.go index dc39670e0..f80ba406e 100644 --- a/api/v1beta1/kafkacluster_types.go +++ b/api/v1beta1/kafkacluster_types.go @@ -594,6 +594,14 @@ func (c IngressServiceSettings) GetServiceType() corev1.ServiceType { return c.ServiceType } +func (c ContourIngressConfig) GetBrokerFqdn(brokerId int32) string { + return strings.Replace(c.BrokerFQDNTemplate, "%id", strconv.Itoa(int(brokerId)), 1) +} + +func (c ContourIngressConfig) GetAnycastFqdn() string { + return c.AnyCastFQDNTemplate +} + // Replace %id in brokerHostnameTemplate with actual broker id func (c EnvoyConfig) GetBrokerHostname(brokerId int32) string { return strings.Replace(c.BrokerHostnameTemplate, "%id", strconv.Itoa(int(brokerId)), 1) diff --git a/charts/kafka-operator/crds/kafkaclusters.yaml b/charts/kafka-operator/crds/kafkaclusters.yaml index 7513661b3..bc17d372e 100644 --- a/charts/kafka-operator/crds/kafkaclusters.yaml +++ b/charts/kafka-operator/crds/kafkaclusters.yaml @@ -12899,6 +12899,29 @@ spec: type: string clusterWideConfig: type: string + contourIngressConfig: + properties: + anyCastFQDNTemplate: + description: AnyCastFQDNTemplate is the template used to generate + the anycast FQDN for the Kafka cluster. + type: string + brokerFQDNTemplate: + description: Broker hostname template for Contour IngressRoute + resource to generate broker hostnames. + type: string + contourIngressClass: + description: ContourIngressClass is the IngressClass that Contour + should use to route traffic to the Kafka cluster. + type: string + tlsSecretName: + description: TLS secret used for Contour IngressRoute resource + type: string + required: + - anyCastFQDNTemplate + - brokerFQDNTemplate + - contourIngressClass + - tlsSecretName + type: object cruiseControlConfig: description: CruiseControlConfig defines the config for Cruise Control properties: @@ -19173,7 +19196,6 @@ spec: - LoadBalancer - NodePort - ClusterIP - - ExternalName type: string anyCastPort: description: configuring AnyCastPort allows kafka cluster @@ -19193,6 +19215,33 @@ spec: ingressConfig: additionalProperties: properties: + contourIngressConfig: + properties: + anyCastFQDNTemplate: + description: AnyCastFQDNTemplate is the template + used to generate the anycast FQDN for the + Kafka cluster. + type: string + brokerFQDNTemplate: + description: Broker hostname template for + Contour IngressRoute resource to generate + broker hostnames. + type: string + contourIngressClass: + description: ContourIngressClass is the IngressClass + that Contour should use to route traffic + to the Kafka cluster. + type: string + tlsSecretName: + description: TLS secret used for Contour IngressRoute + resource + type: string + required: + - anyCastFQDNTemplate + - brokerFQDNTemplate + - contourIngressClass + - tlsSecretName + type: object envoyConfig: description: EnvoyConfig defines the config for Envoy diff --git a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml index 7513661b3..bc17d372e 100644 --- a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml +++ b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml @@ -12899,6 +12899,29 @@ spec: type: string clusterWideConfig: type: string + contourIngressConfig: + properties: + anyCastFQDNTemplate: + description: AnyCastFQDNTemplate is the template used to generate + the anycast FQDN for the Kafka cluster. + type: string + brokerFQDNTemplate: + description: Broker hostname template for Contour IngressRoute + resource to generate broker hostnames. + type: string + contourIngressClass: + description: ContourIngressClass is the IngressClass that Contour + should use to route traffic to the Kafka cluster. + type: string + tlsSecretName: + description: TLS secret used for Contour IngressRoute resource + type: string + required: + - anyCastFQDNTemplate + - brokerFQDNTemplate + - contourIngressClass + - tlsSecretName + type: object cruiseControlConfig: description: CruiseControlConfig defines the config for Cruise Control properties: @@ -19173,7 +19196,6 @@ spec: - LoadBalancer - NodePort - ClusterIP - - ExternalName type: string anyCastPort: description: configuring AnyCastPort allows kafka cluster @@ -19193,6 +19215,33 @@ spec: ingressConfig: additionalProperties: properties: + contourIngressConfig: + properties: + anyCastFQDNTemplate: + description: AnyCastFQDNTemplate is the template + used to generate the anycast FQDN for the + Kafka cluster. + type: string + brokerFQDNTemplate: + description: Broker hostname template for + Contour IngressRoute resource to generate + broker hostnames. + type: string + contourIngressClass: + description: ContourIngressClass is the IngressClass + that Contour should use to route traffic + to the Kafka cluster. + type: string + tlsSecretName: + description: TLS secret used for Contour IngressRoute + resource + type: string + required: + - anyCastFQDNTemplate + - brokerFQDNTemplate + - contourIngressClass + - tlsSecretName + type: object envoyConfig: description: EnvoyConfig defines the config for Envoy diff --git a/controllers/kafkacluster_controller.go b/controllers/kafkacluster_controller.go index 37aa4322c..b6a30db04 100644 --- a/controllers/kafkacluster_controller.go +++ b/controllers/kafkacluster_controller.go @@ -22,7 +22,6 @@ import ( "emperror.dev/errors" "github.com/go-logr/logr" - contour "github.com/heptio/contour/apis/contour/v1beta1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" policyv1 "k8s.io/api/policy/v1" @@ -51,6 +50,8 @@ import ( "github.com/banzaicloud/koperator/pkg/resources/kafkamonitoring" "github.com/banzaicloud/koperator/pkg/resources/nodeportexternalaccess" "github.com/banzaicloud/koperator/pkg/util" + // TODO uncomment this + // contour "github.com/heptio/contour/apis/contour/v1beta1" ) var clusterFinalizer = "finalizer.kafkaclusters.kafka.banzaicloud.io" @@ -421,8 +422,8 @@ func envoyWatches(builder *ctrl.Builder) *ctrl.Builder { func contourWatches(builder *ctrl.Builder) *ctrl.Builder { return builder. - Owns(&corev1.Service{}). - Owns(&contour.IngressRoute{}) + Owns(&corev1.Service{}) + // Owns(&contour.IngressRoute{}) } func cruiseControlWatches(builder *ctrl.Builder) *ctrl.Builder { diff --git a/pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go b/pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go index 87ea7324f..00f0af67c 100644 --- a/pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go +++ b/pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go @@ -71,41 +71,47 @@ func (r *Reconciler) Reconcile(log logr.Logger) error { if err != nil { return err } - } - // create per broker services ClusterIP - for _, broker := range r.KafkaCluster.Spec.Brokers { - service := r.brokerService(log, broker.Id, eListener) - if eListener.GetAccessMethod() == corev1.ServiceTypeClusterIP { - err = k8sutil.Reconcile(log, r.Client, service, r.KafkaCluster) - if err != nil { - return err - } - } else if r.KafkaCluster.Spec.RemoveUnusedIngressResources { - // Cleaning up unused nodeport services - removeService := service.(client.Object) - if err := r.Delete(context.Background(), removeService); client.IgnoreNotFound(err) != nil { - return errors.Wrap(err, "error when removing unused nodeport services") - } - log.V(1).Info(fmt.Sprintf("Deleted nodePort service '%s' for external listener '%s'", removeService.GetName(), eListener.Name)) + // create IngressRoutes for each ingressConfig + fqdn := ingressConfig.ContourIngressConfig.GetAnycastFqdn() + ingressRoute := r.ingressRoute(log, eListener, fqdn, ingressConfig, clusterService) + err = k8sutil.Reconcile(log, r.Client, ingressRoute, r.KafkaCluster) + if err != nil { + return err } - } - } + // create per broker services ClusterIP + for _, broker := range r.KafkaCluster.Spec.Brokers { + service := r.brokerService(log, broker.Id, eListener) - // create IngressRoutes for each ingressConfig - externalListenerStatues := r.KafkaCluster.Status.ListenerStatuses.ExternalListeners - for name, statusList := range externalListenerStatues { + fqdn := ingressConfig.ContourIngressConfig.GetBrokerFqdn(broker.Id) + ingressRoute := r.ingressRoute(log, eListener, fqdn, ingressConfig, service) - for _, status := range statusList { - // create HTTPProxy for each external listener - ingressRoute := r.ingressRoute(log, status, name, 10) - err := k8sutil.Reconcile(log, r.Client, ingressRoute, r.KafkaCluster) - if err != nil { - return err + if eListener.GetAccessMethod() == corev1.ServiceTypeClusterIP { + err = k8sutil.Reconcile(log, r.Client, service, r.KafkaCluster) + if err != nil { + return err + } + err = k8sutil.Reconcile(log, r.Client, ingressRoute, r.KafkaCluster) + if err != nil { + return err + } + } else if r.KafkaCluster.Spec.RemoveUnusedIngressResources { + // Cleaning up unused nodeport services + removeService := service.(client.Object) + if err := r.Delete(context.Background(), removeService); client.IgnoreNotFound(err) != nil { + return errors.Wrap(err, "error when removing unused nodeport services") + } + removeIngress := ingressRoute.(client.Object) + if err := r.Delete(context.Background(), removeIngress); client.IgnoreNotFound(err) != nil { + return errors.Wrap(err, "error when removing unused nodeport services") + } + log.V(1).Info(fmt.Sprintf("Deleted nodePort service '%s' for external listener '%s'", removeService.GetName(), eListener.Name)) + } } + } - } + } } log.V(1).Info("Reconciled") diff --git a/pkg/resources/clusteripexternalaccess/service.go b/pkg/resources/clusteripexternalaccess/service.go index 7725d562f..6d4dcbf90 100644 --- a/pkg/resources/clusteripexternalaccess/service.go +++ b/pkg/resources/clusteripexternalaccess/service.go @@ -16,8 +16,6 @@ package clusteripexternalaccess import ( "fmt" - "strconv" - "strings" "github.com/go-logr/logr" corev1 "k8s.io/api/core/v1" @@ -34,8 +32,7 @@ import ( ) // TODO handle deletion gracefully from status -func (r *Reconciler) brokerService(_ logr.Logger, id int32, - extListener v1beta1.ExternalListenerConfig) runtime.Object { +func (r *Reconciler) brokerService(_ logr.Logger, id int32, extListener v1beta1.ExternalListenerConfig) runtime.Object { service := &corev1.Service{ ObjectMeta: templates.ObjectMetaWithAnnotations( @@ -48,7 +45,7 @@ func (r *Reconciler) brokerService(_ logr.Logger, id int32, Type: corev1.ServiceTypeClusterIP, Ports: []corev1.ServicePort{{ Name: fmt.Sprintf("broker-%d", id), - Port: extListener.ContainerPort, + Port: *extListener.AnyCastPort, TargetPort: intstr.FromInt(int(extListener.ContainerPort)), Protocol: corev1.ProtocolTCP, }, @@ -77,7 +74,7 @@ func (r *Reconciler) clusterService(log logr.Logger, extListener v1beta1.Externa Ports: []corev1.ServicePort{{ Name: "tcp-all-broker", Port: *extListener.AnyCastPort, - TargetPort: intstr.FromInt(int(*extListener.AnyCastPort)), + TargetPort: intstr.FromInt(int(extListener.ContainerPort)), Protocol: corev1.ProtocolTCP, }, }, @@ -89,27 +86,25 @@ func (r *Reconciler) clusterService(log logr.Logger, extListener v1beta1.Externa } // generate ingressroute resource based on status and listener name -func (r *Reconciler) ingressRoute(log logr.Logger, status v1beta1.ListenerStatus, listenerName string, id int32) runtime.Object { - - address := status.Address - fqdn := strings.Split(address, ":")[0] - port := strings.Split(address, ":")[1] +func (r *Reconciler) ingressRoute(log logr.Logger, extListener v1beta1.ExternalListenerConfig, fqdn string, + ingressConfig v1beta1.IngressConfig, service runtime.Object) runtime.Object { - portInt, _ := strconv.Atoi(port) + svc := service.(*corev1.Service) ingressRoute := &contour.IngressRoute{ - ObjectMeta: templates.ObjectMeta(fqdn, - apiutil.LabelsForKafka(r.KafkaCluster.Name), r.KafkaCluster), + ObjectMeta: templates.ObjectMetaWithAnnotations(fqdn, + apiutil.LabelsForKafka(r.KafkaCluster.Name), extListener.GetServiceAnnotations(), r.KafkaCluster), Spec: contour.IngressRouteSpec{ VirtualHost: &contour.VirtualHost{ Fqdn: fqdn, TLS: &contour.TLS{ - SecretName: "heptio-contour/cluster-ssl-corp", + // TODO make secretName configurable + SecretName: ingressConfig.ContourIngressConfig.TLSSecretName, }, }, TCPProxy: &contour.TCPProxy{ Services: []contour.Service{{ - Name: fmt.Sprintf(kafka.NodePortServiceTemplate, r.KafkaCluster.GetName(), id, listenerName), - Port: portInt, + Name: svc.GetName(), + Port: int(svc.Spec.Ports[0].Port), }}, }, }, diff --git a/pkg/resources/kafka/kafka.go b/pkg/resources/kafka/kafka.go index a8339c422..d38b6b60e 100644 --- a/pkg/resources/kafka/kafka.go +++ b/pkg/resources/kafka/kafka.go @@ -1257,7 +1257,8 @@ func (r *Reconciler) getBrokerHost(log logr.Logger, defaultHost string, broker v brokerHost := defaultHost portNumber := eListener.GetBrokerPort(broker.Id) - if eListener.GetAccessMethod() != corev1.ServiceTypeLoadBalancer { + switch eListener.GetAccessMethod() { + case corev1.ServiceTypeNodePort: bConfig, err := broker.GetBrokerConfig(r.KafkaCluster.Spec) if err != nil { return "", err @@ -1288,12 +1289,20 @@ func (r *Reconciler) getBrokerHost(log logr.Logger, defaultHost string, broker v } else { brokerHost = fmt.Sprintf("%s-%d-%s.%s%s", r.KafkaCluster.Name, broker.Id, eListener.Name, r.KafkaCluster.Namespace, brokerHost) } - } - if eListener.TLSEnabled() { - brokerHost = iConfig.EnvoyConfig.GetBrokerHostname(broker.Id) + case corev1.ServiceTypeClusterIP: + brokerHost = iConfig.ContourIngressConfig.GetBrokerFqdn(broker.Id) if brokerHost == "" { return "", errors.New("brokerHostnameTemplate is not set in the ingress service settings") } + // TODO understand why this is not needed. Tests are failing when this is added + // portNumber = eListener.ContainerPort + case corev1.ServiceTypeLoadBalancer: + if eListener.TLSEnabled() { + brokerHost = iConfig.EnvoyConfig.GetBrokerHostname(broker.Id) + if brokerHost == "" { + return "", errors.New("brokerHostnameTemplate is not set in the ingress service settings") + } + } } return fmt.Sprintf("%s:%d", brokerHost, portNumber), nil } @@ -1314,6 +1323,8 @@ func (r *Reconciler) createExternalListenerStatuses(log logr.Logger) (map[string } listenerStatusList := make(v1beta1.ListenerStatusList, 0, len(r.KafkaCluster.Spec.Brokers)+1) for iConfigName, iConfig := range ingressConfigs { + + fmt.Println("---------------------1", iConfigName, iConfig.ContourIngressConfig) if !util.IsIngressConfigInUse(iConfigName, defaultControllerName, r.KafkaCluster, log) { continue } @@ -1355,6 +1366,11 @@ func (r *Reconciler) createExternalListenerStatuses(log logr.Logger) (map[string } else { anyBrokerStatusName = fmt.Sprintf("any-broker-%s", iConfigName) } + fmt.Println("----------------------------------1") + // TODO fix hack + if eListener.GetAccessMethod() == corev1.ServiceTypeClusterIP { + host = iConfig.ContourIngressConfig.GetAnycastFqdn() + } listenerStatus := v1beta1.ListenerStatus{ Name: anyBrokerStatusName, Address: fmt.Sprintf("%s:%d", host, allBrokerPort), From 7087f3a872ab4ceab61edeac9cbba2ec5ed67a44 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Mon, 13 May 2024 13:22:42 +0300 Subject: [PATCH 05/19] Refactoring. Making sure contour related resources are removed when not in use. --- api/v1beta1/kafkacluster_types.go | 2 +- charts/kafka-operator/crds/kafkaclusters.yaml | 2 - .../kafka.banzaicloud.io_kafkaclusters.yaml | 2 - controllers/kafkacluster_controller.go | 11 +- go.mod | 25 +- go.sum | 43 ++- main.go | 2 +- .../clusterIpExternalAccess.go | 120 --------- .../clusteripexternalaccess/service.go | 114 -------- pkg/resources/contouringress/contour.go | 251 ++++++++++++++++++ pkg/resources/kafka/kafka.go | 6 - 11 files changed, 283 insertions(+), 295 deletions(-) delete mode 100644 pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go delete mode 100644 pkg/resources/clusteripexternalaccess/service.go create mode 100644 pkg/resources/contouringress/contour.go diff --git a/api/v1beta1/kafkacluster_types.go b/api/v1beta1/kafkacluster_types.go index f80ba406e..9b47b42a9 100644 --- a/api/v1beta1/kafkacluster_types.go +++ b/api/v1beta1/kafkacluster_types.go @@ -718,7 +718,7 @@ type ContourIngressConfig struct { // Broker hostname template for Contour IngressRoute resource to generate broker hostnames. BrokerFQDNTemplate string `json:"brokerFQDNTemplate"` // AnyCastFQDNTemplate is the template used to generate the anycast FQDN for the Kafka cluster. - AnyCastFQDNTemplate string `json:"anyCastFQDNTemplate"` + AnyCastFQDNTemplate string `json:"anyCastFQDNTemplate,omitempty"` } // InternalListenerConfig defines the internal listener config for Kafka diff --git a/charts/kafka-operator/crds/kafkaclusters.yaml b/charts/kafka-operator/crds/kafkaclusters.yaml index bc17d372e..88e64b63b 100644 --- a/charts/kafka-operator/crds/kafkaclusters.yaml +++ b/charts/kafka-operator/crds/kafkaclusters.yaml @@ -12917,7 +12917,6 @@ spec: description: TLS secret used for Contour IngressRoute resource type: string required: - - anyCastFQDNTemplate - brokerFQDNTemplate - contourIngressClass - tlsSecretName @@ -19237,7 +19236,6 @@ spec: resource type: string required: - - anyCastFQDNTemplate - brokerFQDNTemplate - contourIngressClass - tlsSecretName diff --git a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml index bc17d372e..88e64b63b 100644 --- a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml +++ b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml @@ -12917,7 +12917,6 @@ spec: description: TLS secret used for Contour IngressRoute resource type: string required: - - anyCastFQDNTemplate - brokerFQDNTemplate - contourIngressClass - tlsSecretName @@ -19237,7 +19236,6 @@ spec: resource type: string required: - - anyCastFQDNTemplate - brokerFQDNTemplate - contourIngressClass - tlsSecretName diff --git a/controllers/kafkacluster_controller.go b/controllers/kafkacluster_controller.go index b6a30db04..e41418257 100644 --- a/controllers/kafkacluster_controller.go +++ b/controllers/kafkacluster_controller.go @@ -41,7 +41,7 @@ import ( "github.com/banzaicloud/koperator/pkg/kafkaclient" "github.com/banzaicloud/koperator/pkg/pki" "github.com/banzaicloud/koperator/pkg/resources" - "github.com/banzaicloud/koperator/pkg/resources/clusteripexternalaccess" + "github.com/banzaicloud/koperator/pkg/resources/contouringress" "github.com/banzaicloud/koperator/pkg/resources/cruisecontrol" "github.com/banzaicloud/koperator/pkg/resources/cruisecontrolmonitoring" "github.com/banzaicloud/koperator/pkg/resources/envoy" @@ -50,8 +50,9 @@ import ( "github.com/banzaicloud/koperator/pkg/resources/kafkamonitoring" "github.com/banzaicloud/koperator/pkg/resources/nodeportexternalaccess" "github.com/banzaicloud/koperator/pkg/util" + // TODO uncomment this - // contour "github.com/heptio/contour/apis/contour/v1beta1" + contour "github.com/projectcontour/contour/apis/projectcontour/v1" ) var clusterFinalizer = "finalizer.kafkaclusters.kafka.banzaicloud.io" @@ -119,7 +120,7 @@ func (r *KafkaClusterReconciler) Reconcile(ctx context.Context, request ctrl.Req envoy.New(r.Client, instance), istioingress.New(r.Client, instance), nodeportexternalaccess.New(r.Client, instance), - clusteripexternalaccess.New(r.Client, instance), + contouringress.New(r.Client, instance), kafkamonitoring.New(r.Client, instance), cruisecontrolmonitoring.New(r.Client, instance), kafka.New(r.Client, r.DirectClient, instance, r.KafkaClientProvider), @@ -422,8 +423,8 @@ func envoyWatches(builder *ctrl.Builder) *ctrl.Builder { func contourWatches(builder *ctrl.Builder) *ctrl.Builder { return builder. - Owns(&corev1.Service{}) - // Owns(&contour.IngressRoute{}) + Owns(&corev1.Service{}). + Owns(&contour.HTTPProxy{}) } func cruiseControlWatches(builder *ctrl.Builder) *ctrl.Builder { diff --git a/go.mod b/go.mod index 43ac5313b..94cfcb2d7 100644 --- a/go.mod +++ b/go.mod @@ -15,13 +15,14 @@ require ( github.com/banzaicloud/koperator/properties v0.4.1 github.com/cert-manager/cert-manager v1.13.2 github.com/cisco-open/cluster-registry-controller/api v0.2.12 - github.com/envoyproxy/go-control-plane v0.11.1 + github.com/envoyproxy/go-control-plane v0.11.2-0.20231019082134-6e4589f570e1 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 github.com/go-logr/logr v1.3.0 github.com/heptio/contour v0.15.3 github.com/onsi/ginkgo/v2 v2.13.1 github.com/onsi/gomega v1.30.0 github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 + github.com/projectcontour/contour v1.27.0 github.com/prometheus/common v0.45.0 github.com/stretchr/testify v1.8.4 go.uber.org/mock v0.3.0 @@ -38,25 +39,15 @@ require ( ) require ( - github.com/BurntSushi/toml v1.0.0 // indirect - github.com/client9/misspell v0.3.4 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect - github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc // indirect github.com/imdario/mergo v0.3.12 // indirect - github.com/kisielk/errcheck v1.5.0 // indirect github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect - github.com/mdempsky/unconvert v0.0.0-20190325185700-2f5dc3378ed3 // indirect github.com/stretchr/objx v0.5.0 // indirect - golang.org/x/mod v0.14.0 // indirect golang.org/x/tools v0.15.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 // indirect - honnef.co/go/tools v0.0.1-2019.2.3 // indirect - k8s.io/code-generator v0.28.4 // indirect - k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect - mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f // indirect ) require ( @@ -89,7 +80,7 @@ require ( github.com/golang/snappy v0.0.4 // indirect github.com/google/go-cmp v0.6.0 github.com/google/gofuzz v1.2.0 // indirect - github.com/google/uuid v1.3.1 // indirect + github.com/google/uuid v1.4.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect @@ -115,7 +106,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.17.0 // indirect - github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect + github.com/prometheus/client_model v0.5.0 // indirect github.com/prometheus/procfs v0.11.1 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/shopspring/decimal v1.3.1 // indirect @@ -128,14 +119,14 @@ require ( go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.15.0 // indirect golang.org/x/net v0.18.0 // indirect - golang.org/x/oauth2 v0.12.0 // indirect + golang.org/x/oauth2 v0.13.0 // indirect golang.org/x/sys v0.14.0 // indirect golang.org/x/term v0.14.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 // indirect + google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect istio.io/api v1.19.0-alpha.1 // indirect @@ -143,7 +134,7 @@ require ( k8s.io/klog/v2 v2.110.1 // indirect k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect - sigs.k8s.io/gateway-api v0.8.0 // indirect + sigs.k8s.io/gateway-api v0.8.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.3.0 // indirect diff --git a/go.sum b/go.sum index d8906eee6..b468571f9 100644 --- a/go.sum +++ b/go.sum @@ -8,8 +8,6 @@ emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= -github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/IBM/sarama v1.42.1 h1:wugyWa15TDEHh2kvq2gAy1IHLjEjuYOYgXz/ruC/OSQ= github.com/IBM/sarama v1.42.1/go.mod h1:Xxho9HkHd4K/MDUo/T/sOqwtX/17D33++E9Wib6hUdQ= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -55,7 +53,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cisco-open/cluster-registry-controller/api v0.2.12 h1:dxKVG3T75RAU8f0kmeLRh82Ao4koTFIPZEodUTBhg14= github.com/cisco-open/cluster-registry-controller/api v0.2.12/go.mod h1:zRJ4y4xZlEq1AkOm8pd6qpH7WQ9yinLaE3SA30TWh74= -github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= @@ -85,8 +82,8 @@ github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRr github.com/envoyproxy/go-control-plane v0.8.2/go.mod h1:EWRTAFN6uuDZIa6KOuUfrOMJ7ySgXZ44rVKiTWjKe34= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM= -github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= +github.com/envoyproxy/go-control-plane v0.11.2-0.20231019082134-6e4589f570e1 h1:i/XN+pZrv2iM+Czc4o4tP6UzUJoOxjNI9gQdE1vIjd0= +github.com/envoyproxy/go-control-plane v0.11.2-0.20231019082134-6e4589f570e1/go.mod h1:3X10o7QcAVxP4y/hnTLgkXLwuZV2DxAEh6uaYD5PoxI= github.com/envoyproxy/protoc-gen-validate v0.0.0-20190405222122-d6164de49109/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.0.14/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= @@ -172,14 +169,13 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/gophercloud/gophercloud v0.0.0-20190126172459-c818fa66e4c8/go.mod h1:3WdhXV3rUYy9p6AUW8d94kr+HS62Y4VL9mBnFxsD8q4= -github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc h1:cJlkeAx1QYgO5N80aF5xRGstVsRQwgLR7uA2FnP1ZjY= github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= @@ -236,7 +232,6 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/errcheck v1.5.0 h1:e8esj/e4R+SAOwFwN+n3zr0nYeCyeweozKfO23MvHzY= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= @@ -266,7 +261,6 @@ github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= -github.com/mdempsky/unconvert v0.0.0-20190325185700-2f5dc3378ed3 h1:ONMmGu9qiY0FW95o5V7LBwZaMg58Sb9pUYtTD4/rgks= github.com/mdempsky/unconvert v0.0.0-20190325185700-2f5dc3378ed3/go.mod h1:9+3Wp2ccIz73BJqVfc7n2+1A+mzvnEwtDTqEjeRngBQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= @@ -313,6 +307,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/projectcontour/contour v1.27.0 h1:F6VjI+rMojroZBfi3KxMXX+KHFspSsOTZiRe/yeyHO0= +github.com/projectcontour/contour v1.27.0/go.mod h1:o4r7+DcM6RUCjD1sm0U9yK7lH59SHG1lQwJSDQQxx+o= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= @@ -321,8 +317,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM= -github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= @@ -451,8 +447,8 @@ golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= +golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= +golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -527,7 +523,6 @@ golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190719005602-e377ae9d6386/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20191002234911-9ade4c73f2af/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= @@ -552,10 +547,10 @@ google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g= -google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8= -google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 h1:nIgk/EEq3/YlnmVVXVnm14rC2oxgs1o0ong4sD/rd44= -google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5/go.mod h1:5DZzOUPCLYL3mNkQ0ms0F3EuUNZ7py1Bqeq6sxzI7/Q= +google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY= +google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= +google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q= +google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 h1:o4LtQxebKIJ4vkzyhtD2rfUNZ20Zf0ik5YVP5E7G7VE= google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -598,7 +593,6 @@ honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= istio.io/api v1.19.0-alpha.1 h1:piKxgZ1Y9abNin/zw9cp6AFKhhC3Z2UmJRTN0Tm5FEY= istio.io/api v1.19.0-alpha.1/go.mod h1:dDMe1TsOtrRoUlBzdxqNolWXpXPQjLfbcXvqPMtQ6eo= @@ -617,14 +611,10 @@ k8s.io/client-go v0.0.0-20190620085101-78d2af792bab/go.mod h1:E95RaSlHr79aHaX0aG k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY= k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4= k8s.io/code-generator v0.0.0-20190311093542-50b561225d70/go.mod h1:MYiN+ZJZ9HkETbgVZdWw2AsuAi9PZ4V80cwfuf2axe8= -k8s.io/code-generator v0.28.4 h1:tcOSNIZQvuAvXhOwpbuJkKbAABJQeyCcQBCN/3uI18c= -k8s.io/code-generator v0.28.4/go.mod h1:OQAfl6bZikQ/tK6faJ18Vyzo54rUII2NmjurHyiN1g4= k8s.io/component-base v0.28.4 h1:c/iQLWPdUgI90O+T9TeECg8o7N3YJTiuz2sKxILYcYo= k8s.io/component-base v0.28.4/go.mod h1:m9hR0uvqXDybiGL2nf/3Lf0MerAfQXzkfWhUY58JUbU= k8s.io/gengo v0.0.0-20190116091435-f8a0810f38af/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= -k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= @@ -640,12 +630,11 @@ k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3 k8s.io/utils v0.0.0-20190607212802-c55fbcfc754a/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f h1:Cq7MalBHYACRd6EesksG1Q8EoIAKOsiZviGKbOLIej4= mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= -sigs.k8s.io/gateway-api v0.8.0 h1:isQQ3Jx2qFP7vaA3ls0846F0Amp9Eq14P08xbSwVbQg= -sigs.k8s.io/gateway-api v0.8.0/go.mod h1:okOnjPNBFbIS/Rw9kAhuIUaIkLhTKEu+ARIuXk2dgaM= +sigs.k8s.io/gateway-api v0.8.1 h1:Bo4NMAQFYkQZnHXOfufbYwbPW7b3Ic5NjpbeW6EJxuU= +sigs.k8s.io/gateway-api v0.8.1/go.mod h1:0PteDrsrgkRmr13nDqFWnev8tOysAVrwnvfFM55tSVg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= diff --git a/main.go b/main.go index 7b378b041..1b866022a 100644 --- a/main.go +++ b/main.go @@ -59,7 +59,7 @@ import ( "github.com/banzaicloud/koperator/pkg/scale" "github.com/banzaicloud/koperator/pkg/util" "github.com/banzaicloud/koperator/pkg/webhooks" - contour "github.com/heptio/contour/apis/contour/v1beta1" + contour "github.com/projectcontour/contour/apis/projectcontour/v1" // +kubebuilder:scaffold:imports ) diff --git a/pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go b/pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go deleted file mode 100644 index 00f0af67c..000000000 --- a/pkg/resources/clusteripexternalaccess/clusterIpExternalAccess.go +++ /dev/null @@ -1,120 +0,0 @@ -// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package clusteripexternalaccess - -import ( - "context" - "fmt" - - "emperror.dev/errors" - "github.com/go-logr/logr" - corev1 "k8s.io/api/core/v1" - "sigs.k8s.io/controller-runtime/pkg/client" - - "github.com/banzaicloud/koperator/api/v1beta1" - "github.com/banzaicloud/koperator/pkg/k8sutil" - "github.com/banzaicloud/koperator/pkg/resources" - "github.com/banzaicloud/koperator/pkg/util" - contourutils "github.com/banzaicloud/koperator/pkg/util/contour" -) - -const ( - componentName = "clusterIpExternalAccess" -) - -// Reconciler implements the Component Reconciler -type Reconciler struct { - resources.Reconciler -} - -// New creates a new reconciler for NodePort based external access -func New(client client.Client, cluster *v1beta1.KafkaCluster) *Reconciler { - return &Reconciler{ - Reconciler: resources.Reconciler{ - Client: client, - KafkaCluster: cluster, - }, - } -} - -// Reconcile implements the reconcile logic for NodePort based external access -func (r *Reconciler) Reconcile(log logr.Logger) error { - log = log.WithValues("component", componentName) - log.V(1).Info("Reconciling") - if r.KafkaCluster.Spec.GetIngressController() == contourutils.IngressControllerName { - // create ClusterIP services for discovery service and brokers - for _, eListener := range r.KafkaCluster.Spec.ListenersConfig.ExternalListeners { - // create per ingressConfig services ClusterIP - ingressConfigs, defaultControllerName, err := util.GetIngressConfigs(r.KafkaCluster.Spec, eListener) - if err != nil { - return err - } - for name, ingressConfig := range ingressConfigs { - if !util.IsIngressConfigInUse(name, defaultControllerName, r.KafkaCluster, log) { - continue - } - // TODO cleanup when RemoveUnusedIngressResources - clusterService := r.clusterService(log, eListener, ingressConfig, name, defaultControllerName) - err = k8sutil.Reconcile(log, r.Client, clusterService, r.KafkaCluster) - if err != nil { - return err - } - - // create IngressRoutes for each ingressConfig - fqdn := ingressConfig.ContourIngressConfig.GetAnycastFqdn() - ingressRoute := r.ingressRoute(log, eListener, fqdn, ingressConfig, clusterService) - err = k8sutil.Reconcile(log, r.Client, ingressRoute, r.KafkaCluster) - if err != nil { - return err - } - // create per broker services ClusterIP - for _, broker := range r.KafkaCluster.Spec.Brokers { - service := r.brokerService(log, broker.Id, eListener) - - fqdn := ingressConfig.ContourIngressConfig.GetBrokerFqdn(broker.Id) - ingressRoute := r.ingressRoute(log, eListener, fqdn, ingressConfig, service) - - if eListener.GetAccessMethod() == corev1.ServiceTypeClusterIP { - err = k8sutil.Reconcile(log, r.Client, service, r.KafkaCluster) - if err != nil { - return err - } - err = k8sutil.Reconcile(log, r.Client, ingressRoute, r.KafkaCluster) - if err != nil { - return err - } - } else if r.KafkaCluster.Spec.RemoveUnusedIngressResources { - // Cleaning up unused nodeport services - removeService := service.(client.Object) - if err := r.Delete(context.Background(), removeService); client.IgnoreNotFound(err) != nil { - return errors.Wrap(err, "error when removing unused nodeport services") - } - removeIngress := ingressRoute.(client.Object) - if err := r.Delete(context.Background(), removeIngress); client.IgnoreNotFound(err) != nil { - return errors.Wrap(err, "error when removing unused nodeport services") - } - log.V(1).Info(fmt.Sprintf("Deleted nodePort service '%s' for external listener '%s'", removeService.GetName(), eListener.Name)) - } - } - - } - - } - } - - log.V(1).Info("Reconciled") - - return nil -} diff --git a/pkg/resources/clusteripexternalaccess/service.go b/pkg/resources/clusteripexternalaccess/service.go deleted file mode 100644 index 6d4dcbf90..000000000 --- a/pkg/resources/clusteripexternalaccess/service.go +++ /dev/null @@ -1,114 +0,0 @@ -// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package clusteripexternalaccess - -import ( - "fmt" - - "github.com/go-logr/logr" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" - - apiutil "github.com/banzaicloud/koperator/api/util" - "github.com/banzaicloud/koperator/api/v1beta1" - "github.com/banzaicloud/koperator/pkg/resources/templates" - "github.com/banzaicloud/koperator/pkg/util" - contourutils "github.com/banzaicloud/koperator/pkg/util/contour" - "github.com/banzaicloud/koperator/pkg/util/kafka" - contour "github.com/heptio/contour/apis/contour/v1beta1" -) - -// TODO handle deletion gracefully from status -func (r *Reconciler) brokerService(_ logr.Logger, id int32, extListener v1beta1.ExternalListenerConfig) runtime.Object { - - service := &corev1.Service{ - ObjectMeta: templates.ObjectMetaWithAnnotations( - fmt.Sprintf(kafka.NodePortServiceTemplate, r.KafkaCluster.GetName(), id, extListener.Name), - apiutil.MergeLabels(apiutil.LabelsForKafka(r.KafkaCluster.Name), map[string]string{v1beta1.BrokerIdLabelKey: fmt.Sprintf("%d", id)}), - extListener.GetServiceAnnotations(), r.KafkaCluster), - Spec: corev1.ServiceSpec{ - Selector: apiutil.MergeLabels(apiutil.LabelsForKafka(r.KafkaCluster.Name), - map[string]string{v1beta1.BrokerIdLabelKey: fmt.Sprintf("%d", id)}), - Type: corev1.ServiceTypeClusterIP, - Ports: []corev1.ServicePort{{ - Name: fmt.Sprintf("broker-%d", id), - Port: *extListener.AnyCastPort, - TargetPort: intstr.FromInt(int(extListener.ContainerPort)), - Protocol: corev1.ProtocolTCP, - }, - }, - ExternalTrafficPolicy: extListener.ExternalTrafficPolicy, - }, - } - - return service -} - -func (r *Reconciler) clusterService(log logr.Logger, extListener v1beta1.ExternalListenerConfig, - ingressConfig v1beta1.IngressConfig, ingressConfigName, defaultIngressConfigName string) runtime.Object { - - var serviceName string = util.GenerateEnvoyResourceName(contourutils.ContourServiceName, contourutils.ContourServiceNameWithScope, - extListener, ingressConfig, ingressConfigName, r.KafkaCluster.GetName()) - - service := &corev1.Service{ - ObjectMeta: templates.ObjectMetaWithAnnotations( - serviceName, - apiutil.LabelsForKafka(r.KafkaCluster.Name), - extListener.GetServiceAnnotations(), r.KafkaCluster), - Spec: corev1.ServiceSpec{ - Selector: apiutil.MergeLabels(apiutil.LabelsForKafka(r.KafkaCluster.Name)), - Type: corev1.ServiceTypeClusterIP, - Ports: []corev1.ServicePort{{ - Name: "tcp-all-broker", - Port: *extListener.AnyCastPort, - TargetPort: intstr.FromInt(int(extListener.ContainerPort)), - Protocol: corev1.ProtocolTCP, - }, - }, - ExternalTrafficPolicy: extListener.ExternalTrafficPolicy, - }, - } - - return service -} - -// generate ingressroute resource based on status and listener name -func (r *Reconciler) ingressRoute(log logr.Logger, extListener v1beta1.ExternalListenerConfig, fqdn string, - ingressConfig v1beta1.IngressConfig, service runtime.Object) runtime.Object { - - svc := service.(*corev1.Service) - ingressRoute := &contour.IngressRoute{ - ObjectMeta: templates.ObjectMetaWithAnnotations(fqdn, - apiutil.LabelsForKafka(r.KafkaCluster.Name), extListener.GetServiceAnnotations(), r.KafkaCluster), - Spec: contour.IngressRouteSpec{ - VirtualHost: &contour.VirtualHost{ - Fqdn: fqdn, - TLS: &contour.TLS{ - // TODO make secretName configurable - SecretName: ingressConfig.ContourIngressConfig.TLSSecretName, - }, - }, - TCPProxy: &contour.TCPProxy{ - Services: []contour.Service{{ - Name: svc.GetName(), - Port: int(svc.Spec.Ports[0].Port), - }}, - }, - }, - } - - return ingressRoute -} diff --git a/pkg/resources/contouringress/contour.go b/pkg/resources/contouringress/contour.go new file mode 100644 index 000000000..36c0e9596 --- /dev/null +++ b/pkg/resources/contouringress/contour.go @@ -0,0 +1,251 @@ +// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package contouringress + +import ( + "context" + "fmt" + "reflect" + "strings" + + "emperror.dev/errors" + "github.com/go-logr/logr" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/intstr" + "sigs.k8s.io/controller-runtime/pkg/client" + + apiutil "github.com/banzaicloud/koperator/api/util" + "github.com/banzaicloud/koperator/api/v1beta1" + "github.com/banzaicloud/koperator/pkg/k8sutil" + "github.com/banzaicloud/koperator/pkg/resources" + "github.com/banzaicloud/koperator/pkg/resources/templates" + "github.com/banzaicloud/koperator/pkg/util" + contourutils "github.com/banzaicloud/koperator/pkg/util/contour" + "github.com/banzaicloud/koperator/pkg/util/kafka" + contour "github.com/projectcontour/contour/apis/projectcontour/v1" +) + +const ( + componentName = "clusterIpExternalAccess" +) + +// Reconciler implements the Component Reconciler +type Reconciler struct { + resources.Reconciler +} + +// New creates a new reconciler for NodePort based external access +func New(client client.Client, cluster *v1beta1.KafkaCluster) *Reconciler { + return &Reconciler{ + Reconciler: resources.Reconciler{ + Client: client, + KafkaCluster: cluster, + }, + } +} + +// Reconcile implements the reconcile logic for NodePort based external access +func (r *Reconciler) Reconcile(log logr.Logger) error { + log = log.WithValues("component", componentName) + log.V(1).Info("Reconciling") + var reconcileObjects []runtime.Object + // create ClusterIP services for discovery service and brokers + for _, eListener := range r.KafkaCluster.Spec.ListenersConfig.ExternalListeners { + if r.KafkaCluster.Spec.GetIngressController() == contourutils.IngressControllerName && eListener.GetAccessMethod() == corev1.ServiceTypeClusterIP { + // create per ingressConfig services ClusterIP + ingressConfigs, defaultControllerName, err := util.GetIngressConfigs(r.KafkaCluster.Spec, eListener) + if err != nil { + return err + } + for name, ingressConfig := range ingressConfigs { + if !util.IsIngressConfigInUse(name, defaultControllerName, r.KafkaCluster, log) { + continue + } + + clusterService := r.clusterService(log, eListener, ingressConfig, name, defaultControllerName) + reconcileObjects = append(reconcileObjects, clusterService) + + // make sure the HostnameOverride is set otherwise the fqdn will be empty and HTTPProxy creation will fail. + fqdn := ingressConfig.HostnameOverride + ingressRoute := r.httpProxy(log, eListener, fqdn, ingressConfig, clusterService) + reconcileObjects = append(reconcileObjects, ingressRoute) + + // create per broker services ClusterIP + for _, broker := range r.KafkaCluster.Spec.Brokers { + brokerService := r.brokerService(log, broker.Id, eListener) + reconcileObjects = append(reconcileObjects, brokerService) + + fqdn := ingressConfig.ContourIngressConfig.GetBrokerFqdn(broker.Id) + ingressRoute := r.httpProxy(log, eListener, fqdn, ingressConfig, brokerService) + reconcileObjects = append(reconcileObjects, ingressRoute) + } + } + + for _, obj := range reconcileObjects { + err = k8sutil.Reconcile(log, r.Client, obj, r.KafkaCluster) + if err != nil { + return err + } + } + } else if r.KafkaCluster.Spec.RemoveUnusedIngressResources { + // Cleaning up unused contour resources when ingress controller is not contour or externalListener access method is not ClusterIP + deletionCounter := 0 + ctx := context.Background() + contourResourcesGVK := []schema.GroupVersionKind{ + { + Version: corev1.SchemeGroupVersion.Version, + Group: corev1.SchemeGroupVersion.Group, + Kind: reflect.TypeOf(corev1.Service{}).Name(), + }, + { + Version: corev1.SchemeGroupVersion.Version, + Group: corev1.SchemeGroupVersion.Group, + Kind: reflect.TypeOf(contour.HTTPProxy{}).Name(), + }, + } + var contourResources unstructured.UnstructuredList + for _, gvk := range contourResourcesGVK { + contourResources.SetGroupVersionKind(gvk) + + if err := r.List(ctx, &contourResources, client.InNamespace(r.KafkaCluster.GetNamespace()), + client.MatchingLabels(labelsForContourIngressWithoutEListenerName(r.KafkaCluster.Name))); err != nil { + return errors.Wrap(err, "error when getting list of envoy ingress resources for deletion") + } + + for _, removeObject := range contourResources.Items { + if !strings.Contains(removeObject.GetLabels()[util.ExternalListenerLabelNameKey], eListener.Name) || + util.ObjectManagedByClusterRegistry(&removeObject) || + !removeObject.GetDeletionTimestamp().IsZero() { + continue + } + if err := r.Delete(ctx, &removeObject); client.IgnoreNotFound(err) != nil { + return errors.Wrap(err, "error when removing contour ingress resources") + } + log.V(1).Info(fmt.Sprintf("Deleted contour ingress '%s' resource '%s' for externalListener '%s'", gvk.Kind, removeObject.GetName(), eListener.Name)) + deletionCounter++ + } + } + if deletionCounter > 0 { + log.Info(fmt.Sprintf("Removed '%d' resources for contour ingress", deletionCounter)) + } + + } + } + + log.V(1).Info("Reconciled") + + return nil +} + +// generate service for broker +func (r *Reconciler) brokerService(_ logr.Logger, id int32, extListener v1beta1.ExternalListenerConfig) runtime.Object { + + service := &corev1.Service{ + ObjectMeta: templates.ObjectMetaWithAnnotations( + fmt.Sprintf(kafka.NodePortServiceTemplate, r.KafkaCluster.GetName(), id, extListener.Name), + apiutil.MergeLabels( + apiutil.LabelsForKafka(r.KafkaCluster.Name), + map[string]string{v1beta1.BrokerIdLabelKey: fmt.Sprintf("%d", id)}, + labelsForContourIngress(r.KafkaCluster.Name, extListener.Name)), + extListener.GetServiceAnnotations(), r.KafkaCluster), + Spec: corev1.ServiceSpec{ + Selector: apiutil.MergeLabels(apiutil.LabelsForKafka(r.KafkaCluster.Name), + map[string]string{v1beta1.BrokerIdLabelKey: fmt.Sprintf("%d", id)}), + Type: corev1.ServiceTypeClusterIP, + Ports: []corev1.ServicePort{{ + Name: fmt.Sprintf("broker-%d", id), + Port: *extListener.AnyCastPort, + TargetPort: intstr.FromInt(int(extListener.ContainerPort)), + Protocol: corev1.ProtocolTCP, + }, + }, + ExternalTrafficPolicy: extListener.ExternalTrafficPolicy, + }, + } + + return service +} + +// generate service for anycast port +func (r *Reconciler) clusterService(_ logr.Logger, extListener v1beta1.ExternalListenerConfig, + ingressConfig v1beta1.IngressConfig, ingressConfigName, defaultIngressConfigName string) runtime.Object { + + var serviceName string = util.GenerateEnvoyResourceName(contourutils.ContourServiceName, contourutils.ContourServiceNameWithScope, + extListener, ingressConfig, ingressConfigName, r.KafkaCluster.GetName()) + + service := &corev1.Service{ + ObjectMeta: templates.ObjectMetaWithAnnotations( + serviceName, + apiutil.MergeLabels( + apiutil.LabelsForKafka(r.KafkaCluster.Name), + labelsForContourIngress(r.KafkaCluster.Name, extListener.Name)), + extListener.GetServiceAnnotations(), r.KafkaCluster), + Spec: corev1.ServiceSpec{ + Selector: apiutil.MergeLabels(apiutil.LabelsForKafka(r.KafkaCluster.Name)), + Type: corev1.ServiceTypeClusterIP, + Ports: []corev1.ServicePort{{ + Name: "tcp-all-broker", + Port: *extListener.AnyCastPort, + TargetPort: intstr.FromInt(int(extListener.ContainerPort)), + Protocol: corev1.ProtocolTCP, + }, + }, + ExternalTrafficPolicy: extListener.ExternalTrafficPolicy, + }, + } + + return service +} + +// generate httproxy resource for contour ingress +func (r *Reconciler) httpProxy(_ logr.Logger, extListener v1beta1.ExternalListenerConfig, fqdn string, + ingressConfig v1beta1.IngressConfig, service runtime.Object) runtime.Object { + + svc := service.(*corev1.Service) + ingressRoute := &contour.HTTPProxy{ + ObjectMeta: templates.ObjectMetaWithAnnotations(fqdn, + apiutil.MergeLabels( + apiutil.LabelsForKafka(r.KafkaCluster.Name), + labelsForContourIngress(r.KafkaCluster.Name, extListener.Name)), + extListener.GetServiceAnnotations(), r.KafkaCluster), + Spec: contour.HTTPProxySpec{ + VirtualHost: &contour.VirtualHost{ + Fqdn: fqdn, + TLS: &contour.TLS{ + SecretName: ingressConfig.ContourIngressConfig.TLSSecretName, + }, + }, + TCPProxy: &contour.TCPProxy{ + Services: []contour.Service{{ + Name: svc.GetName(), + Port: int(svc.Spec.Ports[0].Port), + }}, + }, + }, + } + + return ingressRoute +} + +func labelsForContourIngress(crName, eLName string) map[string]string { + return apiutil.MergeLabels(labelsForContourIngressWithoutEListenerName(crName), map[string]string{util.ExternalListenerLabelNameKey: eLName}) +} + +func labelsForContourIngressWithoutEListenerName(crName string) map[string]string { + return map[string]string{v1beta1.AppLabelKey: "contouringress", v1beta1.KafkaCRLabelKey: crName} +} diff --git a/pkg/resources/kafka/kafka.go b/pkg/resources/kafka/kafka.go index d38b6b60e..5b257ea32 100644 --- a/pkg/resources/kafka/kafka.go +++ b/pkg/resources/kafka/kafka.go @@ -1324,7 +1324,6 @@ func (r *Reconciler) createExternalListenerStatuses(log logr.Logger) (map[string listenerStatusList := make(v1beta1.ListenerStatusList, 0, len(r.KafkaCluster.Spec.Brokers)+1) for iConfigName, iConfig := range ingressConfigs { - fmt.Println("---------------------1", iConfigName, iConfig.ContourIngressConfig) if !util.IsIngressConfigInUse(iConfigName, defaultControllerName, r.KafkaCluster, log) { continue } @@ -1366,11 +1365,6 @@ func (r *Reconciler) createExternalListenerStatuses(log logr.Logger) (map[string } else { anyBrokerStatusName = fmt.Sprintf("any-broker-%s", iConfigName) } - fmt.Println("----------------------------------1") - // TODO fix hack - if eListener.GetAccessMethod() == corev1.ServiceTypeClusterIP { - host = iConfig.ContourIngressConfig.GetAnycastFqdn() - } listenerStatus := v1beta1.ListenerStatus{ Name: anyBrokerStatusName, Address: fmt.Sprintf("%s:%d", host, allBrokerPort), From e6ccebdff3e3361f08e365720b5ab8f4720b4457 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Mon, 13 May 2024 13:25:23 +0300 Subject: [PATCH 06/19] Undo makefile changes --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 43b4a44f1..d202e3195 100644 --- a/Makefile +++ b/Makefile @@ -113,7 +113,7 @@ manager: generate fmt vet ## Generate (kubebuilder) and build manager binary. # Run against the configured Kubernetes cluster in ~/.kube/config run: generate fmt vet - go run ./main.go --cert-manager-enabled=false --disable-cert-signing-support --disable-webhooks + go run ./main.go # Install CRDs into a cluster by manually creating or replacing the CRD depending on whether is currently existing # Apply is not applicable as the last-applied-configuration annotation would exceed the size limit enforced by the api server From 232be5f85b64af4d06aee787354c7f36edac1471 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Mon, 13 May 2024 13:28:00 +0300 Subject: [PATCH 07/19] Removing heptio contour refs --- go.mod | 1 - go.sum | 140 --------------------------------------------------------- 2 files changed, 141 deletions(-) diff --git a/go.mod b/go.mod index 94cfcb2d7..5191d32d6 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,6 @@ require ( github.com/envoyproxy/go-control-plane v0.11.2-0.20231019082134-6e4589f570e1 github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 github.com/go-logr/logr v1.3.0 - github.com/heptio/contour v0.15.3 github.com/onsi/ginkgo/v2 v2.13.1 github.com/onsi/gomega v1.30.0 github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 diff --git a/go.sum b/go.sum index b468571f9..2faf108f4 100644 --- a/go.sum +++ b/go.sum @@ -1,12 +1,9 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.37.4/go.mod h1:NHPJ89PdicEuT9hdPXMROBD91xc5uRDxsMtSB16k7hw= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= emperror.dev/errors v0.8.0/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= emperror.dev/errors v0.8.1 h1:UavXZ5cSX/4u9iyvH6aDcuGkVjeexUGJ7Ij7G4VfQT0= emperror.dev/errors v0.8.1/go.mod h1:YcRvLPh626Ubn2xqtoprejnA5nFha+TJ+2vew48kWuE= -github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/IBM/sarama v1.42.1 h1:wugyWa15TDEHh2kvq2gAy1IHLjEjuYOYgXz/ruC/OSQ= github.com/IBM/sarama v1.42.1/go.mod h1:Xxho9HkHd4K/MDUo/T/sOqwtX/17D33++E9Wib6hUdQ= @@ -20,13 +17,8 @@ github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBa github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/adobe/go-cruise-control v0.6.1-adbe h1:dTarO7nW+JrFdIIKHVvayoosUdszhTj63upa44Ytj2A= github.com/adobe/go-cruise-control v0.6.1-adbe/go.mod h1:S2hrm4FrQTvwg/MNzm2P1W1U2TuSw9YI/AQ9kDQiScY= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/banzaicloud/istio-client-go v0.0.17 h1:wiplbM7FDiIHopujInAnin3zuovtVcphtKy9En39q5I= github.com/banzaicloud/istio-client-go v0.0.17/go.mod h1:rpnEYYGHzisx8nARl2d30Oq38EeCX0/PPaxMaREfE9I= github.com/banzaicloud/istio-operator/api/v2 v2.17.2 h1:dvzPxXWALiCjaxseE/oK4yWfGAlmM/BQtJT4uaEbBWg= @@ -36,7 +28,6 @@ github.com/banzaicloud/k8s-objectmatcher v1.8.0/go.mod h1:p2LSNAjlECf07fbhDyebTk github.com/banzaicloud/operator-tools v0.28.10 h1:mm+LvL31GV9BL//zs/CTKVcFdHHyZ+KIbuNoXrOo3gA= github.com/banzaicloud/operator-tools v0.28.10/go.mod h1:PhwQ6bn1blX+SuH5ALj3Fwvvmsi1KdAwke8NufILY8I= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A= @@ -63,34 +54,25 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-resiliency v1.4.0 h1:3OK9bWpPk5q6pbFAaYSEwD9CLUSHG8bnZuqX2yMt3B0= github.com/eapache/go-resiliency v1.4.0/go.mod h1:5yPzW0MIvSe0JDsv0v+DvcjEv2FyD6iZYSs1ZI+iQho= -github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 h1:Oy0F4ALJ04o5Qqpdz8XLIpNA3WM/iSIXqxtqo7UGVws= github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3/go.mod h1:YvSRo5mw33fLEx1+DlK6L2VV43tJt5Eyel9n9XBcR+0= github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.8.2/go.mod h1:EWRTAFN6uuDZIa6KOuUfrOMJ7ySgXZ44rVKiTWjKe34= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.11.2-0.20231019082134-6e4589f570e1 h1:i/XN+pZrv2iM+Czc4o4tP6UzUJoOxjNI9gQdE1vIjd0= github.com/envoyproxy/go-control-plane v0.11.2-0.20231019082134-6e4589f570e1/go.mod h1:3X10o7QcAVxP4y/hnTLgkXLwuZV2DxAEh6uaYD5PoxI= -github.com/envoyproxy/protoc-gen-validate v0.0.0-20190405222122-d6164de49109/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.0.14/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= -github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.1.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -109,8 +91,6 @@ github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbS github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344 h1:Arcl6UOIS/kgO2nW3A65HN+7CMjSDP/gofXL4CZt1V4= github.com/ghodss/yaml v1.0.1-0.20220118164431-d8423dcdf344/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -129,59 +109,37 @@ github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dp github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M= github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= -github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/google/btree v0.0.0-20160524151835-7d79101e329e/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= -github.com/gophercloud/gophercloud v0.0.0-20190126172459-c818fa66e4c8/go.mod h1:3WdhXV3rUYy9p6AUW8d94kr+HS62Y4VL9mBnFxsD8q4= -github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= -github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= -github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -190,10 +148,7 @@ github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/heptio/contour v0.15.3 h1:M0ztO+SWEE5Ah/f/PcIiM1b2Z+vWj6TNZKpblF3TNUY= -github.com/heptio/contour v0.15.3/go.mod h1:PGqkM8XCX1hOtZalNeTqxuHQLl6+q2gWXiQ+g1B0Vno= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= @@ -201,10 +156,7 @@ github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/iancoleman/orderedmap v0.2.0 h1:sq1N/TFpYH++aViPcaKjys3bDClUEU7s5B+z6jq8pNA= github.com/iancoleman/orderedmap v0.2.0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= -github.com/iancoleman/strcase v0.0.0-20190422225806-e506e3ef7365/go.mod h1:SK73tn/9oHe+/Y0h39VT4UCxmurVJkR5NA7kMEAOgSE= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= @@ -223,21 +175,14 @@ github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJk github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -249,7 +194,6 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/luciferinlove/protobuf v1.5.2-bzc h1:gqDhIaLi4fSgPX8fhirNqShQCz5K8PREqgzERy2hKOg= github.com/luciferinlove/protobuf v1.5.2-bzc/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/lyft/protoc-gen-star v0.4.10/go.mod h1:mE8fbna26u7aEA2QCVvvfBU/ZrPgocG1206xAFPcs94= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= @@ -258,10 +202,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= -github.com/mdempsky/unconvert v0.0.0-20190325185700-2f5dc3378ed3/go.mod h1:9+3Wp2ccIz73BJqVfc7n2+1A+mzvnEwtDTqEjeRngBQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= @@ -278,29 +220,21 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU= github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0/go.mod h1:lAVhWwbNaveeJmxrxuSTxMgKpF6DjnuVpn6T8WiBwYQ= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ= github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -309,46 +243,30 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/projectcontour/contour v1.27.0 h1:F6VjI+rMojroZBfi3KxMXX+KHFspSsOTZiRe/yeyHO0= github.com/projectcontour/contour v1.27.0/go.mod h1:o4r7+DcM6RUCjD1sm0U9yK7lH59SHG1lQwJSDQQxx+o= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190403104016-ea9eea638872/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI= github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= -github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -378,7 +296,6 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= @@ -391,10 +308,7 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -407,10 +321,8 @@ golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -420,14 +332,9 @@ golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -445,14 +352,10 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -461,16 +364,9 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190508220229-2d0786266e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -496,8 +392,6 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -505,23 +399,14 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190325161752-5a8dccf5b48a/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190719005602-e377ae9d6386/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= -golang.org/x/tools v0.0.0-20191002234911-9ade4c73f2af/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -535,16 +420,11 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY= @@ -553,9 +433,7 @@ google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1: google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 h1:o4LtQxebKIJ4vkzyhtD2rfUNZ20Zf0ik5YVP5E7G7VE= google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= -google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -564,16 +442,13 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= @@ -589,48 +464,33 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= istio.io/api v1.19.0-alpha.1 h1:piKxgZ1Y9abNin/zw9cp6AFKhhC3Z2UmJRTN0Tm5FEY= istio.io/api v1.19.0-alpha.1/go.mod h1:dDMe1TsOtrRoUlBzdxqNolWXpXPQjLfbcXvqPMtQ6eo= -istio.io/gogo-genproto v0.0.0-20190614210408-e88dc8b0e4db/go.mod h1:eIDJ6jNk/IeJz6ODSksHl5Aiczy5JUq6vFhJWI5OtiI= -k8s.io/api v0.0.0-20190620084959-7cf5895f2711/go.mod h1:TBhBqb1AWbBQbW3XRusr7n7E4v2+5ZY8r8sAMnyFC5A= k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY= k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0= k8s.io/apiextensions-apiserver v0.28.4 h1:AZpKY/7wQ8n+ZYDtNHbAJBb+N4AXXJvyZx6ww6yAJvU= k8s.io/apiextensions-apiserver v0.28.4/go.mod h1:pgQIZ1U8eJSMQcENew/0ShUTlePcSGFq6dxSxf2mwPM= -k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719/go.mod h1:I4A+glKBHiTgiEjQiCCQfCAIcIMFGt291SmsvcrFzJA= k8s.io/apimachinery v0.0.0-20190704094733-8f6ac2502e51/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0= k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8= k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg= -k8s.io/client-go v0.0.0-20190620085101-78d2af792bab/go.mod h1:E95RaSlHr79aHaX0aGSwcPNfygDiPKOVXdmivCIZT0k= k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY= k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4= -k8s.io/code-generator v0.0.0-20190311093542-50b561225d70/go.mod h1:MYiN+ZJZ9HkETbgVZdWw2AsuAi9PZ4V80cwfuf2axe8= k8s.io/component-base v0.28.4 h1:c/iQLWPdUgI90O+T9TeECg8o7N3YJTiuz2sKxILYcYo= k8s.io/component-base v0.28.4/go.mod h1:m9hR0uvqXDybiGL2nf/3Lf0MerAfQXzkfWhUY58JUbU= -k8s.io/gengo v0.0.0-20190116091435-f8a0810f38af/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f h1:eeEUOoGYWhOz7EyXqhlR2zHKNw2mNJ9vzJmub6YN6kk= k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= -k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3oVhZz7sSzSiPnVZayjIX0= -k8s.io/utils v0.0.0-20190607212802-c55fbcfc754a/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/gateway-api v0.8.1 h1:Bo4NMAQFYkQZnHXOfufbYwbPW7b3Ic5NjpbeW6EJxuU= From 8c40cacbb7183098b482ede04c93b2495e5c16cb Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Mon, 13 May 2024 15:26:15 +0300 Subject: [PATCH 08/19] Fix linting --- pkg/resources/contouringress/contour.go | 5 +---- pkg/resources/kafka/kafka.go | 3 ++- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/pkg/resources/contouringress/contour.go b/pkg/resources/contouringress/contour.go index 36c0e9596..e18860bad 100644 --- a/pkg/resources/contouringress/contour.go +++ b/pkg/resources/contouringress/contour.go @@ -143,7 +143,6 @@ func (r *Reconciler) Reconcile(log logr.Logger) error { if deletionCounter > 0 { log.Info(fmt.Sprintf("Removed '%d' resources for contour ingress", deletionCounter)) } - } } @@ -154,7 +153,6 @@ func (r *Reconciler) Reconcile(log logr.Logger) error { // generate service for broker func (r *Reconciler) brokerService(_ logr.Logger, id int32, extListener v1beta1.ExternalListenerConfig) runtime.Object { - service := &corev1.Service{ ObjectMeta: templates.ObjectMetaWithAnnotations( fmt.Sprintf(kafka.NodePortServiceTemplate, r.KafkaCluster.GetName(), id, extListener.Name), @@ -183,7 +181,7 @@ func (r *Reconciler) brokerService(_ logr.Logger, id int32, extListener v1beta1. // generate service for anycast port func (r *Reconciler) clusterService(_ logr.Logger, extListener v1beta1.ExternalListenerConfig, - ingressConfig v1beta1.IngressConfig, ingressConfigName, defaultIngressConfigName string) runtime.Object { + ingressConfig v1beta1.IngressConfig, ingressConfigName, _ string) runtime.Object { var serviceName string = util.GenerateEnvoyResourceName(contourutils.ContourServiceName, contourutils.ContourServiceNameWithScope, extListener, ingressConfig, ingressConfigName, r.KafkaCluster.GetName()) @@ -215,7 +213,6 @@ func (r *Reconciler) clusterService(_ logr.Logger, extListener v1beta1.ExternalL // generate httproxy resource for contour ingress func (r *Reconciler) httpProxy(_ logr.Logger, extListener v1beta1.ExternalListenerConfig, fqdn string, ingressConfig v1beta1.IngressConfig, service runtime.Object) runtime.Object { - svc := service.(*corev1.Service) ingressRoute := &contour.HTTPProxy{ ObjectMeta: templates.ObjectMetaWithAnnotations(fqdn, diff --git a/pkg/resources/kafka/kafka.go b/pkg/resources/kafka/kafka.go index 5b257ea32..bc56418af 100644 --- a/pkg/resources/kafka/kafka.go +++ b/pkg/resources/kafka/kafka.go @@ -1303,6 +1303,8 @@ func (r *Reconciler) getBrokerHost(log logr.Logger, defaultHost string, broker v return "", errors.New("brokerHostnameTemplate is not set in the ingress service settings") } } + default: + return "", errors.New("unsupported external listener access method") } return fmt.Sprintf("%s:%d", brokerHost, portNumber), nil } @@ -1323,7 +1325,6 @@ func (r *Reconciler) createExternalListenerStatuses(log logr.Logger) (map[string } listenerStatusList := make(v1beta1.ListenerStatusList, 0, len(r.KafkaCluster.Spec.Brokers)+1) for iConfigName, iConfig := range ingressConfigs { - if !util.IsIngressConfigInUse(iConfigName, defaultControllerName, r.KafkaCluster, log) { continue } From 2ff53ac99d12e4aed2e1d16944fef10425773123 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Mon, 13 May 2024 15:55:06 +0300 Subject: [PATCH 09/19] Fix linting --- go.mod | 12 +++++----- go.sum | 30 ++++++++++++------------- main.go | 3 ++- pkg/resources/contouringress/contour.go | 4 ++-- pkg/resources/kafka/kafka.go | 4 ++-- 5 files changed, 26 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index 5191d32d6..409c01be3 100644 --- a/go.mod +++ b/go.mod @@ -44,7 +44,7 @@ require ( github.com/imdario/mergo v0.3.12 // indirect github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/stretchr/objx v0.5.0 // indirect - golang.org/x/tools v0.15.0 // indirect + golang.org/x/tools v0.21.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230911183012-2d3300fd4832 // indirect ) @@ -116,12 +116,12 @@ require ( github.com/tidwall/pretty v1.2.1 // indirect github.com/wayneashleyberry/terminal-dimensions v1.1.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.15.0 // indirect - golang.org/x/net v0.18.0 // indirect + golang.org/x/crypto v0.23.0 // indirect + golang.org/x/net v0.25.0 // indirect golang.org/x/oauth2 v0.13.0 // indirect - golang.org/x/sys v0.14.0 // indirect - golang.org/x/term v0.14.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.3.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 2faf108f4..122148791 100644 --- a/go.sum +++ b/go.sum @@ -314,8 +314,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= -golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= @@ -327,8 +327,6 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -349,8 +347,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= -golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= @@ -361,8 +359,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -383,22 +381,22 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= -golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -412,8 +410,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= -golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/main.go b/main.go index 1b866022a..4f51ebac4 100644 --- a/main.go +++ b/main.go @@ -51,6 +51,8 @@ import ( _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" ctrl "sigs.k8s.io/controller-runtime" + contour "github.com/projectcontour/contour/apis/projectcontour/v1" + banzaicloudv1alpha1 "github.com/banzaicloud/koperator/api/v1alpha1" banzaicloudv1beta1 "github.com/banzaicloud/koperator/api/v1beta1" "github.com/banzaicloud/koperator/controllers" @@ -59,7 +61,6 @@ import ( "github.com/banzaicloud/koperator/pkg/scale" "github.com/banzaicloud/koperator/pkg/util" "github.com/banzaicloud/koperator/pkg/webhooks" - contour "github.com/projectcontour/contour/apis/projectcontour/v1" // +kubebuilder:scaffold:imports ) diff --git a/pkg/resources/contouringress/contour.go b/pkg/resources/contouringress/contour.go index e18860bad..18e4eaf3e 100644 --- a/pkg/resources/contouringress/contour.go +++ b/pkg/resources/contouringress/contour.go @@ -29,6 +29,8 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/client" + contour "github.com/projectcontour/contour/apis/projectcontour/v1" + apiutil "github.com/banzaicloud/koperator/api/util" "github.com/banzaicloud/koperator/api/v1beta1" "github.com/banzaicloud/koperator/pkg/k8sutil" @@ -37,7 +39,6 @@ import ( "github.com/banzaicloud/koperator/pkg/util" contourutils "github.com/banzaicloud/koperator/pkg/util/contour" "github.com/banzaicloud/koperator/pkg/util/kafka" - contour "github.com/projectcontour/contour/apis/projectcontour/v1" ) const ( @@ -182,7 +183,6 @@ func (r *Reconciler) brokerService(_ logr.Logger, id int32, extListener v1beta1. // generate service for anycast port func (r *Reconciler) clusterService(_ logr.Logger, extListener v1beta1.ExternalListenerConfig, ingressConfig v1beta1.IngressConfig, ingressConfigName, _ string) runtime.Object { - var serviceName string = util.GenerateEnvoyResourceName(contourutils.ContourServiceName, contourutils.ContourServiceNameWithScope, extListener, ingressConfig, ingressConfigName, r.KafkaCluster.GetName()) diff --git a/pkg/resources/kafka/kafka.go b/pkg/resources/kafka/kafka.go index bc56418af..03f2ea011 100644 --- a/pkg/resources/kafka/kafka.go +++ b/pkg/resources/kafka/kafka.go @@ -1303,8 +1303,8 @@ func (r *Reconciler) getBrokerHost(log logr.Logger, defaultHost string, broker v return "", errors.New("brokerHostnameTemplate is not set in the ingress service settings") } } - default: - return "", errors.New("unsupported external listener access method") + case corev1.ServiceTypeExternalName: + return ":", errors.New("unsupported external listener access method") } return fmt.Sprintf("%s:%d", brokerHost, portNumber), nil } From 159d163174e68e9149e96cd72aaec9bfeacecc17 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Mon, 13 May 2024 17:08:16 +0300 Subject: [PATCH 10/19] Register v1.HTTPProxy with e2e tests --- controllers/tests/suite_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/controllers/tests/suite_test.go b/controllers/tests/suite_test.go index d7faf203e..f0c5ed421 100644 --- a/controllers/tests/suite_test.go +++ b/controllers/tests/suite_test.go @@ -57,6 +57,7 @@ import ( istioclientv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" banzaiistiov1alpha1 "github.com/banzaicloud/istio-operator/api/v2/v1alpha1" + contour "github.com/projectcontour/contour/apis/projectcontour/v1" banzaicloudv1alpha1 "github.com/banzaicloud/koperator/api/v1alpha1" "github.com/banzaicloud/koperator/api/v1beta1" @@ -122,6 +123,7 @@ var _ = BeforeSuite(func(ctx SpecContext) { Expect(banzaicloudv1alpha1.AddToScheme(scheme)).To(Succeed()) Expect(banzaicloudv1beta1.AddToScheme(scheme)).To(Succeed()) Expect(istioclientv1beta1.AddToScheme(scheme)).To(Succeed()) + Expect(contour.AddToScheme(scheme)).To(Succeed()) // +kubebuilder:scaffold:scheme From 2d240895f28d1b7158e2229092785dad07e011b6 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Tue, 14 May 2024 10:34:00 +0300 Subject: [PATCH 11/19] Fix CI --- controllers/tests/clusterregistry/suite_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/controllers/tests/clusterregistry/suite_test.go b/controllers/tests/clusterregistry/suite_test.go index 8a2e0a41d..8ef878d5b 100644 --- a/controllers/tests/clusterregistry/suite_test.go +++ b/controllers/tests/clusterregistry/suite_test.go @@ -56,6 +56,7 @@ import ( istioclientv1beta1 "github.com/banzaicloud/istio-client-go/pkg/networking/v1beta1" banzaiistiov1alpha1 "github.com/banzaicloud/istio-operator/api/v2/v1alpha1" + contour "github.com/projectcontour/contour/apis/projectcontour/v1" banzaicloudv1alpha1 "github.com/banzaicloud/koperator/api/v1alpha1" banzaicloudv1beta1 "github.com/banzaicloud/koperator/api/v1beta1" @@ -123,6 +124,7 @@ var _ = BeforeSuite(func() { Expect(banzaicloudv1alpha1.AddToScheme(scheme)).To(Succeed()) Expect(banzaicloudv1beta1.AddToScheme(scheme)).To(Succeed()) Expect(istioclientv1beta1.AddToScheme(scheme)).To(Succeed()) + Expect(contour.AddToScheme(scheme)).To(Succeed()) // +kubebuilder:scaffold:scheme From ec68ffff1ea50aac49df09a7406bb0b926033b43 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Tue, 14 May 2024 11:00:11 +0300 Subject: [PATCH 12/19] Install contour for e2e --- tests/e2e/global.go | 11 +++++++++++ tests/e2e/test_install.go | 7 +++++++ 2 files changed, 18 insertions(+) diff --git a/tests/e2e/global.go b/tests/e2e/global.go index 4c187073f..098266efb 100644 --- a/tests/e2e/global.go +++ b/tests/e2e/global.go @@ -34,6 +34,17 @@ var ( }, RemoteCRDPathVersionTemplate: "https://github.com/jetstack/cert-manager/releases/download/v%s/cert-manager.crds.yaml", } + // contour ingress controller + contourIngressControllerHelmDescriptor = helmDescriptor{ + Repository: "https://charts.bitnami.com/bitnami", + ChartName: "contour", + ChartVersion: "v1.27.0", + ReleaseName: "contour", + Namespace: "projectcontour", + SetValues: map[string]string{ + "installCRDs": "true", + }, + } // koperatorLocalHelmDescriptor describes the Koperator Helm component with // a local chart and version. diff --git a/tests/e2e/test_install.go b/tests/e2e/test_install.go index 185065644..faed78a0f 100644 --- a/tests/e2e/test_install.go +++ b/tests/e2e/test_install.go @@ -37,6 +37,13 @@ func testInstall() bool { }) }) + When("Installing contour ingress controller", func() { + It("Installing contour Helm chart", func() { + err = contourIngressControllerHelmDescriptor.installHelmChart(kubectlOptions) + Expect(err).NotTo(HaveOccurred()) + }) + }) + When("Installing zookeeper-operator", func() { It("Installing zookeeper-operator Helm chart", func() { err = zookeeperOperatorHelmDescriptor.installHelmChart(kubectlOptions) From a6f6408705cb260f996e30a5a2a3bfcab57e7218 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Tue, 14 May 2024 11:40:24 +0300 Subject: [PATCH 13/19] Remove unused fields --- api/v1beta1/kafkacluster_types.go | 8 -------- charts/kafka-operator/crds/kafkaclusters.yaml | 20 ------------------- .../kafka.banzaicloud.io_kafkaclusters.yaml | 20 ------------------- 3 files changed, 48 deletions(-) diff --git a/api/v1beta1/kafkacluster_types.go b/api/v1beta1/kafkacluster_types.go index 9b47b42a9..9a9c3b645 100644 --- a/api/v1beta1/kafkacluster_types.go +++ b/api/v1beta1/kafkacluster_types.go @@ -598,10 +598,6 @@ func (c ContourIngressConfig) GetBrokerFqdn(brokerId int32) string { return strings.Replace(c.BrokerFQDNTemplate, "%id", strconv.Itoa(int(brokerId)), 1) } -func (c ContourIngressConfig) GetAnycastFqdn() string { - return c.AnyCastFQDNTemplate -} - // Replace %id in brokerHostnameTemplate with actual broker id func (c EnvoyConfig) GetBrokerHostname(brokerId int32) string { return strings.Replace(c.BrokerHostnameTemplate, "%id", strconv.Itoa(int(brokerId)), 1) @@ -713,12 +709,8 @@ type IngressConfig struct { type ContourIngressConfig struct { // TLS secret used for Contour IngressRoute resource TLSSecretName string `json:"tlsSecretName"` - // ContourIngressClass is the IngressClass that Contour should use to route traffic to the Kafka cluster. - ContourIngressClass string `json:"contourIngressClass"` // Broker hostname template for Contour IngressRoute resource to generate broker hostnames. BrokerFQDNTemplate string `json:"brokerFQDNTemplate"` - // AnyCastFQDNTemplate is the template used to generate the anycast FQDN for the Kafka cluster. - AnyCastFQDNTemplate string `json:"anyCastFQDNTemplate,omitempty"` } // InternalListenerConfig defines the internal listener config for Kafka diff --git a/charts/kafka-operator/crds/kafkaclusters.yaml b/charts/kafka-operator/crds/kafkaclusters.yaml index 88e64b63b..e20593bc2 100644 --- a/charts/kafka-operator/crds/kafkaclusters.yaml +++ b/charts/kafka-operator/crds/kafkaclusters.yaml @@ -12901,24 +12901,15 @@ spec: type: string contourIngressConfig: properties: - anyCastFQDNTemplate: - description: AnyCastFQDNTemplate is the template used to generate - the anycast FQDN for the Kafka cluster. - type: string brokerFQDNTemplate: description: Broker hostname template for Contour IngressRoute resource to generate broker hostnames. type: string - contourIngressClass: - description: ContourIngressClass is the IngressClass that Contour - should use to route traffic to the Kafka cluster. - type: string tlsSecretName: description: TLS secret used for Contour IngressRoute resource type: string required: - brokerFQDNTemplate - - contourIngressClass - tlsSecretName type: object cruiseControlConfig: @@ -19216,28 +19207,17 @@ spec: properties: contourIngressConfig: properties: - anyCastFQDNTemplate: - description: AnyCastFQDNTemplate is the template - used to generate the anycast FQDN for the - Kafka cluster. - type: string brokerFQDNTemplate: description: Broker hostname template for Contour IngressRoute resource to generate broker hostnames. type: string - contourIngressClass: - description: ContourIngressClass is the IngressClass - that Contour should use to route traffic - to the Kafka cluster. - type: string tlsSecretName: description: TLS secret used for Contour IngressRoute resource type: string required: - brokerFQDNTemplate - - contourIngressClass - tlsSecretName type: object envoyConfig: diff --git a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml index 88e64b63b..e20593bc2 100644 --- a/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml +++ b/config/base/crds/kafka.banzaicloud.io_kafkaclusters.yaml @@ -12901,24 +12901,15 @@ spec: type: string contourIngressConfig: properties: - anyCastFQDNTemplate: - description: AnyCastFQDNTemplate is the template used to generate - the anycast FQDN for the Kafka cluster. - type: string brokerFQDNTemplate: description: Broker hostname template for Contour IngressRoute resource to generate broker hostnames. type: string - contourIngressClass: - description: ContourIngressClass is the IngressClass that Contour - should use to route traffic to the Kafka cluster. - type: string tlsSecretName: description: TLS secret used for Contour IngressRoute resource type: string required: - brokerFQDNTemplate - - contourIngressClass - tlsSecretName type: object cruiseControlConfig: @@ -19216,28 +19207,17 @@ spec: properties: contourIngressConfig: properties: - anyCastFQDNTemplate: - description: AnyCastFQDNTemplate is the template - used to generate the anycast FQDN for the - Kafka cluster. - type: string brokerFQDNTemplate: description: Broker hostname template for Contour IngressRoute resource to generate broker hostnames. type: string - contourIngressClass: - description: ContourIngressClass is the IngressClass - that Contour should use to route traffic - to the Kafka cluster. - type: string tlsSecretName: description: TLS secret used for Contour IngressRoute resource type: string required: - brokerFQDNTemplate - - contourIngressClass - tlsSecretName type: object envoyConfig: From ba4c7563c609c25f3f11af155fa1c6253a0aa43f Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Tue, 14 May 2024 15:35:24 +0300 Subject: [PATCH 14/19] Some tests --- config/test/crd/projectcontour/crds.yaml | 8562 +++++++++++++++++ .../tests/clusterregistry/suite_test.go | 1 + .../kafkacluster_controller_contour_test.go | 173 + .../tests/kafkacluster_controller_test.go | 18 + controllers/tests/suite_test.go | 1 + 5 files changed, 8755 insertions(+) create mode 100644 config/test/crd/projectcontour/crds.yaml create mode 100644 controllers/tests/kafkacluster_controller_contour_test.go diff --git a/config/test/crd/projectcontour/crds.yaml b/config/test/crd/projectcontour/crds.yaml new file mode 100644 index 000000000..c240baeaf --- /dev/null +++ b/config/test/crd/projectcontour/crds.yaml @@ -0,0 +1,8562 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: contourconfigurations.projectcontour.io +spec: + preserveUnknownFields: false + group: projectcontour.io + names: + kind: ContourConfiguration + listKind: ContourConfigurationList + plural: contourconfigurations + shortNames: + - contourconfig + singular: contourconfiguration + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ContourConfiguration is the schema for a Contour instance. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ContourConfigurationSpec represents a configuration of a Contour controller. + It contains most of all the options that can be customized, the + other remaining options being command line flags. + properties: + debug: + description: |- + Debug contains parameters to enable debug logging + and debug interfaces inside Contour. + properties: + address: + description: |- + Defines the Contour debug address interface. + Contour's default is "127.0.0.1". + type: string + port: + description: |- + Defines the Contour debug address port. + Contour's default is 6060. + type: integer + type: object + enableExternalNameService: + description: |- + EnableExternalNameService allows processing of ExternalNameServices + Contour's default is false for security reasons. + type: boolean + envoy: + description: |- + Envoy contains parameters for Envoy as well + as how to optionally configure a managed Envoy fleet. + properties: + clientCertificate: + description: |- + ClientCertificate defines the namespace/name of the Kubernetes + secret containing the client certificate and private key + to be used when establishing TLS connection to upstream + cluster. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + cluster: + description: |- + Cluster holds various configurable Envoy cluster values that can + be set in the config file. + properties: + circuitBreakers: + description: |- + GlobalCircuitBreakerDefaults specifies default circuit breaker budget across all services. + If defined, this will be used as the default for all services. + properties: + maxConnections: + description: The maximum number of connections that a + single Envoy instance allows to the Kubernetes Service; + defaults to 1024. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests that + a single Envoy instance allows to the Kubernetes Service; + defaults to 1024. + format: int32 + type: integer + maxRequests: + description: The maximum parallel requests a single Envoy + instance allows to the Kubernetes Service; defaults + to 1024 + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries a + single Envoy instance allows to the Kubernetes Service; + defaults to 3. + format: int32 + type: integer + type: object + dnsLookupFamily: + description: |- + DNSLookupFamily defines how external names are looked up + When configured as V4, the DNS resolver will only perform a lookup + for addresses in the IPv4 family. If V6 is configured, the DNS resolver + will only perform a lookup for addresses in the IPv6 family. + If AUTO is configured, the DNS resolver will first perform a lookup + for addresses in the IPv6 family and fallback to a lookup for addresses + in the IPv4 family. If ALL is specified, the DNS resolver will perform a lookup for + both IPv4 and IPv6 families, and return all resolved addresses. + When this is used, Happy Eyeballs will be enabled for upstream connections. + Refer to Happy Eyeballs Support for more information. + Note: This only applies to externalName clusters. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily + for more information. + Values: `auto` (default), `v4`, `v6`, `all`. + Other values will produce an error. + type: string + maxRequestsPerConnection: + description: |- + Defines the maximum requests for upstream connections. If not specified, there is no limit. + see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions + for more information. + format: int32 + minimum: 1 + type: integer + per-connection-buffer-limit-bytes: + description: |- + Defines the soft limit on size of the cluster’s new connection read and write buffers in bytes. + If unspecified, an implementation defined default is applied (1MiB). + see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes + for more information. + format: int32 + minimum: 1 + type: integer + upstreamTLS: + description: UpstreamTLS contains the TLS policy parameters + for upstream connections + properties: + cipherSuites: + description: |- + CipherSuites defines the TLS ciphers to be supported by Envoy TLS + listeners when negotiating TLS 1.2. Ciphers are validated against the + set that Envoy supports by default. This parameter should only be used + by advanced users. Note that these will be ignored when TLS 1.3 is in + use. + This field is optional; when it is undefined, a Contour-managed ciphersuite list + will be used, which may be updated to keep it secure. + Contour's default list is: + - "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]" + - "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]" + - "ECDHE-ECDSA-AES256-GCM-SHA384" + - "ECDHE-RSA-AES256-GCM-SHA384" + Ciphers provided are validated against the following list: + - "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]" + - "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]" + - "ECDHE-ECDSA-AES128-GCM-SHA256" + - "ECDHE-RSA-AES128-GCM-SHA256" + - "ECDHE-ECDSA-AES128-SHA" + - "ECDHE-RSA-AES128-SHA" + - "AES128-GCM-SHA256" + - "AES128-SHA" + - "ECDHE-ECDSA-AES256-GCM-SHA384" + - "ECDHE-RSA-AES256-GCM-SHA384" + - "ECDHE-ECDSA-AES256-SHA" + - "ECDHE-RSA-AES256-SHA" + - "AES256-GCM-SHA384" + - "AES256-SHA" + Contour recommends leaving this undefined unless you are sure you must. + See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters + Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS. + items: + type: string + type: array + maximumProtocolVersion: + description: |- + MaximumProtocolVersion is the maximum TLS version this vhost should + negotiate. + Values: `1.2`, `1.3`(default). + Other values will produce an error. + type: string + minimumProtocolVersion: + description: |- + MinimumProtocolVersion is the minimum TLS version this vhost should + negotiate. + Values: `1.2` (default), `1.3`. + Other values will produce an error. + type: string + type: object + type: object + defaultHTTPVersions: + description: |- + DefaultHTTPVersions defines the default set of HTTPS + versions the proxy should accept. HTTP versions are + strings of the form "HTTP/xx". Supported versions are + "HTTP/1.1" and "HTTP/2". + Values: `HTTP/1.1`, `HTTP/2` (default: both). + Other values will produce an error. + items: + description: HTTPVersionType is the name of a supported HTTP + version. + type: string + type: array + health: + description: |- + Health defines the endpoint Envoy uses to serve health checks. + Contour's default is { address: "0.0.0.0", port: 8002 }. + properties: + address: + description: Defines the health address interface. + minLength: 1 + type: string + port: + description: Defines the health port. + type: integer + type: object + http: + description: |- + Defines the HTTP Listener for Envoy. + Contour's default is { address: "0.0.0.0", port: 8080, accessLog: "/dev/stdout" }. + properties: + accessLog: + description: AccessLog defines where Envoy logs are outputted + for this listener. + type: string + address: + description: Defines an Envoy Listener Address. + minLength: 1 + type: string + port: + description: Defines an Envoy listener Port. + type: integer + type: object + https: + description: |- + Defines the HTTPS Listener for Envoy. + Contour's default is { address: "0.0.0.0", port: 8443, accessLog: "/dev/stdout" }. + properties: + accessLog: + description: AccessLog defines where Envoy logs are outputted + for this listener. + type: string + address: + description: Defines an Envoy Listener Address. + minLength: 1 + type: string + port: + description: Defines an Envoy listener Port. + type: integer + type: object + listener: + description: Listener hold various configurable Envoy listener + values. + properties: + connectionBalancer: + description: |- + ConnectionBalancer. If the value is exact, the listener will use the exact connection balancer + See https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig + for more information. + Values: (empty string): use the default ConnectionBalancer, `exact`: use the Exact ConnectionBalancer. + Other values will produce an error. + type: string + disableAllowChunkedLength: + description: |- + DisableAllowChunkedLength disables the RFC-compliant Envoy behavior to + strip the "Content-Length" header if "Transfer-Encoding: chunked" is + also set. This is an emergency off-switch to revert back to Envoy's + default behavior in case of failures. Please file an issue if failures + are encountered. + See: https://github.com/projectcontour/contour/issues/3221 + Contour's default is false. + type: boolean + disableMergeSlashes: + description: |- + DisableMergeSlashes disables Envoy's non-standard merge_slashes path transformation option + which strips duplicate slashes from request URL paths. + Contour's default is false. + type: boolean + httpMaxConcurrentStreams: + description: |- + Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the + SETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed + for a peer on a single HTTP/2 connection. It is recommended to not set this lower + than 100 but this field can be used to bound resource usage by HTTP/2 connections + and mitigate attacks like CVE-2023-44487. The default value when this is not set is + unlimited. + format: int32 + minimum: 1 + type: integer + maxConnectionsPerListener: + description: |- + Defines the limit on number of active connections to a listener. The limit is applied + per listener. The default value when this is not set is unlimited. + format: int32 + minimum: 1 + type: integer + maxRequestsPerConnection: + description: |- + Defines the maximum requests for downstream connections. If not specified, there is no limit. + see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions + for more information. + format: int32 + minimum: 1 + type: integer + maxRequestsPerIOCycle: + description: |- + Defines the limit on number of HTTP requests that Envoy will process from a single + connection in a single I/O cycle. Requests over this limit are processed in subsequent + I/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is + detected. Configures the http.max_requests_per_io_cycle Envoy runtime setting. The default + value when this is not set is no limit. + format: int32 + minimum: 1 + type: integer + per-connection-buffer-limit-bytes: + description: |- + Defines the soft limit on size of the listener’s new connection read and write buffers in bytes. + If unspecified, an implementation defined default is applied (1MiB). + see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-per-connection-buffer-limit-bytes + for more information. + format: int32 + minimum: 1 + type: integer + serverHeaderTransformation: + description: |- + Defines the action to be applied to the Server header on the response path. + When configured as overwrite, overwrites any Server header with "envoy". + When configured as append_if_absent, if a Server header is present, pass it through, otherwise set it to "envoy". + When configured as pass_through, pass through the value of the Server header, and do not append a header if none is present. + Values: `overwrite` (default), `append_if_absent`, `pass_through` + Other values will produce an error. + Contour's default is overwrite. + type: string + socketOptions: + description: |- + SocketOptions defines configurable socket options for the listeners. + Single set of options are applied to all listeners. + properties: + tos: + description: |- + Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners. + Single value is applied to all listeners. + If listeners are bound to IPv6-only addresses, setting this option will cause an error. + format: int32 + maximum: 255 + minimum: 0 + type: integer + trafficClass: + description: |- + Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners. + Single value is applied to all listeners. + If listeners are bound to IPv4-only addresses, setting this option will cause an error. + format: int32 + maximum: 255 + minimum: 0 + type: integer + type: object + tls: + description: TLS holds various configurable Envoy TLS listener + values. + properties: + cipherSuites: + description: |- + CipherSuites defines the TLS ciphers to be supported by Envoy TLS + listeners when negotiating TLS 1.2. Ciphers are validated against the + set that Envoy supports by default. This parameter should only be used + by advanced users. Note that these will be ignored when TLS 1.3 is in + use. + This field is optional; when it is undefined, a Contour-managed ciphersuite list + will be used, which may be updated to keep it secure. + Contour's default list is: + - "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]" + - "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]" + - "ECDHE-ECDSA-AES256-GCM-SHA384" + - "ECDHE-RSA-AES256-GCM-SHA384" + Ciphers provided are validated against the following list: + - "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]" + - "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]" + - "ECDHE-ECDSA-AES128-GCM-SHA256" + - "ECDHE-RSA-AES128-GCM-SHA256" + - "ECDHE-ECDSA-AES128-SHA" + - "ECDHE-RSA-AES128-SHA" + - "AES128-GCM-SHA256" + - "AES128-SHA" + - "ECDHE-ECDSA-AES256-GCM-SHA384" + - "ECDHE-RSA-AES256-GCM-SHA384" + - "ECDHE-ECDSA-AES256-SHA" + - "ECDHE-RSA-AES256-SHA" + - "AES256-GCM-SHA384" + - "AES256-SHA" + Contour recommends leaving this undefined unless you are sure you must. + See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters + Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS. + items: + type: string + type: array + maximumProtocolVersion: + description: |- + MaximumProtocolVersion is the maximum TLS version this vhost should + negotiate. + Values: `1.2`, `1.3`(default). + Other values will produce an error. + type: string + minimumProtocolVersion: + description: |- + MinimumProtocolVersion is the minimum TLS version this vhost should + negotiate. + Values: `1.2` (default), `1.3`. + Other values will produce an error. + type: string + type: object + useProxyProtocol: + description: |- + Use PROXY protocol for all listeners. + Contour's default is false. + type: boolean + type: object + logging: + description: Logging defines how Envoy's logs can be configured. + properties: + accessLogFormat: + description: |- + AccessLogFormat sets the global access log format. + Values: `envoy` (default), `json`. + Other values will produce an error. + type: string + accessLogFormatString: + description: |- + AccessLogFormatString sets the access log format when format is set to `envoy`. + When empty, Envoy's default format is used. + type: string + accessLogJSONFields: + description: |- + AccessLogJSONFields sets the fields that JSON logging will + output when AccessLogFormat is json. + items: + type: string + type: array + accessLogLevel: + description: |- + AccessLogLevel sets the verbosity level of the access log. + Values: `info` (default, all requests are logged), `error` (all non-success requests, i.e. 300+ response code, are logged), `critical` (all 5xx requests are logged) and `disabled`. + Other values will produce an error. + type: string + type: object + metrics: + description: |- + Metrics defines the endpoint Envoy uses to serve metrics. + Contour's default is { address: "0.0.0.0", port: 8002 }. + properties: + address: + description: Defines the metrics address interface. + maxLength: 253 + minLength: 1 + type: string + port: + description: Defines the metrics port. + type: integer + tls: + description: |- + TLS holds TLS file config details. + Metrics and health endpoints cannot have same port number when metrics is served over HTTPS. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + keyFile: + description: Client key filename. + type: string + type: object + type: object + network: + description: Network holds various configurable Envoy network + values. + properties: + adminPort: + description: |- + Configure the port used to access the Envoy Admin interface. + If configured to port "0" then the admin interface is disabled. + Contour's default is 9001. + type: integer + numTrustedHops: + description: |- + XffNumTrustedHops defines the number of additional ingress proxy hops from the + right side of the x-forwarded-for HTTP header to trust when determining the origin + client’s IP address. + See https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops + for more information. + Contour's default is 0. + format: int32 + type: integer + type: object + service: + description: |- + Service holds Envoy service parameters for setting Ingress status. + Contour's default is { namespace: "projectcontour", name: "envoy" }. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + timeouts: + description: |- + Timeouts holds various configurable timeouts that can + be set in the config file. + properties: + connectTimeout: + description: |- + ConnectTimeout defines how long the proxy should wait when establishing connection to upstream service. + If not set, a default value of 2 seconds will be used. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout + for more information. + type: string + connectionIdleTimeout: + description: |- + ConnectionIdleTimeout defines how long the proxy should wait while there are + no active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating + an HTTP connection. Set to "infinity" to disable the timeout entirely. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout + for more information. + type: string + connectionShutdownGracePeriod: + description: |- + ConnectionShutdownGracePeriod defines how long the proxy will wait between sending an + initial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection. + During this grace period, the proxy will continue to respond to new streams. After the final + GOAWAY frame has been sent, the proxy will refuse new streams. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout + for more information. + type: string + delayedCloseTimeout: + description: |- + DelayedCloseTimeout defines how long envoy will wait, once connection + close processing has been initiated, for the downstream peer to close + the connection before Envoy closes the socket associated with the connection. + Setting this timeout to 'infinity' will disable it, equivalent to setting it to '0' + in Envoy. Leaving it unset will result in the Envoy default value being used. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout + for more information. + type: string + maxConnectionDuration: + description: |- + MaxConnectionDuration defines the maximum period of time after an HTTP connection + has been established from the client to the proxy before it is closed by the proxy, + regardless of whether there has been activity or not. Omit or set to "infinity" for + no max duration. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration + for more information. + type: string + requestTimeout: + description: |- + RequestTimeout sets the client request timeout globally for Contour. Note that + this is a timeout for the entire request, not an idle timeout. Omit or set to + "infinity" to disable the timeout entirely. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout + for more information. + type: string + streamIdleTimeout: + description: |- + StreamIdleTimeout defines how long the proxy should wait while there is no + request activity (for HTTP/1.1) or stream activity (for HTTP/2) before + terminating the HTTP request or stream. Set to "infinity" to disable the + timeout entirely. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout + for more information. + type: string + type: object + type: object + featureFlags: + description: |- + FeatureFlags defines toggle to enable new contour features. + Available toggles are: + useEndpointSlices - Configures contour to fetch endpoint data + from k8s endpoint slices. defaults to true, + If false then reads endpoint data from the k8s endpoints. + items: + type: string + type: array + gateway: + description: |- + Gateway contains parameters for the gateway-api Gateway that Contour + is configured to serve traffic. + properties: + gatewayRef: + description: |- + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + required: + - gatewayRef + type: object + globalExtAuth: + description: |- + GlobalExternalAuthorization allows envoys external authorization filter + to be enabled for all virtual hosts. + properties: + authPolicy: + description: |- + AuthPolicy sets a default authorization policy for client requests. + This policy will be used unless overridden by individual routes. + properties: + context: + additionalProperties: + type: string + description: |- + Context is a set of key/value pairs that are sent to the + authentication server in the check request. If a context + is provided at an enclosing scope, the entries are merged + such that the inner scope overrides matching keys from the + outer scope. + type: object + disabled: + description: |- + When true, this field disables client request authentication + for the scope of the policy. + type: boolean + type: object + extensionRef: + description: ExtensionServiceRef specifies the extension resource + that will authorize client requests. + properties: + apiVersion: + description: |- + API version of the referent. + If this field is not specified, the default "projectcontour.io/v1alpha1" will be used + minLength: 1 + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referent. + If this field is not specifies, the namespace of the resource that targets the referent will be used. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + minLength: 1 + type: string + type: object + failOpen: + description: |- + If FailOpen is true, the client request is forwarded to the upstream service + even if the authorization server fails to respond. This field should not be + set in most cases. It is intended for use only while migrating applications + from internal authorization to Contour external authorization. + type: boolean + responseTimeout: + description: |- + ResponseTimeout configures maximum time to wait for a check response from the authorization server. + Timeout durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration). + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + The string "infinity" is also a valid input and specifies no timeout. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + withRequestBody: + description: WithRequestBody specifies configuration for sending + the client request's body to authorization server. + properties: + allowPartialMessage: + description: If AllowPartialMessage is true, then Envoy will + buffer the body until MaxRequestBytes are reached. + type: boolean + maxRequestBytes: + default: 1024 + description: MaxRequestBytes sets the maximum size of message + body ExtAuthz filter will hold in-memory. + format: int32 + minimum: 1 + type: integer + packAsBytes: + description: If PackAsBytes is true, the body sent to Authorization + Server is in raw bytes. + type: boolean + type: object + type: object + health: + description: |- + Health defines the endpoints Contour uses to serve health checks. + Contour's default is { address: "0.0.0.0", port: 8000 }. + properties: + address: + description: Defines the health address interface. + minLength: 1 + type: string + port: + description: Defines the health port. + type: integer + type: object + httpproxy: + description: HTTPProxy defines parameters on HTTPProxy. + properties: + disablePermitInsecure: + description: |- + DisablePermitInsecure disables the use of the + permitInsecure field in HTTPProxy. + Contour's default is false. + type: boolean + fallbackCertificate: + description: |- + FallbackCertificate defines the namespace/name of the Kubernetes secret to + use as fallback when a non-SNI request is received. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + rootNamespaces: + description: Restrict Contour to searching these namespaces for + root ingress routes. + items: + type: string + type: array + type: object + ingress: + description: Ingress contains parameters for ingress options. + properties: + classNames: + description: Ingress Class Names Contour should use. + items: + type: string + type: array + statusAddress: + description: Address to set in Ingress object status. + type: string + type: object + metrics: + description: |- + Metrics defines the endpoint Contour uses to serve metrics. + Contour's default is { address: "0.0.0.0", port: 8000 }. + properties: + address: + description: Defines the metrics address interface. + maxLength: 253 + minLength: 1 + type: string + port: + description: Defines the metrics port. + type: integer + tls: + description: |- + TLS holds TLS file config details. + Metrics and health endpoints cannot have same port number when metrics is served over HTTPS. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + keyFile: + description: Client key filename. + type: string + type: object + type: object + policy: + description: Policy specifies default policy applied if not overridden + by the user + properties: + applyToIngress: + description: |- + ApplyToIngress determines if the Policies will apply to ingress objects + Contour's default is false. + type: boolean + requestHeaders: + description: RequestHeadersPolicy defines the request headers + set/removed on all routes + properties: + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + responseHeaders: + description: ResponseHeadersPolicy defines the response headers + set/removed on all routes + properties: + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + rateLimitService: + description: |- + RateLimitService optionally holds properties of the Rate Limit Service + to be used for global rate limiting. + properties: + defaultGlobalRateLimitPolicy: + description: |- + DefaultGlobalRateLimitPolicy allows setting a default global rate limit policy for every HTTPProxy. + HTTPProxy can overwrite this configuration. + properties: + descriptors: + description: |- + Descriptors defines the list of descriptors that will + be generated and sent to the rate limit service. Each + descriptor contains 1+ key-value pair entries. + items: + description: RateLimitDescriptor defines a list of key-value + pair generators. + properties: + entries: + description: Entries is the list of key-value pair generators. + items: + description: |- + RateLimitDescriptorEntry is a key-value pair generator. Exactly + one field on this struct must be non-nil. + properties: + genericKey: + description: GenericKey defines a descriptor entry + with a static key and value. + properties: + key: + description: |- + Key defines the key of the descriptor entry. If not set, the + key is set to "generic_key". + type: string + value: + description: Value defines the value of the + descriptor entry. + minLength: 1 + type: string + type: object + remoteAddress: + description: |- + RemoteAddress defines a descriptor entry with a key of "remote_address" + and a value equal to the client's IP address (from x-forwarded-for). + type: object + requestHeader: + description: |- + RequestHeader defines a descriptor entry that's populated only if + a given header is present on the request. The descriptor key is static, + and the descriptor value is equal to the value of the header. + properties: + descriptorKey: + description: DescriptorKey defines the key + to use on the descriptor entry. + minLength: 1 + type: string + headerName: + description: HeaderName defines the name of + the header to look for on the request. + minLength: 1 + type: string + type: object + requestHeaderValueMatch: + description: |- + RequestHeaderValueMatch defines a descriptor entry that's populated + if the request's headers match a set of 1+ match criteria. The + descriptor key is "header_match", and the descriptor value is static. + properties: + expectMatch: + default: true + description: |- + ExpectMatch defines whether the request must positively match the match + criteria in order to generate a descriptor entry (i.e. true), or not + match the match criteria in order to generate a descriptor entry (i.e. false). + The default is true. + type: boolean + headers: + description: |- + Headers is a list of 1+ match criteria to apply against the request + to determine whether to populate the descriptor entry or not. + items: + description: |- + HeaderMatchCondition specifies how to conditionally match against HTTP + headers. The Name field is required, only one of Present, NotPresent, + Contains, NotContains, Exact, NotExact and Regex can be set. + For negative matching rules only (e.g. NotContains or NotExact) you can set + TreatMissingAsEmpty. + IgnoreCase has no effect for Regex. + properties: + contains: + description: |- + Contains specifies a substring that must be present in + the header value. + type: string + exact: + description: Exact specifies a string + that the header value must be equal + to. + type: string + ignoreCase: + description: |- + IgnoreCase specifies that string matching should be case insensitive. + Note that this has no effect on the Regex parameter. + type: boolean + name: + description: |- + Name is the name of the header to match against. Name is required. + Header names are case insensitive. + type: string + notcontains: + description: |- + NotContains specifies a substring that must not be present + in the header value. + type: string + notexact: + description: |- + NoExact specifies a string that the header value must not be + equal to. The condition is true if the header has any other value. + type: string + notpresent: + description: |- + NotPresent specifies that condition is true when the named header + is not present. Note that setting NotPresent to false does not + make the condition true if the named header is present. + type: boolean + present: + description: |- + Present specifies that condition is true when the named header + is present, regardless of its value. Note that setting Present + to false does not make the condition true if the named header + is absent. + type: boolean + regex: + description: |- + Regex specifies a regular expression pattern that must match the header + value. + type: string + treatMissingAsEmpty: + description: |- + TreatMissingAsEmpty specifies if the header match rule specified header + does not exist, this header value will be treated as empty. Defaults to false. + Unlike the underlying Envoy implementation this is **only** supported for + negative matches (e.g. NotContains, NotExact). + type: boolean + required: + - name + type: object + minItems: 1 + type: array + value: + description: Value defines the value of the + descriptor entry. + minLength: 1 + type: string + type: object + type: object + minItems: 1 + type: array + type: object + minItems: 1 + type: array + disabled: + description: |- + Disabled configures the HTTPProxy to not use + the default global rate limit policy defined by the Contour configuration. + type: boolean + type: object + domain: + description: Domain is passed to the Rate Limit Service. + type: string + enableResourceExhaustedCode: + description: |- + EnableResourceExhaustedCode enables translating error code 429 to + grpc code RESOURCE_EXHAUSTED. When disabled it's translated to UNAVAILABLE + type: boolean + enableXRateLimitHeaders: + description: |- + EnableXRateLimitHeaders defines whether to include the X-RateLimit + headers X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset + (as defined by the IETF Internet-Draft linked below), on responses + to clients when the Rate Limit Service is consulted for a request. + ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html + type: boolean + extensionService: + description: ExtensionService identifies the extension service + defining the RLS. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + failOpen: + description: |- + FailOpen defines whether to allow requests to proceed when the + Rate Limit Service fails to respond with a valid rate limit + decision within the timeout defined on the extension service. + type: boolean + required: + - extensionService + type: object + tracing: + description: Tracing defines properties for exporting trace data to + OpenTelemetry. + properties: + customTags: + description: CustomTags defines a list of custom tags with unique + tag name. + items: + description: |- + CustomTag defines custom tags with unique tag name + to create tags for the active span. + properties: + literal: + description: |- + Literal is a static custom tag value. + Precisely one of Literal, RequestHeaderName must be set. + type: string + requestHeaderName: + description: |- + RequestHeaderName indicates which request header + the label value is obtained from. + Precisely one of Literal, RequestHeaderName must be set. + type: string + tagName: + description: TagName is the unique name of the custom tag. + type: string + required: + - tagName + type: object + type: array + extensionService: + description: ExtensionService identifies the extension service + defining the otel-collector. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + includePodDetail: + description: |- + IncludePodDetail defines a flag. + If it is true, contour will add the pod name and namespace to the span of the trace. + the default is true. + Note: The Envoy pods MUST have the HOSTNAME and CONTOUR_NAMESPACE environment variables set for this to work properly. + type: boolean + maxPathTagLength: + description: |- + MaxPathTagLength defines maximum length of the request path + to extract and include in the HttpUrl tag. + contour's default is 256. + format: int32 + type: integer + overallSampling: + description: |- + OverallSampling defines the sampling rate of trace data. + contour's default is 100. + type: string + serviceName: + description: |- + ServiceName defines the name for the service. + contour's default is contour. + type: string + required: + - extensionService + type: object + xdsServer: + description: XDSServer contains parameters for the xDS server. + properties: + address: + description: |- + Defines the xDS gRPC API address which Contour will serve. + Contour's default is "0.0.0.0". + minLength: 1 + type: string + port: + description: |- + Defines the xDS gRPC API port which Contour will serve. + Contour's default is 8001. + type: integer + tls: + description: |- + TLS holds TLS file config details. + Contour's default is { caFile: "/certs/ca.crt", certFile: "/certs/tls.cert", keyFile: "/certs/tls.key", insecure: false }. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + insecure: + description: Allow serving the xDS gRPC API without TLS. + type: boolean + keyFile: + description: Client key filename. + type: string + type: object + type: + description: |- + Defines the XDSServer to use for `contour serve`. + Values: `envoy` (default), `contour (deprecated)`. + Other values will produce an error. + type: string + type: object + type: object + status: + description: ContourConfigurationStatus defines the observed state of + a ContourConfiguration resource. + properties: + conditions: + description: |- + Conditions contains the current status of the Contour resource. + Contour will update a single condition, `Valid`, that is in normal-true polarity. + Contour will not modify any other Conditions set in this block, + in case some other controller wants to add a Condition. + items: + description: |- + DetailedCondition is an extension of the normal Kubernetes conditions, with two extra + fields to hold sub-conditions, which provide more detailed reasons for the state (True or False) + of the condition. + `errors` holds information about sub-conditions which are fatal to that condition and render its state False. + `warnings` holds information about sub-conditions which are not fatal to that condition and do not force the state to be False. + Remember that Conditions have a type, a status, and a reason. + The type is the type of the condition, the most important one in this CRD set is `Valid`. + `Valid` is a positive-polarity condition: when it is `status: true` there are no problems. + In more detail, `status: true` means that the object is has been ingested into Contour with no errors. + `warnings` may still be present, and will be indicated in the Reason field. There must be zero entries in the `errors` + slice in this case. + `Valid`, `status: false` means that the object has had one or more fatal errors during processing into Contour. + The details of the errors will be present under the `errors` field. There must be at least one error in the `errors` + slice if `status` is `false`. + For DetailedConditions of types other than `Valid`, the Condition must be in the negative polarity. + When they have `status` `true`, there is an error. There must be at least one entry in the `errors` Subcondition slice. + When they have `status` `false`, there are no serious errors, and there must be zero entries in the `errors` slice. + In either case, there may be entries in the `warnings` slice. + Regardless of the polarity, the `reason` and `message` fields must be updated with either the detail of the reason + (if there is one and only one entry in total across both the `errors` and `warnings` slices), or + `MultipleReasons` if there is more than one entry. + properties: + errors: + description: |- + Errors contains a slice of relevant error subconditions for this object. + Subconditions are expected to appear when relevant (when there is a error), and disappear when not relevant. + An empty slice here indicates no errors. + items: + description: |- + SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. + It contains a subset of the Condition fields. + It is intended for warnings and errors, so `type` names should use abnormal-true polarity, + that is, they should be of the form "ErrorPresent: true". + The expected lifecycle for these errors is that they should only be present when the error or warning is, + and should be removed when they are not relevant. + properties: + message: + description: |- + Message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: |- + Reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + warnings: + description: |- + Warnings contains a slice of relevant warning subconditions for this object. + Subconditions are expected to appear when relevant (when there is a warning), and disappear when not relevant. + An empty slice here indicates no warnings. + items: + description: |- + SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. + It contains a subset of the Condition fields. + It is intended for warnings and errors, so `type` names should use abnormal-true polarity, + that is, they should be of the form "ErrorPresent: true". + The expected lifecycle for these errors is that they should only be present when the error or warning is, + and should be removed when they are not relevant. + properties: + message: + description: |- + Message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: |- + Reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: contourdeployments.projectcontour.io +spec: + preserveUnknownFields: false + group: projectcontour.io + names: + kind: ContourDeployment + listKind: ContourDeploymentList + plural: contourdeployments + shortNames: + - contourdeploy + singular: contourdeployment + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ContourDeployment is the schema for a Contour Deployment. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ContourDeploymentSpec specifies options for how a Contour + instance should be provisioned. + properties: + contour: + description: |- + Contour specifies deployment-time settings for the Contour + part of the installation, i.e. the xDS server/control plane + and associated resources, including things like replica count + for the Deployment, and node placement constraints for the pods. + properties: + deployment: + description: Deployment describes the settings for running contour + as a `Deployment`. + properties: + replicas: + description: Replicas is the desired number of replicas. + format: int32 + minimum: 0 + type: integer + strategy: + description: Strategy describes the deployment strategy to + use to replace existing pods with new pods. + properties: + rollingUpdate: + description: |- + Rolling update config params. Present only if DeploymentStrategyType = + RollingUpdate. + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 25%. + Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + the rolling update starts, such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that total number of pods running + at any time during the update is at most 130% of desired pods. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + that the total number of pods available at all times during the update is at + least 70% of desired pods. + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or + "RollingUpdate". Default is RollingUpdate. + type: string + type: object + type: object + disabledFeatures: + description: |- + DisabledFeatures defines an array of resources that will be ignored by + contour reconciler. + items: + enum: + - grpcroutes + - tlsroutes + - extensionservices + - backendtlspolicies + type: string + maxItems: 42 + minItems: 1 + type: array + kubernetesLogLevel: + description: |- + KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset, + defaults to 0. + maximum: 9 + minimum: 0 + type: integer + logLevel: + description: |- + LogLevel sets the log level for Contour + Allowed values are "info", "debug". + type: string + nodePlacement: + description: NodePlacement describes node scheduling configuration + of Contour pods. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is the simplest recommended form of node selection constraint + and specifies a map of key-value pairs. For the pod to be eligible + to run on a node, the node must have each of the indicated key-value pairs + as labels (it can have additional labels as well). + If unset, the pod(s) will be scheduled to any available node. + type: object + tolerations: + description: |- + Tolerations work with taints to ensure that pods are not scheduled + onto inappropriate nodes. One or more taints are applied to a node; this + marks that the node should not accept any pods that do not tolerate the + taints. + The default is an empty list. + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + for additional details. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + podAnnotations: + additionalProperties: + type: string + description: |- + PodAnnotations defines annotations to add to the Contour pods. + the annotations for Prometheus will be appended or overwritten with predefined value. + type: object + replicas: + description: |- + Deprecated: Use `DeploymentSettings.Replicas` instead. + Replicas is the desired number of Contour replicas. If if unset, + defaults to 2. + if both `DeploymentSettings.Replicas` and this one is set, use `DeploymentSettings.Replicas`. + format: int32 + minimum: 0 + type: integer + resources: + description: |- + Compute Resources required by contour container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + watchNamespaces: + description: |- + WatchNamespaces is an array of namespaces. Setting it will instruct the contour instance + to only watch this subset of namespaces. + items: + description: |- + Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label. + This validation is based off of the corresponding Kubernetes validation: + https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L187 + This is used for Namespace name validation here: + https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/api/validation/generic.go#L63 + Valid values include: + * "example" + Invalid values include: + * "example.com" - "." is an invalid character + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + maxItems: 42 + minItems: 1 + type: array + type: object + envoy: + description: |- + Envoy specifies deployment-time settings for the Envoy + part of the installation, i.e. the xDS client/data plane + and associated resources, including things like the workload + type to use (DaemonSet or Deployment), node placement constraints + for the pods, and various options for the Envoy service. + properties: + baseID: + description: |- + The base ID to use when allocating shared memory regions. + if Envoy needs to be run multiple times on the same machine, each running Envoy will need a unique base ID + so that the shared memory regions do not conflict. + defaults to 0. + format: int32 + minimum: 0 + type: integer + daemonSet: + description: |- + DaemonSet describes the settings for running envoy as a `DaemonSet`. + if `WorkloadType` is `Deployment`,it's must be nil + properties: + updateStrategy: + description: Strategy describes the deployment strategy to + use to replace existing DaemonSet pods with new pods. + properties: + rollingUpdate: + description: |- + Rolling update config params. Present only if type = "RollingUpdate". + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. Same as Deployment `strategy.rollingUpdate`. + See https://github.com/kubernetes/kubernetes/issues/35345 + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of nodes with an existing available DaemonSet pod that + can have an updated DaemonSet pod during during an update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up to a minimum of 1. + Default value is 0. + Example: when this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their a new pod created before the old pod is marked as deleted. + The update starts by launching new pods on 30% of nodes. Once an updated + pod is available (Ready for at least minReadySeconds) the old DaemonSet pod + on that node is marked deleted. If the old pod becomes unavailable for any + reason (Ready transitions to false, is evicted, or is drained) an updated + pod is immediatedly created on that node without considering surge limits. + Allowing surge implies the possibility that the resources consumed by the + daemonset on any given node can double if the readiness check fails, and + so resource intensive daemonsets should take into account that they may + cause evictions during disruption. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of DaemonSet pods that can be unavailable during the + update. Value can be an absolute number (ex: 5) or a percentage of total + number of DaemonSet pods at the start of the update (ex: 10%). Absolute + number is calculated from percentage by rounding up. + This cannot be 0 if MaxSurge is 0 + Default value is 1. + Example: when this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given time. The update + starts by stopping at most 30% of those DaemonSet pods and then brings + up new DaemonSet pods in their place. Once the new pods are available, + it then proceeds onto other DaemonSet pods, thus ensuring that at least + 70% of original number of DaemonSet pods are available at all times during + the update. + x-kubernetes-int-or-string: true + type: object + type: + description: Type of daemon set update. Can be "RollingUpdate" + or "OnDelete". Default is RollingUpdate. + type: string + type: object + type: object + deployment: + description: |- + Deployment describes the settings for running envoy as a `Deployment`. + if `WorkloadType` is `DaemonSet`,it's must be nil + properties: + replicas: + description: Replicas is the desired number of replicas. + format: int32 + minimum: 0 + type: integer + strategy: + description: Strategy describes the deployment strategy to + use to replace existing pods with new pods. + properties: + rollingUpdate: + description: |- + Rolling update config params. Present only if DeploymentStrategyType = + RollingUpdate. + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 25%. + Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + the rolling update starts, such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that total number of pods running + at any time during the update is at most 130% of desired pods. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + that the total number of pods available at all times during the update is at + least 70% of desired pods. + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or + "RollingUpdate". Default is RollingUpdate. + type: string + type: object + type: object + extraVolumeMounts: + description: ExtraVolumeMounts holds the extra volume mounts to + add (normally used with extraVolumes). + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + If ReadOnly is false, this field has no meaning and must be unspecified. + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + extraVolumes: + description: ExtraVolumes holds the extra volumes to add. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in + the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the + blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure managed + data disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name, namespace + and uid are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use + for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + Alpha, gated by the ClusterTrustBundleProjection feature gate. + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the + downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool + associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + logLevel: + description: |- + LogLevel sets the log level for Envoy. + Allowed values are "trace", "debug", "info", "warn", "error", "critical", "off". + type: string + networkPublishing: + description: NetworkPublishing defines how to expose Envoy to + a network. + properties: + externalTrafficPolicy: + description: |- + ExternalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, + and LoadBalancer IPs). + If unset, defaults to "Local". + type: string + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). + type: string + serviceAnnotations: + additionalProperties: + type: string + description: |- + ServiceAnnotations is the annotations to add to + the provisioned Envoy service. + type: object + type: + description: |- + NetworkPublishingType is the type of publishing strategy to use. Valid values are: + * LoadBalancerService + In this configuration, network endpoints for Envoy use container networking. + A Kubernetes LoadBalancer Service is created to publish Envoy network + endpoints. + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + * NodePortService + Publishes Envoy network endpoints using a Kubernetes NodePort Service. + In this configuration, Envoy network endpoints use container networking. A Kubernetes + NodePort Service is created to publish the network endpoints. + See: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport + NOTE: + When provisioning an Envoy `NodePortService`, use Gateway Listeners' port numbers to populate + the Service's node port values, there's no way to auto-allocate them. + See: https://github.com/projectcontour/contour/issues/4499 + * ClusterIPService + Publishes Envoy network endpoints using a Kubernetes ClusterIP Service. + In this configuration, Envoy network endpoints use container networking. A Kubernetes + ClusterIP Service is created to publish the network endpoints. + See: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + If unset, defaults to LoadBalancerService. + type: string + type: object + nodePlacement: + description: NodePlacement describes node scheduling configuration + of Envoy pods. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is the simplest recommended form of node selection constraint + and specifies a map of key-value pairs. For the pod to be eligible + to run on a node, the node must have each of the indicated key-value pairs + as labels (it can have additional labels as well). + If unset, the pod(s) will be scheduled to any available node. + type: object + tolerations: + description: |- + Tolerations work with taints to ensure that pods are not scheduled + onto inappropriate nodes. One or more taints are applied to a node; this + marks that the node should not accept any pods that do not tolerate the + taints. + The default is an empty list. + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + for additional details. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + overloadMaxHeapSize: + description: |- + OverloadMaxHeapSize defines the maximum heap memory of the envoy controlled by the overload manager. + When the value is greater than 0, the overload manager is enabled, + and when envoy reaches 95% of the maximum heap size, it performs a shrink heap operation, + When it reaches 98% of the maximum heap size, Envoy Will stop accepting requests. + More info: https://projectcontour.io/docs/main/config/overload-manager/ + format: int64 + type: integer + podAnnotations: + additionalProperties: + type: string + description: |- + PodAnnotations defines annotations to add to the Envoy pods. + the annotations for Prometheus will be appended or overwritten with predefined value. + type: object + replicas: + description: |- + Deprecated: Use `DeploymentSettings.Replicas` instead. + Replicas is the desired number of Envoy replicas. If WorkloadType + is not "Deployment", this field is ignored. Otherwise, if unset, + defaults to 2. + if both `DeploymentSettings.Replicas` and this one is set, use `DeploymentSettings.Replicas`. + format: int32 + minimum: 0 + type: integer + resources: + description: |- + Compute Resources required by envoy container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + workloadType: + description: |- + WorkloadType is the type of workload to install Envoy + as. Choices are DaemonSet and Deployment. If unset, defaults + to DaemonSet. + type: string + type: object + resourceLabels: + additionalProperties: + type: string + description: |- + ResourceLabels is a set of labels to add to the provisioned Contour resources. + Deprecated: use Gateway.Spec.Infrastructure.Labels instead. This field will be + removed in a future release. + type: object + runtimeSettings: + description: |- + RuntimeSettings is a ContourConfiguration spec to be used when + provisioning a Contour instance that will influence aspects of + the Contour instance's runtime behavior. + properties: + debug: + description: |- + Debug contains parameters to enable debug logging + and debug interfaces inside Contour. + properties: + address: + description: |- + Defines the Contour debug address interface. + Contour's default is "127.0.0.1". + type: string + port: + description: |- + Defines the Contour debug address port. + Contour's default is 6060. + type: integer + type: object + enableExternalNameService: + description: |- + EnableExternalNameService allows processing of ExternalNameServices + Contour's default is false for security reasons. + type: boolean + envoy: + description: |- + Envoy contains parameters for Envoy as well + as how to optionally configure a managed Envoy fleet. + properties: + clientCertificate: + description: |- + ClientCertificate defines the namespace/name of the Kubernetes + secret containing the client certificate and private key + to be used when establishing TLS connection to upstream + cluster. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + cluster: + description: |- + Cluster holds various configurable Envoy cluster values that can + be set in the config file. + properties: + circuitBreakers: + description: |- + GlobalCircuitBreakerDefaults specifies default circuit breaker budget across all services. + If defined, this will be used as the default for all services. + properties: + maxConnections: + description: The maximum number of connections that + a single Envoy instance allows to the Kubernetes + Service; defaults to 1024. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that a single Envoy instance allows to the Kubernetes + Service; defaults to 1024. + format: int32 + type: integer + maxRequests: + description: The maximum parallel requests a single + Envoy instance allows to the Kubernetes Service; + defaults to 1024 + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + a single Envoy instance allows to the Kubernetes + Service; defaults to 3. + format: int32 + type: integer + type: object + dnsLookupFamily: + description: |- + DNSLookupFamily defines how external names are looked up + When configured as V4, the DNS resolver will only perform a lookup + for addresses in the IPv4 family. If V6 is configured, the DNS resolver + will only perform a lookup for addresses in the IPv6 family. + If AUTO is configured, the DNS resolver will first perform a lookup + for addresses in the IPv6 family and fallback to a lookup for addresses + in the IPv4 family. If ALL is specified, the DNS resolver will perform a lookup for + both IPv4 and IPv6 families, and return all resolved addresses. + When this is used, Happy Eyeballs will be enabled for upstream connections. + Refer to Happy Eyeballs Support for more information. + Note: This only applies to externalName clusters. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily + for more information. + Values: `auto` (default), `v4`, `v6`, `all`. + Other values will produce an error. + type: string + maxRequestsPerConnection: + description: |- + Defines the maximum requests for upstream connections. If not specified, there is no limit. + see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions + for more information. + format: int32 + minimum: 1 + type: integer + per-connection-buffer-limit-bytes: + description: |- + Defines the soft limit on size of the cluster’s new connection read and write buffers in bytes. + If unspecified, an implementation defined default is applied (1MiB). + see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes + for more information. + format: int32 + minimum: 1 + type: integer + upstreamTLS: + description: UpstreamTLS contains the TLS policy parameters + for upstream connections + properties: + cipherSuites: + description: |- + CipherSuites defines the TLS ciphers to be supported by Envoy TLS + listeners when negotiating TLS 1.2. Ciphers are validated against the + set that Envoy supports by default. This parameter should only be used + by advanced users. Note that these will be ignored when TLS 1.3 is in + use. + This field is optional; when it is undefined, a Contour-managed ciphersuite list + will be used, which may be updated to keep it secure. + Contour's default list is: + - "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]" + - "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]" + - "ECDHE-ECDSA-AES256-GCM-SHA384" + - "ECDHE-RSA-AES256-GCM-SHA384" + Ciphers provided are validated against the following list: + - "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]" + - "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]" + - "ECDHE-ECDSA-AES128-GCM-SHA256" + - "ECDHE-RSA-AES128-GCM-SHA256" + - "ECDHE-ECDSA-AES128-SHA" + - "ECDHE-RSA-AES128-SHA" + - "AES128-GCM-SHA256" + - "AES128-SHA" + - "ECDHE-ECDSA-AES256-GCM-SHA384" + - "ECDHE-RSA-AES256-GCM-SHA384" + - "ECDHE-ECDSA-AES256-SHA" + - "ECDHE-RSA-AES256-SHA" + - "AES256-GCM-SHA384" + - "AES256-SHA" + Contour recommends leaving this undefined unless you are sure you must. + See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters + Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS. + items: + type: string + type: array + maximumProtocolVersion: + description: |- + MaximumProtocolVersion is the maximum TLS version this vhost should + negotiate. + Values: `1.2`, `1.3`(default). + Other values will produce an error. + type: string + minimumProtocolVersion: + description: |- + MinimumProtocolVersion is the minimum TLS version this vhost should + negotiate. + Values: `1.2` (default), `1.3`. + Other values will produce an error. + type: string + type: object + type: object + defaultHTTPVersions: + description: |- + DefaultHTTPVersions defines the default set of HTTPS + versions the proxy should accept. HTTP versions are + strings of the form "HTTP/xx". Supported versions are + "HTTP/1.1" and "HTTP/2". + Values: `HTTP/1.1`, `HTTP/2` (default: both). + Other values will produce an error. + items: + description: HTTPVersionType is the name of a supported + HTTP version. + type: string + type: array + health: + description: |- + Health defines the endpoint Envoy uses to serve health checks. + Contour's default is { address: "0.0.0.0", port: 8002 }. + properties: + address: + description: Defines the health address interface. + minLength: 1 + type: string + port: + description: Defines the health port. + type: integer + type: object + http: + description: |- + Defines the HTTP Listener for Envoy. + Contour's default is { address: "0.0.0.0", port: 8080, accessLog: "/dev/stdout" }. + properties: + accessLog: + description: AccessLog defines where Envoy logs are outputted + for this listener. + type: string + address: + description: Defines an Envoy Listener Address. + minLength: 1 + type: string + port: + description: Defines an Envoy listener Port. + type: integer + type: object + https: + description: |- + Defines the HTTPS Listener for Envoy. + Contour's default is { address: "0.0.0.0", port: 8443, accessLog: "/dev/stdout" }. + properties: + accessLog: + description: AccessLog defines where Envoy logs are outputted + for this listener. + type: string + address: + description: Defines an Envoy Listener Address. + minLength: 1 + type: string + port: + description: Defines an Envoy listener Port. + type: integer + type: object + listener: + description: Listener hold various configurable Envoy listener + values. + properties: + connectionBalancer: + description: |- + ConnectionBalancer. If the value is exact, the listener will use the exact connection balancer + See https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig + for more information. + Values: (empty string): use the default ConnectionBalancer, `exact`: use the Exact ConnectionBalancer. + Other values will produce an error. + type: string + disableAllowChunkedLength: + description: |- + DisableAllowChunkedLength disables the RFC-compliant Envoy behavior to + strip the "Content-Length" header if "Transfer-Encoding: chunked" is + also set. This is an emergency off-switch to revert back to Envoy's + default behavior in case of failures. Please file an issue if failures + are encountered. + See: https://github.com/projectcontour/contour/issues/3221 + Contour's default is false. + type: boolean + disableMergeSlashes: + description: |- + DisableMergeSlashes disables Envoy's non-standard merge_slashes path transformation option + which strips duplicate slashes from request URL paths. + Contour's default is false. + type: boolean + httpMaxConcurrentStreams: + description: |- + Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the + SETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed + for a peer on a single HTTP/2 connection. It is recommended to not set this lower + than 100 but this field can be used to bound resource usage by HTTP/2 connections + and mitigate attacks like CVE-2023-44487. The default value when this is not set is + unlimited. + format: int32 + minimum: 1 + type: integer + maxConnectionsPerListener: + description: |- + Defines the limit on number of active connections to a listener. The limit is applied + per listener. The default value when this is not set is unlimited. + format: int32 + minimum: 1 + type: integer + maxRequestsPerConnection: + description: |- + Defines the maximum requests for downstream connections. If not specified, there is no limit. + see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions + for more information. + format: int32 + minimum: 1 + type: integer + maxRequestsPerIOCycle: + description: |- + Defines the limit on number of HTTP requests that Envoy will process from a single + connection in a single I/O cycle. Requests over this limit are processed in subsequent + I/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is + detected. Configures the http.max_requests_per_io_cycle Envoy runtime setting. The default + value when this is not set is no limit. + format: int32 + minimum: 1 + type: integer + per-connection-buffer-limit-bytes: + description: |- + Defines the soft limit on size of the listener’s new connection read and write buffers in bytes. + If unspecified, an implementation defined default is applied (1MiB). + see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-per-connection-buffer-limit-bytes + for more information. + format: int32 + minimum: 1 + type: integer + serverHeaderTransformation: + description: |- + Defines the action to be applied to the Server header on the response path. + When configured as overwrite, overwrites any Server header with "envoy". + When configured as append_if_absent, if a Server header is present, pass it through, otherwise set it to "envoy". + When configured as pass_through, pass through the value of the Server header, and do not append a header if none is present. + Values: `overwrite` (default), `append_if_absent`, `pass_through` + Other values will produce an error. + Contour's default is overwrite. + type: string + socketOptions: + description: |- + SocketOptions defines configurable socket options for the listeners. + Single set of options are applied to all listeners. + properties: + tos: + description: |- + Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners. + Single value is applied to all listeners. + If listeners are bound to IPv6-only addresses, setting this option will cause an error. + format: int32 + maximum: 255 + minimum: 0 + type: integer + trafficClass: + description: |- + Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners. + Single value is applied to all listeners. + If listeners are bound to IPv4-only addresses, setting this option will cause an error. + format: int32 + maximum: 255 + minimum: 0 + type: integer + type: object + tls: + description: TLS holds various configurable Envoy TLS + listener values. + properties: + cipherSuites: + description: |- + CipherSuites defines the TLS ciphers to be supported by Envoy TLS + listeners when negotiating TLS 1.2. Ciphers are validated against the + set that Envoy supports by default. This parameter should only be used + by advanced users. Note that these will be ignored when TLS 1.3 is in + use. + This field is optional; when it is undefined, a Contour-managed ciphersuite list + will be used, which may be updated to keep it secure. + Contour's default list is: + - "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]" + - "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]" + - "ECDHE-ECDSA-AES256-GCM-SHA384" + - "ECDHE-RSA-AES256-GCM-SHA384" + Ciphers provided are validated against the following list: + - "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]" + - "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]" + - "ECDHE-ECDSA-AES128-GCM-SHA256" + - "ECDHE-RSA-AES128-GCM-SHA256" + - "ECDHE-ECDSA-AES128-SHA" + - "ECDHE-RSA-AES128-SHA" + - "AES128-GCM-SHA256" + - "AES128-SHA" + - "ECDHE-ECDSA-AES256-GCM-SHA384" + - "ECDHE-RSA-AES256-GCM-SHA384" + - "ECDHE-ECDSA-AES256-SHA" + - "ECDHE-RSA-AES256-SHA" + - "AES256-GCM-SHA384" + - "AES256-SHA" + Contour recommends leaving this undefined unless you are sure you must. + See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters + Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS. + items: + type: string + type: array + maximumProtocolVersion: + description: |- + MaximumProtocolVersion is the maximum TLS version this vhost should + negotiate. + Values: `1.2`, `1.3`(default). + Other values will produce an error. + type: string + minimumProtocolVersion: + description: |- + MinimumProtocolVersion is the minimum TLS version this vhost should + negotiate. + Values: `1.2` (default), `1.3`. + Other values will produce an error. + type: string + type: object + useProxyProtocol: + description: |- + Use PROXY protocol for all listeners. + Contour's default is false. + type: boolean + type: object + logging: + description: Logging defines how Envoy's logs can be configured. + properties: + accessLogFormat: + description: |- + AccessLogFormat sets the global access log format. + Values: `envoy` (default), `json`. + Other values will produce an error. + type: string + accessLogFormatString: + description: |- + AccessLogFormatString sets the access log format when format is set to `envoy`. + When empty, Envoy's default format is used. + type: string + accessLogJSONFields: + description: |- + AccessLogJSONFields sets the fields that JSON logging will + output when AccessLogFormat is json. + items: + type: string + type: array + accessLogLevel: + description: |- + AccessLogLevel sets the verbosity level of the access log. + Values: `info` (default, all requests are logged), `error` (all non-success requests, i.e. 300+ response code, are logged), `critical` (all 5xx requests are logged) and `disabled`. + Other values will produce an error. + type: string + type: object + metrics: + description: |- + Metrics defines the endpoint Envoy uses to serve metrics. + Contour's default is { address: "0.0.0.0", port: 8002 }. + properties: + address: + description: Defines the metrics address interface. + maxLength: 253 + minLength: 1 + type: string + port: + description: Defines the metrics port. + type: integer + tls: + description: |- + TLS holds TLS file config details. + Metrics and health endpoints cannot have same port number when metrics is served over HTTPS. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + keyFile: + description: Client key filename. + type: string + type: object + type: object + network: + description: Network holds various configurable Envoy network + values. + properties: + adminPort: + description: |- + Configure the port used to access the Envoy Admin interface. + If configured to port "0" then the admin interface is disabled. + Contour's default is 9001. + type: integer + numTrustedHops: + description: |- + XffNumTrustedHops defines the number of additional ingress proxy hops from the + right side of the x-forwarded-for HTTP header to trust when determining the origin + client’s IP address. + See https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops + for more information. + Contour's default is 0. + format: int32 + type: integer + type: object + service: + description: |- + Service holds Envoy service parameters for setting Ingress status. + Contour's default is { namespace: "projectcontour", name: "envoy" }. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + timeouts: + description: |- + Timeouts holds various configurable timeouts that can + be set in the config file. + properties: + connectTimeout: + description: |- + ConnectTimeout defines how long the proxy should wait when establishing connection to upstream service. + If not set, a default value of 2 seconds will be used. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout + for more information. + type: string + connectionIdleTimeout: + description: |- + ConnectionIdleTimeout defines how long the proxy should wait while there are + no active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating + an HTTP connection. Set to "infinity" to disable the timeout entirely. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout + for more information. + type: string + connectionShutdownGracePeriod: + description: |- + ConnectionShutdownGracePeriod defines how long the proxy will wait between sending an + initial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection. + During this grace period, the proxy will continue to respond to new streams. After the final + GOAWAY frame has been sent, the proxy will refuse new streams. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout + for more information. + type: string + delayedCloseTimeout: + description: |- + DelayedCloseTimeout defines how long envoy will wait, once connection + close processing has been initiated, for the downstream peer to close + the connection before Envoy closes the socket associated with the connection. + Setting this timeout to 'infinity' will disable it, equivalent to setting it to '0' + in Envoy. Leaving it unset will result in the Envoy default value being used. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout + for more information. + type: string + maxConnectionDuration: + description: |- + MaxConnectionDuration defines the maximum period of time after an HTTP connection + has been established from the client to the proxy before it is closed by the proxy, + regardless of whether there has been activity or not. Omit or set to "infinity" for + no max duration. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration + for more information. + type: string + requestTimeout: + description: |- + RequestTimeout sets the client request timeout globally for Contour. Note that + this is a timeout for the entire request, not an idle timeout. Omit or set to + "infinity" to disable the timeout entirely. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout + for more information. + type: string + streamIdleTimeout: + description: |- + StreamIdleTimeout defines how long the proxy should wait while there is no + request activity (for HTTP/1.1) or stream activity (for HTTP/2) before + terminating the HTTP request or stream. Set to "infinity" to disable the + timeout entirely. + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout + for more information. + type: string + type: object + type: object + featureFlags: + description: |- + FeatureFlags defines toggle to enable new contour features. + Available toggles are: + useEndpointSlices - Configures contour to fetch endpoint data + from k8s endpoint slices. defaults to true, + If false then reads endpoint data from the k8s endpoints. + items: + type: string + type: array + gateway: + description: |- + Gateway contains parameters for the gateway-api Gateway that Contour + is configured to serve traffic. + properties: + gatewayRef: + description: |- + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + required: + - gatewayRef + type: object + globalExtAuth: + description: |- + GlobalExternalAuthorization allows envoys external authorization filter + to be enabled for all virtual hosts. + properties: + authPolicy: + description: |- + AuthPolicy sets a default authorization policy for client requests. + This policy will be used unless overridden by individual routes. + properties: + context: + additionalProperties: + type: string + description: |- + Context is a set of key/value pairs that are sent to the + authentication server in the check request. If a context + is provided at an enclosing scope, the entries are merged + such that the inner scope overrides matching keys from the + outer scope. + type: object + disabled: + description: |- + When true, this field disables client request authentication + for the scope of the policy. + type: boolean + type: object + extensionRef: + description: ExtensionServiceRef specifies the extension resource + that will authorize client requests. + properties: + apiVersion: + description: |- + API version of the referent. + If this field is not specified, the default "projectcontour.io/v1alpha1" will be used + minLength: 1 + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referent. + If this field is not specifies, the namespace of the resource that targets the referent will be used. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + minLength: 1 + type: string + type: object + failOpen: + description: |- + If FailOpen is true, the client request is forwarded to the upstream service + even if the authorization server fails to respond. This field should not be + set in most cases. It is intended for use only while migrating applications + from internal authorization to Contour external authorization. + type: boolean + responseTimeout: + description: |- + ResponseTimeout configures maximum time to wait for a check response from the authorization server. + Timeout durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration). + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + The string "infinity" is also a valid input and specifies no timeout. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + withRequestBody: + description: WithRequestBody specifies configuration for sending + the client request's body to authorization server. + properties: + allowPartialMessage: + description: If AllowPartialMessage is true, then Envoy + will buffer the body until MaxRequestBytes are reached. + type: boolean + maxRequestBytes: + default: 1024 + description: MaxRequestBytes sets the maximum size of + message body ExtAuthz filter will hold in-memory. + format: int32 + minimum: 1 + type: integer + packAsBytes: + description: If PackAsBytes is true, the body sent to + Authorization Server is in raw bytes. + type: boolean + type: object + type: object + health: + description: |- + Health defines the endpoints Contour uses to serve health checks. + Contour's default is { address: "0.0.0.0", port: 8000 }. + properties: + address: + description: Defines the health address interface. + minLength: 1 + type: string + port: + description: Defines the health port. + type: integer + type: object + httpproxy: + description: HTTPProxy defines parameters on HTTPProxy. + properties: + disablePermitInsecure: + description: |- + DisablePermitInsecure disables the use of the + permitInsecure field in HTTPProxy. + Contour's default is false. + type: boolean + fallbackCertificate: + description: |- + FallbackCertificate defines the namespace/name of the Kubernetes secret to + use as fallback when a non-SNI request is received. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + rootNamespaces: + description: Restrict Contour to searching these namespaces + for root ingress routes. + items: + type: string + type: array + type: object + ingress: + description: Ingress contains parameters for ingress options. + properties: + classNames: + description: Ingress Class Names Contour should use. + items: + type: string + type: array + statusAddress: + description: Address to set in Ingress object status. + type: string + type: object + metrics: + description: |- + Metrics defines the endpoint Contour uses to serve metrics. + Contour's default is { address: "0.0.0.0", port: 8000 }. + properties: + address: + description: Defines the metrics address interface. + maxLength: 253 + minLength: 1 + type: string + port: + description: Defines the metrics port. + type: integer + tls: + description: |- + TLS holds TLS file config details. + Metrics and health endpoints cannot have same port number when metrics is served over HTTPS. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + keyFile: + description: Client key filename. + type: string + type: object + type: object + policy: + description: Policy specifies default policy applied if not overridden + by the user + properties: + applyToIngress: + description: |- + ApplyToIngress determines if the Policies will apply to ingress objects + Contour's default is false. + type: boolean + requestHeaders: + description: RequestHeadersPolicy defines the request headers + set/removed on all routes + properties: + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + responseHeaders: + description: ResponseHeadersPolicy defines the response headers + set/removed on all routes + properties: + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + rateLimitService: + description: |- + RateLimitService optionally holds properties of the Rate Limit Service + to be used for global rate limiting. + properties: + defaultGlobalRateLimitPolicy: + description: |- + DefaultGlobalRateLimitPolicy allows setting a default global rate limit policy for every HTTPProxy. + HTTPProxy can overwrite this configuration. + properties: + descriptors: + description: |- + Descriptors defines the list of descriptors that will + be generated and sent to the rate limit service. Each + descriptor contains 1+ key-value pair entries. + items: + description: RateLimitDescriptor defines a list of key-value + pair generators. + properties: + entries: + description: Entries is the list of key-value pair + generators. + items: + description: |- + RateLimitDescriptorEntry is a key-value pair generator. Exactly + one field on this struct must be non-nil. + properties: + genericKey: + description: GenericKey defines a descriptor + entry with a static key and value. + properties: + key: + description: |- + Key defines the key of the descriptor entry. If not set, the + key is set to "generic_key". + type: string + value: + description: Value defines the value of + the descriptor entry. + minLength: 1 + type: string + type: object + remoteAddress: + description: |- + RemoteAddress defines a descriptor entry with a key of "remote_address" + and a value equal to the client's IP address (from x-forwarded-for). + type: object + requestHeader: + description: |- + RequestHeader defines a descriptor entry that's populated only if + a given header is present on the request. The descriptor key is static, + and the descriptor value is equal to the value of the header. + properties: + descriptorKey: + description: DescriptorKey defines the + key to use on the descriptor entry. + minLength: 1 + type: string + headerName: + description: HeaderName defines the name + of the header to look for on the request. + minLength: 1 + type: string + type: object + requestHeaderValueMatch: + description: |- + RequestHeaderValueMatch defines a descriptor entry that's populated + if the request's headers match a set of 1+ match criteria. The + descriptor key is "header_match", and the descriptor value is static. + properties: + expectMatch: + default: true + description: |- + ExpectMatch defines whether the request must positively match the match + criteria in order to generate a descriptor entry (i.e. true), or not + match the match criteria in order to generate a descriptor entry (i.e. false). + The default is true. + type: boolean + headers: + description: |- + Headers is a list of 1+ match criteria to apply against the request + to determine whether to populate the descriptor entry or not. + items: + description: |- + HeaderMatchCondition specifies how to conditionally match against HTTP + headers. The Name field is required, only one of Present, NotPresent, + Contains, NotContains, Exact, NotExact and Regex can be set. + For negative matching rules only (e.g. NotContains or NotExact) you can set + TreatMissingAsEmpty. + IgnoreCase has no effect for Regex. + properties: + contains: + description: |- + Contains specifies a substring that must be present in + the header value. + type: string + exact: + description: Exact specifies a string + that the header value must be + equal to. + type: string + ignoreCase: + description: |- + IgnoreCase specifies that string matching should be case insensitive. + Note that this has no effect on the Regex parameter. + type: boolean + name: + description: |- + Name is the name of the header to match against. Name is required. + Header names are case insensitive. + type: string + notcontains: + description: |- + NotContains specifies a substring that must not be present + in the header value. + type: string + notexact: + description: |- + NoExact specifies a string that the header value must not be + equal to. The condition is true if the header has any other value. + type: string + notpresent: + description: |- + NotPresent specifies that condition is true when the named header + is not present. Note that setting NotPresent to false does not + make the condition true if the named header is present. + type: boolean + present: + description: |- + Present specifies that condition is true when the named header + is present, regardless of its value. Note that setting Present + to false does not make the condition true if the named header + is absent. + type: boolean + regex: + description: |- + Regex specifies a regular expression pattern that must match the header + value. + type: string + treatMissingAsEmpty: + description: |- + TreatMissingAsEmpty specifies if the header match rule specified header + does not exist, this header value will be treated as empty. Defaults to false. + Unlike the underlying Envoy implementation this is **only** supported for + negative matches (e.g. NotContains, NotExact). + type: boolean + required: + - name + type: object + minItems: 1 + type: array + value: + description: Value defines the value of + the descriptor entry. + minLength: 1 + type: string + type: object + type: object + minItems: 1 + type: array + type: object + minItems: 1 + type: array + disabled: + description: |- + Disabled configures the HTTPProxy to not use + the default global rate limit policy defined by the Contour configuration. + type: boolean + type: object + domain: + description: Domain is passed to the Rate Limit Service. + type: string + enableResourceExhaustedCode: + description: |- + EnableResourceExhaustedCode enables translating error code 429 to + grpc code RESOURCE_EXHAUSTED. When disabled it's translated to UNAVAILABLE + type: boolean + enableXRateLimitHeaders: + description: |- + EnableXRateLimitHeaders defines whether to include the X-RateLimit + headers X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset + (as defined by the IETF Internet-Draft linked below), on responses + to clients when the Rate Limit Service is consulted for a request. + ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html + type: boolean + extensionService: + description: ExtensionService identifies the extension service + defining the RLS. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + failOpen: + description: |- + FailOpen defines whether to allow requests to proceed when the + Rate Limit Service fails to respond with a valid rate limit + decision within the timeout defined on the extension service. + type: boolean + required: + - extensionService + type: object + tracing: + description: Tracing defines properties for exporting trace data + to OpenTelemetry. + properties: + customTags: + description: CustomTags defines a list of custom tags with + unique tag name. + items: + description: |- + CustomTag defines custom tags with unique tag name + to create tags for the active span. + properties: + literal: + description: |- + Literal is a static custom tag value. + Precisely one of Literal, RequestHeaderName must be set. + type: string + requestHeaderName: + description: |- + RequestHeaderName indicates which request header + the label value is obtained from. + Precisely one of Literal, RequestHeaderName must be set. + type: string + tagName: + description: TagName is the unique name of the custom + tag. + type: string + required: + - tagName + type: object + type: array + extensionService: + description: ExtensionService identifies the extension service + defining the otel-collector. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + includePodDetail: + description: |- + IncludePodDetail defines a flag. + If it is true, contour will add the pod name and namespace to the span of the trace. + the default is true. + Note: The Envoy pods MUST have the HOSTNAME and CONTOUR_NAMESPACE environment variables set for this to work properly. + type: boolean + maxPathTagLength: + description: |- + MaxPathTagLength defines maximum length of the request path + to extract and include in the HttpUrl tag. + contour's default is 256. + format: int32 + type: integer + overallSampling: + description: |- + OverallSampling defines the sampling rate of trace data. + contour's default is 100. + type: string + serviceName: + description: |- + ServiceName defines the name for the service. + contour's default is contour. + type: string + required: + - extensionService + type: object + xdsServer: + description: XDSServer contains parameters for the xDS server. + properties: + address: + description: |- + Defines the xDS gRPC API address which Contour will serve. + Contour's default is "0.0.0.0". + minLength: 1 + type: string + port: + description: |- + Defines the xDS gRPC API port which Contour will serve. + Contour's default is 8001. + type: integer + tls: + description: |- + TLS holds TLS file config details. + Contour's default is { caFile: "/certs/ca.crt", certFile: "/certs/tls.cert", keyFile: "/certs/tls.key", insecure: false }. + properties: + caFile: + description: CA filename. + type: string + certFile: + description: Client certificate filename. + type: string + insecure: + description: Allow serving the xDS gRPC API without TLS. + type: boolean + keyFile: + description: Client key filename. + type: string + type: object + type: + description: |- + Defines the XDSServer to use for `contour serve`. + Values: `envoy` (default), `contour (deprecated)`. + Other values will produce an error. + type: string + type: object + type: object + type: object + status: + description: ContourDeploymentStatus defines the observed state of a ContourDeployment + resource. + properties: + conditions: + description: Conditions describe the current conditions of the ContourDeployment + resource. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: extensionservices.projectcontour.io +spec: + preserveUnknownFields: false + group: projectcontour.io + names: + kind: ExtensionService + listKind: ExtensionServiceList + plural: extensionservices + shortNames: + - extensionservice + - extensionservices + singular: extensionservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ExtensionService is the schema for the Contour extension services API. + An ExtensionService resource binds a network service to the Contour + API so that Contour API features can be implemented by collaborating + components. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ExtensionServiceSpec defines the desired state of an ExtensionService + resource. + properties: + loadBalancerPolicy: + description: |- + The policy for load balancing GRPC service requests. Note that the + `Cookie` and `RequestHash` load balancing strategies cannot be used + here. + properties: + requestHashPolicies: + description: |- + RequestHashPolicies contains a list of hash policies to apply when the + `RequestHash` load balancing strategy is chosen. If an element of the + supplied list of hash policies is invalid, it will be ignored. If the + list of hash policies is empty after validation, the load balancing + strategy will fall back to the default `RoundRobin`. + items: + description: |- + RequestHashPolicy contains configuration for an individual hash policy + on a request attribute. + properties: + hashSourceIP: + description: |- + HashSourceIP should be set to true when request source IP hash based + load balancing is desired. It must be the only hash option field set, + otherwise this request hash policy object will be ignored. + type: boolean + headerHashOptions: + description: |- + HeaderHashOptions should be set when request header hash based load + balancing is desired. It must be the only hash option field set, + otherwise this request hash policy object will be ignored. + properties: + headerName: + description: |- + HeaderName is the name of the HTTP request header that will be used to + calculate the hash key. If the header specified is not present on a + request, no hash will be produced. + minLength: 1 + type: string + type: object + queryParameterHashOptions: + description: |- + QueryParameterHashOptions should be set when request query parameter hash based load + balancing is desired. It must be the only hash option field set, + otherwise this request hash policy object will be ignored. + properties: + parameterName: + description: |- + ParameterName is the name of the HTTP request query parameter that will be used to + calculate the hash key. If the query parameter specified is not present on a + request, no hash will be produced. + minLength: 1 + type: string + type: object + terminal: + description: |- + Terminal is a flag that allows for short-circuiting computing of a hash + for a given request. If set to true, and the request attribute specified + in the attribute hash options is present, no further hash policies will + be used to calculate a hash for the request. + type: boolean + type: object + type: array + strategy: + description: |- + Strategy specifies the policy used to balance requests + across the pool of backend pods. Valid policy names are + `Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`, + and `RequestHash`. If an unknown strategy name is specified + or no policy is supplied, the default `RoundRobin` policy + is used. + type: string + type: object + protocol: + description: |- + Protocol may be used to specify (or override) the protocol used to reach this Service. + Values may be h2 or h2c. If omitted, protocol-selection falls back on Service annotations. + enum: + - h2 + - h2c + type: string + protocolVersion: + description: |- + This field sets the version of the GRPC protocol that Envoy uses to + send requests to the extension service. Since Contour always uses the + v3 Envoy API, this is currently fixed at "v3". However, other + protocol options will be available in future. + enum: + - v3 + type: string + services: + description: |- + Services specifies the set of Kubernetes Service resources that + receive GRPC extension API requests. + If no weights are specified for any of the entries in + this array, traffic will be spread evenly across all the + services. + Otherwise, traffic is balanced proportionally to the + Weight field in each entry. + items: + description: |- + ExtensionServiceTarget defines an Kubernetes Service to target with + extension service traffic. + properties: + name: + description: |- + Name is the name of Kubernetes service that will accept service + traffic. + type: string + port: + description: Port (defined as Integer) to proxy traffic to since + a service can have multiple defined. + exclusiveMaximum: true + maximum: 65536 + minimum: 1 + type: integer + weight: + description: Weight defines proportion of traffic to balance + to the Kubernetes Service. + format: int32 + type: integer + required: + - name + - port + type: object + minItems: 1 + type: array + timeoutPolicy: + description: The timeout policy for requests to the services. + properties: + idle: + description: |- + Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2). + Timeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests. + If not specified, there is no per-route idle timeout, though a connection manager-wide + stream_idle_timeout default of 5m still applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + idleConnection: + description: |- + Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests. + If not supplied, Envoy's default value of 1h applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + response: + description: |- + Timeout for receiving a response from the server after processing a request from client. + If not supplied, Envoy's default value of 15s applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + type: object + validation: + description: UpstreamValidation defines how to verify the backend + service's certificate + properties: + caSecret: + description: |- + Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend. + The secret must contain key named ca.crt. + The name can be optionally prefixed with namespace "namespace/name". + When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret. + Max length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317) + maxLength: 317 + minLength: 1 + type: string + subjectName: + description: |- + Key which is expected to be present in the 'subjectAltName' of the presented certificate. + Deprecated: migrate to using the plural field subjectNames. + maxLength: 250 + minLength: 1 + type: string + subjectNames: + description: |- + List of keys, of which at least one is expected to be present in the 'subjectAltName of the + presented certificate. + items: + type: string + maxItems: 8 + minItems: 1 + type: array + required: + - caSecret + - subjectName + type: object + x-kubernetes-validations: + - message: subjectNames[0] must equal subjectName if set + rule: 'has(self.subjectNames) ? self.subjectNames[0] == self.subjectName + : true' + required: + - services + type: object + status: + description: |- + ExtensionServiceStatus defines the observed state of an + ExtensionService resource. + properties: + conditions: + description: |- + Conditions contains the current status of the ExtensionService resource. + Contour will update a single condition, `Valid`, that is in normal-true polarity. + Contour will not modify any other Conditions set in this block, + in case some other controller wants to add a Condition. + items: + description: |- + DetailedCondition is an extension of the normal Kubernetes conditions, with two extra + fields to hold sub-conditions, which provide more detailed reasons for the state (True or False) + of the condition. + `errors` holds information about sub-conditions which are fatal to that condition and render its state False. + `warnings` holds information about sub-conditions which are not fatal to that condition and do not force the state to be False. + Remember that Conditions have a type, a status, and a reason. + The type is the type of the condition, the most important one in this CRD set is `Valid`. + `Valid` is a positive-polarity condition: when it is `status: true` there are no problems. + In more detail, `status: true` means that the object is has been ingested into Contour with no errors. + `warnings` may still be present, and will be indicated in the Reason field. There must be zero entries in the `errors` + slice in this case. + `Valid`, `status: false` means that the object has had one or more fatal errors during processing into Contour. + The details of the errors will be present under the `errors` field. There must be at least one error in the `errors` + slice if `status` is `false`. + For DetailedConditions of types other than `Valid`, the Condition must be in the negative polarity. + When they have `status` `true`, there is an error. There must be at least one entry in the `errors` Subcondition slice. + When they have `status` `false`, there are no serious errors, and there must be zero entries in the `errors` slice. + In either case, there may be entries in the `warnings` slice. + Regardless of the polarity, the `reason` and `message` fields must be updated with either the detail of the reason + (if there is one and only one entry in total across both the `errors` and `warnings` slices), or + `MultipleReasons` if there is more than one entry. + properties: + errors: + description: |- + Errors contains a slice of relevant error subconditions for this object. + Subconditions are expected to appear when relevant (when there is a error), and disappear when not relevant. + An empty slice here indicates no errors. + items: + description: |- + SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. + It contains a subset of the Condition fields. + It is intended for warnings and errors, so `type` names should use abnormal-true polarity, + that is, they should be of the form "ErrorPresent: true". + The expected lifecycle for these errors is that they should only be present when the error or warning is, + and should be removed when they are not relevant. + properties: + message: + description: |- + Message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: |- + Reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + warnings: + description: |- + Warnings contains a slice of relevant warning subconditions for this object. + Subconditions are expected to appear when relevant (when there is a warning), and disappear when not relevant. + An empty slice here indicates no warnings. + items: + description: |- + SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. + It contains a subset of the Condition fields. + It is intended for warnings and errors, so `type` names should use abnormal-true polarity, + that is, they should be of the form "ErrorPresent: true". + The expected lifecycle for these errors is that they should only be present when the error or warning is, + and should be removed when they are not relevant. + properties: + message: + description: |- + Message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: |- + Reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: httpproxies.projectcontour.io +spec: + preserveUnknownFields: false + group: projectcontour.io + names: + kind: HTTPProxy + listKind: HTTPProxyList + plural: httpproxies + shortNames: + - proxy + - proxies + singular: httpproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Fully qualified domain name + jsonPath: .spec.virtualhost.fqdn + name: FQDN + type: string + - description: Secret with TLS credentials + jsonPath: .spec.virtualhost.tls.secretName + name: TLS Secret + type: string + - description: The current status of the HTTPProxy + jsonPath: .status.currentStatus + name: Status + type: string + - description: Description of the current status + jsonPath: .status.description + name: Status Description + type: string + name: v1 + schema: + openAPIV3Schema: + description: HTTPProxy is an Ingress CRD specification. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HTTPProxySpec defines the spec of the CRD. + properties: + includes: + description: |- + Includes allow for specific routing configuration to be included from another HTTPProxy, + possibly in another namespace. + items: + description: Include describes a set of policies that can be applied + to an HTTPProxy in a namespace. + properties: + conditions: + description: |- + Conditions are a set of rules that are applied to included HTTPProxies. + In effect, they are added onto the Conditions of included HTTPProxy Route + structs. + When applied, they are merged using AND, with one exception: + There can be only one Prefix MatchCondition per Conditions slice. + More than one Prefix, or contradictory Conditions, will make the + include invalid. Exact and Regex match conditions are not allowed + on includes. + items: + description: |- + MatchCondition are a general holder for matching rules for HTTPProxies. + One of Prefix, Exact, Regex, Header or QueryParameter must be provided. + properties: + exact: + description: |- + Exact defines a exact match for a request. + This field is not allowed in include match conditions. + type: string + header: + description: Header specifies the header condition to + match. + properties: + contains: + description: |- + Contains specifies a substring that must be present in + the header value. + type: string + exact: + description: Exact specifies a string that the header + value must be equal to. + type: string + ignoreCase: + description: |- + IgnoreCase specifies that string matching should be case insensitive. + Note that this has no effect on the Regex parameter. + type: boolean + name: + description: |- + Name is the name of the header to match against. Name is required. + Header names are case insensitive. + type: string + notcontains: + description: |- + NotContains specifies a substring that must not be present + in the header value. + type: string + notexact: + description: |- + NoExact specifies a string that the header value must not be + equal to. The condition is true if the header has any other value. + type: string + notpresent: + description: |- + NotPresent specifies that condition is true when the named header + is not present. Note that setting NotPresent to false does not + make the condition true if the named header is present. + type: boolean + present: + description: |- + Present specifies that condition is true when the named header + is present, regardless of its value. Note that setting Present + to false does not make the condition true if the named header + is absent. + type: boolean + regex: + description: |- + Regex specifies a regular expression pattern that must match the header + value. + type: string + treatMissingAsEmpty: + description: |- + TreatMissingAsEmpty specifies if the header match rule specified header + does not exist, this header value will be treated as empty. Defaults to false. + Unlike the underlying Envoy implementation this is **only** supported for + negative matches (e.g. NotContains, NotExact). + type: boolean + required: + - name + type: object + prefix: + description: Prefix defines a prefix match for a request. + type: string + queryParameter: + description: QueryParameter specifies the query parameter + condition to match. + properties: + contains: + description: |- + Contains specifies a substring that must be present in + the query parameter value. + type: string + exact: + description: Exact specifies a string that the query + parameter value must be equal to. + type: string + ignoreCase: + description: |- + IgnoreCase specifies that string matching should be case insensitive. + Note that this has no effect on the Regex parameter. + type: boolean + name: + description: |- + Name is the name of the query parameter to match against. Name is required. + Query parameter names are case insensitive. + type: string + prefix: + description: Prefix defines a prefix match for the + query parameter value. + type: string + present: + description: |- + Present specifies that condition is true when the named query parameter + is present, regardless of its value. Note that setting Present + to false does not make the condition true if the named query parameter + is absent. + type: boolean + regex: + description: |- + Regex specifies a regular expression pattern that must match the query + parameter value. + type: string + suffix: + description: Suffix defines a suffix match for a query + parameter value. + type: string + required: + - name + type: object + regex: + description: |- + Regex defines a regex match for a request. + This field is not allowed in include match conditions. + type: string + type: object + type: array + name: + description: Name of the HTTPProxy + type: string + namespace: + description: Namespace of the HTTPProxy to include. Defaults + to the current namespace if not supplied. + type: string + required: + - name + type: object + type: array + ingressClassName: + description: |- + IngressClassName optionally specifies the ingress class to use for this + HTTPProxy. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when that annotation is set, it + is given precedence over this field. + type: string + routes: + description: Routes are the ingress routes. If TCPProxy is present, + Routes is ignored. + items: + description: Route contains the set of routes for a virtual host. + properties: + authPolicy: + description: |- + AuthPolicy updates the authorization policy that was set + on the root HTTPProxy object for client requests that + match this route. + properties: + context: + additionalProperties: + type: string + description: |- + Context is a set of key/value pairs that are sent to the + authentication server in the check request. If a context + is provided at an enclosing scope, the entries are merged + such that the inner scope overrides matching keys from the + outer scope. + type: object + disabled: + description: |- + When true, this field disables client request authentication + for the scope of the policy. + type: boolean + type: object + conditions: + description: |- + Conditions are a set of rules that are applied to a Route. + When applied, they are merged using AND, with one exception: + There can be only one Prefix, Exact or Regex MatchCondition + per Conditions slice. More than one of these condition types, + or contradictory Conditions, will make the route invalid. + items: + description: |- + MatchCondition are a general holder for matching rules for HTTPProxies. + One of Prefix, Exact, Regex, Header or QueryParameter must be provided. + properties: + exact: + description: |- + Exact defines a exact match for a request. + This field is not allowed in include match conditions. + type: string + header: + description: Header specifies the header condition to + match. + properties: + contains: + description: |- + Contains specifies a substring that must be present in + the header value. + type: string + exact: + description: Exact specifies a string that the header + value must be equal to. + type: string + ignoreCase: + description: |- + IgnoreCase specifies that string matching should be case insensitive. + Note that this has no effect on the Regex parameter. + type: boolean + name: + description: |- + Name is the name of the header to match against. Name is required. + Header names are case insensitive. + type: string + notcontains: + description: |- + NotContains specifies a substring that must not be present + in the header value. + type: string + notexact: + description: |- + NoExact specifies a string that the header value must not be + equal to. The condition is true if the header has any other value. + type: string + notpresent: + description: |- + NotPresent specifies that condition is true when the named header + is not present. Note that setting NotPresent to false does not + make the condition true if the named header is present. + type: boolean + present: + description: |- + Present specifies that condition is true when the named header + is present, regardless of its value. Note that setting Present + to false does not make the condition true if the named header + is absent. + type: boolean + regex: + description: |- + Regex specifies a regular expression pattern that must match the header + value. + type: string + treatMissingAsEmpty: + description: |- + TreatMissingAsEmpty specifies if the header match rule specified header + does not exist, this header value will be treated as empty. Defaults to false. + Unlike the underlying Envoy implementation this is **only** supported for + negative matches (e.g. NotContains, NotExact). + type: boolean + required: + - name + type: object + prefix: + description: Prefix defines a prefix match for a request. + type: string + queryParameter: + description: QueryParameter specifies the query parameter + condition to match. + properties: + contains: + description: |- + Contains specifies a substring that must be present in + the query parameter value. + type: string + exact: + description: Exact specifies a string that the query + parameter value must be equal to. + type: string + ignoreCase: + description: |- + IgnoreCase specifies that string matching should be case insensitive. + Note that this has no effect on the Regex parameter. + type: boolean + name: + description: |- + Name is the name of the query parameter to match against. Name is required. + Query parameter names are case insensitive. + type: string + prefix: + description: Prefix defines a prefix match for the + query parameter value. + type: string + present: + description: |- + Present specifies that condition is true when the named query parameter + is present, regardless of its value. Note that setting Present + to false does not make the condition true if the named query parameter + is absent. + type: boolean + regex: + description: |- + Regex specifies a regular expression pattern that must match the query + parameter value. + type: string + suffix: + description: Suffix defines a suffix match for a query + parameter value. + type: string + required: + - name + type: object + regex: + description: |- + Regex defines a regex match for a request. + This field is not allowed in include match conditions. + type: string + type: object + type: array + cookieRewritePolicies: + description: |- + The policies for rewriting Set-Cookie header attributes. Note that + rewritten cookie names must be unique in this list. Order rewrite + policies are specified in does not matter. + items: + properties: + domainRewrite: + description: |- + DomainRewrite enables rewriting the Set-Cookie Domain element. + If not set, Domain will not be rewritten. + properties: + value: + description: |- + Value is the value to rewrite the Domain attribute to. + For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - value + type: object + name: + description: Name is the name of the cookie for which + attributes will be rewritten. + maxLength: 4096 + minLength: 1 + pattern: ^[^()<>@,;:\\"\/[\]?={} \t\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + pathRewrite: + description: |- + PathRewrite enables rewriting the Set-Cookie Path element. + If not set, Path will not be rewritten. + properties: + value: + description: |- + Value is the value to rewrite the Path attribute to. + For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[^;\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + required: + - value + type: object + sameSite: + description: |- + SameSite enables rewriting the Set-Cookie SameSite element. + If not set, SameSite attribute will not be rewritten. + enum: + - Strict + - Lax + - None + type: string + secure: + description: |- + Secure enables rewriting the Set-Cookie Secure element. + If not set, Secure attribute will not be rewritten. + type: boolean + required: + - name + type: object + type: array + directResponsePolicy: + description: DirectResponsePolicy returns an arbitrary HTTP + response directly. + properties: + body: + description: |- + Body is the content of the response body. + If this setting is omitted, no body is included in the generated response. + Note: Body is not recommended to set too long + otherwise it can have significant resource usage impacts. + type: string + statusCode: + description: StatusCode is the HTTP response status to be + returned. + maximum: 599 + minimum: 200 + type: integer + required: + - statusCode + type: object + enableWebsockets: + description: Enables websocket support for the route. + type: boolean + healthCheckPolicy: + description: The health check policy for this route. + properties: + expectedStatuses: + description: |- + The ranges of HTTP response statuses considered healthy. Follow half-open + semantics, i.e. for each range the start is inclusive and the end is exclusive. + Must be within the range [100,600). If not specified, only a 200 response status + is considered healthy. + items: + properties: + end: + description: The end (exclusive) of a range of HTTP + status codes. + format: int64 + maximum: 600 + minimum: 101 + type: integer + start: + description: The start (inclusive) of a range of HTTP + status codes. + format: int64 + maximum: 599 + minimum: 100 + type: integer + required: + - end + - start + type: object + type: array + healthyThresholdCount: + description: The number of healthy health checks required + before a host is marked healthy + format: int64 + minimum: 0 + type: integer + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the name "contour-envoy-healthcheck" + will be used. + type: string + intervalSeconds: + description: The interval (seconds) between health checks + format: int64 + type: integer + path: + description: HTTP endpoint used to perform health checks + on upstream service + type: string + timeoutSeconds: + description: The time to wait (seconds) for a health check + response + format: int64 + type: integer + unhealthyThresholdCount: + description: The number of unhealthy health checks required + before a host is marked unhealthy + format: int64 + minimum: 0 + type: integer + required: + - path + type: object + internalRedirectPolicy: + description: The policy to define when to handle redirects responses + internally. + properties: + allowCrossSchemeRedirect: + default: Never + description: |- + AllowCrossSchemeRedirect Allow internal redirect to follow a target URI with a different scheme + than the value of x-forwarded-proto. + SafeOnly allows same scheme redirect and safe cross scheme redirect, which means if the downstream + scheme is HTTPS, both HTTPS and HTTP redirect targets are allowed, but if the downstream scheme + is HTTP, only HTTP redirect targets are allowed. + enum: + - Always + - Never + - SafeOnly + type: string + denyRepeatedRouteRedirect: + description: |- + If DenyRepeatedRouteRedirect is true, rejects redirect targets that are pointing to a route that has + been followed by a previous redirect from the current route. + type: boolean + maxInternalRedirects: + description: |- + MaxInternalRedirects An internal redirect is not handled, unless the number of previous internal + redirects that a downstream request has encountered is lower than this value. + format: int32 + type: integer + redirectResponseCodes: + description: |- + RedirectResponseCodes If unspecified, only 302 will be treated as internal redirect. + Only 301, 302, 303, 307 and 308 are valid values. + items: + description: RedirectResponseCode is a uint32 type alias + with validation to ensure that the value is valid. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + format: int32 + type: integer + type: array + type: object + ipAllowPolicy: + description: |- + IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching + requests should be allowed. All other requests will be denied. + Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. + The rules defined here override any rules set on the root HTTPProxy. + items: + properties: + cidr: + description: |- + CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be + a bare IP address (without a mask) to filter on exactly one address. + type: string + source: + description: |- + Source indicates how to determine the ip address to filter on, and can be + one of two values: + - `Remote` filters on the ip address of the client, accounting for PROXY and + X-Forwarded-For as needed. + - `Peer` filters on the ip of the network request, ignoring PROXY and + X-Forwarded-For. + enum: + - Peer + - Remote + type: string + required: + - cidr + - source + type: object + type: array + ipDenyPolicy: + description: |- + IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching + requests should be denied. All other requests will be allowed. + Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. + The rules defined here override any rules set on the root HTTPProxy. + items: + properties: + cidr: + description: |- + CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be + a bare IP address (without a mask) to filter on exactly one address. + type: string + source: + description: |- + Source indicates how to determine the ip address to filter on, and can be + one of two values: + - `Remote` filters on the ip address of the client, accounting for PROXY and + X-Forwarded-For as needed. + - `Peer` filters on the ip of the network request, ignoring PROXY and + X-Forwarded-For. + enum: + - Peer + - Remote + type: string + required: + - cidr + - source + type: object + type: array + jwtVerificationPolicy: + description: The policy for verifying JWTs for requests to this + route. + properties: + disabled: + description: |- + Disabled defines whether to disable all JWT verification for this + route. This can be used to opt specific routes out of the default + JWT provider for the HTTPProxy. At most one of this field or the + "require" field can be specified. + type: boolean + require: + description: |- + Require names a specific JWT provider (defined in the virtual host) + to require for the route. If specified, this field overrides the + default provider if one exists. If this field is not specified, + the default provider will be required if one exists. At most one of + this field or the "disabled" field can be specified. + type: string + type: object + loadBalancerPolicy: + description: The load balancing policy for this route. + properties: + requestHashPolicies: + description: |- + RequestHashPolicies contains a list of hash policies to apply when the + `RequestHash` load balancing strategy is chosen. If an element of the + supplied list of hash policies is invalid, it will be ignored. If the + list of hash policies is empty after validation, the load balancing + strategy will fall back to the default `RoundRobin`. + items: + description: |- + RequestHashPolicy contains configuration for an individual hash policy + on a request attribute. + properties: + hashSourceIP: + description: |- + HashSourceIP should be set to true when request source IP hash based + load balancing is desired. It must be the only hash option field set, + otherwise this request hash policy object will be ignored. + type: boolean + headerHashOptions: + description: |- + HeaderHashOptions should be set when request header hash based load + balancing is desired. It must be the only hash option field set, + otherwise this request hash policy object will be ignored. + properties: + headerName: + description: |- + HeaderName is the name of the HTTP request header that will be used to + calculate the hash key. If the header specified is not present on a + request, no hash will be produced. + minLength: 1 + type: string + type: object + queryParameterHashOptions: + description: |- + QueryParameterHashOptions should be set when request query parameter hash based load + balancing is desired. It must be the only hash option field set, + otherwise this request hash policy object will be ignored. + properties: + parameterName: + description: |- + ParameterName is the name of the HTTP request query parameter that will be used to + calculate the hash key. If the query parameter specified is not present on a + request, no hash will be produced. + minLength: 1 + type: string + type: object + terminal: + description: |- + Terminal is a flag that allows for short-circuiting computing of a hash + for a given request. If set to true, and the request attribute specified + in the attribute hash options is present, no further hash policies will + be used to calculate a hash for the request. + type: boolean + type: object + type: array + strategy: + description: |- + Strategy specifies the policy used to balance requests + across the pool of backend pods. Valid policy names are + `Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`, + and `RequestHash`. If an unknown strategy name is specified + or no policy is supplied, the default `RoundRobin` policy + is used. + type: string + type: object + pathRewritePolicy: + description: |- + The policy for rewriting the path of the request URL + after the request has been routed to a Service. + properties: + replacePrefix: + description: ReplacePrefix describes how the path prefix + should be replaced. + items: + description: ReplacePrefix describes a path prefix replacement. + properties: + prefix: + description: |- + Prefix specifies the URL path prefix to be replaced. + If Prefix is specified, it must exactly match the MatchCondition + prefix that is rendered by the chain of including HTTPProxies + and only that path prefix will be replaced by Replacement. + This allows HTTPProxies that are included through multiple + roots to only replace specific path prefixes, leaving others + unmodified. + If Prefix is not specified, all routing prefixes rendered + by the include chain will be replaced. + minLength: 1 + type: string + replacement: + description: |- + Replacement is the string that the routing path prefix + will be replaced with. This must not be empty. + minLength: 1 + type: string + required: + - replacement + type: object + type: array + type: object + permitInsecure: + description: |- + Allow this path to respond to insecure requests over HTTP which are normally + not permitted when a `virtualhost.tls` block is present. + type: boolean + rateLimitPolicy: + description: The policy for rate limiting on the route. + properties: + global: + description: |- + Global defines global rate limiting parameters, i.e. parameters + defining descriptors that are sent to an external rate limit + service (RLS) for a rate limit decision on each request. + properties: + descriptors: + description: |- + Descriptors defines the list of descriptors that will + be generated and sent to the rate limit service. Each + descriptor contains 1+ key-value pair entries. + items: + description: RateLimitDescriptor defines a list of + key-value pair generators. + properties: + entries: + description: Entries is the list of key-value + pair generators. + items: + description: |- + RateLimitDescriptorEntry is a key-value pair generator. Exactly + one field on this struct must be non-nil. + properties: + genericKey: + description: GenericKey defines a descriptor + entry with a static key and value. + properties: + key: + description: |- + Key defines the key of the descriptor entry. If not set, the + key is set to "generic_key". + type: string + value: + description: Value defines the value + of the descriptor entry. + minLength: 1 + type: string + type: object + remoteAddress: + description: |- + RemoteAddress defines a descriptor entry with a key of "remote_address" + and a value equal to the client's IP address (from x-forwarded-for). + type: object + requestHeader: + description: |- + RequestHeader defines a descriptor entry that's populated only if + a given header is present on the request. The descriptor key is static, + and the descriptor value is equal to the value of the header. + properties: + descriptorKey: + description: DescriptorKey defines the + key to use on the descriptor entry. + minLength: 1 + type: string + headerName: + description: HeaderName defines the + name of the header to look for on + the request. + minLength: 1 + type: string + type: object + requestHeaderValueMatch: + description: |- + RequestHeaderValueMatch defines a descriptor entry that's populated + if the request's headers match a set of 1+ match criteria. The + descriptor key is "header_match", and the descriptor value is static. + properties: + expectMatch: + default: true + description: |- + ExpectMatch defines whether the request must positively match the match + criteria in order to generate a descriptor entry (i.e. true), or not + match the match criteria in order to generate a descriptor entry (i.e. false). + The default is true. + type: boolean + headers: + description: |- + Headers is a list of 1+ match criteria to apply against the request + to determine whether to populate the descriptor entry or not. + items: + description: |- + HeaderMatchCondition specifies how to conditionally match against HTTP + headers. The Name field is required, only one of Present, NotPresent, + Contains, NotContains, Exact, NotExact and Regex can be set. + For negative matching rules only (e.g. NotContains or NotExact) you can set + TreatMissingAsEmpty. + IgnoreCase has no effect for Regex. + properties: + contains: + description: |- + Contains specifies a substring that must be present in + the header value. + type: string + exact: + description: Exact specifies a + string that the header value + must be equal to. + type: string + ignoreCase: + description: |- + IgnoreCase specifies that string matching should be case insensitive. + Note that this has no effect on the Regex parameter. + type: boolean + name: + description: |- + Name is the name of the header to match against. Name is required. + Header names are case insensitive. + type: string + notcontains: + description: |- + NotContains specifies a substring that must not be present + in the header value. + type: string + notexact: + description: |- + NoExact specifies a string that the header value must not be + equal to. The condition is true if the header has any other value. + type: string + notpresent: + description: |- + NotPresent specifies that condition is true when the named header + is not present. Note that setting NotPresent to false does not + make the condition true if the named header is present. + type: boolean + present: + description: |- + Present specifies that condition is true when the named header + is present, regardless of its value. Note that setting Present + to false does not make the condition true if the named header + is absent. + type: boolean + regex: + description: |- + Regex specifies a regular expression pattern that must match the header + value. + type: string + treatMissingAsEmpty: + description: |- + TreatMissingAsEmpty specifies if the header match rule specified header + does not exist, this header value will be treated as empty. Defaults to false. + Unlike the underlying Envoy implementation this is **only** supported for + negative matches (e.g. NotContains, NotExact). + type: boolean + required: + - name + type: object + minItems: 1 + type: array + value: + description: Value defines the value + of the descriptor entry. + minLength: 1 + type: string + type: object + type: object + minItems: 1 + type: array + type: object + minItems: 1 + type: array + disabled: + description: |- + Disabled configures the HTTPProxy to not use + the default global rate limit policy defined by the Contour configuration. + type: boolean + type: object + local: + description: |- + Local defines local rate limiting parameters, i.e. parameters + for rate limiting that occurs within each Envoy pod as requests + are handled. + properties: + burst: + description: |- + Burst defines the number of requests above the requests per + unit that should be allowed within a short period of time. + format: int32 + type: integer + requests: + description: |- + Requests defines how many requests per unit of time should + be allowed before rate limiting occurs. + format: int32 + minimum: 1 + type: integer + responseHeadersToAdd: + description: |- + ResponseHeadersToAdd is an optional list of response headers to + set when a request is rate-limited. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + responseStatusCode: + description: |- + ResponseStatusCode is the HTTP status code to use for responses + to rate-limited requests. Codes must be in the 400-599 range + (inclusive). If not specified, the Envoy default of 429 (Too + Many Requests) is used. + format: int32 + maximum: 599 + minimum: 400 + type: integer + unit: + description: |- + Unit defines the period of time within which requests + over the limit will be rate limited. Valid values are + "second", "minute" and "hour". + enum: + - second + - minute + - hour + type: string + required: + - requests + - unit + type: object + type: object + requestHeadersPolicy: + description: |- + The policy for managing request headers during proxying. + You may dynamically rewrite the Host header to be forwarded + upstream to the content of a request header using + the below format "%REQ(X-Header-Name)%". If the value of the header + is empty, it is ignored. + *NOTE: Pay attention to the potential security implications of using this option. + Provided header must come from trusted source. + **NOTE: The header rewrite is only done while forwarding and has no bearing + on the routing decision. + properties: + remove: + description: Remove specifies a list of HTTP header names + to remove. + items: + type: string + type: array + set: + description: |- + Set specifies a list of HTTP header values that will be set in the HTTP header. + If the header does not exist it will be added, otherwise it will be overwritten with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + requestRedirectPolicy: + description: RequestRedirectPolicy defines an HTTP redirection. + properties: + hostname: + description: |- + Hostname is the precise hostname to be used in the value of the `Location` + header in the response. + When empty, the hostname of the request is used. + No wildcards are allowed. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: |- + Path allows for redirection to a different path from the + original on the request. The path must start with a + leading slash. + Note: Only one of Path or Prefix can be defined. + pattern: ^\/.*$ + type: string + port: + description: |- + Port is the port to be used in the value of the `Location` + header in the response. + When empty, port (if specified) of the request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + prefix: + description: |- + Prefix defines the value to swap the matched prefix or path with. + The prefix must start with a leading slash. + Note: Only one of Path or Prefix can be defined. + pattern: ^\/.*$ + type: string + scheme: + description: |- + Scheme is the scheme to be used in the value of the `Location` + header in the response. + When empty, the scheme of the request is used. + enum: + - http + - https + type: string + statusCode: + default: 302 + description: StatusCode is the HTTP status code to be used + in response. + enum: + - 301 + - 302 + type: integer + type: object + responseHeadersPolicy: + description: |- + The policy for managing response headers during proxying. + Rewriting the 'Host' header is not supported. + properties: + remove: + description: Remove specifies a list of HTTP header names + to remove. + items: + type: string + type: array + set: + description: |- + Set specifies a list of HTTP header values that will be set in the HTTP header. + If the header does not exist it will be added, otherwise it will be overwritten with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + retryPolicy: + description: The retry policy for this route. + properties: + count: + default: 1 + description: |- + NumRetries is maximum allowed number of retries. + If set to -1, then retries are disabled. + If set to 0 or not supplied, the value is set + to the Envoy default of 1. + format: int64 + minimum: -1 + type: integer + perTryTimeout: + description: |- + PerTryTimeout specifies the timeout per retry attempt. + Ignored if NumRetries is not supplied. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + retriableStatusCodes: + description: |- + RetriableStatusCodes specifies the HTTP status codes that should be retried. + This field is only respected when you include `retriable-status-codes` in the `RetryOn` field. + items: + format: int32 + type: integer + type: array + retryOn: + description: |- + RetryOn specifies the conditions on which to retry a request. + Supported [HTTP conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on): + - `5xx` + - `gateway-error` + - `reset` + - `connect-failure` + - `retriable-4xx` + - `refused-stream` + - `retriable-status-codes` + - `retriable-headers` + Supported [gRPC conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on): + - `cancelled` + - `deadline-exceeded` + - `internal` + - `resource-exhausted` + - `unavailable` + items: + description: RetryOn is a string type alias with validation + to ensure that the value is valid. + enum: + - 5xx + - gateway-error + - reset + - connect-failure + - retriable-4xx + - refused-stream + - retriable-status-codes + - retriable-headers + - cancelled + - deadline-exceeded + - internal + - resource-exhausted + - unavailable + type: string + type: array + type: object + services: + description: Services are the services to proxy traffic. + items: + description: Service defines an Kubernetes Service to proxy + traffic. + properties: + cookieRewritePolicies: + description: The policies for rewriting Set-Cookie header + attributes. + items: + properties: + domainRewrite: + description: |- + DomainRewrite enables rewriting the Set-Cookie Domain element. + If not set, Domain will not be rewritten. + properties: + value: + description: |- + Value is the value to rewrite the Domain attribute to. + For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - value + type: object + name: + description: Name is the name of the cookie for + which attributes will be rewritten. + maxLength: 4096 + minLength: 1 + pattern: ^[^()<>@,;:\\"\/[\]?={} \t\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + pathRewrite: + description: |- + PathRewrite enables rewriting the Set-Cookie Path element. + If not set, Path will not be rewritten. + properties: + value: + description: |- + Value is the value to rewrite the Path attribute to. + For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[^;\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + required: + - value + type: object + sameSite: + description: |- + SameSite enables rewriting the Set-Cookie SameSite element. + If not set, SameSite attribute will not be rewritten. + enum: + - Strict + - Lax + - None + type: string + secure: + description: |- + Secure enables rewriting the Set-Cookie Secure element. + If not set, Secure attribute will not be rewritten. + type: boolean + required: + - name + type: object + type: array + healthPort: + description: |- + HealthPort is the port for this service healthcheck. + If not specified, Port is used for service healthchecks. + maximum: 65535 + minimum: 1 + type: integer + mirror: + description: |- + If Mirror is true the Service will receive a read only mirror of the traffic for this route. + If Mirror is true, then fractional mirroring can be enabled by optionally setting the Weight + field. Legal values for Weight are 1-100. Omitting the Weight field will result in 100% mirroring. + NOTE: Setting Weight explicitly to 0 will unexpectedly result in 100% traffic mirroring. This + occurs since we cannot distinguish omitted fields from those explicitly set to their default + values + type: boolean + name: + description: |- + Name is the name of Kubernetes service to proxy traffic. + Names defined here will be used to look up corresponding endpoints which contain the ips to route. + type: string + port: + description: Port (defined as Integer) to proxy traffic + to since a service can have multiple defined. + exclusiveMaximum: true + maximum: 65536 + minimum: 1 + type: integer + protocol: + description: |- + Protocol may be used to specify (or override) the protocol used to reach this Service. + Values may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations. + enum: + - h2 + - h2c + - tls + type: string + requestHeadersPolicy: + description: The policy for managing request headers during + proxying. + properties: + remove: + description: Remove specifies a list of HTTP header + names to remove. + items: + type: string + type: array + set: + description: |- + Set specifies a list of HTTP header values that will be set in the HTTP header. + If the header does not exist it will be added, otherwise it will be overwritten with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a + header specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + responseHeadersPolicy: + description: |- + The policy for managing response headers during proxying. + Rewriting the 'Host' header is not supported. + properties: + remove: + description: Remove specifies a list of HTTP header + names to remove. + items: + type: string + type: array + set: + description: |- + Set specifies a list of HTTP header values that will be set in the HTTP header. + If the header does not exist it will be added, otherwise it will be overwritten with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a + header specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + slowStartPolicy: + description: Slow start will gradually increase amount + of traffic to a newly added endpoint. + properties: + aggression: + default: "1.0" + description: |- + The speed of traffic increase over the slow start window. + Defaults to 1.0, so that endpoint would get linearly increasing amount of traffic. + When increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly. + The value of aggression parameter should be greater than 0.0. + More info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start + pattern: ^([0-9]+([.][0-9]+)?|[.][0-9]+)$ + type: string + minWeightPercent: + default: 10 + description: |- + The minimum or starting percentage of traffic to send to new endpoints. + A non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window. + If not specified, the default is 10%. + format: int32 + maximum: 100 + minimum: 0 + type: integer + window: + description: |- + The duration of slow start window. + Duration is expressed in the Go [Duration format](https://godoc.org/time#ParseDuration). + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+)$ + type: string + required: + - window + type: object + validation: + description: UpstreamValidation defines how to verify + the backend service's certificate + properties: + caSecret: + description: |- + Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend. + The secret must contain key named ca.crt. + The name can be optionally prefixed with namespace "namespace/name". + When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret. + Max length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317) + maxLength: 317 + minLength: 1 + type: string + subjectName: + description: |- + Key which is expected to be present in the 'subjectAltName' of the presented certificate. + Deprecated: migrate to using the plural field subjectNames. + maxLength: 250 + minLength: 1 + type: string + subjectNames: + description: |- + List of keys, of which at least one is expected to be present in the 'subjectAltName of the + presented certificate. + items: + type: string + maxItems: 8 + minItems: 1 + type: array + required: + - caSecret + - subjectName + type: object + x-kubernetes-validations: + - message: subjectNames[0] must equal subjectName if set + rule: 'has(self.subjectNames) ? self.subjectNames[0] + == self.subjectName : true' + weight: + description: Weight defines percentage of traffic to balance + traffic + format: int64 + minimum: 0 + type: integer + required: + - name + - port + type: object + type: array + timeoutPolicy: + description: The timeout policy for this route. + properties: + idle: + description: |- + Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2). + Timeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests. + If not specified, there is no per-route idle timeout, though a connection manager-wide + stream_idle_timeout default of 5m still applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + idleConnection: + description: |- + Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests. + If not supplied, Envoy's default value of 1h applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + response: + description: |- + Timeout for receiving a response from the server after processing a request from client. + If not supplied, Envoy's default value of 15s applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + type: object + type: object + type: array + tcpproxy: + description: TCPProxy holds TCP proxy information. + properties: + healthCheckPolicy: + description: The health check policy for this tcp proxy + properties: + healthyThresholdCount: + description: The number of healthy health checks required + before a host is marked healthy + format: int32 + type: integer + intervalSeconds: + description: The interval (seconds) between health checks + format: int64 + type: integer + timeoutSeconds: + description: The time to wait (seconds) for a health check + response + format: int64 + type: integer + unhealthyThresholdCount: + description: The number of unhealthy health checks required + before a host is marked unhealthy + format: int32 + type: integer + type: object + include: + description: Include specifies that this tcpproxy should be delegated + to another HTTPProxy. + properties: + name: + description: Name of the child HTTPProxy + type: string + namespace: + description: Namespace of the HTTPProxy to include. Defaults + to the current namespace if not supplied. + type: string + required: + - name + type: object + includes: + description: |- + IncludesDeprecated allow for specific routing configuration to be appended to another HTTPProxy in another namespace. + Exists due to a mistake when developing HTTPProxy and the field was marked plural + when it should have been singular. This field should stay to not break backwards compatibility to v1 users. + properties: + name: + description: Name of the child HTTPProxy + type: string + namespace: + description: Namespace of the HTTPProxy to include. Defaults + to the current namespace if not supplied. + type: string + required: + - name + type: object + loadBalancerPolicy: + description: |- + The load balancing policy for the backend services. Note that the + `Cookie` and `RequestHash` load balancing strategies cannot be used + here. + properties: + requestHashPolicies: + description: |- + RequestHashPolicies contains a list of hash policies to apply when the + `RequestHash` load balancing strategy is chosen. If an element of the + supplied list of hash policies is invalid, it will be ignored. If the + list of hash policies is empty after validation, the load balancing + strategy will fall back to the default `RoundRobin`. + items: + description: |- + RequestHashPolicy contains configuration for an individual hash policy + on a request attribute. + properties: + hashSourceIP: + description: |- + HashSourceIP should be set to true when request source IP hash based + load balancing is desired. It must be the only hash option field set, + otherwise this request hash policy object will be ignored. + type: boolean + headerHashOptions: + description: |- + HeaderHashOptions should be set when request header hash based load + balancing is desired. It must be the only hash option field set, + otherwise this request hash policy object will be ignored. + properties: + headerName: + description: |- + HeaderName is the name of the HTTP request header that will be used to + calculate the hash key. If the header specified is not present on a + request, no hash will be produced. + minLength: 1 + type: string + type: object + queryParameterHashOptions: + description: |- + QueryParameterHashOptions should be set when request query parameter hash based load + balancing is desired. It must be the only hash option field set, + otherwise this request hash policy object will be ignored. + properties: + parameterName: + description: |- + ParameterName is the name of the HTTP request query parameter that will be used to + calculate the hash key. If the query parameter specified is not present on a + request, no hash will be produced. + minLength: 1 + type: string + type: object + terminal: + description: |- + Terminal is a flag that allows for short-circuiting computing of a hash + for a given request. If set to true, and the request attribute specified + in the attribute hash options is present, no further hash policies will + be used to calculate a hash for the request. + type: boolean + type: object + type: array + strategy: + description: |- + Strategy specifies the policy used to balance requests + across the pool of backend pods. Valid policy names are + `Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`, + and `RequestHash`. If an unknown strategy name is specified + or no policy is supplied, the default `RoundRobin` policy + is used. + type: string + type: object + services: + description: Services are the services to proxy traffic + items: + description: Service defines an Kubernetes Service to proxy + traffic. + properties: + cookieRewritePolicies: + description: The policies for rewriting Set-Cookie header + attributes. + items: + properties: + domainRewrite: + description: |- + DomainRewrite enables rewriting the Set-Cookie Domain element. + If not set, Domain will not be rewritten. + properties: + value: + description: |- + Value is the value to rewrite the Domain attribute to. + For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - value + type: object + name: + description: Name is the name of the cookie for which + attributes will be rewritten. + maxLength: 4096 + minLength: 1 + pattern: ^[^()<>@,;:\\"\/[\]?={} \t\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + pathRewrite: + description: |- + PathRewrite enables rewriting the Set-Cookie Path element. + If not set, Path will not be rewritten. + properties: + value: + description: |- + Value is the value to rewrite the Path attribute to. + For now this is required. + maxLength: 4096 + minLength: 1 + pattern: ^[^;\x7f\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f]+$ + type: string + required: + - value + type: object + sameSite: + description: |- + SameSite enables rewriting the Set-Cookie SameSite element. + If not set, SameSite attribute will not be rewritten. + enum: + - Strict + - Lax + - None + type: string + secure: + description: |- + Secure enables rewriting the Set-Cookie Secure element. + If not set, Secure attribute will not be rewritten. + type: boolean + required: + - name + type: object + type: array + healthPort: + description: |- + HealthPort is the port for this service healthcheck. + If not specified, Port is used for service healthchecks. + maximum: 65535 + minimum: 1 + type: integer + mirror: + description: |- + If Mirror is true the Service will receive a read only mirror of the traffic for this route. + If Mirror is true, then fractional mirroring can be enabled by optionally setting the Weight + field. Legal values for Weight are 1-100. Omitting the Weight field will result in 100% mirroring. + NOTE: Setting Weight explicitly to 0 will unexpectedly result in 100% traffic mirroring. This + occurs since we cannot distinguish omitted fields from those explicitly set to their default + values + type: boolean + name: + description: |- + Name is the name of Kubernetes service to proxy traffic. + Names defined here will be used to look up corresponding endpoints which contain the ips to route. + type: string + port: + description: Port (defined as Integer) to proxy traffic + to since a service can have multiple defined. + exclusiveMaximum: true + maximum: 65536 + minimum: 1 + type: integer + protocol: + description: |- + Protocol may be used to specify (or override) the protocol used to reach this Service. + Values may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations. + enum: + - h2 + - h2c + - tls + type: string + requestHeadersPolicy: + description: The policy for managing request headers during + proxying. + properties: + remove: + description: Remove specifies a list of HTTP header + names to remove. + items: + type: string + type: array + set: + description: |- + Set specifies a list of HTTP header values that will be set in the HTTP header. + If the header does not exist it will be added, otherwise it will be overwritten with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + responseHeadersPolicy: + description: |- + The policy for managing response headers during proxying. + Rewriting the 'Host' header is not supported. + properties: + remove: + description: Remove specifies a list of HTTP header + names to remove. + items: + type: string + type: array + set: + description: |- + Set specifies a list of HTTP header values that will be set in the HTTP header. + If the header does not exist it will be added, otherwise it will be overwritten with the new value. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + type: object + slowStartPolicy: + description: Slow start will gradually increase amount of + traffic to a newly added endpoint. + properties: + aggression: + default: "1.0" + description: |- + The speed of traffic increase over the slow start window. + Defaults to 1.0, so that endpoint would get linearly increasing amount of traffic. + When increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly. + The value of aggression parameter should be greater than 0.0. + More info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start + pattern: ^([0-9]+([.][0-9]+)?|[.][0-9]+)$ + type: string + minWeightPercent: + default: 10 + description: |- + The minimum or starting percentage of traffic to send to new endpoints. + A non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window. + If not specified, the default is 10%. + format: int32 + maximum: 100 + minimum: 0 + type: integer + window: + description: |- + The duration of slow start window. + Duration is expressed in the Go [Duration format](https://godoc.org/time#ParseDuration). + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+)$ + type: string + required: + - window + type: object + validation: + description: UpstreamValidation defines how to verify the + backend service's certificate + properties: + caSecret: + description: |- + Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend. + The secret must contain key named ca.crt. + The name can be optionally prefixed with namespace "namespace/name". + When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret. + Max length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317) + maxLength: 317 + minLength: 1 + type: string + subjectName: + description: |- + Key which is expected to be present in the 'subjectAltName' of the presented certificate. + Deprecated: migrate to using the plural field subjectNames. + maxLength: 250 + minLength: 1 + type: string + subjectNames: + description: |- + List of keys, of which at least one is expected to be present in the 'subjectAltName of the + presented certificate. + items: + type: string + maxItems: 8 + minItems: 1 + type: array + required: + - caSecret + - subjectName + type: object + x-kubernetes-validations: + - message: subjectNames[0] must equal subjectName if set + rule: 'has(self.subjectNames) ? self.subjectNames[0] == + self.subjectName : true' + weight: + description: Weight defines percentage of traffic to balance + traffic + format: int64 + minimum: 0 + type: integer + required: + - name + - port + type: object + type: array + type: object + virtualhost: + description: |- + Virtualhost appears at most once. If it is present, the object is considered + to be a "root" HTTPProxy. + properties: + authorization: + description: |- + This field configures an extension service to perform + authorization for this virtual host. Authorization can + only be configured on virtual hosts that have TLS enabled. + If the TLS configuration requires client certificate + validation, the client certificate is always included in the + authentication check request. + properties: + authPolicy: + description: |- + AuthPolicy sets a default authorization policy for client requests. + This policy will be used unless overridden by individual routes. + properties: + context: + additionalProperties: + type: string + description: |- + Context is a set of key/value pairs that are sent to the + authentication server in the check request. If a context + is provided at an enclosing scope, the entries are merged + such that the inner scope overrides matching keys from the + outer scope. + type: object + disabled: + description: |- + When true, this field disables client request authentication + for the scope of the policy. + type: boolean + type: object + extensionRef: + description: ExtensionServiceRef specifies the extension resource + that will authorize client requests. + properties: + apiVersion: + description: |- + API version of the referent. + If this field is not specified, the default "projectcontour.io/v1alpha1" will be used + minLength: 1 + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referent. + If this field is not specifies, the namespace of the resource that targets the referent will be used. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + minLength: 1 + type: string + type: object + failOpen: + description: |- + If FailOpen is true, the client request is forwarded to the upstream service + even if the authorization server fails to respond. This field should not be + set in most cases. It is intended for use only while migrating applications + from internal authorization to Contour external authorization. + type: boolean + responseTimeout: + description: |- + ResponseTimeout configures maximum time to wait for a check response from the authorization server. + Timeout durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration). + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + The string "infinity" is also a valid input and specifies no timeout. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ + type: string + withRequestBody: + description: WithRequestBody specifies configuration for sending + the client request's body to authorization server. + properties: + allowPartialMessage: + description: If AllowPartialMessage is true, then Envoy + will buffer the body until MaxRequestBytes are reached. + type: boolean + maxRequestBytes: + default: 1024 + description: MaxRequestBytes sets the maximum size of + message body ExtAuthz filter will hold in-memory. + format: int32 + minimum: 1 + type: integer + packAsBytes: + description: If PackAsBytes is true, the body sent to + Authorization Server is in raw bytes. + type: boolean + type: object + type: object + corsPolicy: + description: Specifies the cross-origin policy to apply to the + VirtualHost. + properties: + allowCredentials: + description: Specifies whether the resource allows credentials. + type: boolean + allowHeaders: + description: AllowHeaders specifies the content for the *access-control-allow-headers* + header. + items: + description: CORSHeaderValue specifies the value of the + string headers returned by a cross-domain request. + pattern: ^[a-zA-Z0-9!#$%&'*+.^_`|~-]+$ + type: string + minItems: 1 + type: array + allowMethods: + description: AllowMethods specifies the content for the *access-control-allow-methods* + header. + items: + description: CORSHeaderValue specifies the value of the + string headers returned by a cross-domain request. + pattern: ^[a-zA-Z0-9!#$%&'*+.^_`|~-]+$ + type: string + minItems: 1 + type: array + allowOrigin: + description: |- + AllowOrigin specifies the origins that will be allowed to do CORS requests. + Allowed values include "*" which signifies any origin is allowed, an exact + origin of the form "scheme://host[:port]" (where port is optional), or a valid + regex pattern. + Note that regex patterns are validated and a simple "glob" pattern (e.g. *.foo.com) + will be rejected or produce unexpected matches when applied as a regex. + items: + type: string + minItems: 1 + type: array + allowPrivateNetwork: + description: |- + AllowPrivateNetwork specifies whether to allow private network requests. + See https://developer.chrome.com/blog/private-network-access-preflight. + type: boolean + exposeHeaders: + description: ExposeHeaders Specifies the content for the *access-control-expose-headers* + header. + items: + description: CORSHeaderValue specifies the value of the + string headers returned by a cross-domain request. + pattern: ^[a-zA-Z0-9!#$%&'*+.^_`|~-]+$ + type: string + minItems: 1 + type: array + maxAge: + description: |- + MaxAge indicates for how long the results of a preflight request can be cached. + MaxAge durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration). + Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + Only positive values are allowed while 0 disables the cache requiring a preflight OPTIONS + check for all cross-origin requests. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|0)$ + type: string + required: + - allowMethods + - allowOrigin + type: object + fqdn: + description: |- + The fully qualified domain name of the root of the ingress tree + all leaves of the DAG rooted at this object relate to the fqdn. + pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + ipAllowPolicy: + description: |- + IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching + requests should be allowed. All other requests will be denied. + Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. + The rules defined here may be overridden in a Route. + items: + properties: + cidr: + description: |- + CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be + a bare IP address (without a mask) to filter on exactly one address. + type: string + source: + description: |- + Source indicates how to determine the ip address to filter on, and can be + one of two values: + - `Remote` filters on the ip address of the client, accounting for PROXY and + X-Forwarded-For as needed. + - `Peer` filters on the ip of the network request, ignoring PROXY and + X-Forwarded-For. + enum: + - Peer + - Remote + type: string + required: + - cidr + - source + type: object + type: array + ipDenyPolicy: + description: |- + IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching + requests should be denied. All other requests will be allowed. + Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. + The rules defined here may be overridden in a Route. + items: + properties: + cidr: + description: |- + CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be + a bare IP address (without a mask) to filter on exactly one address. + type: string + source: + description: |- + Source indicates how to determine the ip address to filter on, and can be + one of two values: + - `Remote` filters on the ip address of the client, accounting for PROXY and + X-Forwarded-For as needed. + - `Peer` filters on the ip of the network request, ignoring PROXY and + X-Forwarded-For. + enum: + - Peer + - Remote + type: string + required: + - cidr + - source + type: object + type: array + jwtProviders: + description: Providers to use for verifying JSON Web Tokens (JWTs) + on the virtual host. + items: + description: JWTProvider defines how to verify JWTs on requests. + properties: + audiences: + description: |- + Audiences that JWTs are allowed to have in the "aud" field. + If not provided, JWT audiences are not checked. + items: + type: string + type: array + default: + description: |- + Whether the provider should apply to all + routes in the HTTPProxy/its includes by + default. At most one provider can be marked + as the default. If no provider is marked + as the default, individual routes must explicitly + identify the provider they require. + type: boolean + forwardJWT: + description: |- + Whether the JWT should be forwarded to the backend + service after successful verification. By default, + the JWT is not forwarded. + type: boolean + issuer: + description: |- + Issuer that JWTs are required to have in the "iss" field. + If not provided, JWT issuers are not checked. + type: string + name: + description: Unique name for the provider. + minLength: 1 + type: string + remoteJWKS: + description: Remote JWKS to use for verifying JWT signatures. + properties: + cacheDuration: + description: |- + How long to cache the JWKS locally. If not specified, + Envoy's default of 5m applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+)$ + type: string + dnsLookupFamily: + description: |- + The DNS IP address resolution policy for the JWKS URI. + When configured as "v4", the DNS resolver will only perform a lookup + for addresses in the IPv4 family. If "v6" is configured, the DNS resolver + will only perform a lookup for addresses in the IPv6 family. + If "all" is configured, the DNS resolver + will perform a lookup for addresses in both the IPv4 and IPv6 family. + If "auto" is configured, the DNS resolver will first perform a lookup + for addresses in the IPv6 family and fallback to a lookup for addresses + in the IPv4 family. If not specified, the Contour-wide setting defined + in the config file or ContourConfiguration applies (defaults to "auto"). + See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily + for more information. + enum: + - auto + - v4 + - v6 + type: string + timeout: + description: |- + How long to wait for a response from the URI. + If not specified, a default of 1s applies. + pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+)$ + type: string + uri: + description: The URI for the JWKS. + minLength: 1 + type: string + validation: + description: UpstreamValidation defines how to verify + the JWKS's TLS certificate. + properties: + caSecret: + description: |- + Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend. + The secret must contain key named ca.crt. + The name can be optionally prefixed with namespace "namespace/name". + When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret. + Max length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317) + maxLength: 317 + minLength: 1 + type: string + subjectName: + description: |- + Key which is expected to be present in the 'subjectAltName' of the presented certificate. + Deprecated: migrate to using the plural field subjectNames. + maxLength: 250 + minLength: 1 + type: string + subjectNames: + description: |- + List of keys, of which at least one is expected to be present in the 'subjectAltName of the + presented certificate. + items: + type: string + maxItems: 8 + minItems: 1 + type: array + required: + - caSecret + - subjectName + type: object + x-kubernetes-validations: + - message: subjectNames[0] must equal subjectName if + set + rule: 'has(self.subjectNames) ? self.subjectNames[0] + == self.subjectName : true' + required: + - uri + type: object + required: + - name + - remoteJWKS + type: object + type: array + rateLimitPolicy: + description: The policy for rate limiting on the virtual host. + properties: + global: + description: |- + Global defines global rate limiting parameters, i.e. parameters + defining descriptors that are sent to an external rate limit + service (RLS) for a rate limit decision on each request. + properties: + descriptors: + description: |- + Descriptors defines the list of descriptors that will + be generated and sent to the rate limit service. Each + descriptor contains 1+ key-value pair entries. + items: + description: RateLimitDescriptor defines a list of key-value + pair generators. + properties: + entries: + description: Entries is the list of key-value pair + generators. + items: + description: |- + RateLimitDescriptorEntry is a key-value pair generator. Exactly + one field on this struct must be non-nil. + properties: + genericKey: + description: GenericKey defines a descriptor + entry with a static key and value. + properties: + key: + description: |- + Key defines the key of the descriptor entry. If not set, the + key is set to "generic_key". + type: string + value: + description: Value defines the value of + the descriptor entry. + minLength: 1 + type: string + type: object + remoteAddress: + description: |- + RemoteAddress defines a descriptor entry with a key of "remote_address" + and a value equal to the client's IP address (from x-forwarded-for). + type: object + requestHeader: + description: |- + RequestHeader defines a descriptor entry that's populated only if + a given header is present on the request. The descriptor key is static, + and the descriptor value is equal to the value of the header. + properties: + descriptorKey: + description: DescriptorKey defines the + key to use on the descriptor entry. + minLength: 1 + type: string + headerName: + description: HeaderName defines the name + of the header to look for on the request. + minLength: 1 + type: string + type: object + requestHeaderValueMatch: + description: |- + RequestHeaderValueMatch defines a descriptor entry that's populated + if the request's headers match a set of 1+ match criteria. The + descriptor key is "header_match", and the descriptor value is static. + properties: + expectMatch: + default: true + description: |- + ExpectMatch defines whether the request must positively match the match + criteria in order to generate a descriptor entry (i.e. true), or not + match the match criteria in order to generate a descriptor entry (i.e. false). + The default is true. + type: boolean + headers: + description: |- + Headers is a list of 1+ match criteria to apply against the request + to determine whether to populate the descriptor entry or not. + items: + description: |- + HeaderMatchCondition specifies how to conditionally match against HTTP + headers. The Name field is required, only one of Present, NotPresent, + Contains, NotContains, Exact, NotExact and Regex can be set. + For negative matching rules only (e.g. NotContains or NotExact) you can set + TreatMissingAsEmpty. + IgnoreCase has no effect for Regex. + properties: + contains: + description: |- + Contains specifies a substring that must be present in + the header value. + type: string + exact: + description: Exact specifies a string + that the header value must be + equal to. + type: string + ignoreCase: + description: |- + IgnoreCase specifies that string matching should be case insensitive. + Note that this has no effect on the Regex parameter. + type: boolean + name: + description: |- + Name is the name of the header to match against. Name is required. + Header names are case insensitive. + type: string + notcontains: + description: |- + NotContains specifies a substring that must not be present + in the header value. + type: string + notexact: + description: |- + NoExact specifies a string that the header value must not be + equal to. The condition is true if the header has any other value. + type: string + notpresent: + description: |- + NotPresent specifies that condition is true when the named header + is not present. Note that setting NotPresent to false does not + make the condition true if the named header is present. + type: boolean + present: + description: |- + Present specifies that condition is true when the named header + is present, regardless of its value. Note that setting Present + to false does not make the condition true if the named header + is absent. + type: boolean + regex: + description: |- + Regex specifies a regular expression pattern that must match the header + value. + type: string + treatMissingAsEmpty: + description: |- + TreatMissingAsEmpty specifies if the header match rule specified header + does not exist, this header value will be treated as empty. Defaults to false. + Unlike the underlying Envoy implementation this is **only** supported for + negative matches (e.g. NotContains, NotExact). + type: boolean + required: + - name + type: object + minItems: 1 + type: array + value: + description: Value defines the value of + the descriptor entry. + minLength: 1 + type: string + type: object + type: object + minItems: 1 + type: array + type: object + minItems: 1 + type: array + disabled: + description: |- + Disabled configures the HTTPProxy to not use + the default global rate limit policy defined by the Contour configuration. + type: boolean + type: object + local: + description: |- + Local defines local rate limiting parameters, i.e. parameters + for rate limiting that occurs within each Envoy pod as requests + are handled. + properties: + burst: + description: |- + Burst defines the number of requests above the requests per + unit that should be allowed within a short period of time. + format: int32 + type: integer + requests: + description: |- + Requests defines how many requests per unit of time should + be allowed before rate limiting occurs. + format: int32 + minimum: 1 + type: integer + responseHeadersToAdd: + description: |- + ResponseHeadersToAdd is an optional list of response headers to + set when a request is rate-limited. + items: + description: HeaderValue represents a header name/value + pair + properties: + name: + description: Name represents a key of a header + minLength: 1 + type: string + value: + description: Value represents the value of a header + specified by a key + minLength: 1 + type: string + required: + - name + - value + type: object + type: array + responseStatusCode: + description: |- + ResponseStatusCode is the HTTP status code to use for responses + to rate-limited requests. Codes must be in the 400-599 range + (inclusive). If not specified, the Envoy default of 429 (Too + Many Requests) is used. + format: int32 + maximum: 599 + minimum: 400 + type: integer + unit: + description: |- + Unit defines the period of time within which requests + over the limit will be rate limited. Valid values are + "second", "minute" and "hour". + enum: + - second + - minute + - hour + type: string + required: + - requests + - unit + type: object + type: object + tls: + description: |- + If present the fields describes TLS properties of the virtual + host. The SNI names that will be matched on are described in fqdn, + the tls.secretName secret must contain a certificate that itself + contains a name that matches the FQDN. + properties: + clientValidation: + description: |- + ClientValidation defines how to verify the client certificate + when an external client establishes a TLS connection to Envoy. + This setting: + 1. Enables TLS client certificate validation. + 2. Specifies how the client certificate will be validated (i.e. + validation required or skipped). + Note: Setting client certificate validation to be skipped should + be only used in conjunction with an external authorization server that + performs client validation as Contour will ensure client certificates + are passed along. + properties: + caSecret: + description: |- + Name of a Kubernetes secret that contains a CA certificate bundle. + The secret must contain key named ca.crt. + The client certificate must validate against the certificates in the bundle. + If specified and SkipClientCertValidation is true, client certificates will + be required on requests. + The name can be optionally prefixed with namespace "namespace/name". + When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret. + minLength: 1 + type: string + crlOnlyVerifyLeafCert: + description: |- + If this option is set to true, only the certificate at the end of the + certificate chain will be subject to validation by CRL. + type: boolean + crlSecret: + description: |- + Name of a Kubernetes opaque secret that contains a concatenated list of PEM encoded CRLs. + The secret must contain key named crl.pem. + This field will be used to verify that a client certificate has not been revoked. + CRLs must be available from all CAs, unless crlOnlyVerifyLeafCert is true. + Large CRL lists are not supported since individual secrets are limited to 1MiB in size. + The name can be optionally prefixed with namespace "namespace/name". + When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret. + minLength: 1 + type: string + forwardClientCertificate: + description: |- + ForwardClientCertificate adds the selected data from the passed client TLS certificate + to the x-forwarded-client-cert header. + properties: + cert: + description: Client cert in URL encoded PEM format. + type: boolean + chain: + description: Client cert chain (including the leaf + cert) in URL encoded PEM format. + type: boolean + dns: + description: DNS type Subject Alternative Names of + the client cert. + type: boolean + subject: + description: Subject of the client cert. + type: boolean + uri: + description: URI type Subject Alternative Name of + the client cert. + type: boolean + type: object + optionalClientCertificate: + description: |- + OptionalClientCertificate when set to true will request a client certificate + but allow the connection to continue if the client does not provide one. + If a client certificate is sent, it will be verified according to the + other properties, which includes disabling validation if + SkipClientCertValidation is set. Defaults to false. + type: boolean + skipClientCertValidation: + description: |- + SkipClientCertValidation disables downstream client certificate + validation. Defaults to false. This field is intended to be used in + conjunction with external authorization in order to enable the external + authorization server to validate client certificates. When this field + is set to true, client certificates are requested but not verified by + Envoy. If CACertificate is specified, client certificates are required on + requests, but not verified. If external authorization is in use, they are + presented to the external authorization server. + type: boolean + type: object + enableFallbackCertificate: + description: |- + EnableFallbackCertificate defines if the vhost should allow a default certificate to + be applied which handles all requests which don't match the SNI defined in this vhost. + type: boolean + maximumProtocolVersion: + description: |- + MaximumProtocolVersion is the maximum TLS version this vhost should + negotiate. Valid options are `1.2` and `1.3` (default). Any other value + defaults to TLS 1.3. + type: string + minimumProtocolVersion: + description: |- + MinimumProtocolVersion is the minimum TLS version this vhost should + negotiate. Valid options are `1.2` (default) and `1.3`. Any other value + defaults to TLS 1.2. + type: string + passthrough: + description: |- + Passthrough defines whether the encrypted TLS handshake will be + passed through to the backing cluster. Either Passthrough or + SecretName must be specified, but not both. + type: boolean + secretName: + description: |- + SecretName is the name of a TLS secret. + Either SecretName or Passthrough must be specified, but not both. + If specified, the named secret must contain a matching certificate + for the virtual host's FQDN. + The name can be optionally prefixed with namespace "namespace/name". + When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret. + type: string + type: object + required: + - fqdn + type: object + type: object + status: + default: + currentStatus: NotReconciled + description: Waiting for controller + description: Status is a container for computed information about the + HTTPProxy. + properties: + conditions: + description: |- + Conditions contains information about the current status of the HTTPProxy, + in an upstream-friendly container. + Contour will update a single condition, `Valid`, that is in normal-true polarity. + That is, when `currentStatus` is `valid`, the `Valid` condition will be `status: true`, + and vice versa. + Contour will leave untouched any other Conditions set in this block, + in case some other controller wants to add a Condition. + If you are another controller owner and wish to add a condition, you *should* + namespace your condition with a label, like `controller.domain.com/ConditionName`. + items: + description: |- + DetailedCondition is an extension of the normal Kubernetes conditions, with two extra + fields to hold sub-conditions, which provide more detailed reasons for the state (True or False) + of the condition. + `errors` holds information about sub-conditions which are fatal to that condition and render its state False. + `warnings` holds information about sub-conditions which are not fatal to that condition and do not force the state to be False. + Remember that Conditions have a type, a status, and a reason. + The type is the type of the condition, the most important one in this CRD set is `Valid`. + `Valid` is a positive-polarity condition: when it is `status: true` there are no problems. + In more detail, `status: true` means that the object is has been ingested into Contour with no errors. + `warnings` may still be present, and will be indicated in the Reason field. There must be zero entries in the `errors` + slice in this case. + `Valid`, `status: false` means that the object has had one or more fatal errors during processing into Contour. + The details of the errors will be present under the `errors` field. There must be at least one error in the `errors` + slice if `status` is `false`. + For DetailedConditions of types other than `Valid`, the Condition must be in the negative polarity. + When they have `status` `true`, there is an error. There must be at least one entry in the `errors` Subcondition slice. + When they have `status` `false`, there are no serious errors, and there must be zero entries in the `errors` slice. + In either case, there may be entries in the `warnings` slice. + Regardless of the polarity, the `reason` and `message` fields must be updated with either the detail of the reason + (if there is one and only one entry in total across both the `errors` and `warnings` slices), or + `MultipleReasons` if there is more than one entry. + properties: + errors: + description: |- + Errors contains a slice of relevant error subconditions for this object. + Subconditions are expected to appear when relevant (when there is a error), and disappear when not relevant. + An empty slice here indicates no errors. + items: + description: |- + SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. + It contains a subset of the Condition fields. + It is intended for warnings and errors, so `type` names should use abnormal-true polarity, + that is, they should be of the form "ErrorPresent: true". + The expected lifecycle for these errors is that they should only be present when the error or warning is, + and should be removed when they are not relevant. + properties: + message: + description: |- + Message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: |- + Reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + warnings: + description: |- + Warnings contains a slice of relevant warning subconditions for this object. + Subconditions are expected to appear when relevant (when there is a warning), and disappear when not relevant. + An empty slice here indicates no warnings. + items: + description: |- + SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. + It contains a subset of the Condition fields. + It is intended for warnings and errors, so `type` names should use abnormal-true polarity, + that is, they should be of the form "ErrorPresent: true". + The expected lifecycle for these errors is that they should only be present when the error or warning is, + and should be removed when they are not relevant. + properties: + message: + description: |- + Message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: |- + Reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentStatus: + type: string + description: + type: string + loadBalancer: + description: LoadBalancer contains the current status of the load + balancer. + properties: + ingress: + description: |- + Ingress is a list containing ingress points for the load-balancer. + Traffic intended for the service should be sent to these ingress points. + items: + description: |- + LoadBalancerIngress represents the status of a load-balancer ingress point: + traffic intended for the service should be sent to an ingress point. + properties: + hostname: + description: |- + Hostname is set for load-balancer ingress points that are DNS based + (typically AWS load-balancers) + type: string + ip: + description: |- + IP is set for load-balancer ingress points that are IP based + (typically GCE or OpenStack load-balancers) + type: string + ipMode: + description: |- + IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. + Setting this to "VIP" indicates that traffic is delivered to the node with + the destination set to the load-balancer's IP and port. + Setting this to "Proxy" indicates that traffic is delivered to the node or pod with + the destination set to the node's IP and node port or the pod's IP and port. + Service implementations may use this information to adjust traffic routing. + type: string + ports: + description: |- + Ports is a list of records of service ports + If used, every port defined in the service should have an entry in it + items: + properties: + error: + description: |- + Error is to record the problem with the service port + The format of the error shall comply with the following rules: + - built-in error values shall be specified in this file and those shall use + CamelCase names + - cloud provider specific error values must have names that comply with the + format foo.example.com/CamelCase. + --- + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service + port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: |- + Protocol is the protocol of the service port of which status is recorded here + The supported values are: "TCP", "UDP", "SCTP" + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: tlscertificatedelegations.projectcontour.io +spec: + preserveUnknownFields: false + group: projectcontour.io + names: + kind: TLSCertificateDelegation + listKind: TLSCertificateDelegationList + plural: tlscertificatedelegations + shortNames: + - tlscerts + singular: tlscertificatedelegation + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + TLSCertificateDelegation is an TLS Certificate Delegation CRD specification. + See design/tls-certificate-delegation.md for details. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TLSCertificateDelegationSpec defines the spec of the CRD + properties: + delegations: + items: + description: |- + CertificateDelegation maps the authority to reference a secret + in the current namespace to a set of namespaces. + properties: + secretName: + description: required, the name of a secret in the current namespace. + type: string + targetNamespaces: + description: |- + required, the namespaces the authority to reference the + secret will be delegated to. + If TargetNamespaces is nil or empty, the CertificateDelegation' + is ignored. If the TargetNamespace list contains the character, "*" + the secret will be delegated to all namespaces. + items: + type: string + type: array + required: + - secretName + - targetNamespaces + type: object + type: array + required: + - delegations + type: object + status: + description: |- + TLSCertificateDelegationStatus allows for the status of the delegation + to be presented to the user. + properties: + conditions: + description: |- + Conditions contains information about the current status of the HTTPProxy, + in an upstream-friendly container. + Contour will update a single condition, `Valid`, that is in normal-true polarity. + That is, when `currentStatus` is `valid`, the `Valid` condition will be `status: true`, + and vice versa. + Contour will leave untouched any other Conditions set in this block, + in case some other controller wants to add a Condition. + If you are another controller owner and wish to add a condition, you *should* + namespace your condition with a label, like `controller.domain.com\ConditionName`. + items: + description: |- + DetailedCondition is an extension of the normal Kubernetes conditions, with two extra + fields to hold sub-conditions, which provide more detailed reasons for the state (True or False) + of the condition. + `errors` holds information about sub-conditions which are fatal to that condition and render its state False. + `warnings` holds information about sub-conditions which are not fatal to that condition and do not force the state to be False. + Remember that Conditions have a type, a status, and a reason. + The type is the type of the condition, the most important one in this CRD set is `Valid`. + `Valid` is a positive-polarity condition: when it is `status: true` there are no problems. + In more detail, `status: true` means that the object is has been ingested into Contour with no errors. + `warnings` may still be present, and will be indicated in the Reason field. There must be zero entries in the `errors` + slice in this case. + `Valid`, `status: false` means that the object has had one or more fatal errors during processing into Contour. + The details of the errors will be present under the `errors` field. There must be at least one error in the `errors` + slice if `status` is `false`. + For DetailedConditions of types other than `Valid`, the Condition must be in the negative polarity. + When they have `status` `true`, there is an error. There must be at least one entry in the `errors` Subcondition slice. + When they have `status` `false`, there are no serious errors, and there must be zero entries in the `errors` slice. + In either case, there may be entries in the `warnings` slice. + Regardless of the polarity, the `reason` and `message` fields must be updated with either the detail of the reason + (if there is one and only one entry in total across both the `errors` and `warnings` slices), or + `MultipleReasons` if there is more than one entry. + properties: + errors: + description: |- + Errors contains a slice of relevant error subconditions for this object. + Subconditions are expected to appear when relevant (when there is a error), and disappear when not relevant. + An empty slice here indicates no errors. + items: + description: |- + SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. + It contains a subset of the Condition fields. + It is intended for warnings and errors, so `type` names should use abnormal-true polarity, + that is, they should be of the form "ErrorPresent: true". + The expected lifecycle for these errors is that they should only be present when the error or warning is, + and should be removed when they are not relevant. + properties: + message: + description: |- + Message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: |- + Reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + warnings: + description: |- + Warnings contains a slice of relevant warning subconditions for this object. + Subconditions are expected to appear when relevant (when there is a warning), and disappear when not relevant. + An empty slice here indicates no warnings. + items: + description: |- + SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. + It contains a subset of the Condition fields. + It is intended for warnings and errors, so `type` names should use abnormal-true polarity, + that is, they should be of the form "ErrorPresent: true". + The expected lifecycle for these errors is that they should only be present when the error or warning is, + and should be removed when they are not relevant. + properties: + message: + description: |- + Message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: |- + Reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. + This must be in abnormal-true polarity, that is, `ErrorFound` or `controller.io/ErrorFound`. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/controllers/tests/clusterregistry/suite_test.go b/controllers/tests/clusterregistry/suite_test.go index 8ef878d5b..f326c8d55 100644 --- a/controllers/tests/clusterregistry/suite_test.go +++ b/controllers/tests/clusterregistry/suite_test.go @@ -97,6 +97,7 @@ var _ = BeforeSuite(func() { CRDDirectoryPaths: []string{ filepath.Join("..", "..", "..", "config", "base", "crds"), filepath.Join("..", "..", "..", "config", "test", "crd", "cert-manager"), + filepath.Join("..", "..", "..", "config", "test", "crd", "projectcontour"), filepath.Join("..", "..", "..", "config", "test", "crd", "istio"), }, ControlPlaneStopTimeout: stopTimeout, diff --git a/controllers/tests/kafkacluster_controller_contour_test.go b/controllers/tests/kafkacluster_controller_contour_test.go new file mode 100644 index 000000000..46a6fcdcb --- /dev/null +++ b/controllers/tests/kafkacluster_controller_contour_test.go @@ -0,0 +1,173 @@ +// Copyright © 2020 Cisco Systems, Inc. and/or its affiliates +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package tests + +import ( + "context" + "fmt" + "sync/atomic" + + "github.com/go-logr/logr" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/banzaicloud/koperator/api/v1beta1" + "github.com/banzaicloud/koperator/pkg/util" + contourutils "github.com/banzaicloud/koperator/pkg/util/contour" + "github.com/banzaicloud/koperator/pkg/util/kafka" +) + +var _ = Describe("KafkaClusterWithContourIngressController", func() { + var ( + count uint64 = 0 + namespace string + namespaceObj *corev1.Namespace + kafkaCluster *v1beta1.KafkaCluster + ) + + BeforeEach(func() { + atomic.AddUint64(&count, 1) + namespace = fmt.Sprintf("kafkacontourtest-%v", count) + namespaceObj = &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: namespace, + }, + } + + kafkaCluster = createMinimalKafkaClusterCR(fmt.Sprintf("kafkacluster-%d", count), namespace) + kafkaCluster.Spec.ListenersConfig.ExternalListeners[0].HostnameOverride = "kafka.cluster.local" + kafkaCluster.Spec.IngressController = "contour" + contourListener := kafkaCluster.Spec.ListenersConfig.ExternalListeners[0] + contourListener.AccessMethod = corev1.ServiceTypeClusterIP + contourListener.ExternalStartingPort = -1 + contourListener.AnyCastPort = util.Int32Pointer(8443) + contourListener.Type = "plaintext" + contourListener.Name = "listener1" + contourListener.Config = &v1beta1.Config{ + + DefaultIngressConfig: "", + IngressConfig: map[string]v1beta1.IngressConfig{ + "listener1-config1": { + ContourIngressConfig: &v1beta1.ContourIngressConfig{ + TLSSecretName: "test-tls-secret", + BrokerFQDNTemplate: "broker-%d.kafka.cluster.local", + }, + }, + }, + } + + kafkaCluster.Spec.ListenersConfig.ExternalListeners[0] = contourListener + + }) + JustBeforeEach(func(ctx SpecContext) { + By("creating namespace " + namespace) + err := k8sClient.Create(ctx, namespaceObj) + Expect(err).NotTo(HaveOccurred()) + + By("creating kafka cluster object " + kafkaCluster.Name + " in namespace " + namespace) + err = k8sClient.Create(ctx, kafkaCluster) + Expect(err).NotTo(HaveOccurred()) + + waitForClusterRunningState(ctx, kafkaCluster, namespace) + }) + JustAfterEach(func(ctx SpecContext) { + By("deleting Kafka cluster object " + kafkaCluster.Name + " in namespace " + namespace) + err := k8sClient.Delete(ctx, kafkaCluster) + Expect(err).NotTo(HaveOccurred()) + + kafkaCluster = nil + }) + When("configuring Contour ingress expect broker ClusterIp svc", func() { + BeforeEach(func() { + kafkaCluster.Spec.Brokers[0].BrokerConfig = &v1beta1.BrokerConfig{BrokerIngressMapping: []string{"listener1"}} + kafkaCluster.Spec.Brokers[1].BrokerConfig = &v1beta1.BrokerConfig{BrokerIngressMapping: []string{"listener1"}} + }) + It("should reconcile object properly", func(ctx SpecContext) { + // TODO: implement + expectContour(ctx, kafkaCluster) + }) + }) +}) + +func expectContourClusterIpAnycastSvc(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, eListener v1beta1.ExternalListenerConfig) { + + var log logr.Logger + var svc corev1.Service + ingressConfigs, defaultControllerName, err := util.GetIngressConfigs(kafkaCluster.Spec, eListener) + Expect(err).NotTo(HaveOccurred()) + + for name, ingressConfig := range ingressConfigs { + if !util.IsIngressConfigInUse(name, defaultControllerName, kafkaCluster, log) { + continue + } + serviceName := util.GenerateEnvoyResourceName(contourutils.ContourServiceName, contourutils.ContourServiceNameWithScope, + eListener, ingressConfig, name, kafkaCluster.GetName()) + Eventually(ctx, func() error { + err := k8sClient.Get(ctx, types.NamespacedName{Namespace: kafkaCluster.Namespace, Name: serviceName}, &svc) + return err + }).Should(Succeed()) + Expect(svc.Spec.Type).To(Equal(corev1.ServiceTypeClusterIP)) + Expect(svc.Spec.Ports).To(HaveLen(1)) + Expect(svc.Spec.Ports[0].Port).To(Equal(*eListener.AnyCastPort)) + Expect(svc.Spec.Ports[0].TargetPort).To(Equal(intstr.FromInt(int(eListener.ContainerPort)))) + Expect(svc.Spec.Ports[0].Name).To(Equal("tcp-all-broker")) + Expect(svc.Spec.Selector).To(HaveKeyWithValue("app", "kafka")) + Expect(svc.Spec.Selector).To(HaveKeyWithValue("kafka_cr", kafkaCluster.GetName())) + } +} + +func expectContourClusterIpBrokerSvc(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, eListener v1beta1.ExternalListenerConfig) { + var log logr.Logger + var svc corev1.Service + ingressConfigs, defaultControllerName, err := util.GetIngressConfigs(kafkaCluster.Spec, eListener) + Expect(err).NotTo(HaveOccurred()) + + for name, _ := range ingressConfigs { + if !util.IsIngressConfigInUse(name, defaultControllerName, kafkaCluster, log) { + continue + } + for _, broker := range kafkaCluster.Spec.Brokers { + serviceName := fmt.Sprintf(kafka.NodePortServiceTemplate, kafkaCluster.GetName(), broker.Id, eListener.Name) + Eventually(ctx, func() error { + err := k8sClient.Get(ctx, types.NamespacedName{Namespace: kafkaCluster.Namespace, Name: serviceName}, &svc) + return err + }).Should(Succeed()) + Expect(svc.Spec.Type).To(Equal(corev1.ServiceTypeClusterIP)) + Expect(svc.Spec.Ports).To(HaveLen(1)) + Expect(svc.Spec.Ports[0].Port).To(Equal(*eListener.AnyCastPort)) + Expect(svc.Spec.Ports[0].TargetPort).To(Equal(intstr.FromInt(int(eListener.ContainerPort)))) + Expect(svc.Spec.Ports[0].Name).To(Equal(fmt.Sprintf("broker-%d", broker.Id))) + Expect(svc.Spec.Selector).To(HaveKeyWithValue("app", "kafka")) + Expect(svc.Spec.Selector).To(HaveKeyWithValue(v1beta1.BrokerIdLabelKey, fmt.Sprintf("%d", broker.Id))) + Expect(svc.Spec.Selector).To(HaveKeyWithValue("kafka_cr", kafkaCluster.GetName())) + } + } +} + +func expectContourHttpProxy(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, eListener v1beta1.ExternalListenerConfig) { + Expect(BeTrue().Match(false)) +} + +func expectContour(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster) { + for _, eListenerName := range kafkaCluster.Spec.ListenersConfig.ExternalListeners { + expectContourClusterIpAnycastSvc(ctx, kafkaCluster, eListenerName) + expectContourClusterIpBrokerSvc(ctx, kafkaCluster, eListenerName) + expectContourHttpProxy(ctx, kafkaCluster, eListenerName) + } +} diff --git a/controllers/tests/kafkacluster_controller_test.go b/controllers/tests/kafkacluster_controller_test.go index f066cc63c..55967842f 100644 --- a/controllers/tests/kafkacluster_controller_test.go +++ b/controllers/tests/kafkacluster_controller_test.go @@ -321,6 +321,7 @@ var _ = Describe("KafkaCluster with two config external listener", func() { } kafkaCluster.Spec.ListenersConfig.ExternalListeners[0] = testExternalListener }) + JustBeforeEach(func(ctx SpecContext) { By("creating namespace " + namespace) err := k8sClient.Create(ctx, namespaceObj) @@ -365,6 +366,15 @@ var _ = Describe("KafkaCluster with two config external listener", func() { waitForClusterRunningState(ctx, kafkaCluster, namespace) }) + JustAfterEach(func(ctx SpecContext) { + // in the tests the CC topic might not get deleted + + By("deleting Kafka cluster object " + kafkaCluster.Name + " in namespace " + namespace) + err := k8sClient.Delete(ctx, kafkaCluster) + Expect(err).NotTo(HaveOccurred()) + + kafkaCluster = nil + }) When("configuring two ingress envoy controller config inside the external listener using both as bindings", func() { BeforeEach(func() { @@ -439,7 +449,15 @@ var _ = Describe("KafkaCluster with two config external listener and tls", func( waitForClusterRunningState(ctx, kafkaCluster, namespace) }) + JustAfterEach(func(ctx SpecContext) { + // in the tests the CC topic might not get deleted + By("deleting Kafka cluster object " + kafkaCluster.Name + " in namespace " + namespace) + err := k8sClient.Delete(ctx, kafkaCluster) + Expect(err).NotTo(HaveOccurred()) + + kafkaCluster = nil + }) When("configuring two ingress envoy controller config inside the external listener using both as bindings", func() { BeforeEach(func() { kafkaCluster.Spec.Brokers[0].BrokerConfig = &v1beta1.BrokerConfig{BrokerIngressMapping: []string{"az1"}} diff --git a/controllers/tests/suite_test.go b/controllers/tests/suite_test.go index f0c5ed421..1c77ab978 100644 --- a/controllers/tests/suite_test.go +++ b/controllers/tests/suite_test.go @@ -95,6 +95,7 @@ var _ = BeforeSuite(func(ctx SpecContext) { CRDDirectoryPaths: []string{ filepath.Join("..", "..", "config", "base", "crds"), filepath.Join("..", "..", "config", "test", "crd", "cert-manager"), + filepath.Join("..", "..", "config", "test", "crd", "projectcontour"), filepath.Join("..", "..", "config", "test", "crd", "istio"), }, ControlPlaneStartTimeout: timeout, From fef214a3ef7955a2bfeced4786377c1458b2d9c7 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Wed, 15 May 2024 12:48:25 +0300 Subject: [PATCH 15/19] Unit tests --- .../kafkacluster_controller_contour_test.go | 108 ++++++++++-------- pkg/util/contour/common.go | 4 +- 2 files changed, 62 insertions(+), 50 deletions(-) diff --git a/controllers/tests/kafkacluster_controller_contour_test.go b/controllers/tests/kafkacluster_controller_contour_test.go index 46a6fcdcb..65facf0da 100644 --- a/controllers/tests/kafkacluster_controller_contour_test.go +++ b/controllers/tests/kafkacluster_controller_contour_test.go @@ -19,9 +19,9 @@ import ( "fmt" "sync/atomic" - "github.com/go-logr/logr" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + v1 "github.com/projectcontour/contour/apis/projectcontour/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -33,7 +33,7 @@ import ( "github.com/banzaicloud/koperator/pkg/util/kafka" ) -var _ = Describe("KafkaClusterWithContourIngressController", func() { +var _ = Describe("KafkaClusterWithContourIngressController", Label("contour"), func() { var ( count uint64 = 0 namespace string @@ -51,7 +51,6 @@ var _ = Describe("KafkaClusterWithContourIngressController", func() { } kafkaCluster = createMinimalKafkaClusterCR(fmt.Sprintf("kafkacluster-%d", count), namespace) - kafkaCluster.Spec.ListenersConfig.ExternalListeners[0].HostnameOverride = "kafka.cluster.local" kafkaCluster.Spec.IngressController = "contour" contourListener := kafkaCluster.Spec.ListenersConfig.ExternalListeners[0] contourListener.AccessMethod = corev1.ServiceTypeClusterIP @@ -63,16 +62,21 @@ var _ = Describe("KafkaClusterWithContourIngressController", func() { DefaultIngressConfig: "", IngressConfig: map[string]v1beta1.IngressConfig{ - "listener1-config1": { + "ingress1": { + IngressServiceSettings: v1beta1.IngressServiceSettings{ + HostnameOverride: "kafka.cluster.local", + }, ContourIngressConfig: &v1beta1.ContourIngressConfig{ TLSSecretName: "test-tls-secret", - BrokerFQDNTemplate: "broker-%d.kafka.cluster.local", + BrokerFQDNTemplate: "broker-%id.kafka.cluster.local", }, }, }, } kafkaCluster.Spec.ListenersConfig.ExternalListeners[0] = contourListener + kafkaCluster.Spec.Brokers[0].BrokerConfig = &v1beta1.BrokerConfig{BrokerIngressMapping: []string{"ingress1"}} + kafkaCluster.Spec.Brokers[1].BrokerConfig = &v1beta1.BrokerConfig{BrokerIngressMapping: []string{"ingress1"}} }) JustBeforeEach(func(ctx SpecContext) { @@ -94,10 +98,6 @@ var _ = Describe("KafkaClusterWithContourIngressController", func() { kafkaCluster = nil }) When("configuring Contour ingress expect broker ClusterIp svc", func() { - BeforeEach(func() { - kafkaCluster.Spec.Brokers[0].BrokerConfig = &v1beta1.BrokerConfig{BrokerIngressMapping: []string{"listener1"}} - kafkaCluster.Spec.Brokers[1].BrokerConfig = &v1beta1.BrokerConfig{BrokerIngressMapping: []string{"listener1"}} - }) It("should reconcile object properly", func(ctx SpecContext) { // TODO: implement expectContour(ctx, kafkaCluster) @@ -106,18 +106,29 @@ var _ = Describe("KafkaClusterWithContourIngressController", func() { }) func expectContourClusterIpAnycastSvc(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, eListener v1beta1.ExternalListenerConfig) { + var svc corev1.Service + var ingressConfigName string = "ingress1" + + serviceName := fmt.Sprintf(contourutils.ContourServiceNameWithScope, eListener.Name, ingressConfigName, kafkaCluster.GetName()) + Eventually(ctx, func() error { + err := k8sClient.Get(ctx, types.NamespacedName{Namespace: kafkaCluster.Namespace, Name: serviceName}, &svc) + return err + }).Should(Succeed()) + + Expect(svc.Spec.Type).To(Equal(corev1.ServiceTypeClusterIP)) + Expect(svc.Spec.Ports).To(HaveLen(1)) + Expect(svc.Spec.Ports[0].Port).To(Equal(*eListener.AnyCastPort)) + Expect(svc.Spec.Ports[0].TargetPort).To(Equal(intstr.FromInt(int(eListener.ContainerPort)))) + Expect(svc.Spec.Ports[0].Name).To(Equal("tcp-all-broker")) + Expect(svc.Spec.Selector).To(HaveKeyWithValue("app", "kafka")) + Expect(svc.Spec.Selector).To(HaveKeyWithValue("kafka_cr", kafkaCluster.GetName())) +} - var log logr.Logger +func expectContourClusterIpBrokerSvc(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, eListener v1beta1.ExternalListenerConfig) { var svc corev1.Service - ingressConfigs, defaultControllerName, err := util.GetIngressConfigs(kafkaCluster.Spec, eListener) - Expect(err).NotTo(HaveOccurred()) - for name, ingressConfig := range ingressConfigs { - if !util.IsIngressConfigInUse(name, defaultControllerName, kafkaCluster, log) { - continue - } - serviceName := util.GenerateEnvoyResourceName(contourutils.ContourServiceName, contourutils.ContourServiceNameWithScope, - eListener, ingressConfig, name, kafkaCluster.GetName()) + for _, broker := range kafkaCluster.Spec.Brokers { + serviceName := fmt.Sprintf(kafka.NodePortServiceTemplate, kafkaCluster.GetName(), broker.Id, eListener.Name) Eventually(ctx, func() error { err := k8sClient.Get(ctx, types.NamespacedName{Namespace: kafkaCluster.Namespace, Name: serviceName}, &svc) return err @@ -126,48 +137,49 @@ func expectContourClusterIpAnycastSvc(ctx context.Context, kafkaCluster *v1beta1 Expect(svc.Spec.Ports).To(HaveLen(1)) Expect(svc.Spec.Ports[0].Port).To(Equal(*eListener.AnyCastPort)) Expect(svc.Spec.Ports[0].TargetPort).To(Equal(intstr.FromInt(int(eListener.ContainerPort)))) - Expect(svc.Spec.Ports[0].Name).To(Equal("tcp-all-broker")) + Expect(svc.Spec.Ports[0].Name).To(Equal(fmt.Sprintf("broker-%d", broker.Id))) Expect(svc.Spec.Selector).To(HaveKeyWithValue("app", "kafka")) + Expect(svc.Spec.Selector).To(HaveKeyWithValue(v1beta1.BrokerIdLabelKey, fmt.Sprintf("%d", broker.Id))) Expect(svc.Spec.Selector).To(HaveKeyWithValue("kafka_cr", kafkaCluster.GetName())) } } -func expectContourClusterIpBrokerSvc(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, eListener v1beta1.ExternalListenerConfig) { - var log logr.Logger - var svc corev1.Service - ingressConfigs, defaultControllerName, err := util.GetIngressConfigs(kafkaCluster.Spec, eListener) - Expect(err).NotTo(HaveOccurred()) - - for name, _ := range ingressConfigs { - if !util.IsIngressConfigInUse(name, defaultControllerName, kafkaCluster, log) { - continue - } - for _, broker := range kafkaCluster.Spec.Brokers { - serviceName := fmt.Sprintf(kafka.NodePortServiceTemplate, kafkaCluster.GetName(), broker.Id, eListener.Name) - Eventually(ctx, func() error { - err := k8sClient.Get(ctx, types.NamespacedName{Namespace: kafkaCluster.Namespace, Name: serviceName}, &svc) - return err - }).Should(Succeed()) - Expect(svc.Spec.Type).To(Equal(corev1.ServiceTypeClusterIP)) - Expect(svc.Spec.Ports).To(HaveLen(1)) - Expect(svc.Spec.Ports[0].Port).To(Equal(*eListener.AnyCastPort)) - Expect(svc.Spec.Ports[0].TargetPort).To(Equal(intstr.FromInt(int(eListener.ContainerPort)))) - Expect(svc.Spec.Ports[0].Name).To(Equal(fmt.Sprintf("broker-%d", broker.Id))) - Expect(svc.Spec.Selector).To(HaveKeyWithValue("app", "kafka")) - Expect(svc.Spec.Selector).To(HaveKeyWithValue(v1beta1.BrokerIdLabelKey, fmt.Sprintf("%d", broker.Id))) - Expect(svc.Spec.Selector).To(HaveKeyWithValue("kafka_cr", kafkaCluster.GetName())) - } - } +func expectContourAnycastHttpProxy(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, eListener v1beta1.ExternalListenerConfig) { + var proxy v1.HTTPProxy + var proxyName string = "kafka.cluster.local" + var ingressConfigName string = "ingress1" + serviceName := fmt.Sprintf(contourutils.ContourServiceNameWithScope, eListener.Name, ingressConfigName, kafkaCluster.GetName()) + Eventually(ctx, func() error { + err := k8sClient.Get(ctx, types.NamespacedName{Namespace: kafkaCluster.Namespace, Name: proxyName}, &proxy) + return err + }).Should(Succeed()) + Expect(proxy.Spec.VirtualHost.Fqdn).To(Equal(proxyName)) + Expect(proxy.Spec.TCPProxy.Services).To(HaveLen(1)) + Expect(proxy.Spec.TCPProxy.Services[0].Name).To(Equal(serviceName)) + Expect(proxy.Spec.TCPProxy.Services[0].Port).To(Equal(int(*eListener.AnyCastPort))) } -func expectContourHttpProxy(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, eListener v1beta1.ExternalListenerConfig) { - Expect(BeTrue().Match(false)) +func expectContourBrokerHttpProxy(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, eListener v1beta1.ExternalListenerConfig) { + var proxy v1.HTTPProxy + for _, broker := range kafkaCluster.Spec.Brokers { + proxyName := fmt.Sprintf("broker-%d.kafka.cluster.local", broker.Id) + serviceName := fmt.Sprintf(kafka.NodePortServiceTemplate, kafkaCluster.GetName(), broker.Id, eListener.Name) + Eventually(ctx, func() error { + err := k8sClient.Get(ctx, types.NamespacedName{Namespace: kafkaCluster.Namespace, Name: proxyName}, &proxy) + return err + }).Should(Succeed()) + Expect(proxy.Spec.VirtualHost.Fqdn).To(Equal(proxyName)) + Expect(proxy.Spec.TCPProxy.Services).To(HaveLen(1)) + Expect(proxy.Spec.TCPProxy.Services[0].Name).To(Equal(serviceName)) + Expect(proxy.Spec.TCPProxy.Services[0].Port).To(Equal(int(*eListener.AnyCastPort))) + } } func expectContour(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster) { for _, eListenerName := range kafkaCluster.Spec.ListenersConfig.ExternalListeners { expectContourClusterIpAnycastSvc(ctx, kafkaCluster, eListenerName) expectContourClusterIpBrokerSvc(ctx, kafkaCluster, eListenerName) - expectContourHttpProxy(ctx, kafkaCluster, eListenerName) + expectContourAnycastHttpProxy(ctx, kafkaCluster, eListenerName) + expectContourBrokerHttpProxy(ctx, kafkaCluster, eListenerName) } } diff --git a/pkg/util/contour/common.go b/pkg/util/contour/common.go index 67add039a..f94a0c8ed 100644 --- a/pkg/util/contour/common.go +++ b/pkg/util/contour/common.go @@ -17,9 +17,9 @@ package contour const ( // EnvoyServiceName name for loadbalancer service - ContourServiceName = "contour-loadbalancer-%s-%s" + ContourServiceName = "contour-svc-%s-%s" // EnvoyServiceNameWithScope name for loadbalancer service - ContourServiceNameWithScope = "countour-loadbalancer-%s-%s-%s" + ContourServiceNameWithScope = "countour-svc-%s-%s-%s" // IngressControllerName name for contour ingress service IngressControllerName = "contour" ) From c04f6f2e279bc5978fa896456e01e67ab7fccc0d Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Wed, 15 May 2024 13:15:25 +0300 Subject: [PATCH 16/19] Update tests --- .../tests/kafkacluster_controller_contour_test.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/controllers/tests/kafkacluster_controller_contour_test.go b/controllers/tests/kafkacluster_controller_contour_test.go index 65facf0da..eeaa819c0 100644 --- a/controllers/tests/kafkacluster_controller_contour_test.go +++ b/controllers/tests/kafkacluster_controller_contour_test.go @@ -58,6 +58,9 @@ var _ = Describe("KafkaClusterWithContourIngressController", Label("contour"), f contourListener.AnyCastPort = util.Int32Pointer(8443) contourListener.Type = "plaintext" contourListener.Name = "listener1" + contourListener.ServiceAnnotations = map[string]string{ + "kubernetes.io/ingress.class": "contour", + } contourListener.Config = &v1beta1.Config{ DefaultIngressConfig: "", @@ -157,6 +160,9 @@ func expectContourAnycastHttpProxy(ctx context.Context, kafkaCluster *v1beta1.Ka Expect(proxy.Spec.TCPProxy.Services).To(HaveLen(1)) Expect(proxy.Spec.TCPProxy.Services[0].Name).To(Equal(serviceName)) Expect(proxy.Spec.TCPProxy.Services[0].Port).To(Equal(int(*eListener.AnyCastPort))) + for k, v := range eListener.GetServiceAnnotations() { + Expect(proxy.GetAnnotations()).To(HaveKeyWithValue(k, v)) + } } func expectContourBrokerHttpProxy(ctx context.Context, kafkaCluster *v1beta1.KafkaCluster, eListener v1beta1.ExternalListenerConfig) { @@ -172,6 +178,9 @@ func expectContourBrokerHttpProxy(ctx context.Context, kafkaCluster *v1beta1.Kaf Expect(proxy.Spec.TCPProxy.Services).To(HaveLen(1)) Expect(proxy.Spec.TCPProxy.Services[0].Name).To(Equal(serviceName)) Expect(proxy.Spec.TCPProxy.Services[0].Port).To(Equal(int(*eListener.AnyCastPort))) + for k, v := range eListener.GetServiceAnnotations() { + Expect(proxy.GetAnnotations()).To(HaveKeyWithValue(k, v)) + } } } From 17e1a1b52f75a928c1b35328a2d1a0b198ec34a6 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Wed, 15 May 2024 15:46:40 +0300 Subject: [PATCH 17/19] Sample CR with contour --- .../simplekafkacluster_with_contour.yaml | 294 ++++++++++++++++++ 1 file changed, 294 insertions(+) create mode 100644 config/samples/simplekafkacluster_with_contour.yaml diff --git a/config/samples/simplekafkacluster_with_contour.yaml b/config/samples/simplekafkacluster_with_contour.yaml new file mode 100644 index 000000000..130c9537e --- /dev/null +++ b/config/samples/simplekafkacluster_with_contour.yaml @@ -0,0 +1,294 @@ +apiVersion: kafka.banzaicloud.io/v1beta1 +kind: KafkaCluster +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: kafka +spec: + monitoringConfig: + jmxImage: "ghcr.io/banzaicloud/jmx-javaagent:0.16.1" + headlessServiceEnabled: true + zkAddresses: + - "zookeeper-server-client.zookeeper:2181" + propagateLabels: false + oneBrokerPerNode: false + clusterImage: "ghcr.io/banzaicloud/kafka:2.13-3.4.1" + ingressController: "contour" + readOnlyConfig: | + auto.create.topics.enable=false + cruise.control.metrics.topic.auto.create=true + cruise.control.metrics.topic.num.partitions=1 + cruise.control.metrics.topic.replication.factor=2 + brokerConfigGroups: + default: + # podSecurityContext: + # runAsNonRoot: false + # securityContext: + # privileged: true + storageConfigs: + - mountPath: "/kafka-logs" + pvcSpec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + brokerAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9020" + brokerIngressMapping: + - "contour" + # brokerLabels: + # kafka_broker_group: "default_group" + brokers: + - id: 0 + brokerConfigGroup: "default" + # brokerConfig: + # envs: + # - name: +CLASSPATH + # value: "/opt/kafka/libs/dev/*:" + # - name: CLASSPATH+ + # value: ":/opt/kafka/libs/extra-jars/*" + - id: 1 + brokerConfigGroup: "default" + - id: 2 + brokerConfigGroup: "default" + rollingUpgradeConfig: + failureThreshold: 1 + listenersConfig: + internalListeners: + - type: "plaintext" + name: "internal" + containerPort: 29092 + usedForInnerBrokerCommunication: true + - type: "plaintext" + name: "controller" + containerPort: 29093 + usedForInnerBrokerCommunication: false + usedForControllerCommunication: true + externalListeners: + - accessMethod: ClusterIP + anyCastPort: 8443 + containerPort: 29095 + externalStartingPort: -1 + name: contour + type: plaintext + usedForInnerBrokerCommunication: false + serviceAnnotations: + kubernetes.io/ingress.class: contour + config: + defaultIngressConfig: "" + ingressConfig: + contour: + hostnameOverride: kafka.cluster.local + contourIngressConfig: + tlsSecretName: heptio-contour/cluster-ssl + brokerFQDNTemplate: kafka-%id.cluster.local + cruiseControlConfig: + # podSecurityContext: + # runAsNonRoot: false + # securityContext: + # privileged: true + cruiseControlTaskSpec: + RetryDurationMinutes: 5 + topicConfig: + partitions: 12 + replicationFactor: 3 +# resourceRequirements: +# requests: +# cpu: 500m +# memory: 1Gi +# limits: +# cpu: 500m +# memory: 1Gi +# image: "ghcr.io/banzaicloud/cruise-control:2.5.86" + config: | + # Copyright 2017 LinkedIn Corp. Licensed under the BSD 2-Clause License (the "License"). See License in the project root for license information. + # + # This is an example property file for Kafka Cruise Control. See KafkaCruiseControlConfig for more details. + # Configuration for the metadata client. + # ======================================= + # The maximum interval in milliseconds between two metadata refreshes. + #metadata.max.age.ms=300000 + # Client id for the Cruise Control. It is used for the metadata client. + #client.id=kafka-cruise-control + # The size of TCP send buffer bytes for the metadata client. + #send.buffer.bytes=131072 + # The size of TCP receive buffer size for the metadata client. + #receive.buffer.bytes=131072 + # The time to wait before disconnect an idle TCP connection. + #connections.max.idle.ms=540000 + # The time to wait before reconnect to a given host. + #reconnect.backoff.ms=50 + # The time to wait for a response from a host after sending a request. + #request.timeout.ms=30000 + # Configurations for the load monitor + # ======================================= + # The number of metric fetcher thread to fetch metrics for the Kafka cluster + num.metric.fetchers=1 + # The metric sampler class + metric.sampler.class=com.linkedin.kafka.cruisecontrol.monitor.sampling.CruiseControlMetricsReporterSampler + # Configurations for CruiseControlMetricsReporterSampler + metric.reporter.topic.pattern=__CruiseControlMetrics + # The sample store class name + sample.store.class=com.linkedin.kafka.cruisecontrol.monitor.sampling.KafkaSampleStore + # The config for the Kafka sample store to save the partition metric samples + partition.metric.sample.store.topic=__KafkaCruiseControlPartitionMetricSamples + # The config for the Kafka sample store to save the model training samples + broker.metric.sample.store.topic=__KafkaCruiseControlModelTrainingSamples + # The replication factor of Kafka metric sample store topic + sample.store.topic.replication.factor=2 + # The config for the number of Kafka sample store consumer threads + num.sample.loading.threads=8 + # The partition assignor class for the metric samplers + metric.sampler.partition.assignor.class=com.linkedin.kafka.cruisecontrol.monitor.sampling.DefaultMetricSamplerPartitionAssignor + # The metric sampling interval in milliseconds + metric.sampling.interval.ms=120000 + metric.anomaly.detection.interval.ms=180000 + # The partition metrics window size in milliseconds + partition.metrics.window.ms=300000 + # The number of partition metric windows to keep in memory + num.partition.metrics.windows=1 + # The minimum partition metric samples required for a partition in each window + min.samples.per.partition.metrics.window=1 + # The broker metrics window size in milliseconds + broker.metrics.window.ms=300000 + # The number of broker metric windows to keep in memory + num.broker.metrics.windows=20 + # The minimum broker metric samples required for a partition in each window + min.samples.per.broker.metrics.window=1 + # The configuration for the BrokerCapacityConfigFileResolver (supports JBOD and non-JBOD broker capacities) + capacity.config.file=config/capacity.json + #capacity.config.file=config/capacityJBOD.json + # Configurations for the analyzer + # ======================================= + # The list of goals to optimize the Kafka cluster for with pre-computed proposals + default.goals=com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.PotentialNwOutGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.TopicReplicaDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.LeaderBytesInDistributionGoal + # The list of supported goals + goals=com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.PotentialNwOutGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.TopicReplicaDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.LeaderBytesInDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.kafkaassigner.KafkaAssignerDiskUsageDistributionGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.PreferredLeaderElectionGoal + # The list of supported hard goals + hard.goals=com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuCapacityGoal + # The minimum percentage of well monitored partitions out of all the partitions + min.monitored.partition.percentage=0.95 + # The balance threshold for CPU + cpu.balance.threshold=1.1 + # The balance threshold for disk + disk.balance.threshold=1.1 + # The balance threshold for network inbound utilization + network.inbound.balance.threshold=1.1 + # The balance threshold for network outbound utilization + network.outbound.balance.threshold=1.1 + # The balance threshold for the replica count + replica.count.balance.threshold=1.1 + # The capacity threshold for CPU in percentage + cpu.capacity.threshold=0.8 + # The capacity threshold for disk in percentage + disk.capacity.threshold=0.8 + # The capacity threshold for network inbound utilization in percentage + network.inbound.capacity.threshold=0.8 + # The capacity threshold for network outbound utilization in percentage + network.outbound.capacity.threshold=0.8 + # The threshold to define the cluster to be in a low CPU utilization state + cpu.low.utilization.threshold=0.0 + # The threshold to define the cluster to be in a low disk utilization state + disk.low.utilization.threshold=0.0 + # The threshold to define the cluster to be in a low network inbound utilization state + network.inbound.low.utilization.threshold=0.0 + # The threshold to define the cluster to be in a low disk utilization state + network.outbound.low.utilization.threshold=0.0 + # The metric anomaly percentile upper threshold + metric.anomaly.percentile.upper.threshold=90.0 + # The metric anomaly percentile lower threshold + metric.anomaly.percentile.lower.threshold=10.0 + # How often should the cached proposal be expired and recalculated if necessary + proposal.expiration.ms=60000 + # The maximum number of replicas that can reside on a broker at any given time. + max.replicas.per.broker=10000 + # The number of threads to use for proposal candidate precomputing. + num.proposal.precompute.threads=1 + # the topics that should be excluded from the partition movement. + #topics.excluded.from.partition.movement + # Configurations for the executor + # ======================================= + # The max number of partitions to move in/out on a given broker at a given time. + num.concurrent.partition.movements.per.broker=10 + # The interval between two execution progress checks. + execution.progress.check.interval.ms=10000 + # Configurations for anomaly detector + # ======================================= + # The goal violation notifier class + anomaly.notifier.class=com.linkedin.kafka.cruisecontrol.detector.notifier.SelfHealingNotifier + # The metric anomaly finder class + metric.anomaly.finder.class=com.linkedin.kafka.cruisecontrol.detector.KafkaMetricAnomalyFinder + # The anomaly detection interval + anomaly.detection.interval.ms=10000 + # The goal violation to detect. + anomaly.detection.goals=com.linkedin.kafka.cruisecontrol.analyzer.goals.ReplicaCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.DiskCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkInboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.NetworkOutboundCapacityGoal,com.linkedin.kafka.cruisecontrol.analyzer.goals.CpuCapacityGoal + # The interested metrics for metric anomaly analyzer. + metric.anomaly.analyzer.metrics=BROKER_PRODUCE_LOCAL_TIME_MS_MAX,BROKER_PRODUCE_LOCAL_TIME_MS_MEAN,BROKER_CONSUMER_FETCH_LOCAL_TIME_MS_MAX,BROKER_CONSUMER_FETCH_LOCAL_TIME_MS_MEAN,BROKER_FOLLOWER_FETCH_LOCAL_TIME_MS_MAX,BROKER_FOLLOWER_FETCH_LOCAL_TIME_MS_MEAN,BROKER_LOG_FLUSH_TIME_MS_MAX,BROKER_LOG_FLUSH_TIME_MS_MEAN + ## Adjust accordingly if your metrics reporter is an older version and does not produce these metrics. + #metric.anomaly.analyzer.metrics=BROKER_PRODUCE_LOCAL_TIME_MS_50TH,BROKER_PRODUCE_LOCAL_TIME_MS_999TH,BROKER_CONSUMER_FETCH_LOCAL_TIME_MS_50TH,BROKER_CONSUMER_FETCH_LOCAL_TIME_MS_999TH,BROKER_FOLLOWER_FETCH_LOCAL_TIME_MS_50TH,BROKER_FOLLOWER_FETCH_LOCAL_TIME_MS_999TH,BROKER_LOG_FLUSH_TIME_MS_50TH,BROKER_LOG_FLUSH_TIME_MS_999TH + # The zk path to store failed broker information. + failed.brokers.zk.path=/CruiseControlBrokerList + # Topic config provider class + topic.config.provider.class=com.linkedin.kafka.cruisecontrol.config.KafkaTopicConfigProvider + # The cluster configurations for the KafkaTopicConfigProvider + cluster.configs.file=config/clusterConfigs.json + # The maximum time in milliseconds to store the response and access details of a completed user task. + completed.user.task.retention.time.ms=21600000 + # The maximum time in milliseconds to retain the demotion history of brokers. + demotion.history.retention.time.ms=86400000 + # The maximum number of completed user tasks for which the response and access details will be cached. + max.cached.completed.user.tasks=500 + # The maximum number of user tasks for concurrently running in async endpoints across all users. + max.active.user.tasks=25 + # Enable self healing for all anomaly detectors, unless the particular anomaly detector is explicitly disabled + self.healing.enabled=true + # Enable self healing for broker failure detector + #self.healing.broker.failure.enabled=true + # Enable self healing for goal violation detector + #self.healing.goal.violation.enabled=true + # Enable self healing for metric anomaly detector + #self.healing.metric.anomaly.enabled=true + # configurations for the webserver + # ================================ + # HTTP listen port + webserver.http.port=9090 + # HTTP listen address + webserver.http.address=0.0.0.0 + # Whether CORS support is enabled for API or not + webserver.http.cors.enabled=false + # Value for Access-Control-Allow-Origin + webserver.http.cors.origin=http://localhost:8080/ + # Value for Access-Control-Request-Method + webserver.http.cors.allowmethods=OPTIONS,GET,POST + # Headers that should be exposed to the Browser (Webapp) + # This is a special header that is used by the + # User Tasks subsystem and should be explicitly + # Enabled when CORS mode is used as part of the + # Admin Interface + webserver.http.cors.exposeheaders=User-Task-ID + # REST API default prefix + # (dont forget the ending *) + webserver.api.urlprefix=/kafkacruisecontrol/* + # Location where the Cruise Control frontend is deployed + webserver.ui.diskpath=./cruise-control-ui/dist/ + # URL path prefix for UI + # (dont forget the ending *) + webserver.ui.urlprefix=/* + # Time After which request is converted to Async + webserver.request.maxBlockTimeMs=10000 + # Default Session Expiry Period + webserver.session.maxExpiryTimeMs=60000 + # Session cookie path + webserver.session.path=/ + # Server Access Logs + webserver.accesslog.enabled=true + # Location of HTTP Request Logs + webserver.accesslog.path=access.log + # HTTP Request Log retention days + webserver.accesslog.retention.days=14 + clusterConfig: | + { + "min.insync.replicas": 3 + } From a211c3c6a1c43c7bf07efe4f780c30056445b516 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Wed, 15 May 2024 18:16:08 +0300 Subject: [PATCH 18/19] Update contour chart version --- tests/e2e/global.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/global.go b/tests/e2e/global.go index 098266efb..adfd86f86 100644 --- a/tests/e2e/global.go +++ b/tests/e2e/global.go @@ -38,7 +38,7 @@ var ( contourIngressControllerHelmDescriptor = helmDescriptor{ Repository: "https://charts.bitnami.com/bitnami", ChartName: "contour", - ChartVersion: "v1.27.0", + ChartVersion: "15.4.0", ReleaseName: "contour", Namespace: "projectcontour", SetValues: map[string]string{ From fc08af1dc8489e4b847febdb8af5079228aba9d0 Mon Sep 17 00:00:00 2001 From: Razvan Dobre Date: Wed, 5 Jun 2024 12:21:08 +0300 Subject: [PATCH 19/19] Remove useless comments. --- controllers/kafkacluster_controller.go | 1 - controllers/tests/kafkacluster_controller_contour_test.go | 1 - 2 files changed, 2 deletions(-) diff --git a/controllers/kafkacluster_controller.go b/controllers/kafkacluster_controller.go index e41418257..695848dcb 100644 --- a/controllers/kafkacluster_controller.go +++ b/controllers/kafkacluster_controller.go @@ -51,7 +51,6 @@ import ( "github.com/banzaicloud/koperator/pkg/resources/nodeportexternalaccess" "github.com/banzaicloud/koperator/pkg/util" - // TODO uncomment this contour "github.com/projectcontour/contour/apis/projectcontour/v1" ) diff --git a/controllers/tests/kafkacluster_controller_contour_test.go b/controllers/tests/kafkacluster_controller_contour_test.go index eeaa819c0..8965ffe84 100644 --- a/controllers/tests/kafkacluster_controller_contour_test.go +++ b/controllers/tests/kafkacluster_controller_contour_test.go @@ -102,7 +102,6 @@ var _ = Describe("KafkaClusterWithContourIngressController", Label("contour"), f }) When("configuring Contour ingress expect broker ClusterIp svc", func() { It("should reconcile object properly", func(ctx SpecContext) { - // TODO: implement expectContour(ctx, kafkaCluster) }) })