From 17a48f36bc2ebca7f77e63a18ffdd028bfd0bb73 Mon Sep 17 00:00:00 2001 From: Paul Parkanzky Date: Tue, 29 Mar 2022 17:35:50 -0400 Subject: [PATCH 1/9] feat(kuma-cp): add cert metrics Signed-off-by: Paul Parkanzky --- pkg/core/bootstrap/bootstrap.go | 6 +++- pkg/plugins/runtime/gateway/suite_test.go | 7 +++-- pkg/test/runtime/runtime.go | 6 +++- pkg/xds/secrets/ca_provider.go | 33 ++++++++++++++++++--- pkg/xds/secrets/identity_provider.go | 35 ++++++++++++++++++++--- pkg/xds/secrets/secrets_test.go | 8 ++++-- pkg/xds/server/components.go | 7 ++++- 7 files changed, 86 insertions(+), 16 deletions(-) diff --git a/pkg/core/bootstrap/bootstrap.go b/pkg/core/bootstrap/bootstrap.go index 7241a24f7700..015a28a2618b 100644 --- a/pkg/core/bootstrap/bootstrap.go +++ b/pkg/core/bootstrap/bootstrap.go @@ -117,7 +117,11 @@ func buildRuntime(appCtx context.Context, cfg kuma_cp.Config) (core_runtime.Runt builder.WithEnvoyAdminClient(envoyAdminClient) builder.WithAPIManager(customization.NewAPIList()) builder.WithXDSHooks(&xds_hooks.Hooks{}) - builder.WithCAProvider(secrets.NewCaProvider(builder.CaManagers())) + caProvider, err := secrets.NewCaProvider(builder.CaManagers(), builder.Metrics()) + if err != nil { + return nil, err + } + builder.WithCAProvider(caProvider) builder.WithDpServer(server.NewDpServer(*cfg.DpServer, builder.Metrics())) builder.WithKDSContext(kds_context.DefaultContext(builder.ResourceManager(), cfg.Multizone.Zone.Name)) diff --git a/pkg/plugins/runtime/gateway/suite_test.go b/pkg/plugins/runtime/gateway/suite_test.go index 815f123a920b..6322c1f15260 100644 --- a/pkg/plugins/runtime/gateway/suite_test.go +++ b/pkg/plugins/runtime/gateway/suite_test.go @@ -109,9 +109,12 @@ func MakeGeneratorContext(rt runtime.Runtime, key core_model.ResourceKey) (*xds_ cache, err := cla.NewCache(rt.Config().Store.Cache.ExpirationTime, rt.Metrics()) Expect(err).To(Succeed()) + idProvider, err := secrets.NewIdentityProvider(rt.CaManagers(), rt.Metrics()) + Expect(err).To(Succeed()) + secrets, err := secrets.NewSecrets( - secrets.NewCaProvider(rt.CaManagers()), - secrets.NewIdentityProvider(rt.CaManagers()), + rt.CAProvider(), + idProvider, rt.Metrics(), ) Expect(err).To(Succeed()) diff --git a/pkg/test/runtime/runtime.go b/pkg/test/runtime/runtime.go index 4ec4742cbf65..2801a5f84e46 100644 --- a/pkg/test/runtime/runtime.go +++ b/pkg/test/runtime/runtime.go @@ -94,7 +94,11 @@ func BuilderFor(appCtx context.Context, cfg kuma_cp.Config) (*core_runtime.Build builder.WithXDSHooks(&xds_hooks.Hooks{}) builder.WithDpServer(server.NewDpServer(*cfg.DpServer, metrics)) builder.WithKDSContext(kds_context.DefaultContext(builder.ResourceManager(), cfg.Multizone.Zone.Name)) - builder.WithCAProvider(secrets.NewCaProvider(builder.CaManagers())) + caProvider, err := secrets.NewCaProvider(builder.CaManagers(), metrics) + if err != nil { + return nil, err + } + builder.WithCAProvider(caProvider) builder.WithAPIServerAuthenticator(certs.ClientCertAuthenticator) builder.WithAccess(core_runtime.Access{ ResourceAccess: resources_access.NewAdminResourceAccess(builder.Config().Access.Static.AdminResources), diff --git a/pkg/xds/secrets/ca_provider.go b/pkg/xds/secrets/ca_provider.go index b3cb62a3c15c..822e50ced007 100644 --- a/pkg/xds/secrets/ca_provider.go +++ b/pkg/xds/secrets/ca_provider.go @@ -2,12 +2,15 @@ package secrets import ( "context" + "time" "github.com/pkg/errors" + "github.com/prometheus/client_golang/prometheus" core_ca "github.com/kumahq/kuma/pkg/core/ca" core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" core_xds "github.com/kumahq/kuma/pkg/core/xds" + core_metrics "github.com/kumahq/kuma/pkg/metrics" ) type CaProvider interface { @@ -15,14 +18,28 @@ type CaProvider interface { Get(context.Context, *core_mesh.MeshResource) (*core_xds.CaSecret, []string, error) } -func NewCaProvider(caManagers core_ca.Managers) CaProvider { - return &meshCaProvider{ - caManagers: caManagers, +func NewCaProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (CaProvider, error) { + latencyMetrics := map[string]prometheus.Summary{} + for backendType, _ := range caManagers { + latencyMetrics[backendType] = prometheus.NewSummary(prometheus.SummaryOpts{ + Name: "ca_manager_get_root_cert_" + backendType, + Help: "Summary of CA manager get CA root certificate latencies", + Objectives: core_metrics.DefaultObjectives, + }) + if err := metrics.Register(latencyMetrics[backendType]); err != nil { + return nil, err + } } + return &meshCaProvider{ + caManagers: caManagers, + latencyMetrics: latencyMetrics, + }, nil } type meshCaProvider struct { caManagers core_ca.Managers + // latencyMetrics maps backend type to backend cert retrieval summary metrics + latencyMetrics map[string]prometheus.Summary } func (s *meshCaProvider) Get(ctx context.Context, mesh *core_mesh.MeshResource) (*core_xds.CaSecret, []string, error) { @@ -36,7 +53,15 @@ func (s *meshCaProvider) Get(ctx context.Context, mesh *core_mesh.MeshResource) return nil, nil, errors.Errorf("CA manager of type %s not exist", backend.Type) } - certs, err := caManager.GetRootCert(ctx, mesh.GetMeta().GetName(), backend) + var certs [][]byte + var err error + func() { + start := time.Now() + defer func() { + s.latencyMetrics[backend.Type].Observe(float64(time.Now().Sub(start).Milliseconds())) + }() + certs, err = caManager.GetRootCert(ctx, mesh.GetMeta().GetName(), backend) + }() if err != nil { return nil, nil, errors.Wrap(err, "could not get root certs") } diff --git a/pkg/xds/secrets/identity_provider.go b/pkg/xds/secrets/identity_provider.go index 9b0147e6a536..32fa47c71aa8 100644 --- a/pkg/xds/secrets/identity_provider.go +++ b/pkg/xds/secrets/identity_provider.go @@ -2,13 +2,16 @@ package secrets import ( "context" + "time" "github.com/pkg/errors" + "github.com/prometheus/client_golang/prometheus" mesh_proto "github.com/kumahq/kuma/api/mesh/v1alpha1" core_ca "github.com/kumahq/kuma/pkg/core/ca" core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh" core_xds "github.com/kumahq/kuma/pkg/core/xds" + core_metrics "github.com/kumahq/kuma/pkg/metrics" ) type Identity struct { @@ -22,14 +25,29 @@ type IdentityProvider interface { Get(context.Context, Identity, *core_mesh.MeshResource) (*core_xds.IdentitySecret, string, error) } -func NewIdentityProvider(caManagers core_ca.Managers) IdentityProvider { - return &identityCertProvider{ - caManagers: caManagers, +func NewIdentityProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (IdentityProvider, error) { + latencyMetrics := map[string]prometheus.Summary{} + for backendType, _ := range caManagers { + latencyMetrics[backendType] = prometheus.NewSummary(prometheus.SummaryOpts{ + Name: "ca_manager_get_cert_" + backendType, + Help: "Summary of CA manager get certificate latencies", + Objectives: core_metrics.DefaultObjectives, + }) + if err := metrics.Register(latencyMetrics[backendType]); err != nil { + return nil, err + } } + + return &identityCertProvider{ + caManagers: caManagers, + latencyMetrics: latencyMetrics, + }, nil } type identityCertProvider struct { caManagers core_ca.Managers + // latencyMetrics maps backend type to backend cert retrieval summary metrics + latencyMetrics map[string]prometheus.Summary } func (s *identityCertProvider) Get(ctx context.Context, requestor Identity, mesh *core_mesh.MeshResource) (*core_xds.IdentitySecret, string, error) { @@ -43,7 +61,16 @@ func (s *identityCertProvider) Get(ctx context.Context, requestor Identity, mesh return nil, "", errors.Errorf("CA manager of type %s not exist", backend.Type) } - pair, err := caManager.GenerateDataplaneCert(ctx, mesh.GetMeta().GetName(), backend, requestor.Services) + var pair core_ca.KeyPair + var err error + func() { + start := time.Now() + defer func() { + s.latencyMetrics[backend.Type].Observe(float64(time.Now().Sub(start).Milliseconds())) + }() + pair, err = caManager.GenerateDataplaneCert(ctx, mesh.GetMeta().GetName(), backend, requestor.Services) + }() + if err != nil { return nil, "", errors.Wrapf(err, "could not generate dataplane cert for mesh: %q backend: %q services: %q", mesh.GetMeta().GetName(), backend.Name, requestor.Services) } diff --git a/pkg/xds/secrets/secrets_test.go b/pkg/xds/secrets/secrets_test.go index 0bffd5646681..bd47dc3e3906 100644 --- a/pkg/xds/secrets/secrets_test.go +++ b/pkg/xds/secrets/secrets_test.go @@ -110,13 +110,15 @@ var _ = Describe("Secrets", func() { err := builtinCaManager.EnsureBackends(context.Background(), "default", newMesh().Spec.Mtls.Backends) Expect(err).ToNot(HaveOccurred()) - caProvider := NewCaProvider(caManagers) - identityProvider := NewIdentityProvider(caManagers) - m, err := core_metrics.NewMetrics("local") Expect(err).ToNot(HaveOccurred()) metrics = m + caProvider, err := NewCaProvider(caManagers, metrics) + Expect(err).ToNot(HaveOccurred()) + identityProvider, err := NewIdentityProvider(caManagers, metrics) + Expect(err).ToNot(HaveOccurred()) + secrets, err = NewSecrets(caProvider, identityProvider, metrics) Expect(err).ToNot(HaveOccurred()) diff --git a/pkg/xds/server/components.go b/pkg/xds/server/components.go index cb10bbf92157..b500097cf3c7 100644 --- a/pkg/xds/server/components.go +++ b/pkg/xds/server/components.go @@ -77,9 +77,14 @@ func RegisterXDS(rt core_runtime.Runtime) error { return err } + idProvider, err := secrets.NewIdentityProvider(rt.CaManagers(), rt.Metrics()) + if err != nil { + return err + } + secrets, err := secrets.NewSecrets( rt.CAProvider(), - secrets.NewIdentityProvider(rt.CaManagers()), + idProvider, rt.Metrics(), ) if err != nil { From eec0c64844e6c352be87c12cfddb0c2dc549700e Mon Sep 17 00:00:00 2001 From: Paul Parkanzky Date: Wed, 30 Mar 2022 14:27:56 -0400 Subject: [PATCH 2/9] chore(kuma-cp): make check Signed-off-by: Paul Parkanzky --- pkg/xds/secrets/ca_provider.go | 4 ++-- pkg/xds/secrets/identity_provider.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/xds/secrets/ca_provider.go b/pkg/xds/secrets/ca_provider.go index 822e50ced007..da17f889ea85 100644 --- a/pkg/xds/secrets/ca_provider.go +++ b/pkg/xds/secrets/ca_provider.go @@ -20,7 +20,7 @@ type CaProvider interface { func NewCaProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (CaProvider, error) { latencyMetrics := map[string]prometheus.Summary{} - for backendType, _ := range caManagers { + for backendType := range caManagers { latencyMetrics[backendType] = prometheus.NewSummary(prometheus.SummaryOpts{ Name: "ca_manager_get_root_cert_" + backendType, Help: "Summary of CA manager get CA root certificate latencies", @@ -58,7 +58,7 @@ func (s *meshCaProvider) Get(ctx context.Context, mesh *core_mesh.MeshResource) func() { start := time.Now() defer func() { - s.latencyMetrics[backend.Type].Observe(float64(time.Now().Sub(start).Milliseconds())) + s.latencyMetrics[backend.Type].Observe(float64(time.Since(start).Milliseconds())) }() certs, err = caManager.GetRootCert(ctx, mesh.GetMeta().GetName(), backend) }() diff --git a/pkg/xds/secrets/identity_provider.go b/pkg/xds/secrets/identity_provider.go index 32fa47c71aa8..97dae9d2fdcf 100644 --- a/pkg/xds/secrets/identity_provider.go +++ b/pkg/xds/secrets/identity_provider.go @@ -27,7 +27,7 @@ type IdentityProvider interface { func NewIdentityProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (IdentityProvider, error) { latencyMetrics := map[string]prometheus.Summary{} - for backendType, _ := range caManagers { + for backendType := range caManagers { latencyMetrics[backendType] = prometheus.NewSummary(prometheus.SummaryOpts{ Name: "ca_manager_get_cert_" + backendType, Help: "Summary of CA manager get certificate latencies", @@ -66,7 +66,7 @@ func (s *identityCertProvider) Get(ctx context.Context, requestor Identity, mesh func() { start := time.Now() defer func() { - s.latencyMetrics[backend.Type].Observe(float64(time.Now().Sub(start).Milliseconds())) + s.latencyMetrics[backend.Type].Observe(float64(time.Since(start).Milliseconds())) }() pair, err = caManager.GenerateDataplaneCert(ctx, mesh.GetMeta().GetName(), backend, requestor.Services) }() From 34c319b8ce5e4bfca3eec60a0f2e2fd4e244017b Mon Sep 17 00:00:00 2001 From: Paul Parkanzky Date: Wed, 30 Mar 2022 16:19:41 -0400 Subject: [PATCH 3/9] feat(kuma-cp): add configurable timeout Signed-off-by: Paul Parkanzky --- api/mesh/v1alpha1/mesh.pb.go | 348 +++++++++++++++++---------- api/mesh/v1alpha1/mesh.proto | 12 + pkg/xds/secrets/ca_provider.go | 7 + pkg/xds/secrets/identity_provider.go | 7 + 4 files changed, 250 insertions(+), 124 deletions(-) diff --git a/api/mesh/v1alpha1/mesh.pb.go b/api/mesh/v1alpha1/mesh.pb.go index bda7fbab32c3..45b01f013a82 100644 --- a/api/mesh/v1alpha1/mesh.pb.go +++ b/api/mesh/v1alpha1/mesh.pb.go @@ -10,6 +10,7 @@ import ( _ "github.com/kumahq/kuma/api/mesh" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + durationpb "google.golang.org/protobuf/types/known/durationpb" structpb "google.golang.org/protobuf/types/known/structpb" wrapperspb "google.golang.org/protobuf/types/known/wrapperspb" reflect "reflect" @@ -203,7 +204,8 @@ type CertificateAuthorityBackend struct { Conf *structpb.Struct `protobuf:"bytes,4,opt,name=conf,proto3" json:"conf,omitempty"` // Mode defines the behaviour of inbound listeners with regard to traffic // encryption - Mode CertificateAuthorityBackend_Mode `protobuf:"varint,5,opt,name=mode,proto3,enum=kuma.mesh.v1alpha1.CertificateAuthorityBackend_Mode" json:"mode,omitempty"` + Mode CertificateAuthorityBackend_Mode `protobuf:"varint,5,opt,name=mode,proto3,enum=kuma.mesh.v1alpha1.CertificateAuthorityBackend_Mode" json:"mode,omitempty"` + RootCert *CertificateAuthorityBackend_RootCert `protobuf:"bytes,6,opt,name=rootCert,proto3" json:"rootCert,omitempty"` } func (x *CertificateAuthorityBackend) Reset() { @@ -273,6 +275,13 @@ func (x *CertificateAuthorityBackend) GetMode() CertificateAuthorityBackend_Mode return CertificateAuthorityBackend_STRICT } +func (x *CertificateAuthorityBackend) GetRootCert() *CertificateAuthorityBackend_RootCert { + if x != nil { + return x.RootCert + } + return nil +} + // Networking defines the networking configuration of the mesh type Networking struct { state protoimpl.MessageState @@ -1118,6 +1127,8 @@ type CertificateAuthorityBackend_DpCert struct { // Rotation settings Rotation *CertificateAuthorityBackend_DpCert_Rotation `protobuf:"bytes,1,opt,name=rotation,proto3" json:"rotation,omitempty"` + // Timeout on request to CA for DP certificate generation and retrieval + RequestTimeout *durationpb.Duration `protobuf:"bytes,2,opt,name=requestTimeout,proto3" json:"requestTimeout,omitempty"` } func (x *CertificateAuthorityBackend_DpCert) Reset() { @@ -1159,6 +1170,62 @@ func (x *CertificateAuthorityBackend_DpCert) GetRotation() *CertificateAuthority return nil } +func (x *CertificateAuthorityBackend_DpCert) GetRequestTimeout() *durationpb.Duration { + if x != nil { + return x.RequestTimeout + } + return nil +} + +// RootCert defines settings related to CA root certificate chain. +type CertificateAuthorityBackend_RootCert struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Timeout on request for to CA for root certificate chain. + RequestTimeout *durationpb.Duration `protobuf:"bytes,1,opt,name=requestTimeout,proto3" json:"requestTimeout,omitempty"` +} + +func (x *CertificateAuthorityBackend_RootCert) Reset() { + *x = CertificateAuthorityBackend_RootCert{} + if protoimpl.UnsafeEnabled { + mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CertificateAuthorityBackend_RootCert) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CertificateAuthorityBackend_RootCert) ProtoMessage() {} + +func (x *CertificateAuthorityBackend_RootCert) ProtoReflect() protoreflect.Message { + mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[18] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CertificateAuthorityBackend_RootCert.ProtoReflect.Descriptor instead. +func (*CertificateAuthorityBackend_RootCert) Descriptor() ([]byte, []int) { + return file_mesh_v1alpha1_mesh_proto_rawDescGZIP(), []int{1, 1} +} + +func (x *CertificateAuthorityBackend_RootCert) GetRequestTimeout() *durationpb.Duration { + if x != nil { + return x.RequestTimeout + } + return nil +} + // Rotation defines rotation settings for Dataplane certificate type CertificateAuthorityBackend_DpCert_Rotation struct { state protoimpl.MessageState @@ -1172,7 +1239,7 @@ type CertificateAuthorityBackend_DpCert_Rotation struct { func (x *CertificateAuthorityBackend_DpCert_Rotation) Reset() { *x = CertificateAuthorityBackend_DpCert_Rotation{} if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[18] + mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1185,7 +1252,7 @@ func (x *CertificateAuthorityBackend_DpCert_Rotation) String() string { func (*CertificateAuthorityBackend_DpCert_Rotation) ProtoMessage() {} func (x *CertificateAuthorityBackend_DpCert_Rotation) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[18] + mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[19] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1221,7 +1288,7 @@ type Networking_Outbound struct { func (x *Networking_Outbound) Reset() { *x = Networking_Outbound{} if protoimpl.UnsafeEnabled { - mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[19] + mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1234,7 +1301,7 @@ func (x *Networking_Outbound) String() string { func (*Networking_Outbound) ProtoMessage() {} func (x *Networking_Outbound) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[19] + mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[20] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1267,6 +1334,8 @@ var file_mesh_v1alpha1_mesh_proto_rawDesc = []byte{ 0x74, 0x6f, 0x1a, 0x1b, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xd8, 0x08, @@ -1339,7 +1408,7 @@ var file_mesh_v1alpha1_mesh_proto_rawDesc = []byte{ 0x01, 0x02, 0x18, 0x01, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x06, 0x22, 0x04, 0x6d, 0x65, 0x73, 0x68, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x04, 0x52, 0x02, 0x10, 0x01, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x08, 0x3a, 0x06, 0x0a, 0x04, 0x6d, 0x65, 0x73, 0x68, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x0a, 0x3a, 0x08, - 0x12, 0x06, 0x6d, 0x65, 0x73, 0x68, 0x65, 0x73, 0x22, 0xc4, 0x03, 0x0a, 0x1b, 0x43, 0x65, 0x72, + 0x12, 0x06, 0x6d, 0x65, 0x73, 0x68, 0x65, 0x73, 0x22, 0xac, 0x05, 0x0a, 0x1b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, @@ -1356,94 +1425,108 @@ var file_mesh_v1alpha1_mesh_proto_rawDesc = []byte{ 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x2e, 0x4d, 0x6f, 0x64, - 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x1a, 0x91, 0x01, 0x0a, 0x06, 0x44, 0x70, 0x43, 0x65, - 0x72, 0x74, 0x12, 0x5b, 0x0a, 0x08, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x42, 0x61, - 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x2e, 0x44, 0x70, 0x43, 0x65, 0x72, 0x74, 0x2e, 0x52, 0x6f, 0x74, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, - 0x2a, 0x0a, 0x08, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x65, - 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x22, 0x0a, 0x04, 0x4d, - 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x00, 0x12, - 0x0e, 0x0a, 0x0a, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x01, 0x22, - 0x9b, 0x01, 0x0a, 0x0a, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x12, 0x43, - 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x27, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x08, 0x6f, 0x75, 0x74, 0x62, 0x6f, - 0x75, 0x6e, 0x64, 0x1a, 0x48, 0x0a, 0x08, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x12, - 0x3c, 0x0a, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x52, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x22, 0x71, 0x0a, - 0x07, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x12, 0x26, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, - 0x75, 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, - 0x12, 0x3e, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, - 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, - 0x22, 0x9f, 0x01, 0x0a, 0x0e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, - 0x65, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x08, 0x73, 0x61, 0x6d, 0x70, 0x6c, - 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x6f, 0x75, 0x62, - 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, - 0x67, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2b, 0x0a, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x04, 0x63, 0x6f, - 0x6e, 0x66, 0x22, 0x4b, 0x0a, 0x1b, 0x44, 0x61, 0x74, 0x61, 0x64, 0x6f, 0x67, 0x54, 0x72, 0x61, - 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, - 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, - 0xbe, 0x01, 0x0a, 0x1a, 0x5a, 0x69, 0x70, 0x6b, 0x69, 0x6e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, - 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, - 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, - 0x12, 0x24, 0x0a, 0x0d, 0x74, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64, 0x31, 0x32, 0x38, 0x62, 0x69, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x74, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64, - 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x70, 0x69, 0x56, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x11, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, - 0x53, 0x70, 0x61, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x11, 0x73, - 0x68, 0x61, 0x72, 0x65, 0x64, 0x53, 0x70, 0x61, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, - 0x22, 0x71, 0x0a, 0x07, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x12, 0x26, 0x0a, 0x0e, 0x64, - 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, - 0x65, 0x6e, 0x64, 0x12, 0x3e, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, - 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x67, 0x69, - 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, - 0x6e, 0x64, 0x73, 0x22, 0x7d, 0x0a, 0x0e, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, - 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, - 0x6d, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, - 0x74, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2b, 0x0a, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x04, 0x63, 0x6f, - 0x6e, 0x66, 0x22, 0x2e, 0x0a, 0x18, 0x46, 0x69, 0x6c, 0x65, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, - 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, - 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, - 0x74, 0x68, 0x22, 0x33, 0x0a, 0x17, 0x54, 0x63, 0x70, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, - 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, - 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, - 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, 0x69, 0x0a, 0x07, 0x52, 0x6f, 0x75, 0x74, 0x69, - 0x6e, 0x67, 0x12, 0x3e, 0x0a, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x41, 0x77, - 0x61, 0x72, 0x65, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, - 0x41, 0x77, 0x61, 0x72, 0x65, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, - 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x7a, 0x6f, 0x6e, 0x65, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x7a, 0x6f, 0x6e, 0x65, 0x45, 0x67, 0x72, 0x65, - 0x73, 0x73, 0x42, 0x2a, 0x5a, 0x28, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x54, 0x0a, 0x08, 0x72, 0x6f, 0x6f, 0x74, 0x43, + 0x65, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x6b, 0x75, 0x6d, 0x61, + 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x2e, 0x52, 0x6f, 0x6f, 0x74, 0x43, + 0x65, 0x72, 0x74, 0x52, 0x08, 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x1a, 0xd4, 0x01, + 0x0a, 0x06, 0x44, 0x70, 0x43, 0x65, 0x72, 0x74, 0x12, 0x5b, 0x0a, 0x08, 0x72, 0x6f, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x6b, 0x75, 0x6d, + 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x2e, 0x44, 0x70, 0x43, 0x65, + 0x72, 0x74, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x72, 0x6f, 0x74, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x1a, 0x2a, 0x0a, 0x08, 0x52, 0x6f, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x4d, 0x0a, 0x08, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, + 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, + 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x22, 0x22, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, + 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x50, 0x45, 0x52, 0x4d, 0x49, + 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x01, 0x22, 0x9b, 0x01, 0x0a, 0x0a, 0x4e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x12, 0x43, 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, + 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, + 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, + 0x64, 0x52, 0x08, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x1a, 0x48, 0x0a, 0x08, 0x4f, + 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3c, 0x0a, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, + 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, + 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, + 0x72, 0x6f, 0x75, 0x67, 0x68, 0x22, 0x71, 0x0a, 0x07, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, + 0x12, 0x26, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, + 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, + 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3e, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, + 0x65, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x6b, 0x75, 0x6d, + 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, + 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x08, + 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x22, 0x9f, 0x01, 0x0a, 0x0e, 0x54, 0x72, 0x61, + 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, + 0x38, 0x0a, 0x08, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x44, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, + 0x08, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2b, 0x0a, + 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, + 0x72, 0x75, 0x63, 0x74, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x22, 0x4b, 0x0a, 0x1b, 0x44, 0x61, + 0x74, 0x61, 0x64, 0x6f, 0x67, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, + 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xbe, 0x01, 0x0a, 0x1a, 0x5a, 0x69, 0x70, 0x6b, + 0x69, 0x6e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x24, 0x0a, 0x0d, 0x74, 0x72, 0x61, 0x63, + 0x65, 0x49, 0x64, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0d, 0x74, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x12, 0x1e, + 0x0a, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x48, + 0x0a, 0x11, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x53, 0x70, 0x61, 0x6e, 0x43, 0x6f, 0x6e, 0x74, + 0x65, 0x78, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x11, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x53, 0x70, 0x61, + 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x71, 0x0a, 0x07, 0x4c, 0x6f, 0x67, 0x67, + 0x69, 0x6e, 0x67, 0x12, 0x26, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, + 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x64, 0x65, 0x66, + 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3e, 0x0a, 0x08, 0x62, + 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, + 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, + 0x64, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x22, 0x7d, 0x0a, 0x0e, 0x4c, + 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2b, 0x0a, + 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, + 0x72, 0x75, 0x63, 0x74, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x22, 0x2e, 0x0a, 0x18, 0x46, 0x69, + 0x6c, 0x65, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x33, 0x0a, 0x17, 0x54, 0x63, + 0x70, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, + 0x69, 0x0a, 0x07, 0x52, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x3e, 0x0a, 0x1a, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x41, 0x77, 0x61, 0x72, 0x65, 0x4c, 0x6f, 0x61, 0x64, 0x42, + 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1a, + 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x41, 0x77, 0x61, 0x72, 0x65, 0x4c, 0x6f, 0x61, + 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x7a, 0x6f, + 0x6e, 0x65, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, + 0x7a, 0x6f, 0x6e, 0x65, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x42, 0x2a, 0x5a, 0x28, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, + 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1459,7 +1542,7 @@ func file_mesh_v1alpha1_mesh_proto_rawDescGZIP() []byte { } var file_mesh_v1alpha1_mesh_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_mesh_v1alpha1_mesh_proto_msgTypes = make([]protoimpl.MessageInfo, 20) +var file_mesh_v1alpha1_mesh_proto_msgTypes = make([]protoimpl.MessageInfo, 21) var file_mesh_v1alpha1_mesh_proto_goTypes = []interface{}{ (CertificateAuthorityBackend_Mode)(0), // 0: kuma.mesh.v1alpha1.CertificateAuthorityBackend.Mode (*Mesh)(nil), // 1: kuma.mesh.v1alpha1.Mesh @@ -1480,43 +1563,48 @@ var file_mesh_v1alpha1_mesh_proto_goTypes = []interface{}{ (*Mesh_DataplaneProxyConstraints_Rules)(nil), // 16: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules nil, // 17: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules.TagsEntry (*CertificateAuthorityBackend_DpCert)(nil), // 18: kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert - (*CertificateAuthorityBackend_DpCert_Rotation)(nil), // 19: kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation - (*Networking_Outbound)(nil), // 20: kuma.mesh.v1alpha1.Networking.Outbound - (*Metrics)(nil), // 21: kuma.mesh.v1alpha1.Metrics - (*structpb.Struct)(nil), // 22: google.protobuf.Struct - (*wrapperspb.DoubleValue)(nil), // 23: google.protobuf.DoubleValue - (*wrapperspb.BoolValue)(nil), // 24: google.protobuf.BoolValue + (*CertificateAuthorityBackend_RootCert)(nil), // 19: kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootCert + (*CertificateAuthorityBackend_DpCert_Rotation)(nil), // 20: kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation + (*Networking_Outbound)(nil), // 21: kuma.mesh.v1alpha1.Networking.Outbound + (*Metrics)(nil), // 22: kuma.mesh.v1alpha1.Metrics + (*structpb.Struct)(nil), // 23: google.protobuf.Struct + (*wrapperspb.DoubleValue)(nil), // 24: google.protobuf.DoubleValue + (*wrapperspb.BoolValue)(nil), // 25: google.protobuf.BoolValue + (*durationpb.Duration)(nil), // 26: google.protobuf.Duration } var file_mesh_v1alpha1_mesh_proto_depIdxs = []int32{ 13, // 0: kuma.mesh.v1alpha1.Mesh.mtls:type_name -> kuma.mesh.v1alpha1.Mesh.Mtls 4, // 1: kuma.mesh.v1alpha1.Mesh.tracing:type_name -> kuma.mesh.v1alpha1.Tracing 8, // 2: kuma.mesh.v1alpha1.Mesh.logging:type_name -> kuma.mesh.v1alpha1.Logging - 21, // 3: kuma.mesh.v1alpha1.Mesh.metrics:type_name -> kuma.mesh.v1alpha1.Metrics + 22, // 3: kuma.mesh.v1alpha1.Mesh.metrics:type_name -> kuma.mesh.v1alpha1.Metrics 3, // 4: kuma.mesh.v1alpha1.Mesh.networking:type_name -> kuma.mesh.v1alpha1.Networking 12, // 5: kuma.mesh.v1alpha1.Mesh.routing:type_name -> kuma.mesh.v1alpha1.Routing 14, // 6: kuma.mesh.v1alpha1.Mesh.constraints:type_name -> kuma.mesh.v1alpha1.Mesh.Constraints 18, // 7: kuma.mesh.v1alpha1.CertificateAuthorityBackend.dpCert:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert - 22, // 8: kuma.mesh.v1alpha1.CertificateAuthorityBackend.conf:type_name -> google.protobuf.Struct + 23, // 8: kuma.mesh.v1alpha1.CertificateAuthorityBackend.conf:type_name -> google.protobuf.Struct 0, // 9: kuma.mesh.v1alpha1.CertificateAuthorityBackend.mode:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend.Mode - 20, // 10: kuma.mesh.v1alpha1.Networking.outbound:type_name -> kuma.mesh.v1alpha1.Networking.Outbound - 5, // 11: kuma.mesh.v1alpha1.Tracing.backends:type_name -> kuma.mesh.v1alpha1.TracingBackend - 23, // 12: kuma.mesh.v1alpha1.TracingBackend.sampling:type_name -> google.protobuf.DoubleValue - 22, // 13: kuma.mesh.v1alpha1.TracingBackend.conf:type_name -> google.protobuf.Struct - 24, // 14: kuma.mesh.v1alpha1.ZipkinTracingBackendConfig.sharedSpanContext:type_name -> google.protobuf.BoolValue - 9, // 15: kuma.mesh.v1alpha1.Logging.backends:type_name -> kuma.mesh.v1alpha1.LoggingBackend - 22, // 16: kuma.mesh.v1alpha1.LoggingBackend.conf:type_name -> google.protobuf.Struct - 2, // 17: kuma.mesh.v1alpha1.Mesh.Mtls.backends:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend - 15, // 18: kuma.mesh.v1alpha1.Mesh.Constraints.dataplaneProxy:type_name -> kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints - 16, // 19: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.requirements:type_name -> kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules - 16, // 20: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.restrictions:type_name -> kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules - 17, // 21: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules.tags:type_name -> kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules.TagsEntry - 19, // 22: kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.rotation:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation - 24, // 23: kuma.mesh.v1alpha1.Networking.Outbound.passthrough:type_name -> google.protobuf.BoolValue - 24, // [24:24] is the sub-list for method output_type - 24, // [24:24] is the sub-list for method input_type - 24, // [24:24] is the sub-list for extension type_name - 24, // [24:24] is the sub-list for extension extendee - 0, // [0:24] is the sub-list for field type_name + 19, // 10: kuma.mesh.v1alpha1.CertificateAuthorityBackend.rootCert:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootCert + 21, // 11: kuma.mesh.v1alpha1.Networking.outbound:type_name -> kuma.mesh.v1alpha1.Networking.Outbound + 5, // 12: kuma.mesh.v1alpha1.Tracing.backends:type_name -> kuma.mesh.v1alpha1.TracingBackend + 24, // 13: kuma.mesh.v1alpha1.TracingBackend.sampling:type_name -> google.protobuf.DoubleValue + 23, // 14: kuma.mesh.v1alpha1.TracingBackend.conf:type_name -> google.protobuf.Struct + 25, // 15: kuma.mesh.v1alpha1.ZipkinTracingBackendConfig.sharedSpanContext:type_name -> google.protobuf.BoolValue + 9, // 16: kuma.mesh.v1alpha1.Logging.backends:type_name -> kuma.mesh.v1alpha1.LoggingBackend + 23, // 17: kuma.mesh.v1alpha1.LoggingBackend.conf:type_name -> google.protobuf.Struct + 2, // 18: kuma.mesh.v1alpha1.Mesh.Mtls.backends:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend + 15, // 19: kuma.mesh.v1alpha1.Mesh.Constraints.dataplaneProxy:type_name -> kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints + 16, // 20: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.requirements:type_name -> kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules + 16, // 21: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.restrictions:type_name -> kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules + 17, // 22: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules.tags:type_name -> kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules.TagsEntry + 20, // 23: kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.rotation:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation + 26, // 24: kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.requestTimeout:type_name -> google.protobuf.Duration + 26, // 25: kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootCert.requestTimeout:type_name -> google.protobuf.Duration + 25, // 26: kuma.mesh.v1alpha1.Networking.Outbound.passthrough:type_name -> google.protobuf.BoolValue + 27, // [27:27] is the sub-list for method output_type + 27, // [27:27] is the sub-list for method input_type + 27, // [27:27] is the sub-list for extension type_name + 27, // [27:27] is the sub-list for extension extendee + 0, // [0:27] is the sub-list for field type_name } func init() { file_mesh_v1alpha1_mesh_proto_init() } @@ -1731,7 +1819,7 @@ func file_mesh_v1alpha1_mesh_proto_init() { } } file_mesh_v1alpha1_mesh_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CertificateAuthorityBackend_DpCert_Rotation); i { + switch v := v.(*CertificateAuthorityBackend_RootCert); i { case 0: return &v.state case 1: @@ -1743,6 +1831,18 @@ func file_mesh_v1alpha1_mesh_proto_init() { } } file_mesh_v1alpha1_mesh_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CertificateAuthorityBackend_DpCert_Rotation); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mesh_v1alpha1_mesh_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Networking_Outbound); i { case 0: return &v.state @@ -1761,7 +1861,7 @@ func file_mesh_v1alpha1_mesh_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_mesh_v1alpha1_mesh_proto_rawDesc, NumEnums: 1, - NumMessages: 20, + NumMessages: 21, NumExtensions: 0, NumServices: 0, }, diff --git a/api/mesh/v1alpha1/mesh.proto b/api/mesh/v1alpha1/mesh.proto index f8a1e2db11e5..de14e7be218e 100644 --- a/api/mesh/v1alpha1/mesh.proto +++ b/api/mesh/v1alpha1/mesh.proto @@ -6,6 +6,7 @@ option go_package = "github.com/kumahq/kuma/api/mesh/v1alpha1"; import "mesh/options.proto"; import "mesh/v1alpha1/metrics.proto"; +import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; import "google/protobuf/struct.proto"; @@ -109,6 +110,9 @@ message CertificateAuthorityBackend { } // Rotation settings Rotation rotation = 1; + + // Timeout on request to CA for DP certificate generation and retrieval + google.protobuf.Duration requestTimeout = 2; } // Dataplane certificate settings @@ -131,6 +135,14 @@ message CertificateAuthorityBackend { // Mode defines the behaviour of inbound listeners with regard to traffic // encryption Mode mode = 5; + + // RootCert defines settings related to CA root certificate chain. + message RootCert { + // Timeout on request for to CA for root certificate chain. + google.protobuf.Duration requestTimeout = 1; + } + + RootCert rootCert = 6; } // Networking defines the networking configuration of the mesh diff --git a/pkg/xds/secrets/ca_provider.go b/pkg/xds/secrets/ca_provider.go index da17f889ea85..656dd74ea2a1 100644 --- a/pkg/xds/secrets/ca_provider.go +++ b/pkg/xds/secrets/ca_provider.go @@ -48,6 +48,13 @@ func (s *meshCaProvider) Get(ctx context.Context, mesh *core_mesh.MeshResource) return nil, nil, errors.New("CA backend is nil") } + var cancel context.CancelFunc + timeout := backend.GetRootCert().GetRequestTimeout() + if timeout != nil { + ctx, cancel = context.WithTimeout(ctx, timeout.AsDuration()) + defer cancel() + } + caManager, exist := s.caManagers[backend.Type] if !exist { return nil, nil, errors.Errorf("CA manager of type %s not exist", backend.Type) diff --git a/pkg/xds/secrets/identity_provider.go b/pkg/xds/secrets/identity_provider.go index 97dae9d2fdcf..6923569a823a 100644 --- a/pkg/xds/secrets/identity_provider.go +++ b/pkg/xds/secrets/identity_provider.go @@ -56,6 +56,13 @@ func (s *identityCertProvider) Get(ctx context.Context, requestor Identity, mesh return nil, "", errors.Errorf("CA default backend in mesh %q has to be defined", mesh.GetMeta().GetName()) } + var cancel context.CancelFunc + timeout := backend.GetDpCert().GetRequestTimeout() + if timeout != nil { + ctx, cancel = context.WithTimeout(ctx, timeout.AsDuration()) + defer cancel() + } + caManager, exist := s.caManagers[backend.Type] if !exist { return nil, "", errors.Errorf("CA manager of type %s not exist", backend.Type) From bd82d925157e88107f18fe7bb140a692b7d1286c Mon Sep 17 00:00:00 2001 From: Paul Parkanzky Date: Thu, 31 Mar 2022 11:35:30 -0400 Subject: [PATCH 4/9] fix(kuma-cp): move backend name into label Signed-off-by: Paul Parkanzky --- pkg/xds/secrets/ca_provider.go | 14 +++++++------- pkg/xds/secrets/identity_provider.go | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/pkg/xds/secrets/ca_provider.go b/pkg/xds/secrets/ca_provider.go index 656dd74ea2a1..9669dd5ee9b7 100644 --- a/pkg/xds/secrets/ca_provider.go +++ b/pkg/xds/secrets/ca_provider.go @@ -19,13 +19,13 @@ type CaProvider interface { } func NewCaProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (CaProvider, error) { - latencyMetrics := map[string]prometheus.Summary{} + latencyMetrics := map[string]*prometheus.SummaryVec{} for backendType := range caManagers { - latencyMetrics[backendType] = prometheus.NewSummary(prometheus.SummaryOpts{ - Name: "ca_manager_get_root_cert_" + backendType, - Help: "Summary of CA manager get CA root certificate latencies", + latencyMetrics[backendType] = prometheus.NewSummaryVec(prometheus.SummaryOpts{ + Name: "ca_manager_get_root_cert_chain", + Help: "Summary of CA manager get CA root certificate chain latencies", Objectives: core_metrics.DefaultObjectives, - }) + }, []string{"backend_name"}) if err := metrics.Register(latencyMetrics[backendType]); err != nil { return nil, err } @@ -39,7 +39,7 @@ func NewCaProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (C type meshCaProvider struct { caManagers core_ca.Managers // latencyMetrics maps backend type to backend cert retrieval summary metrics - latencyMetrics map[string]prometheus.Summary + latencyMetrics map[string]*prometheus.SummaryVec } func (s *meshCaProvider) Get(ctx context.Context, mesh *core_mesh.MeshResource) (*core_xds.CaSecret, []string, error) { @@ -65,7 +65,7 @@ func (s *meshCaProvider) Get(ctx context.Context, mesh *core_mesh.MeshResource) func() { start := time.Now() defer func() { - s.latencyMetrics[backend.Type].Observe(float64(time.Since(start).Milliseconds())) + s.latencyMetrics[backend.Type].WithLabelValues(backend.GetName()).Observe(float64(time.Since(start).Milliseconds())) }() certs, err = caManager.GetRootCert(ctx, mesh.GetMeta().GetName(), backend) }() diff --git a/pkg/xds/secrets/identity_provider.go b/pkg/xds/secrets/identity_provider.go index 6923569a823a..b1557b04c6bc 100644 --- a/pkg/xds/secrets/identity_provider.go +++ b/pkg/xds/secrets/identity_provider.go @@ -26,13 +26,13 @@ type IdentityProvider interface { } func NewIdentityProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (IdentityProvider, error) { - latencyMetrics := map[string]prometheus.Summary{} + latencyMetrics := map[string]*prometheus.SummaryVec{} for backendType := range caManagers { - latencyMetrics[backendType] = prometheus.NewSummary(prometheus.SummaryOpts{ - Name: "ca_manager_get_cert_" + backendType, + latencyMetrics[backendType] = prometheus.NewSummaryVec(prometheus.SummaryOpts{ + Name: "ca_manager_get_cert", Help: "Summary of CA manager get certificate latencies", Objectives: core_metrics.DefaultObjectives, - }) + }, []string{"backend_name"}) if err := metrics.Register(latencyMetrics[backendType]); err != nil { return nil, err } @@ -47,7 +47,7 @@ func NewIdentityProvider(caManagers core_ca.Managers, metrics core_metrics.Metri type identityCertProvider struct { caManagers core_ca.Managers // latencyMetrics maps backend type to backend cert retrieval summary metrics - latencyMetrics map[string]prometheus.Summary + latencyMetrics map[string]*prometheus.SummaryVec } func (s *identityCertProvider) Get(ctx context.Context, requestor Identity, mesh *core_mesh.MeshResource) (*core_xds.IdentitySecret, string, error) { @@ -73,7 +73,7 @@ func (s *identityCertProvider) Get(ctx context.Context, requestor Identity, mesh func() { start := time.Now() defer func() { - s.latencyMetrics[backend.Type].Observe(float64(time.Since(start).Milliseconds())) + s.latencyMetrics[backend.Type].WithLabelValues(backend.GetName()).Observe(float64(time.Since(start).Milliseconds())) }() pair, err = caManager.GenerateDataplaneCert(ctx, mesh.GetMeta().GetName(), backend, requestor.Services) }() From a0e36ec8412d551521ad5022d2a3d78df3b78f0d Mon Sep 17 00:00:00 2001 From: Paul Parkanzky Date: Thu, 31 Mar 2022 11:42:11 -0400 Subject: [PATCH 5/9] style(kuma-cp): s/RootCert/RootChain/ Signed-off-by: Paul Parkanzky --- api/mesh/v1alpha1/mesh.pb.go | 233 +++++++++++++++++---------------- api/mesh/v1alpha1/mesh.proto | 6 +- pkg/xds/secrets/ca_provider.go | 2 +- 3 files changed, 121 insertions(+), 120 deletions(-) diff --git a/api/mesh/v1alpha1/mesh.pb.go b/api/mesh/v1alpha1/mesh.pb.go index 45b01f013a82..f56d4abd77b7 100644 --- a/api/mesh/v1alpha1/mesh.pb.go +++ b/api/mesh/v1alpha1/mesh.pb.go @@ -204,8 +204,8 @@ type CertificateAuthorityBackend struct { Conf *structpb.Struct `protobuf:"bytes,4,opt,name=conf,proto3" json:"conf,omitempty"` // Mode defines the behaviour of inbound listeners with regard to traffic // encryption - Mode CertificateAuthorityBackend_Mode `protobuf:"varint,5,opt,name=mode,proto3,enum=kuma.mesh.v1alpha1.CertificateAuthorityBackend_Mode" json:"mode,omitempty"` - RootCert *CertificateAuthorityBackend_RootCert `protobuf:"bytes,6,opt,name=rootCert,proto3" json:"rootCert,omitempty"` + Mode CertificateAuthorityBackend_Mode `protobuf:"varint,5,opt,name=mode,proto3,enum=kuma.mesh.v1alpha1.CertificateAuthorityBackend_Mode" json:"mode,omitempty"` + RootChain *CertificateAuthorityBackend_RootChain `protobuf:"bytes,6,opt,name=rootChain,proto3" json:"rootChain,omitempty"` } func (x *CertificateAuthorityBackend) Reset() { @@ -275,9 +275,9 @@ func (x *CertificateAuthorityBackend) GetMode() CertificateAuthorityBackend_Mode return CertificateAuthorityBackend_STRICT } -func (x *CertificateAuthorityBackend) GetRootCert() *CertificateAuthorityBackend_RootCert { +func (x *CertificateAuthorityBackend) GetRootChain() *CertificateAuthorityBackend_RootChain { if x != nil { - return x.RootCert + return x.RootChain } return nil } @@ -1177,8 +1177,8 @@ func (x *CertificateAuthorityBackend_DpCert) GetRequestTimeout() *durationpb.Dur return nil } -// RootCert defines settings related to CA root certificate chain. -type CertificateAuthorityBackend_RootCert struct { +// RootChain defines settings related to CA root certificate chain. +type CertificateAuthorityBackend_RootChain struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields @@ -1187,8 +1187,8 @@ type CertificateAuthorityBackend_RootCert struct { RequestTimeout *durationpb.Duration `protobuf:"bytes,1,opt,name=requestTimeout,proto3" json:"requestTimeout,omitempty"` } -func (x *CertificateAuthorityBackend_RootCert) Reset() { - *x = CertificateAuthorityBackend_RootCert{} +func (x *CertificateAuthorityBackend_RootChain) Reset() { + *x = CertificateAuthorityBackend_RootChain{} if protoimpl.UnsafeEnabled { mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -1196,13 +1196,13 @@ func (x *CertificateAuthorityBackend_RootCert) Reset() { } } -func (x *CertificateAuthorityBackend_RootCert) String() string { +func (x *CertificateAuthorityBackend_RootChain) String() string { return protoimpl.X.MessageStringOf(x) } -func (*CertificateAuthorityBackend_RootCert) ProtoMessage() {} +func (*CertificateAuthorityBackend_RootChain) ProtoMessage() {} -func (x *CertificateAuthorityBackend_RootCert) ProtoReflect() protoreflect.Message { +func (x *CertificateAuthorityBackend_RootChain) ProtoReflect() protoreflect.Message { mi := &file_mesh_v1alpha1_mesh_proto_msgTypes[18] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) @@ -1214,12 +1214,12 @@ func (x *CertificateAuthorityBackend_RootCert) ProtoReflect() protoreflect.Messa return mi.MessageOf(x) } -// Deprecated: Use CertificateAuthorityBackend_RootCert.ProtoReflect.Descriptor instead. -func (*CertificateAuthorityBackend_RootCert) Descriptor() ([]byte, []int) { +// Deprecated: Use CertificateAuthorityBackend_RootChain.ProtoReflect.Descriptor instead. +func (*CertificateAuthorityBackend_RootChain) Descriptor() ([]byte, []int) { return file_mesh_v1alpha1_mesh_proto_rawDescGZIP(), []int{1, 1} } -func (x *CertificateAuthorityBackend_RootCert) GetRequestTimeout() *durationpb.Duration { +func (x *CertificateAuthorityBackend_RootChain) GetRequestTimeout() *durationpb.Duration { if x != nil { return x.RequestTimeout } @@ -1408,7 +1408,7 @@ var file_mesh_v1alpha1_mesh_proto_rawDesc = []byte{ 0x01, 0x02, 0x18, 0x01, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x06, 0x22, 0x04, 0x6d, 0x65, 0x73, 0x68, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x04, 0x52, 0x02, 0x10, 0x01, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x08, 0x3a, 0x06, 0x0a, 0x04, 0x6d, 0x65, 0x73, 0x68, 0xaa, 0x8c, 0x89, 0xa6, 0x01, 0x0a, 0x3a, 0x08, - 0x12, 0x06, 0x6d, 0x65, 0x73, 0x68, 0x65, 0x73, 0x22, 0xac, 0x05, 0x0a, 0x1b, 0x43, 0x65, 0x72, + 0x12, 0x06, 0x6d, 0x65, 0x73, 0x68, 0x65, 0x73, 0x22, 0xb0, 0x05, 0x0a, 0x1b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, @@ -1425,108 +1425,109 @@ var file_mesh_v1alpha1_mesh_proto_rawDesc = []byte{ 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x2e, 0x4d, 0x6f, 0x64, - 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x54, 0x0a, 0x08, 0x72, 0x6f, 0x6f, 0x74, 0x43, - 0x65, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x6b, 0x75, 0x6d, 0x61, - 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x2e, 0x52, 0x6f, 0x6f, 0x74, 0x43, - 0x65, 0x72, 0x74, 0x52, 0x08, 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x1a, 0xd4, 0x01, - 0x0a, 0x06, 0x44, 0x70, 0x43, 0x65, 0x72, 0x74, 0x12, 0x5b, 0x0a, 0x08, 0x72, 0x6f, 0x74, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x6b, 0x75, 0x6d, + 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x57, 0x0a, 0x09, 0x72, 0x6f, 0x6f, 0x74, 0x43, + 0x68, 0x61, 0x69, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x2e, 0x44, 0x70, 0x43, 0x65, - 0x72, 0x74, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x72, 0x6f, 0x74, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x72, 0x69, 0x74, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x2e, 0x52, 0x6f, 0x6f, 0x74, + 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x09, 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x68, 0x61, 0x69, 0x6e, + 0x1a, 0xd4, 0x01, 0x0a, 0x06, 0x44, 0x70, 0x43, 0x65, 0x72, 0x74, 0x12, 0x5b, 0x0a, 0x08, 0x72, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, + 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x2e, 0x44, + 0x70, 0x43, 0x65, 0x72, 0x74, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, + 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x72, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x1a, 0x2a, 0x0a, 0x08, 0x52, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x78, 0x70, + 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x4e, 0x0a, 0x09, 0x52, 0x6f, 0x6f, 0x74, 0x43, + 0x68, 0x61, 0x69, 0x6e, 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x22, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, + 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x50, + 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x01, 0x22, 0x9b, 0x01, 0x0a, 0x0a, + 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x12, 0x43, 0x0a, 0x08, 0x6f, 0x75, + 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x6b, + 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x4f, 0x75, 0x74, + 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x52, 0x08, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x1a, + 0x48, 0x0a, 0x08, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3c, 0x0a, 0x0b, 0x70, + 0x61, 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x70, 0x61, + 0x73, 0x73, 0x74, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x22, 0x71, 0x0a, 0x07, 0x54, 0x72, 0x61, + 0x63, 0x69, 0x6e, 0x67, 0x12, 0x26, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, + 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x64, 0x65, + 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3e, 0x0a, 0x08, + 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, + 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, + 0x6e, 0x64, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x22, 0x9f, 0x01, 0x0a, + 0x0e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, + 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x08, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x08, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x12, 0x0a, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x12, 0x2b, 0x0a, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x22, 0x4b, + 0x0a, 0x1b, 0x44, 0x61, 0x74, 0x61, 0x64, 0x6f, 0x67, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, + 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, + 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, + 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xbe, 0x01, 0x0a, 0x1a, + 0x5a, 0x69, 0x70, 0x6b, 0x69, 0x6e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, + 0x6b, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, + 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x24, 0x0a, 0x0d, + 0x74, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x0d, 0x74, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64, 0x31, 0x32, 0x38, 0x62, + 0x69, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x11, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x53, 0x70, 0x61, 0x6e, + 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x1a, 0x2a, 0x0a, 0x08, 0x52, 0x6f, 0x74, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x4d, 0x0a, 0x08, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, - 0x12, 0x41, 0x0a, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, - 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x22, 0x22, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53, - 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x50, 0x45, 0x52, 0x4d, 0x49, - 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x01, 0x22, 0x9b, 0x01, 0x0a, 0x0a, 0x4e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x12, 0x43, 0x0a, 0x08, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, - 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, - 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, - 0x64, 0x52, 0x08, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x1a, 0x48, 0x0a, 0x08, 0x4f, - 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3c, 0x0a, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, - 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, - 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x70, 0x61, 0x73, 0x73, 0x74, 0x68, - 0x72, 0x6f, 0x75, 0x67, 0x68, 0x22, 0x71, 0x0a, 0x07, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, - 0x12, 0x26, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, - 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, - 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3e, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, - 0x65, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x6b, 0x75, 0x6d, - 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, - 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x08, - 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x22, 0x9f, 0x01, 0x0a, 0x0e, 0x54, 0x72, 0x61, - 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x38, 0x0a, 0x08, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x44, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x08, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2b, 0x0a, - 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, - 0x72, 0x75, 0x63, 0x74, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x22, 0x4b, 0x0a, 0x1b, 0x44, 0x61, - 0x74, 0x61, 0x64, 0x6f, 0x67, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, + 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x11, 0x73, 0x68, 0x61, 0x72, 0x65, + 0x64, 0x53, 0x70, 0x61, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x71, 0x0a, 0x07, + 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x12, 0x26, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, + 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, + 0x3e, 0x0a, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x22, 0x2e, 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, + 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x22, + 0x7d, 0x0a, 0x0e, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, + 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x12, 0x0a, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x12, 0x2b, 0x0a, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x22, 0x2e, + 0x0a, 0x18, 0x46, 0x69, 0x6c, 0x65, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, + 0x6b, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, + 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x33, + 0x0a, 0x17, 0x54, 0x63, 0x70, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, - 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xbe, 0x01, 0x0a, 0x1a, 0x5a, 0x69, 0x70, 0x6b, - 0x69, 0x6e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x24, 0x0a, 0x0d, 0x74, 0x72, 0x61, 0x63, - 0x65, 0x49, 0x64, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x0d, 0x74, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x12, 0x1e, - 0x0a, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x48, - 0x0a, 0x11, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x53, 0x70, 0x61, 0x6e, 0x43, 0x6f, 0x6e, 0x74, - 0x65, 0x78, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x11, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x53, 0x70, 0x61, - 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x71, 0x0a, 0x07, 0x4c, 0x6f, 0x67, 0x67, - 0x69, 0x6e, 0x67, 0x12, 0x26, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, - 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x64, 0x65, 0x66, - 0x61, 0x75, 0x6c, 0x74, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x3e, 0x0a, 0x08, 0x62, - 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, - 0x6b, 0x75, 0x6d, 0x61, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, - 0x64, 0x52, 0x08, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x73, 0x22, 0x7d, 0x0a, 0x0e, 0x4c, - 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x16, 0x0a, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2b, 0x0a, - 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, - 0x72, 0x75, 0x63, 0x74, 0x52, 0x04, 0x63, 0x6f, 0x6e, 0x66, 0x22, 0x2e, 0x0a, 0x18, 0x46, 0x69, - 0x6c, 0x65, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x33, 0x0a, 0x17, 0x54, 0x63, - 0x70, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, - 0x69, 0x0a, 0x07, 0x52, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x3e, 0x0a, 0x1a, 0x6c, 0x6f, - 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x41, 0x77, 0x61, 0x72, 0x65, 0x4c, 0x6f, 0x61, 0x64, 0x42, - 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1a, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x41, 0x77, 0x61, 0x72, 0x65, 0x4c, 0x6f, 0x61, - 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x12, 0x1e, 0x0a, 0x0a, 0x7a, 0x6f, - 0x6e, 0x65, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, - 0x7a, 0x6f, 0x6e, 0x65, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x42, 0x2a, 0x5a, 0x28, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x68, 0x71, 0x2f, - 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x73, 0x73, 0x22, 0x69, 0x0a, 0x07, 0x52, 0x6f, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x3e, + 0x0a, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x41, 0x77, 0x61, 0x72, 0x65, 0x4c, + 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x1a, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x41, 0x77, 0x61, 0x72, + 0x65, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x69, 0x6e, 0x67, 0x12, 0x1e, + 0x0a, 0x0a, 0x7a, 0x6f, 0x6e, 0x65, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0a, 0x7a, 0x6f, 0x6e, 0x65, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x42, 0x2a, + 0x5a, 0x28, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x6d, + 0x61, 0x68, 0x71, 0x2f, 0x6b, 0x75, 0x6d, 0x61, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6d, 0x65, 0x73, + 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -1563,7 +1564,7 @@ var file_mesh_v1alpha1_mesh_proto_goTypes = []interface{}{ (*Mesh_DataplaneProxyConstraints_Rules)(nil), // 16: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules nil, // 17: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules.TagsEntry (*CertificateAuthorityBackend_DpCert)(nil), // 18: kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert - (*CertificateAuthorityBackend_RootCert)(nil), // 19: kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootCert + (*CertificateAuthorityBackend_RootChain)(nil), // 19: kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain (*CertificateAuthorityBackend_DpCert_Rotation)(nil), // 20: kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation (*Networking_Outbound)(nil), // 21: kuma.mesh.v1alpha1.Networking.Outbound (*Metrics)(nil), // 22: kuma.mesh.v1alpha1.Metrics @@ -1583,7 +1584,7 @@ var file_mesh_v1alpha1_mesh_proto_depIdxs = []int32{ 18, // 7: kuma.mesh.v1alpha1.CertificateAuthorityBackend.dpCert:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert 23, // 8: kuma.mesh.v1alpha1.CertificateAuthorityBackend.conf:type_name -> google.protobuf.Struct 0, // 9: kuma.mesh.v1alpha1.CertificateAuthorityBackend.mode:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend.Mode - 19, // 10: kuma.mesh.v1alpha1.CertificateAuthorityBackend.rootCert:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootCert + 19, // 10: kuma.mesh.v1alpha1.CertificateAuthorityBackend.rootChain:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain 21, // 11: kuma.mesh.v1alpha1.Networking.outbound:type_name -> kuma.mesh.v1alpha1.Networking.Outbound 5, // 12: kuma.mesh.v1alpha1.Tracing.backends:type_name -> kuma.mesh.v1alpha1.TracingBackend 24, // 13: kuma.mesh.v1alpha1.TracingBackend.sampling:type_name -> google.protobuf.DoubleValue @@ -1598,7 +1599,7 @@ var file_mesh_v1alpha1_mesh_proto_depIdxs = []int32{ 17, // 22: kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules.tags:type_name -> kuma.mesh.v1alpha1.Mesh.DataplaneProxyConstraints.Rules.TagsEntry 20, // 23: kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.rotation:type_name -> kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.Rotation 26, // 24: kuma.mesh.v1alpha1.CertificateAuthorityBackend.DpCert.requestTimeout:type_name -> google.protobuf.Duration - 26, // 25: kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootCert.requestTimeout:type_name -> google.protobuf.Duration + 26, // 25: kuma.mesh.v1alpha1.CertificateAuthorityBackend.RootChain.requestTimeout:type_name -> google.protobuf.Duration 25, // 26: kuma.mesh.v1alpha1.Networking.Outbound.passthrough:type_name -> google.protobuf.BoolValue 27, // [27:27] is the sub-list for method output_type 27, // [27:27] is the sub-list for method input_type @@ -1819,7 +1820,7 @@ func file_mesh_v1alpha1_mesh_proto_init() { } } file_mesh_v1alpha1_mesh_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CertificateAuthorityBackend_RootCert); i { + switch v := v.(*CertificateAuthorityBackend_RootChain); i { case 0: return &v.state case 1: diff --git a/api/mesh/v1alpha1/mesh.proto b/api/mesh/v1alpha1/mesh.proto index de14e7be218e..e1d597dc09d1 100644 --- a/api/mesh/v1alpha1/mesh.proto +++ b/api/mesh/v1alpha1/mesh.proto @@ -136,13 +136,13 @@ message CertificateAuthorityBackend { // encryption Mode mode = 5; - // RootCert defines settings related to CA root certificate chain. - message RootCert { + // RootChain defines settings related to CA root certificate chain. + message RootChain { // Timeout on request for to CA for root certificate chain. google.protobuf.Duration requestTimeout = 1; } - RootCert rootCert = 6; + RootChain rootChain = 6; } // Networking defines the networking configuration of the mesh diff --git a/pkg/xds/secrets/ca_provider.go b/pkg/xds/secrets/ca_provider.go index 9669dd5ee9b7..8953a65b0d3d 100644 --- a/pkg/xds/secrets/ca_provider.go +++ b/pkg/xds/secrets/ca_provider.go @@ -49,7 +49,7 @@ func (s *meshCaProvider) Get(ctx context.Context, mesh *core_mesh.MeshResource) } var cancel context.CancelFunc - timeout := backend.GetRootCert().GetRequestTimeout() + timeout := backend.GetRootChain().GetRequestTimeout() if timeout != nil { ctx, cancel = context.WithTimeout(ctx, timeout.AsDuration()) defer cancel() From 76a86f0093448fcd30b93419241444bd3b9c14af Mon Sep 17 00:00:00 2001 From: Paul Parkanzky Date: Thu, 31 Mar 2022 12:23:30 -0400 Subject: [PATCH 6/9] tests(kuma-cp): add cert metric tests Signed-off-by: Paul Parkanzky --- pkg/xds/secrets/secrets_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/xds/secrets/secrets_test.go b/pkg/xds/secrets/secrets_test.go index bd47dc3e3906..358ce17c8e56 100644 --- a/pkg/xds/secrets/secrets_test.go +++ b/pkg/xds/secrets/secrets_test.go @@ -152,6 +152,7 @@ var _ = Describe("Secrets", func() { // and metric is published Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(1.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-1").GetSummary().GetSampleCount()).To(Equal(uint64(1))) }) It("should not regenerate certs if nothing has changed", func() { @@ -167,6 +168,7 @@ var _ = Describe("Secrets", func() { Expect(identity).To(Equal(newIdentity)) Expect(ca).To(Equal(newCa)) Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(1.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-1").GetSummary().GetSampleCount()).To(Equal(uint64(1))) }) Context("should regenerate certificate", func() { @@ -186,6 +188,7 @@ var _ = Describe("Secrets", func() { // then Expect(err).ToNot(HaveOccurred()) Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(2.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-2").GetSummary().GetSampleCount()).To(Equal(uint64(1))) }) It("when dp tags has changed", func() { @@ -199,6 +202,7 @@ var _ = Describe("Secrets", func() { // then Expect(err).ToNot(HaveOccurred()) Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(2.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-1").GetSummary().GetSampleCount()).To(Equal(uint64(2))) }) It("when cert is expiring", func() { @@ -211,6 +215,7 @@ var _ = Describe("Secrets", func() { // then Expect(err).ToNot(HaveOccurred()) Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(2.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-1").GetSummary().GetSampleCount()).To(Equal(uint64(2))) }) It("when cert was cleaned up", func() { @@ -223,6 +228,7 @@ var _ = Describe("Secrets", func() { // then Expect(err).ToNot(HaveOccurred()) Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(2.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-1").GetSummary().GetSampleCount()).To(Equal(uint64(2))) }) }) @@ -263,6 +269,7 @@ var _ = Describe("Secrets", func() { // and metric is published Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(1.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-1").GetSummary().GetSampleCount()).To(Equal(uint64(1))) }) It("should not regenerate certs if nothing has changed", func() { @@ -278,6 +285,7 @@ var _ = Describe("Secrets", func() { Expect(identity).To(Equal(newIdentity)) Expect(ca).To(Equal(newCa)) Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(1.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-1").GetSummary().GetSampleCount()).To(Equal(uint64(1))) }) Context("should regenerate certificate", func() { @@ -297,6 +305,7 @@ var _ = Describe("Secrets", func() { // then Expect(err).ToNot(HaveOccurred()) Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(2.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-2").GetSummary().GetSampleCount()).To(Equal(uint64(1))) }) It("when cert is expiring", func() { @@ -309,6 +318,7 @@ var _ = Describe("Secrets", func() { // then Expect(err).ToNot(HaveOccurred()) Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(2.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-1").GetSummary().GetSampleCount()).To(Equal(uint64(2))) }) It("when cert was cleaned up", func() { @@ -321,6 +331,7 @@ var _ = Describe("Secrets", func() { // then Expect(err).ToNot(HaveOccurred()) Expect(test_metrics.FindMetric(metrics, "cert_generation").GetCounter().GetValue()).To(Equal(2.0)) + Expect(test_metrics.FindMetric(metrics, "ca_manager_get_cert", "backend_name", "ca-1").GetSummary().GetSampleCount()).To(Equal(uint64(2))) }) }) From 5dc20f895efac1bbd54e802e8e83cd233494d334 Mon Sep 17 00:00:00 2001 From: Paul Parkanzky Date: Sun, 3 Apr 2022 22:43:36 -0400 Subject: [PATCH 7/9] fix(kuma-cp) convert map of metrics to Vec Signed-off-by: Paul Parkanzky --- pkg/xds/secrets/ca_provider.go | 22 ++++++++++------------ pkg/xds/secrets/identity_provider.go | 22 ++++++++++------------ 2 files changed, 20 insertions(+), 24 deletions(-) diff --git a/pkg/xds/secrets/ca_provider.go b/pkg/xds/secrets/ca_provider.go index 8953a65b0d3d..2b4d84435849 100644 --- a/pkg/xds/secrets/ca_provider.go +++ b/pkg/xds/secrets/ca_provider.go @@ -19,14 +19,13 @@ type CaProvider interface { } func NewCaProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (CaProvider, error) { - latencyMetrics := map[string]*prometheus.SummaryVec{} - for backendType := range caManagers { - latencyMetrics[backendType] = prometheus.NewSummaryVec(prometheus.SummaryOpts{ - Name: "ca_manager_get_root_cert_chain", - Help: "Summary of CA manager get CA root certificate chain latencies", - Objectives: core_metrics.DefaultObjectives, - }, []string{"backend_name"}) - if err := metrics.Register(latencyMetrics[backendType]); err != nil { + latencyMetrics := prometheus.NewSummaryVec(prometheus.SummaryOpts{ + Name: "ca_manager_get_root_cert_chain", + Help: "Summary of CA manager get CA root certificate chain latencies", + Objectives: core_metrics.DefaultObjectives, + }, []string{"backend_name"}) + if err := metrics.Register(latencyMetrics); err != nil { + if _, already := err.(prometheus.AlreadyRegisteredError); !already { return nil, err } } @@ -37,9 +36,8 @@ func NewCaProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (C } type meshCaProvider struct { - caManagers core_ca.Managers - // latencyMetrics maps backend type to backend cert retrieval summary metrics - latencyMetrics map[string]*prometheus.SummaryVec + caManagers core_ca.Managers + latencyMetrics *prometheus.SummaryVec } func (s *meshCaProvider) Get(ctx context.Context, mesh *core_mesh.MeshResource) (*core_xds.CaSecret, []string, error) { @@ -65,7 +63,7 @@ func (s *meshCaProvider) Get(ctx context.Context, mesh *core_mesh.MeshResource) func() { start := time.Now() defer func() { - s.latencyMetrics[backend.Type].WithLabelValues(backend.GetName()).Observe(float64(time.Since(start).Milliseconds())) + s.latencyMetrics.WithLabelValues(backend.GetName()).Observe(float64(time.Since(start).Milliseconds())) }() certs, err = caManager.GetRootCert(ctx, mesh.GetMeta().GetName(), backend) }() diff --git a/pkg/xds/secrets/identity_provider.go b/pkg/xds/secrets/identity_provider.go index b1557b04c6bc..985bb01bb421 100644 --- a/pkg/xds/secrets/identity_provider.go +++ b/pkg/xds/secrets/identity_provider.go @@ -26,14 +26,13 @@ type IdentityProvider interface { } func NewIdentityProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (IdentityProvider, error) { - latencyMetrics := map[string]*prometheus.SummaryVec{} - for backendType := range caManagers { - latencyMetrics[backendType] = prometheus.NewSummaryVec(prometheus.SummaryOpts{ - Name: "ca_manager_get_cert", - Help: "Summary of CA manager get certificate latencies", - Objectives: core_metrics.DefaultObjectives, - }, []string{"backend_name"}) - if err := metrics.Register(latencyMetrics[backendType]); err != nil { + latencyMetrics := prometheus.NewSummaryVec(prometheus.SummaryOpts{ + Name: "ca_manager_get_cert", + Help: "Summary of CA manager get certificate latencies", + Objectives: core_metrics.DefaultObjectives, + }, []string{"backend_name"}) + if err := metrics.Register(latencyMetrics); err != nil { + if _, already := err.(prometheus.AlreadyRegisteredError); !already { return nil, err } } @@ -45,9 +44,8 @@ func NewIdentityProvider(caManagers core_ca.Managers, metrics core_metrics.Metri } type identityCertProvider struct { - caManagers core_ca.Managers - // latencyMetrics maps backend type to backend cert retrieval summary metrics - latencyMetrics map[string]*prometheus.SummaryVec + caManagers core_ca.Managers + latencyMetrics *prometheus.SummaryVec } func (s *identityCertProvider) Get(ctx context.Context, requestor Identity, mesh *core_mesh.MeshResource) (*core_xds.IdentitySecret, string, error) { @@ -73,7 +71,7 @@ func (s *identityCertProvider) Get(ctx context.Context, requestor Identity, mesh func() { start := time.Now() defer func() { - s.latencyMetrics[backend.Type].WithLabelValues(backend.GetName()).Observe(float64(time.Since(start).Milliseconds())) + s.latencyMetrics.WithLabelValues(backend.GetName()).Observe(float64(time.Since(start).Milliseconds())) }() pair, err = caManager.GenerateDataplaneCert(ctx, mesh.GetMeta().GetName(), backend, requestor.Services) }() From 53ddb0742dc5fb15d909af470442afc5f60abb1b Mon Sep 17 00:00:00 2001 From: Paul Parkanzky Date: Sun, 3 Apr 2022 22:46:31 -0400 Subject: [PATCH 8/9] style(kuma-cp): move cancel func into if scope Signed-off-by: Paul Parkanzky --- pkg/xds/secrets/ca_provider.go | 2 +- pkg/xds/secrets/identity_provider.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/xds/secrets/ca_provider.go b/pkg/xds/secrets/ca_provider.go index 2b4d84435849..a06230501504 100644 --- a/pkg/xds/secrets/ca_provider.go +++ b/pkg/xds/secrets/ca_provider.go @@ -46,9 +46,9 @@ func (s *meshCaProvider) Get(ctx context.Context, mesh *core_mesh.MeshResource) return nil, nil, errors.New("CA backend is nil") } - var cancel context.CancelFunc timeout := backend.GetRootChain().GetRequestTimeout() if timeout != nil { + var cancel context.CancelFunc ctx, cancel = context.WithTimeout(ctx, timeout.AsDuration()) defer cancel() } diff --git a/pkg/xds/secrets/identity_provider.go b/pkg/xds/secrets/identity_provider.go index 985bb01bb421..7769e110ee55 100644 --- a/pkg/xds/secrets/identity_provider.go +++ b/pkg/xds/secrets/identity_provider.go @@ -54,9 +54,9 @@ func (s *identityCertProvider) Get(ctx context.Context, requestor Identity, mesh return nil, "", errors.Errorf("CA default backend in mesh %q has to be defined", mesh.GetMeta().GetName()) } - var cancel context.CancelFunc timeout := backend.GetDpCert().GetRequestTimeout() if timeout != nil { + var cancel context.CancelFunc ctx, cancel = context.WithTimeout(ctx, timeout.AsDuration()) defer cancel() } From a9bebe0f9467ba22674602574defa233dca2b0ae Mon Sep 17 00:00:00 2001 From: Paul Parkanzky Date: Mon, 4 Apr 2022 10:40:56 -0400 Subject: [PATCH 9/9] fix(kuma-cp): only call CA and ident providers once Signed-off-by: Paul Parkanzky --- pkg/xds/secrets/ca_provider.go | 4 +--- pkg/xds/secrets/identity_provider.go | 5 +---- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/pkg/xds/secrets/ca_provider.go b/pkg/xds/secrets/ca_provider.go index a06230501504..bd06e6539c6e 100644 --- a/pkg/xds/secrets/ca_provider.go +++ b/pkg/xds/secrets/ca_provider.go @@ -25,9 +25,7 @@ func NewCaProvider(caManagers core_ca.Managers, metrics core_metrics.Metrics) (C Objectives: core_metrics.DefaultObjectives, }, []string{"backend_name"}) if err := metrics.Register(latencyMetrics); err != nil { - if _, already := err.(prometheus.AlreadyRegisteredError); !already { - return nil, err - } + return nil, err } return &meshCaProvider{ caManagers: caManagers, diff --git a/pkg/xds/secrets/identity_provider.go b/pkg/xds/secrets/identity_provider.go index 7769e110ee55..f3a5746bf264 100644 --- a/pkg/xds/secrets/identity_provider.go +++ b/pkg/xds/secrets/identity_provider.go @@ -32,11 +32,8 @@ func NewIdentityProvider(caManagers core_ca.Managers, metrics core_metrics.Metri Objectives: core_metrics.DefaultObjectives, }, []string{"backend_name"}) if err := metrics.Register(latencyMetrics); err != nil { - if _, already := err.(prometheus.AlreadyRegisteredError); !already { - return nil, err - } + return nil, err } - return &identityCertProvider{ caManagers: caManagers, latencyMetrics: latencyMetrics,