Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs for release v1.2.0 #4642

Merged
merged 6 commits into from
Nov 6, 2024
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v1.2.0-rc.1
v1.2.0
859 changes: 581 additions & 278 deletions site/content/en/docs/api/extension_types.md

Large diffs are not rendered by default.

10 changes: 10 additions & 0 deletions site/content/en/docs/boilerplates/rollout-envoy-gateway.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
---

> After updating the `ConfigMap`, you will need to wait the configuration kicks in. <br/>
> You can **force** the configuration to be reloaded by restarting the `envoy-gateway` deployment.
>
> ```shell
> kubectl rollout restart deployment envoy-gateway -n envoy-gateway-system
> ```
>
36 changes: 26 additions & 10 deletions site/content/en/docs/install/gateway-addons-helm-api.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,16 +24,20 @@ An Add-ons Helm chart for Envoy Gateway
| Repository | Name | Version |
|------------|------|---------|
| https://fluent.github.io/helm-charts | fluent-bit | 0.30.4 |
| https://grafana.github.io/helm-charts | alloy | 0.9.2 |
| https://grafana.github.io/helm-charts | grafana | 8.0.0 |
| https://grafana.github.io/helm-charts | loki | 4.8.0 |
| https://grafana.github.io/helm-charts | tempo | 1.3.1 |
| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.73.1 |
| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.108.0 |
| https://prometheus-community.github.io/helm-charts | prometheus | 25.21.0 |

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| alloy.alloy.configMap.content | string | `"// Write your Alloy config here:\nlogging {\n level = \"info\"\n format = \"logfmt\"\n}\nloki.write \"alloy\" {\n endpoint {\n url = \"http://loki.monitoring.svc:3100/loki/api/v1/push\"\n }\n}\n// discovery.kubernetes allows you to find scrape targets from Kubernetes resources.\n// It watches cluster state and ensures targets are continually synced with what is currently running in your cluster.\ndiscovery.kubernetes \"pod\" {\n role = \"pod\"\n}\n\n// discovery.relabel rewrites the label set of the input targets by applying one or more relabeling rules.\n// If no rules are defined, then the input targets are exported as-is.\ndiscovery.relabel \"pod_logs\" {\n targets = discovery.kubernetes.pod.targets\n\n // Label creation - \"namespace\" field from \"__meta_kubernetes_namespace\"\n rule {\n source_labels = [\"__meta_kubernetes_namespace\"]\n action = \"replace\"\n target_label = \"namespace\"\n }\n\n // Label creation - \"pod\" field from \"__meta_kubernetes_pod_name\"\n rule {\n source_labels = [\"__meta_kubernetes_pod_name\"]\n action = \"replace\"\n target_label = \"pod\"\n }\n\n // Label creation - \"container\" field from \"__meta_kubernetes_pod_container_name\"\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_name\"]\n action = \"replace\"\n target_label = \"container\"\n }\n\n // Label creation - \"app\" field from \"__meta_kubernetes_pod_label_app_kubernetes_io_name\"\n rule {\n source_labels = [\"__meta_kubernetes_pod_label_app_kubernetes_io_name\"]\n action = \"replace\"\n target_label = \"app\"\n }\n\n // Label creation - \"job\" field from \"__meta_kubernetes_namespace\" and \"__meta_kubernetes_pod_container_name\"\n // Concatenate values __meta_kubernetes_namespace/__meta_kubernetes_pod_container_name\n rule {\n source_labels = [\"__meta_kubernetes_namespace\", \"__meta_kubernetes_pod_container_name\"]\n action = \"replace\"\n target_label = \"job\"\n separator = \"/\"\n replacement = \"$1\"\n }\n\n // Label creation - \"container\" field from \"__meta_kubernetes_pod_uid\" and \"__meta_kubernetes_pod_container_name\"\n // Concatenate values __meta_kubernetes_pod_uid/__meta_kubernetes_pod_container_name.log\n rule {\n source_labels = [\"__meta_kubernetes_pod_uid\", \"__meta_kubernetes_pod_container_name\"]\n action = \"replace\"\n target_label = \"__path__\"\n separator = \"/\"\n replacement = \"/var/log/pods/*$1/*.log\"\n }\n\n // Label creation - \"container_runtime\" field from \"__meta_kubernetes_pod_container_id\"\n rule {\n source_labels = [\"__meta_kubernetes_pod_container_id\"]\n action = \"replace\"\n target_label = \"container_runtime\"\n regex = \"^(\\\\S+):\\\\/\\\\/.+$\"\n replacement = \"$1\"\n }\n}\n\n// loki.source.kubernetes tails logs from Kubernetes containers using the Kubernetes API.\nloki.source.kubernetes \"pod_logs\" {\n targets = discovery.relabel.pod_logs.output\n forward_to = [loki.process.pod_logs.receiver]\n}\n// loki.process receives log entries from other Loki components, applies one or more processing stages,\n// and forwards the results to the list of receivers in the component’s arguments.\nloki.process \"pod_logs\" {\n stage.static_labels {\n values = {\n cluster = \"envoy-gateway\",\n }\n }\n\n forward_to = [loki.write.alloy.receiver]\n}"` | |
| alloy.enabled | bool | `false` | |
| alloy.fullnameOverride | string | `"alloy"` | |
| fluent-bit.config.filters | string | `"[FILTER]\n Name kubernetes\n Match kube.*\n Merge_Log On\n Keep_Log Off\n K8S-Logging.Parser On\n K8S-Logging.Exclude On\n\n[FILTER]\n Name grep\n Match kube.*\n Regex $kubernetes['container_name'] ^envoy$\n\n[FILTER]\n Name parser\n Match kube.*\n Key_Name log\n Parser envoy\n Reserve_Data True\n"` | |
| fluent-bit.config.inputs | string | `"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n multiline.parser docker, cri\n Tag kube.*\n Mem_Buf_Limit 5MB\n Skip_Long_Lines On\n"` | |
| fluent-bit.config.outputs | string | `"[OUTPUT]\n Name loki\n Match kube.*\n Host loki.monitoring.svc.cluster.local\n Port 3100\n Labels job=fluentbit, app=$kubernetes['labels']['app'], k8s_namespace_name=$kubernetes['namespace_name'], k8s_pod_name=$kubernetes['pod_name'], k8s_container_name=$kubernetes['container_name']\n"` | |
Expand Down Expand Up @@ -63,6 +67,7 @@ An Add-ons Helm chart for Envoy Gateway
| grafana.enabled | bool | `true` | |
| grafana.fullnameOverride | string | `"grafana"` | |
| grafana.service.type | string | `"LoadBalancer"` | |
| grafana.testFramework.enabled | bool | `false` | |
| loki.backend.replicas | int | `0` | |
| loki.deploymentMode | string | `"SingleBinary"` | |
| loki.enabled | bool | `true` | |
Expand All @@ -81,29 +86,40 @@ An Add-ons Helm chart for Envoy Gateway
| loki.singleBinary.replicas | int | `1` | |
| loki.test.enabled | bool | `false` | |
| loki.write.replicas | int | `0` | |
| opentelemetry-collector.config.exporters.logging.verbosity | string | `"detailed"` | |
| opentelemetry-collector.config.exporters.debug.verbosity | string | `"detailed"` | |
| opentelemetry-collector.config.exporters.loki.endpoint | string | `"http://loki.monitoring.svc:3100/loki/api/v1/push"` | |
| opentelemetry-collector.config.exporters.otlp.endpoint | string | `"tempo.monitoring.svc:4317"` | |
| opentelemetry-collector.config.exporters.otlp.tls.insecure | bool | `true` | |
| opentelemetry-collector.config.exporters.prometheus.endpoint | string | `"0.0.0.0:19001"` | |
| opentelemetry-collector.config.extensions.health_check | object | `{}` | |
| opentelemetry-collector.config.exporters.prometheus.endpoint | string | `"[${env:MY_POD_IP}]:19001"` | |
| opentelemetry-collector.config.extensions.health_check.endpoint | string | `"[${env:MY_POD_IP}]:13133"` | |
| opentelemetry-collector.config.processors.attributes.actions[0].action | string | `"insert"` | |
| opentelemetry-collector.config.processors.attributes.actions[0].key | string | `"loki.attribute.labels"` | |
| opentelemetry-collector.config.processors.attributes.actions[0].value | string | `"k8s.pod.name, k8s.namespace.name"` | |
| opentelemetry-collector.config.receivers.otlp.protocols.grpc.endpoint | string | `"${env:MY_POD_IP}:4317"` | |
| opentelemetry-collector.config.receivers.otlp.protocols.http.endpoint | string | `"${env:MY_POD_IP}:4318"` | |
| opentelemetry-collector.config.receivers.zipkin.endpoint | string | `"${env:MY_POD_IP}:9411"` | |
| opentelemetry-collector.config.receivers.datadog.endpoint | string | `"[${env:MY_POD_IP}]:8126"` | |
| opentelemetry-collector.config.receivers.jaeger.protocols.grpc.endpoint | string | `"[${env:MY_POD_IP}]:14250"` | |
| opentelemetry-collector.config.receivers.jaeger.protocols.thrift_compact.endpoint | string | `"[${env:MY_POD_IP}]:6831"` | |
| opentelemetry-collector.config.receivers.jaeger.protocols.thrift_http.endpoint | string | `"[${env:MY_POD_IP}]:14268"` | |
| opentelemetry-collector.config.receivers.otlp.protocols.grpc.endpoint | string | `"[${env:MY_POD_IP}]:4317"` | |
| opentelemetry-collector.config.receivers.otlp.protocols.http.endpoint | string | `"[${env:MY_POD_IP}]:4318"` | |
| opentelemetry-collector.config.receivers.prometheus.config.scrape_configs[0].job_name | string | `"opentelemetry-collector"` | |
| opentelemetry-collector.config.receivers.prometheus.config.scrape_configs[0].scrape_interval | string | `"10s"` | |
| opentelemetry-collector.config.receivers.prometheus.config.scrape_configs[0].static_configs[0].targets[0] | string | `"[${env:MY_POD_IP}]:8888"` | |
| opentelemetry-collector.config.receivers.zipkin.endpoint | string | `"[${env:MY_POD_IP}]:9411"` | |
| opentelemetry-collector.config.service.extensions[0] | string | `"health_check"` | |
| opentelemetry-collector.config.service.pipelines.logs.exporters[0] | string | `"loki"` | |
| opentelemetry-collector.config.service.pipelines.logs.processors[0] | string | `"attributes"` | |
| opentelemetry-collector.config.service.pipelines.logs.receivers[0] | string | `"otlp"` | |
| opentelemetry-collector.config.service.pipelines.metrics.exporters[0] | string | `"prometheus"` | |
| opentelemetry-collector.config.service.pipelines.metrics.receivers[0] | string | `"otlp"` | |
| opentelemetry-collector.config.service.pipelines.metrics.receivers[0] | string | `"datadog"` | |
| opentelemetry-collector.config.service.pipelines.metrics.receivers[1] | string | `"otlp"` | |
| opentelemetry-collector.config.service.pipelines.traces.exporters[0] | string | `"otlp"` | |
| opentelemetry-collector.config.service.pipelines.traces.receivers[0] | string | `"otlp"` | |
| opentelemetry-collector.config.service.pipelines.traces.receivers[1] | string | `"zipkin"` | |
| opentelemetry-collector.config.service.pipelines.traces.receivers[0] | string | `"datadog"` | |
| opentelemetry-collector.config.service.pipelines.traces.receivers[1] | string | `"otlp"` | |
| opentelemetry-collector.config.service.pipelines.traces.receivers[2] | string | `"zipkin"` | |
| opentelemetry-collector.config.service.telemetry.metrics.address | string | `"[${env:MY_POD_IP}]:8888"` | |
| opentelemetry-collector.enabled | bool | `false` | |
| opentelemetry-collector.fullnameOverride | string | `"otel-collector"` | |
| opentelemetry-collector.image.repository | string | `"otel/opentelemetry-collector-contrib"` | |
| opentelemetry-collector.mode | string | `"deployment"` | |
| prometheus.alertmanager.enabled | bool | `false` | |
| prometheus.enabled | bool | `true` | |
Expand Down
13 changes: 11 additions & 2 deletions site/content/en/docs/install/gateway-helm-api.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ The Helm chart for Envoy Gateway

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| certgen | object | `{"job":{"annotations":{},"resources":{},"ttlSecondsAfterFinished":30},"rbac":{"annotations":{},"labels":{}}}` | Certgen is used to generate the certificates required by EnvoyGateway. If you want to construct a custom certificate, you can generate a custom certificate through Cert-Manager before installing EnvoyGateway. Certgen will not overwrite the custom certificate. Please do not manually modify `values.yaml` to disable certgen, it may cause EnvoyGateway OIDC,OAuth2,etc. to not work as expected. |
| certgen | object | `{"job":{"affinity":{},"annotations":{},"nodeSelector":{},"resources":{},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}},"tolerations":[],"ttlSecondsAfterFinished":30},"rbac":{"annotations":{},"labels":{}}}` | Certgen is used to generate the certificates required by EnvoyGateway. If you want to construct a custom certificate, you can generate a custom certificate through Cert-Manager before installing EnvoyGateway. Certgen will not overwrite the custom certificate. Please do not manually modify `values.yaml` to disable certgen, it may cause EnvoyGateway OIDC,OAuth2,etc. to not work as expected. |
| config.envoyGateway.gateway.controllerName | string | `"gateway.envoyproxy.io/gatewayclass-controller"` | |
| config.envoyGateway.logging.level.default | string | `"info"` | |
| config.envoyGateway.provider.type | string | `"Kubernetes"` | |
Expand All @@ -32,14 +32,21 @@ The Helm chart for Envoy Gateway
| deployment.envoyGateway.image.tag | string | `""` | |
| deployment.envoyGateway.imagePullPolicy | string | `""` | |
| deployment.envoyGateway.imagePullSecrets | list | `[]` | |
| deployment.envoyGateway.resources.limits.cpu | string | `"500m"` | |
| deployment.envoyGateway.resources.limits.memory | string | `"1024Mi"` | |
| deployment.envoyGateway.resources.requests.cpu | string | `"100m"` | |
| deployment.envoyGateway.resources.requests.memory | string | `"256Mi"` | |
| deployment.envoyGateway.securityContext.allowPrivilegeEscalation | bool | `false` | |
| deployment.envoyGateway.securityContext.capabilities.drop[0] | string | `"ALL"` | |
| deployment.envoyGateway.securityContext.privileged | bool | `false` | |
| deployment.envoyGateway.securityContext.runAsGroup | int | `65532` | |
| deployment.envoyGateway.securityContext.runAsNonRoot | bool | `true` | |
| deployment.envoyGateway.securityContext.runAsUser | int | `65532` | |
| deployment.envoyGateway.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| deployment.pod.affinity | object | `{}` | |
| deployment.pod.annotations."prometheus.io/port" | string | `"19001"` | |
| deployment.pod.annotations."prometheus.io/scrape" | string | `"true"` | |
| deployment.pod.labels | object | `{}` | |
| deployment.pod.nodeSelector | object | `{}` | |
| deployment.pod.tolerations | list | `[]` | |
| deployment.pod.topologySpreadConstraints | list | `[]` | |
| deployment.ports[0].name | string | `"grpc"` | |
Expand All @@ -54,6 +61,7 @@ The Helm chart for Envoy Gateway
| deployment.ports[3].name | string | `"metrics"` | |
| deployment.ports[3].port | int | `19001` | |
| deployment.ports[3].targetPort | int | `19001` | |
| deployment.priorityClassName | string | `nil` | |
| deployment.replicas | int | `1` | |
| global.images.envoyGateway.image | string | `nil` | |
| global.images.envoyGateway.pullPolicy | string | `nil` | |
Expand All @@ -63,4 +71,5 @@ The Helm chart for Envoy Gateway
| global.images.ratelimit.pullSecrets | list | `[]` | |
| kubernetesClusterDomain | string | `"cluster.local"` | |
| podDisruptionBudget.minAvailable | int | `0` | |
| service.annotations | object | `{}` | |

143 changes: 143 additions & 0 deletions site/content/en/docs/install/migrating-to-envoy.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
---
title: Migrating from Ingress Resources
---

## Introduction

Migrating from Ingress to Envoy Gateway involves converting existing Ingress resources into resources compatible with Envoy Gateway. The `ingress2gateway` tool simplifies this migration by transforming Ingress resources into Gateway API resources that Envoy Gateway can use. This guide will walk you through the prerequisites, installation of the `ingress2gateway` tool, and provide an example migration process.

## Prerequisites

Before you start the migration, ensure you have the following:

1. **Envoy Gateway Installed**: You need Envoy Gateway set up in your Kubernetes cluster. Follow the [Envoy Gateway installation guide](../install) for details.
2. **Kubernetes Cluster Access**: Ensure you have access to your Kubernetes cluster and necessary permissions to manage resources.
3. **Installation of `ingress2gateway` Tool**: You need to install the `ingress2gateway` tool in your Kubernetes cluster and configure it accordingly. Follow the [ingress2gateway tool installation guide](https://github.com/kubernetes-sigs/ingress2gateway/blob/main/README.md#installation) for details.

## Example Migration

Here’s a step-by-step example of migrating from Ingress to Envoy Gateway using `ingress2gateway`:

### 1. Install and Configure Envoy Gateway

Ensure that Envoy Gateway is installed and running in your cluster. Follow the [official Envoy Gateway installation guide](../install) for setup instructions.

### 2. Create a GatewayClass

To ensure the generated HTTPRoutes are programmed correctly in the Envoy Gateway data plane, create a GatewayClass that links to the Envoy Gateway controller.

Create a `GatewayClass` resource:

```yaml
apiVersion: gateway.networking.k8s.io/v1beta1
kind: GatewayClass
metadata:
name: envoy-gateway-class
spec:
controllerName: gateway.envoyproxy.io/controller
```

Apply this resource:

```sh
kubectl apply -f gatewayclass.yaml
```

### 3. Install Ingress2gateway

Ensure you have the Ingress2gateway package installed. If not, follow the package’s installation instructions.

### 4. Run Ingress2gateway

Use Ingress2gateway to read your existing Ingress resources and translate them into Gateway API resources.

```sh
./ingress2gateway print
```

This command will:
1. Read your Kube config file to extract the cluster credentials and the current active namespace.
2. Search for Ingress and provider-specific resources in that namespace.
3. Convert them to Gateway API resources (Gateways and HTTPRoutes).

#### Example Ingress Configuration

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
namespace: default
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: example.com
http:
paths:
- path: /foo
pathType: Prefix
backend:
service:
name: foo-service
port:
number: 80
```

### 5. Save the Output

The command will output the equivalent Gateway API resources in YAML/JSON format to stdout. Save this output to a file for further use.

```sh
./ingress2gateway print > gateway-resources.yaml
```

### 6. Apply the Translated Resources

Apply the translated Gateway API resources to your cluster.

```sh
kubectl apply -f gateway-resources.yaml
```

### 7. Create a Gateway Resource

Create a `Gateway` resource specifying the `GatewayClass` created earlier and including the necessary listeners.

```yaml
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: example-gateway
namespace: default
spec:
gatewayClassName: envoy-gateway-class
listeners:
- name: http
protocol: HTTP
port: 80
hostname: example.com
```

Apply this resource:

```sh
kubectl apply -f gateway.yaml
```

### 8. Validate the Migration

Ensure the HTTPRoutes and Gateways are correctly set up and that traffic is being routed as expected. Validate the new configuration by checking the status of the Gateway and HTTPRoute resources.

```sh
kubectl get gateways
kubectl get httproutes
```

### 9. Monitor and Troubleshoot

Monitor the Envoy Gateway logs and metrics to ensure everything is functioning correctly. Troubleshoot any issues by reviewing the Gateway and HTTPRoute statuses and Envoy Gateway controller logs.

## Summary

By following this guide, users can effectively migrate their existing Ingress resources to Envoy Gateway using the Ingress2gateway package. Creating a GatewayClass and linking it to the Envoy Gateway controller ensures that the translated resources are properly programmed in the data plane, providing a seamless transition to the Envoy Gateway environment.
Loading
Loading